AzComplianceAdvertizer

last sync: 2025-Apr-29 17:16:02 UTC

Compliance controls by Policy

Id DisplayName Category Control Domain Control Name MetadataId Title PolicySet
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
cfaf0007-99c7-4b01-b36b-4048872ac978 Azure Synapse Analytics dedicated SQL pools should enable encryption Synapse ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
fe83a0eb-a853-422d-aac2-1bffd182c5d0 Storage accounts should have the specified minimum TLS version Storage ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
d6545c6b-dd9d-4265-91e6-0b451e2f1c50 App Service Environment should have TLS 1.0 and 1.1 disabled App Service ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
1afdc4b6-581a-45fb-b630-f1e6051e3e7a Linux virtual machines should have Azure Monitor Agent installed Monitoring ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
c02729e5-e5e7-4458-97fa-2b5ad0661f28 Windows virtual machines should have Azure Monitor Agent installed Monitoring ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
d96163de-dbe0-45ac-b803-0e9ca0f5764e Windows machines should configure Windows Defender to update protection signatures within one day Guest Configuration ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
b3248a42-b1c1-41a4-87bc-8bad3d845589 Windows machines should enable Windows Defender Real-time protection Guest Configuration ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration AU_ISM 1139 AU_ISM_1139 AU ISM 1139 Using Transport Layer Security - 1139 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service AU_ISM 1139 AU_ISM_1139 AU ISM 1139 Using Transport Layer Security - 1139 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration AU_ISM 1139 AU_ISM_1139 AU ISM 1139 Using Transport Layer Security - 1139 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration AU_ISM 1139 AU_ISM_1139 AU ISM 1139 Using Transport Layer Security - 1139 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration AU_ISM 1139 AU_ISM_1139 AU ISM 1139 Using Transport Layer Security - 1139 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service AU_ISM 1139 AU_ISM_1139 AU ISM 1139 Using Transport Layer Security - 1139 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center AU_ISM 1144 AU_ISM_1144 AU ISM 1144 When to patch security vulnerabilities - 1144 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL AU_ISM 1144 AU_ISM_1144 AU ISM 1144 When to patch security vulnerabilities - 1144 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center AU_ISM 1144 AU_ISM_1144 AU ISM 1144 When to patch security vulnerabilities - 1144 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL AU_ISM 1144 AU_ISM_1144 AU ISM 1144 When to patch security vulnerabilities - 1144 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage AU_ISM 1182 AU_ISM_1182 AU ISM 1182 Network access controls - 1182 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center AU_ISM 1182 AU_ISM_1182 AU ISM 1182 Network access controls - 1182 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL AU_ISM 1260 AU_ISM_1260 AU ISM 1260 Database administrator accounts - 1260 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL AU_ISM 1261 AU_ISM_1261 AU ISM 1261 Database administrator accounts - 1261 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL AU_ISM 1262 AU_ISM_1262 AU ISM 1262 Database administrator accounts - 1262 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL AU_ISM 1263 AU_ISM_1263 AU ISM 1263 Database administrator accounts - 1263 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL AU_ISM 1264 AU_ISM_1264 AU ISM 1264 Database administrator accounts - 1264 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache AU_ISM 1277 AU_ISM_1277 AU ISM 1277 Communications between database servers and web servers - 1277 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage AU_ISM 1277 AU_ISM_1277 AU ISM 1277 Communications between database servers and web servers - 1277 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration AU_ISM 1277 AU_ISM_1277 AU ISM 1277 Communications between database servers and web servers - 1277 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration AU_ISM 1277 AU_ISM_1277 AU ISM 1277 Communications between database servers and web servers - 1277 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration AU_ISM 1277 AU_ISM_1277 AU ISM 1277 Communications between database servers and web servers - 1277 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration AU_ISM 1277 AU_ISM_1277 AU ISM 1277 Communications between database servers and web servers - 1277 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute AU_ISM 1288 AU_ISM_1288 AU ISM 1288 Antivirus scanning - 1288 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service AU_ISM 1386 AU_ISM_1386 AU ISM 1386 Restriction of management traffic flows - 1386 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service AU_ISM 1386 AU_ISM_1386 AU ISM 1386 Restriction of management traffic flows - 1386 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center AU_ISM 1386 AU_ISM_1386 AU ISM 1386 Restriction of management traffic flows - 1386 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute AU_ISM 1417 AU_ISM_1417 AU ISM 1417 Antivirus software - 1417 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service AU_ISM 1424 AU_ISM_1424 AU ISM 1424 Web browser-based security controls - 1424 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL AU_ISM 1425 AU_ISM_1425 AU ISM 1425 Protecting database server contents - 1425 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center AU_ISM 1431 AU_ISM_1431 AU ISM 1431 Denial of service strategies - 1431 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL AU_ISM 1472 AU_ISM_1472 AU ISM 1472 When to patch security vulnerabilities - 1472 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center AU_ISM 1472 AU_ISM_1472 AU ISM 1472 When to patch security vulnerabilities - 1472 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center AU_ISM 1472 AU_ISM_1472 AU ISM 1472 When to patch security vulnerabilities - 1472 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL AU_ISM 1472 AU_ISM_1472 AU ISM 1472 When to patch security vulnerabilities - 1472 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center AU_ISM 1494 AU_ISM_1494 AU ISM 1494 When to patch security vulnerabilities - 1494 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center AU_ISM 1494 AU_ISM_1494 AU ISM 1494 When to patch security vulnerabilities - 1494 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL AU_ISM 1494 AU_ISM_1494 AU ISM 1494 When to patch security vulnerabilities - 1494 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL AU_ISM 1494 AU_ISM_1494 AU ISM 1494 When to patch security vulnerabilities - 1494 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center AU_ISM 1495 AU_ISM_1495 AU ISM 1495 When to patch security vulnerabilities - 1495 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL AU_ISM 1495 AU_ISM_1495 AU ISM 1495 When to patch security vulnerabilities - 1495 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center AU_ISM 1495 AU_ISM_1495 AU ISM 1495 When to patch security vulnerabilities - 1495 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL AU_ISM 1495 AU_ISM_1495 AU ISM 1495 When to patch security vulnerabilities - 1495 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center AU_ISM 1496 AU_ISM_1496 AU ISM 1496 When to patch security vulnerabilities - 1496 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL AU_ISM 1496 AU_ISM_1496 AU ISM 1496 When to patch security vulnerabilities - 1496 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL AU_ISM 1496 AU_ISM_1496 AU ISM 1496 When to patch security vulnerabilities - 1496 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center AU_ISM 1496 AU_ISM_1496 AU ISM 1496 When to patch security vulnerabilities - 1496 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center AU_ISM 1503 AU_ISM_1503 AU ISM 1503 Standard access to systems - 1503 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration AU_ISM 1503 AU_ISM_1503 AU ISM 1503 Standard access to systems - 1503 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration AU_ISM 1503 AU_ISM_1503 AU ISM 1503 Standard access to systems - 1503 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration AU_ISM 1503 AU_ISM_1503 AU ISM 1503 Standard access to systems - 1503 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center AU_ISM 1503 AU_ISM_1503 AU ISM 1503 Standard access to systems - 1503 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration AU_ISM 1503 AU_ISM_1503 AU ISM 1503 Standard access to systems - 1503 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration AU_ISM 1507 AU_ISM_1507 AU ISM 1507 Privileged access to systems - 1507 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration AU_ISM 1507 AU_ISM_1507 AU ISM 1507 Privileged access to systems - 1507 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration AU_ISM 1507 AU_ISM_1507 AU ISM 1507 Privileged access to systems - 1507 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration AU_ISM 1507 AU_ISM_1507 AU ISM 1507 Privileged access to systems - 1507 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration AU_ISM 1508 AU_ISM_1508 AU ISM 1508 Privileged access to systems - 1508 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration AU_ISM 1508 AU_ISM_1508 AU ISM 1508 Privileged access to systems - 1508 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center AU_ISM 1508 AU_ISM_1508 AU ISM 1508 Privileged access to systems - 1508 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center AU_ISM 1508 AU_ISM_1508 AU ISM 1508 Privileged access to systems - 1508 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration AU_ISM 1508 AU_ISM_1508 AU ISM 1508 Privileged access to systems - 1508 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration AU_ISM 1508 AU_ISM_1508 AU ISM 1508 Privileged access to systems - 1508 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center AU_ISM 1508 AU_ISM_1508 AU ISM 1508 Privileged access to systems - 1508 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute AU_ISM 1511 AU_ISM_1511 AU ISM 1511 Performing backups - 1511 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring AU_ISM 1537 AU_ISM_1537 AU ISM 1537 Events to be logged - 1537 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL AU_ISM 1537 AU_ISM_1537 AU ISM 1537 Events to be logged - 1537 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL AU_ISM 1537 AU_ISM_1537 AU ISM 1537 Events to be logged - 1537 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration AU_ISM 1546 AU_ISM_1546 AU ISM 1546 Authenticating to systems - 1546 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration AU_ISM 1546 AU_ISM_1546 AU ISM 1546 Authenticating to systems - 1546 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric AU_ISM 1546 AU_ISM_1546 AU ISM 1546 Authenticating to systems - 1546 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration AU_ISM 1546 AU_ISM_1546 AU ISM 1546 Authenticating to systems - 1546 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage AU_ISM 1546 AU_ISM_1546 AU ISM 1546 Authenticating to systems - 1546 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration AU_ISM 1546 AU_ISM_1546 AU ISM 1546 Authenticating to systems - 1546 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration AU_ISM 1546 AU_ISM_1546 AU ISM 1546 Authenticating to systems - 1546 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache AU_ISM 1552 AU_ISM_1552 AU ISM 1552 Web application interactions - 1552 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service AU_ISM 1552 AU_ISM_1552 AU ISM 1552 Web application interactions - 1552 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service AU_ISM 1552 AU_ISM_1552 AU ISM 1552 Web application interactions - 1552 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center AU_ISM 380 AU_ISM_380 AU ISM 380 Operating system configuration - 380 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center AU_ISM 380 AU_ISM_380 AU ISM 380 Operating system configuration - 380 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration AU_ISM 415 AU_ISM_415 AU ISM 415 User identification - 415 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration AU_ISM 415 AU_ISM_415 AU ISM 415 User identification - 415 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration AU_ISM 415 AU_ISM_415 AU ISM 415 User identification - 415 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration AU_ISM 415 AU_ISM_415 AU ISM 415 User identification - 415 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration AU_ISM 421 AU_ISM_421 AU ISM 421 Single-factor authentication - 421 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration AU_ISM 421 AU_ISM_421 AU ISM 421 Single-factor authentication - 421 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration AU_ISM 421 AU_ISM_421 AU ISM 421 Single-factor authentication - 421 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration AU_ISM 421 AU_ISM_421 AU ISM 421 Single-factor authentication - 421 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center AU_ISM 430 AU_ISM_430 AU ISM 430 Suspension of access to systems - 430 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center AU_ISM 430 AU_ISM_430 AU ISM 430 Suspension of access to systems - 430 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center AU_ISM 441 AU_ISM_441 AU ISM 441 Temporary access to systems - 441 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center AU_ISM 441 AU_ISM_441 AU ISM 441 Temporary access to systems - 441 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center AU_ISM 441 AU_ISM_441 AU ISM 441 Temporary access to systems - 441 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center AU_ISM 441 AU_ISM_441 AU ISM 441 Temporary access to systems - 441 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration AU_ISM 445 AU_ISM_445 AU ISM 445 Privileged access to systems - 445 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration AU_ISM 445 AU_ISM_445 AU ISM 445 Privileged access to systems - 445 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration AU_ISM 445 AU_ISM_445 AU ISM 445 Privileged access to systems - 445 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration AU_ISM 445 AU_ISM_445 AU ISM 445 Privileged access to systems - 445 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage AU_ISM 520 AU_ISM_520 AU ISM 520 Network access controls - 520 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring AU_ISM 582 AU_ISM_582 AU ISM 582 Events to be logged - 582 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring AU_ISM 582 AU_ISM_582 AU ISM 582 Events to be logged - 582 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center AU_ISM 940 AU_ISM_940 AU ISM 940 When to patch security vulnerabilities - 940 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL AU_ISM 940 AU_ISM_940 AU ISM 940 When to patch security vulnerabilities - 940 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center AU_ISM 940 AU_ISM_940 AU ISM 940 When to patch security vulnerabilities - 940 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL AU_ISM 940 AU_ISM_940 AU ISM 940 When to patch security vulnerabilities - 940 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
fd4726f4-a5fc-4540-912d-67c96fc992d5 [Preview]: Automanage Configuration Profile Assignment should be Conformant Automanage Automanage Best Practices Automanage Best Practices 404 not found [Preview]: Audit configuration against Automanage Best Practices (c138fd1a-e08f-4318-9490-d11ef2c2f9c1)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center Azure Security Baseline Azure Security Baseline 404 not found [Preview]: Audit configuration against Automanage Best Practices (c138fd1a-e08f-4318-9490-d11ef2c2f9c1)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration Azure Security Baseline Azure Security Baseline 404 not found [Preview]: Audit configuration against Automanage Best Practices (c138fd1a-e08f-4318-9490-d11ef2c2f9c1)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration Azure Security Baseline Azure Security Baseline 404 not found [Preview]: Audit configuration against Automanage Best Practices (c138fd1a-e08f-4318-9490-d11ef2c2f9c1)
e4953962-5ae4-43eb-bb92-d66fd5563487 [Preview]: A managed identity should be enabled on your machines Automanage Azure Security Baseline Azure Security Baseline 404 not found [Preview]: Audit configuration against Automanage Best Practices (c138fd1a-e08f-4318-9490-d11ef2c2f9c1)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
f1776c76-f58c-4245-a8d0-2b207198dc8b Virtual networks should use specified virtual network gateway Network Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration Azure_Security_Benchmark_v1.0 1.11 Azure_Security_Benchmark_v1.0_1.11 Azure Security Benchmark 1.11 Use automated tools to monitor network resource configurations and detect changes [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Azure_Security_Benchmark_v1.0 1.11 Azure_Security_Benchmark_v1.0_1.11 Azure Security Benchmark 1.11 Use automated tools to monitor network resource configurations and detect changes [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration Azure_Security_Benchmark_v1.0 1.11 Azure_Security_Benchmark_v1.0_1.11 Azure Security Benchmark 1.11 Use automated tools to monitor network resource configurations and detect changes [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration Azure_Security_Benchmark_v1.0 1.11 Azure_Security_Benchmark_v1.0_1.11 Azure Security Benchmark 1.11 Use automated tools to monitor network resource configurations and detect changes [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration Azure_Security_Benchmark_v1.0 1.11 Azure_Security_Benchmark_v1.0_1.11 Azure Security Benchmark 1.11 Use automated tools to monitor network resource configurations and detect changes [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration Azure_Security_Benchmark_v1.0 1.11 Azure_Security_Benchmark_v1.0_1.11 Azure Security Benchmark 1.11 Use automated tools to monitor network resource configurations and detect changes [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration Azure_Security_Benchmark_v1.0 1.11 Azure_Security_Benchmark_v1.0_1.11 Azure Security Benchmark 1.11 Use automated tools to monitor network resource configurations and detect changes [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network Azure_Security_Benchmark_v1.0 1.2 Azure_Security_Benchmark_v1.0_1.2 Azure Security Benchmark 1.2 Monitor and log the configuration and traffic of Vnets, Subnets, and NICs [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Azure_Security_Benchmark_v1.0 1.3 Azure_Security_Benchmark_v1.0_1.3 Azure Security Benchmark 1.3 Protect critical web applications [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Azure_Security_Benchmark_v1.0 1.3 Azure_Security_Benchmark_v1.0_1.3 Azure Security Benchmark 1.3 Protect critical web applications [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service Azure_Security_Benchmark_v1.0 1.3 Azure_Security_Benchmark_v1.0_1.3 Azure Security Benchmark 1.3 Protect critical web applications [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service Azure_Security_Benchmark_v1.0 1.3 Azure_Security_Benchmark_v1.0_1.3 Azure Security Benchmark 1.3 Protect critical web applications [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service Azure_Security_Benchmark_v1.0 1.3 Azure_Security_Benchmark_v1.0_1.3 Azure Security Benchmark 1.3 Protect critical web applications [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center Azure_Security_Benchmark_v1.0 1.4 Azure_Security_Benchmark_v1.0_1.4 Azure Security Benchmark 1.4 Deny communications with known malicious IP addresses [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center Azure_Security_Benchmark_v1.0 1.4 Azure_Security_Benchmark_v1.0_1.4 Azure Security Benchmark 1.4 Deny communications with known malicious IP addresses [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network Azure_Security_Benchmark_v1.0 1.4 Azure_Security_Benchmark_v1.0_1.4 Azure Security Benchmark 1.4 Deny communications with known malicious IP addresses [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network Azure_Security_Benchmark_v1.0 1.5 Azure_Security_Benchmark_v1.0_1.5 Azure Security Benchmark 1.5 Record network packets and flow logs [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Azure_Security_Benchmark_v1.0 10.4 Azure_Security_Benchmark_v1.0_10.4 Azure Security Benchmark 10.4 Provide security incident contact details and configure alert notifications for security incidents [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring Azure_Security_Benchmark_v1.0 2.2 Azure_Security_Benchmark_v1.0_2.2 Azure Security Benchmark 2.2 Configure central security log management [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Azure_Security_Benchmark_v1.0 2.2 Azure_Security_Benchmark_v1.0_2.2 Azure Security Benchmark 2.2 Configure central security log management [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Azure_Security_Benchmark_v1.0 2.2 Azure_Security_Benchmark_v1.0_2.2 Azure Security Benchmark 2.2 Configure central security log management [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
6265018c-d7e2-432f-a75d-094d5f6f4465 Audit Windows machines on which the Log Analytics agent is not connected as expected Guest Configuration Azure_Security_Benchmark_v1.0 2.2 Azure_Security_Benchmark_v1.0_2.2 Azure Security Benchmark 2.2 Configure central security log management [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring Azure_Security_Benchmark_v1.0 2.2 Azure_Security_Benchmark_v1.0_2.2 Azure Security Benchmark 2.2 Configure central security log management [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
7c1b1214-f927-48bf-8882-84f0af6588b1 [Deprecated]: Resource logs in Virtual Machine Scale Sets should be enabled Compute Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Azure_Security_Benchmark_v1.0 2.4 Azure_Security_Benchmark_v1.0_2.4 Azure Security Benchmark 2.4 Collect security logs from operating systems [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
6265018c-d7e2-432f-a75d-094d5f6f4465 Audit Windows machines on which the Log Analytics agent is not connected as expected Guest Configuration Azure_Security_Benchmark_v1.0 2.4 Azure_Security_Benchmark_v1.0_2.4 Azure Security Benchmark 2.4 Collect security logs from operating systems [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Azure_Security_Benchmark_v1.0 2.4 Azure_Security_Benchmark_v1.0_2.4 Azure Security Benchmark 2.4 Collect security logs from operating systems [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL Azure_Security_Benchmark_v1.0 2.5 Azure_Security_Benchmark_v1.0_2.5 Azure Security Benchmark 2.5 Configure security log storage retention [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Azure_Security_Benchmark_v1.0 2.7 Azure_Security_Benchmark_v1.0_2.7 Azure Security Benchmark 2.7 Enable alerts for anomalous activity [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v1.0 2.7 Azure_Security_Benchmark_v1.0_2.7 Azure Security Benchmark 2.7 Enable alerts for anomalous activity [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Azure_Security_Benchmark_v1.0 2.8 Azure_Security_Benchmark_v1.0_2.8 Azure Security Benchmark 2.8 Centralize anti-malware logging [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v1.0 3.1 Azure_Security_Benchmark_v1.0_3.1 Azure Security Benchmark 3.1 Maintain an inventory of administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v1.0 3.1 Azure_Security_Benchmark_v1.0_3.1 Azure Security Benchmark 3.1 Maintain an inventory of administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center Azure_Security_Benchmark_v1.0 3.1 Azure_Security_Benchmark_v1.0_3.1 Azure Security Benchmark 3.1 Maintain an inventory of administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center Azure_Security_Benchmark_v1.0 3.1 Azure_Security_Benchmark_v1.0_3.1 Azure Security Benchmark 3.1 Maintain an inventory of administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v1.0 3.10 Azure_Security_Benchmark_v1.0_3.10 Azure Security Benchmark 3.10 Regularly review and reconcile user access [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v1.0 3.10 Azure_Security_Benchmark_v1.0_3.10 Azure Security Benchmark 3.10 Regularly review and reconcile user access [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v1.0 3.10 Azure_Security_Benchmark_v1.0_3.10 Azure Security Benchmark 3.10 Regularly review and reconcile user access [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v1.0 3.10 Azure_Security_Benchmark_v1.0_3.10 Azure Security Benchmark 3.10 Regularly review and reconcile user access [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v1.0 3.10 Azure_Security_Benchmark_v1.0_3.10 Azure Security Benchmark 3.10 Regularly review and reconcile user access [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration Azure_Security_Benchmark_v1.0 3.3 Azure_Security_Benchmark_v1.0_3.3 Azure Security Benchmark 3.3 Use dedicated administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration Azure_Security_Benchmark_v1.0 3.3 Azure_Security_Benchmark_v1.0_3.3 Azure Security Benchmark 3.3 Use dedicated administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center Azure_Security_Benchmark_v1.0 3.3 Azure_Security_Benchmark_v1.0_3.3 Azure Security Benchmark 3.3 Use dedicated administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center Azure_Security_Benchmark_v1.0 3.3 Azure_Security_Benchmark_v1.0_3.3 Azure Security Benchmark 3.3 Use dedicated administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration Azure_Security_Benchmark_v1.0 3.3 Azure_Security_Benchmark_v1.0_3.3 Azure Security Benchmark 3.3 Use dedicated administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 [Deprecated]: Accounts with read permissions on Azure resources should be MFA enabled Security Center Azure_Security_Benchmark_v1.0 3.5 Azure_Security_Benchmark_v1.0_3.5 Azure Security Benchmark 3.5 Use multi-factor authentication for all Microsoft Entra ID based access [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
e3e008c3-56b9-4133-8fd7-d3347377402a [Deprecated]: Accounts with owner permissions on Azure resources should be MFA enabled Security Center Azure_Security_Benchmark_v1.0 3.5 Azure_Security_Benchmark_v1.0_3.5 Azure Security Benchmark 3.5 Use multi-factor authentication for all Microsoft Entra ID based access [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
931e118d-50a1-4457-a5e4-78550e086c52 [Deprecated]: Accounts with write permissions on Azure resources should be MFA enabled Security Center Azure_Security_Benchmark_v1.0 3.5 Azure_Security_Benchmark_v1.0_3.5 Azure Security Benchmark 3.5 Use multi-factor authentication for all Microsoft Entra ID based access [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric Azure_Security_Benchmark_v1.0 3.9 Azure_Security_Benchmark_v1.0_3.9 Azure Security Benchmark 3.9 Use Microsoft Entra ID [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL Azure_Security_Benchmark_v1.0 3.9 Azure_Security_Benchmark_v1.0_3.9 Azure Security Benchmark 3.9 Use Microsoft Entra ID [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Azure_Security_Benchmark_v1.0 4.5 Azure_Security_Benchmark_v1.0_4.5 Azure Security Benchmark 4.5 Use an active discovery tool to identify sensitive data [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v1.0 4.5 Azure_Security_Benchmark_v1.0_4.5 Azure Security Benchmark 4.5 Use an active discovery tool to identify sensitive data [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center Azure_Security_Benchmark_v1.0 4.6 Azure_Security_Benchmark_v1.0_4.6 Azure Security Benchmark 4.6 Use Azure RBAC to control access to resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General Azure_Security_Benchmark_v1.0 4.6 Azure_Security_Benchmark_v1.0_4.6 Azure Security Benchmark 4.6 Use Azure RBAC to control access to resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
2c89a2e5-7285-40fe-afe0-ae8654b92fb2 [Deprecated]: Unattached disks should be encrypted Compute Azure_Security_Benchmark_v1.0 4.8 Azure_Security_Benchmark_v1.0_4.8 Azure Security Benchmark 4.8 Encrypt sensitive information at rest [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL Azure_Security_Benchmark_v1.0 4.8 Azure_Security_Benchmark_v1.0_4.8 Azure Security Benchmark 4.8 Encrypt sensitive information at rest [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0961003e-5a0a-4549-abde-af6a37f2724d [Deprecated]: Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources Security Center Azure_Security_Benchmark_v1.0 4.8 Azure_Security_Benchmark_v1.0_4.8 Azure Security Benchmark 4.8 Encrypt sensitive information at rest [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric Azure_Security_Benchmark_v1.0 4.8 Azure_Security_Benchmark_v1.0_4.8 Azure Security Benchmark 4.8 Encrypt sensitive information at rest [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL Azure_Security_Benchmark_v1.0 4.8 Azure_Security_Benchmark_v1.0_4.8 Azure Security Benchmark 4.8 Encrypt sensitive information at rest [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL Azure_Security_Benchmark_v1.0 4.8 Azure_Security_Benchmark_v1.0_4.8 Azure Security Benchmark 4.8 Encrypt sensitive information at rest [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation Azure_Security_Benchmark_v1.0 4.8 Azure_Security_Benchmark_v1.0_4.8 Azure Security Benchmark 4.8 Encrypt sensitive information at rest [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring Azure_Security_Benchmark_v1.0 4.9 Azure_Security_Benchmark_v1.0_4.9 Azure Security Benchmark 4.9 Log and alert on changes to critical Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Azure_Security_Benchmark_v1.0 5.1 Azure_Security_Benchmark_v1.0_5.1 Azure Security Benchmark 5.1 Run automated vulnerability scanning tools [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Azure_Security_Benchmark_v1.0 5.1 Azure_Security_Benchmark_v1.0_5.1 Azure Security Benchmark 5.1 Run automated vulnerability scanning tools [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Azure_Security_Benchmark_v1.0 5.1 Azure_Security_Benchmark_v1.0_5.1 Azure Security Benchmark 5.1 Run automated vulnerability scanning tools [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Azure_Security_Benchmark_v1.0 5.3 Azure_Security_Benchmark_v1.0_5.3 Azure Security Benchmark 5.3 Deploy automated third-party software patch management solution [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center Azure_Security_Benchmark_v1.0 5.5 Azure_Security_Benchmark_v1.0_5.5 Azure Security Benchmark 5.5 Use a risk-rating process to prioritize the remediation of discovered vulnerabilities [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage Azure_Security_Benchmark_v1.0 6.9 Azure_Security_Benchmark_v1.0_6.9 Azure Security Benchmark 6.9 Use only approved Azure services [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute Azure_Security_Benchmark_v1.0 6.9 Azure_Security_Benchmark_v1.0_6.9 Azure Security Benchmark 6.9 Use only approved Azure services [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault Azure_Security_Benchmark_v1.0 7.11 Azure_Security_Benchmark_v1.0_7.11 Azure Security Benchmark 7.11 Manage Azure secrets securely [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service Azure_Security_Benchmark_v1.0 7.12 Azure_Security_Benchmark_v1.0_7.12 Azure Security Benchmark 7.12 Manage identities securely and automatically [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service Azure_Security_Benchmark_v1.0 7.12 Azure_Security_Benchmark_v1.0_7.12 Azure Security Benchmark 7.12 Manage identities securely and automatically [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Azure_Security_Benchmark_v1.0 8.3 Azure_Security_Benchmark_v1.0_8.3 Azure Security Benchmark 8.3 Ensure anti-malware software and signatures are updated [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup Azure_Security_Benchmark_v1.0 9.1 Azure_Security_Benchmark_v1.0_9.1 Azure Security Benchmark 9.1 Ensure regular automated back ups [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL Azure_Security_Benchmark_v1.0 9.1 Azure_Security_Benchmark_v1.0_9.1 Azure Security Benchmark 9.1 Ensure regular automated back ups [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Azure_Security_Benchmark_v1.0 9.1 Azure_Security_Benchmark_v1.0_9.1 Azure Security Benchmark 9.1 Ensure regular automated back ups [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Azure_Security_Benchmark_v1.0 9.1 Azure_Security_Benchmark_v1.0_9.1 Azure Security Benchmark 9.1 Ensure regular automated back ups [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Azure_Security_Benchmark_v1.0 9.1 Azure_Security_Benchmark_v1.0_9.1 Azure Security Benchmark 9.1 Ensure regular automated back ups [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Azure_Security_Benchmark_v1.0 9.2 Azure_Security_Benchmark_v1.0_9.2 Azure Security Benchmark 9.2 Perform complete system backups and backup any customer managed keys [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Azure_Security_Benchmark_v1.0 9.2 Azure_Security_Benchmark_v1.0_9.2 Azure Security Benchmark 9.2 Perform complete system backups and backup any customer managed keys [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Azure_Security_Benchmark_v1.0 9.2 Azure_Security_Benchmark_v1.0_9.2 Azure Security Benchmark 9.2 Perform complete system backups and backup any customer managed keys [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL Azure_Security_Benchmark_v1.0 9.2 Azure_Security_Benchmark_v1.0_9.2 Azure Security Benchmark 9.2 Perform complete system backups and backup any customer managed keys [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup Azure_Security_Benchmark_v1.0 9.2 Azure_Security_Benchmark_v1.0_9.2 Azure Security Benchmark 9.2 Perform complete system backups and backup any customer managed keys [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault Azure_Security_Benchmark_v1.0 9.4 Azure_Security_Benchmark_v1.0_9.4 Azure Security Benchmark 9.4 Ensure protection of backups and customer managed keys [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage Azure_Security_Benchmark_v2.0 AM-3 Azure_Security_Benchmark_v2.0_AM-3 Azure Security Benchmark AM-3 Use only approved Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute Azure_Security_Benchmark_v2.0 AM-3 Azure_Security_Benchmark_v2.0_AM-3 Azure Security Benchmark AM-3 Use only approved Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Azure_Security_Benchmark_v2.0 BR-1 Azure_Security_Benchmark_v2.0_BR-1 Azure Security Benchmark BR-1 Ensure regular automated backups [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Azure_Security_Benchmark_v2.0 BR-1 Azure_Security_Benchmark_v2.0_BR-1 Azure Security Benchmark BR-1 Ensure regular automated backups [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Azure_Security_Benchmark_v2.0 BR-1 Azure_Security_Benchmark_v2.0_BR-1 Azure Security Benchmark BR-1 Ensure regular automated backups [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL Azure_Security_Benchmark_v2.0 BR-1 Azure_Security_Benchmark_v2.0_BR-1 Azure Security Benchmark BR-1 Ensure regular automated backups [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup Azure_Security_Benchmark_v2.0 BR-1 Azure_Security_Benchmark_v2.0_BR-1 Azure Security Benchmark BR-1 Ensure regular automated backups [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Azure_Security_Benchmark_v2.0 BR-2 Azure_Security_Benchmark_v2.0_BR-2 Azure Security Benchmark BR-2 Encrypt backup data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Azure_Security_Benchmark_v2.0 BR-2 Azure_Security_Benchmark_v2.0_BR-2 Azure Security Benchmark BR-2 Encrypt backup data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Azure_Security_Benchmark_v2.0 BR-2 Azure_Security_Benchmark_v2.0_BR-2 Azure Security Benchmark BR-2 Encrypt backup data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup Azure_Security_Benchmark_v2.0 BR-2 Azure_Security_Benchmark_v2.0_BR-2 Azure Security Benchmark BR-2 Encrypt backup data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL Azure_Security_Benchmark_v2.0 BR-2 Azure_Security_Benchmark_v2.0_BR-2 Azure Security Benchmark BR-2 Encrypt backup data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault Azure_Security_Benchmark_v2.0 BR-4 Azure_Security_Benchmark_v2.0_BR-4 Azure Security Benchmark BR-4 Mitigate risk of lost keys [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault Azure_Security_Benchmark_v2.0 BR-4 Azure_Security_Benchmark_v2.0_BR-4 Azure Security Benchmark BR-4 Mitigate risk of lost keys [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0961003e-5a0a-4549-abde-af6a37f2724d [Deprecated]: Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources Security Center Azure_Security_Benchmark_v2.0 DP-2 Azure_Security_Benchmark_v2.0_DP-2 Azure Security Benchmark DP-2 Protect sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL Azure_Security_Benchmark_v2.0 DP-2 Azure_Security_Benchmark_v2.0_DP-2 Azure Security Benchmark DP-2 Protect sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Azure_Security_Benchmark_v2.0 DP-2 Azure_Security_Benchmark_v2.0_DP-2 Azure Security Benchmark DP-2 Protect sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v2.0 DP-2 Azure_Security_Benchmark_v2.0_DP-2 Azure Security Benchmark DP-2 Protect sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v2.0 DP-2 Azure_Security_Benchmark_v2.0_DP-2 Azure Security Benchmark DP-2 Protect sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v2.0 DP-2 Azure_Security_Benchmark_v2.0_DP-2 Azure Security Benchmark DP-2 Protect sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v2.0 DP-3 Azure_Security_Benchmark_v2.0_DP-3 Azure Security Benchmark DP-3 Monitor for unauthorized transfer of sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v2.0 DP-3 Azure_Security_Benchmark_v2.0_DP-3 Azure Security Benchmark DP-3 Monitor for unauthorized transfer of sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v2.0 DP-3 Azure_Security_Benchmark_v2.0_DP-3 Azure Security Benchmark DP-3 Monitor for unauthorized transfer of sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Azure AI Services resources should encrypt data at rest with a customer-managed key (CMK) Cognitive Services Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0961003e-5a0a-4549-abde-af6a37f2724d [Deprecated]: Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources Security Center Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Azure_Security_Benchmark_v2.0 ES-1 Azure_Security_Benchmark_v2.0_ES-1 Azure Security Benchmark ES-1 Use Endpoint Detection and Response (EDR) [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration Azure_Security_Benchmark_v2.0 ES-2 Azure_Security_Benchmark_v2.0_ES-2 Azure Security Benchmark ES-2 Use centrally managed modern anti-malware software [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
af6cd1bd-1635-48cb-bde7-5b15693900b9 [Deprecated]: Monitor missing Endpoint Protection in Azure Security Center Security Center Azure_Security_Benchmark_v2.0 ES-2 Azure_Security_Benchmark_v2.0_ES-2 Azure Security Benchmark ES-2 Use centrally managed modern anti-malware software [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
26a828e1-e88f-464e-bbb3-c134a282b9de [Deprecated]: Endpoint protection solution should be installed on virtual machine scale sets Security Center Azure_Security_Benchmark_v2.0 ES-2 Azure_Security_Benchmark_v2.0_ES-2 Azure Security Benchmark ES-2 Use centrally managed modern anti-malware software [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
26a828e1-e88f-464e-bbb3-c134a282b9de [Deprecated]: Endpoint protection solution should be installed on virtual machine scale sets Security Center Azure_Security_Benchmark_v2.0 ES-3 Azure_Security_Benchmark_v2.0_ES-3 Azure Security Benchmark ES-3 Ensure anti-malware software and signatures are updated [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
af6cd1bd-1635-48cb-bde7-5b15693900b9 [Deprecated]: Monitor missing Endpoint Protection in Azure Security Center Security Center Azure_Security_Benchmark_v2.0 ES-3 Azure_Security_Benchmark_v2.0_ES-3 Azure Security Benchmark ES-3 Ensure anti-malware software and signatures are updated [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL Azure_Security_Benchmark_v2.0 IM-1 Azure_Security_Benchmark_v2.0_IM-1 Azure Security Benchmark IM-1 Standardize Microsoft Entra ID as the central identity and authentication system [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric Azure_Security_Benchmark_v2.0 IM-1 Azure_Security_Benchmark_v2.0_IM-1 Azure Security Benchmark IM-1 Standardize Microsoft Entra ID as the central identity and authentication system [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service Azure_Security_Benchmark_v2.0 IM-1 Azure_Security_Benchmark_v2.0_IM-1 Azure Security Benchmark IM-1 Standardize Microsoft Entra ID as the central identity and authentication system [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service Azure_Security_Benchmark_v2.0 IM-1 Azure_Security_Benchmark_v2.0_IM-1 Azure Security Benchmark IM-1 Standardize Microsoft Entra ID as the central identity and authentication system [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service Azure_Security_Benchmark_v2.0 IM-2 Azure_Security_Benchmark_v2.0_IM-2 Azure Security Benchmark IM-2 Manage application identities securely and automatically [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service Azure_Security_Benchmark_v2.0 IM-2 Azure_Security_Benchmark_v2.0_IM-2 Azure Security Benchmark IM-2 Manage application identities securely and automatically [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
931e118d-50a1-4457-a5e4-78550e086c52 [Deprecated]: Accounts with write permissions on Azure resources should be MFA enabled Security Center Azure_Security_Benchmark_v2.0 IM-4 Azure_Security_Benchmark_v2.0_IM-4 Azure Security Benchmark IM-4 Use strong authentication controls for all Microsoft Entra ID based access [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e3e008c3-56b9-4133-8fd7-d3347377402a [Deprecated]: Accounts with owner permissions on Azure resources should be MFA enabled Security Center Azure_Security_Benchmark_v2.0 IM-4 Azure_Security_Benchmark_v2.0_IM-4 Azure Security Benchmark IM-4 Use strong authentication controls for all Microsoft Entra ID based access [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 [Deprecated]: Accounts with read permissions on Azure resources should be MFA enabled Security Center Azure_Security_Benchmark_v2.0 IM-4 Azure_Security_Benchmark_v2.0_IM-4 Azure Security Benchmark IM-4 Use strong authentication controls for all Microsoft Entra ID based access [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-2 Azure_Security_Benchmark_v2.0_IR-2 Azure Security Benchmark IR-2 Preparation - setup incident notification [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-2 Azure_Security_Benchmark_v2.0_IR-2 Azure Security Benchmark IR-2 Preparation - setup incident notification [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Azure_Security_Benchmark_v2.0 IR-2 Azure_Security_Benchmark_v2.0_IR-2 Azure Security Benchmark IR-2 Preparation - setup incident notification [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
523b5cd1-3e23-492f-a539-13118b6d1e3a [Deprecated]: Azure Defender for Kubernetes should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
c25d9a16-bc35-4e15-a7e5-9db606bf9ed4 [Deprecated]: Azure Defender for container registries should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
523b5cd1-3e23-492f-a539-13118b6d1e3a [Deprecated]: Azure Defender for Kubernetes should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
c25d9a16-bc35-4e15-a7e5-9db606bf9ed4 [Deprecated]: Azure Defender for container registries should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
c25d9a16-bc35-4e15-a7e5-9db606bf9ed4 [Deprecated]: Azure Defender for container registries should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
523b5cd1-3e23-492f-a539-13118b6d1e3a [Deprecated]: Azure Defender for Kubernetes should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
c25d9a16-bc35-4e15-a7e5-9db606bf9ed4 [Deprecated]: Azure Defender for container registries should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
523b5cd1-3e23-492f-a539-13118b6d1e3a [Deprecated]: Azure Defender for Kubernetes should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring Azure_Security_Benchmark_v2.0 LT-3 Azure_Security_Benchmark_v2.0_LT-3 Azure Security Benchmark LT-3 Enable logging for Azure network activities [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring Azure_Security_Benchmark_v2.0 LT-3 Azure_Security_Benchmark_v2.0_LT-3 Azure Security Benchmark LT-3 Enable logging for Azure network activities [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network Azure_Security_Benchmark_v2.0 LT-3 Azure_Security_Benchmark_v2.0_LT-3 Azure Security Benchmark LT-3 Enable logging for Azure network activities [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7c1b1214-f927-48bf-8882-84f0af6588b1 [Deprecated]: Resource logs in Virtual Machine Scale Sets should be enabled Compute Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring Azure_Security_Benchmark_v2.0 LT-5 Azure_Security_Benchmark_v2.0_LT-5 Azure Security Benchmark LT-5 Centralize security log management and analysis [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring Azure_Security_Benchmark_v2.0 LT-5 Azure_Security_Benchmark_v2.0_LT-5 Azure Security Benchmark LT-5 Centralize security log management and analysis [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7d092e0a-7acd-40d2-a975-dca21cae48c4 [Deprecated]: Azure Cache for Redis should reside within a virtual network Cache Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e372f825-a257-4fb8-9175-797a8a8627d6 [Deprecated]: RDP access from the Internet should be blocked Network Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2c89a2e5-7285-40fe-afe0-ae8654b92fab [Deprecated]: SSH access from the Internet should be blocked Network Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network Azure_Security_Benchmark_v2.0 NS-5 Azure_Security_Benchmark_v2.0_NS-5 Azure Security Benchmark NS-5 Deploy intrusion detection/intrusion prevention systems (IDS/IPS) [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center Azure_Security_Benchmark_v2.0 PA-1 Azure_Security_Benchmark_v2.0_PA-1 Azure Security Benchmark PA-1 Protect and limit highly privileged users [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v2.0 PA-1 Azure_Security_Benchmark_v2.0_PA-1 Azure Security Benchmark PA-1 Protect and limit highly privileged users [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v2.0 PA-1 Azure_Security_Benchmark_v2.0_PA-1 Azure Security Benchmark PA-1 Protect and limit highly privileged users [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center Azure_Security_Benchmark_v2.0 PA-1 Azure_Security_Benchmark_v2.0_PA-1 Azure Security Benchmark PA-1 Protect and limit highly privileged users [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v2.0 PA-3 Azure_Security_Benchmark_v2.0_PA-3 Azure Security Benchmark PA-3 Review and reconcile user access regularly [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v2.0 PA-3 Azure_Security_Benchmark_v2.0_PA-3 Azure Security Benchmark PA-3 Review and reconcile user access regularly [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v2.0 PA-3 Azure_Security_Benchmark_v2.0_PA-3 Azure Security Benchmark PA-3 Review and reconcile user access regularly [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v2.0 PA-3 Azure_Security_Benchmark_v2.0_PA-3 Azure Security Benchmark PA-3 Review and reconcile user access regularly [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v2.0 PA-3 Azure_Security_Benchmark_v2.0_PA-3 Azure Security Benchmark PA-3 Review and reconcile user access regularly [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center Azure_Security_Benchmark_v2.0 PA-7 Azure_Security_Benchmark_v2.0_PA-7 Azure Security Benchmark PA-7 Follow just enough administration (least privilege principle) [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9 [Deprecated]: Custom subscription owner roles should not exist General Azure_Security_Benchmark_v2.0 PA-7 Azure_Security_Benchmark_v2.0_PA-7 Azure Security Benchmark PA-7 Follow just enough administration (least privilege principle) [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General Azure_Security_Benchmark_v2.0 PA-7 Azure_Security_Benchmark_v2.0_PA-7 Azure Security Benchmark PA-7 Follow just enough administration (least privilege principle) [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Azure_Security_Benchmark_v2.0 PV-6 Azure_Security_Benchmark_v2.0_PV-6 Azure Security Benchmark PV-6 Perform software vulnerability assessments [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Azure_Security_Benchmark_v2.0 PV-6 Azure_Security_Benchmark_v2.0_PV-6 Azure Security Benchmark PV-6 Perform software vulnerability assessments [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center Azure_Security_Benchmark_v2.0 PV-6 Azure_Security_Benchmark_v2.0_PV-6 Azure Security Benchmark PV-6 Perform software vulnerability assessments [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
5f0f936f-2f01-4bf5-b6be-d423792fa562 [Deprecated]: Azure registry container images should have vulnerabilities resolved (powered by Qualys) Security Center Azure_Security_Benchmark_v2.0 PV-6 Azure_Security_Benchmark_v2.0_PV-6 Azure Security Benchmark PV-6 Perform software vulnerability assessments [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Azure_Security_Benchmark_v2.0 PV-6 Azure_Security_Benchmark_v2.0_PV-6 Azure Security Benchmark PV-6 Perform software vulnerability assessments [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Azure_Security_Benchmark_v2.0 PV-7 Azure_Security_Benchmark_v2.0_PV-7 Azure Security Benchmark PV-7 Rapidly and automatically remediate software vulnerabilities [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
86b3d65f-7626-441e-b690-81a8b71cff60 [Deprecated]: System updates should be installed on your machines Security Center Azure_Security_Benchmark_v2.0 PV-7 Azure_Security_Benchmark_v2.0_PV-7 Azure Security Benchmark PV-7 Rapidly and automatically remediate software vulnerabilities [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage Azure_Security_Benchmark_v3.0 AM-2 Azure_Security_Benchmark_v3.0_AM-2 Microsoft cloud security benchmark AM-2 Use only approved services Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute Azure_Security_Benchmark_v3.0 AM-2 Azure_Security_Benchmark_v3.0_AM-2 Microsoft cloud security benchmark AM-2 Use only approved services Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1dc2fc00-2245-4143-99f4-874c937f13ef Azure API Management platform version should be stv2 API Management Azure_Security_Benchmark_v3.0 AM-2 Azure_Security_Benchmark_v3.0_AM-2 Microsoft cloud security benchmark AM-2 Use only approved services Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c8acafaf-3d23-44d1-9624-978ef0f8652c API endpoints that are unused should be disabled and removed from the Azure API Management service Security Center Azure_Security_Benchmark_v3.0 AM-3 Azure_Security_Benchmark_v3.0_AM-3 Microsoft cloud security benchmark AM-3 Ensure security of asset lifecycle management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup Azure_Security_Benchmark_v3.0 BR-1 Azure_Security_Benchmark_v3.0_BR-1 Microsoft cloud security benchmark BR-1 Ensure regular automated backups Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL Azure_Security_Benchmark_v3.0 BR-1 Azure_Security_Benchmark_v3.0_BR-1 Microsoft cloud security benchmark BR-1 Ensure regular automated backups Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Azure_Security_Benchmark_v3.0 BR-1 Azure_Security_Benchmark_v3.0_BR-1 Microsoft cloud security benchmark BR-1 Ensure regular automated backups Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Azure_Security_Benchmark_v3.0 BR-1 Azure_Security_Benchmark_v3.0_BR-1 Microsoft cloud security benchmark BR-1 Ensure regular automated backups Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup Azure_Security_Benchmark_v3.0 BR-2 Azure_Security_Benchmark_v3.0_BR-2 Microsoft cloud security benchmark BR-2 Protect backup and recovery data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Azure_Security_Benchmark_v3.0 BR-2 Azure_Security_Benchmark_v3.0_BR-2 Microsoft cloud security benchmark BR-2 Protect backup and recovery data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL Azure_Security_Benchmark_v3.0 BR-2 Azure_Security_Benchmark_v3.0_BR-2 Microsoft cloud security benchmark BR-2 Protect backup and recovery data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Azure_Security_Benchmark_v3.0 BR-2 Azure_Security_Benchmark_v3.0_BR-2 Microsoft cloud security benchmark BR-2 Protect backup and recovery data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Azure_Security_Benchmark_v3.0 DP-1 Azure_Security_Benchmark_v3.0_DP-1 Microsoft cloud security benchmark DP-1 Discover, classify, and label sensitive data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v3.0 DP-2 Azure_Security_Benchmark_v3.0_DP-2 Microsoft cloud security benchmark DP-2 Monitor anomalies and threats targeting sensitive data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v3.0 DP-2 Azure_Security_Benchmark_v3.0_DP-2 Microsoft cloud security benchmark DP-2 Monitor anomalies and threats targeting sensitive data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Azure_Security_Benchmark_v3.0 DP-2 Azure_Security_Benchmark_v3.0_DP-2 Microsoft cloud security benchmark DP-2 Monitor anomalies and threats targeting sensitive data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center Azure_Security_Benchmark_v3.0 DP-2 Azure_Security_Benchmark_v3.0_DP-2 Microsoft cloud security benchmark DP-2 Monitor anomalies and threats targeting sensitive data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v3.0 DP-2 Azure_Security_Benchmark_v3.0_DP-2 Microsoft cloud security benchmark DP-2 Monitor anomalies and threats targeting sensitive data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Azure_Security_Benchmark_v3.0 DP-2 Azure_Security_Benchmark_v3.0_DP-2 Microsoft cloud security benchmark DP-2 Monitor anomalies and threats targeting sensitive data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
36f0d6bc-a253-4df8-b25b-c3a5023ff443 [Preview]: Host and VM networking should be protected on Azure Stack HCI systems Stack HCI Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ee7495e7-3ba7-40b6-bfee-c29e22cc75d4 API Management APIs should use only encrypted protocols API Management Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ca88aadc-6e2b-416c-9de2-5a0f01d1693f Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ee8ca833-1583-4d24-837e-96c2af9488a4 [Preview]: Azure Stack HCI systems should have encrypted volumes Stack HCI Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Azure AI Services resources should encrypt data at rest with a customer-managed key (CMK) Cognitive Services Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault Azure_Security_Benchmark_v3.0 DP-6 Azure_Security_Benchmark_v3.0_DP-6 Microsoft cloud security benchmark DP-6 Use a secure key management process Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault Azure_Security_Benchmark_v3.0 DP-6 Azure_Security_Benchmark_v3.0_DP-6 Microsoft cloud security benchmark DP-6 Use a secure key management process Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f1cc7827-022c-473e-836e-5a51cae0b249 API Management secret named values should be stored in Azure Key Vault API Management Azure_Security_Benchmark_v3.0 DP-6 Azure_Security_Benchmark_v3.0_DP-6 Microsoft cloud security benchmark DP-6 Use a secure key management process Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault Azure_Security_Benchmark_v3.0 DP-7 Azure_Security_Benchmark_v3.0_DP-7 Microsoft cloud security benchmark DP-7 Use a secure certificate management process Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault Azure_Security_Benchmark_v3.0 DP-8 Azure_Security_Benchmark_v3.0_DP-8 Microsoft cloud security benchmark DP-8 Ensure security of key and certificate repository Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault Azure_Security_Benchmark_v3.0 DP-8 Azure_Security_Benchmark_v3.0_DP-8 Microsoft cloud security benchmark DP-8 Ensure security of key and certificate repository Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault Azure_Security_Benchmark_v3.0 DP-8 Azure_Security_Benchmark_v3.0_DP-8 Microsoft cloud security benchmark DP-8 Ensure security of key and certificate repository Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Azure_Security_Benchmark_v3.0 DP-8 Azure_Security_Benchmark_v3.0_DP-8 Microsoft cloud security benchmark DP-8 Ensure security of key and certificate repository Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault Azure_Security_Benchmark_v3.0 DP-8 Azure_Security_Benchmark_v3.0_DP-8 Microsoft cloud security benchmark DP-8 Ensure security of key and certificate repository Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault Azure_Security_Benchmark_v3.0 DP-8 Azure_Security_Benchmark_v3.0_DP-8 Microsoft cloud security benchmark DP-8 Ensure security of key and certificate repository Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Azure_Security_Benchmark_v3.0 DS-6 Azure_Security_Benchmark_v3.0_DS-6 Microsoft cloud security benchmark DS-6 Enforce security of workload throughout DevOps lifecycle Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Azure_Security_Benchmark_v3.0 DS-6 Azure_Security_Benchmark_v3.0_DS-6 Microsoft cloud security benchmark DS-6 Enforce security of workload throughout DevOps lifecycle Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Azure_Security_Benchmark_v3.0 ES-1 Azure_Security_Benchmark_v3.0_ES-1 Microsoft cloud security benchmark ES-1 Use Endpoint Detection and Response (EDR) Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration Azure_Security_Benchmark_v3.0 ES-2 Azure_Security_Benchmark_v3.0_ES-2 Microsoft cloud security benchmark ES-2 Use modern anti-malware software Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6ea81a52-5ca7-4575-9669-eaa910b7edf8 Synapse Workspaces should have Microsoft Entra-only authentication enabled Synapse Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b3a22bc9-66de-45fb-98fa-00f5df42f41a Azure SQL Database should have Microsoft Entra-only authentication enabled SQL Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0c28c3fb-c244-42d5-a9bf-f35f2999577b Azure SQL Managed Instance should have Microsoft Entra-only authentication enabled SQL Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center Azure_Security_Benchmark_v3.0 IM-3 Azure_Security_Benchmark_v3.0_IM-3 Microsoft cloud security benchmark IM-3 Manage application identities securely and automatically Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service Azure_Security_Benchmark_v3.0 IM-3 Azure_Security_Benchmark_v3.0_IM-3 Microsoft cloud security benchmark IM-3 Manage application identities securely and automatically Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service Azure_Security_Benchmark_v3.0 IM-3 Azure_Security_Benchmark_v3.0_IM-3 Microsoft cloud security benchmark IM-3 Manage application identities securely and automatically Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center Azure_Security_Benchmark_v3.0 IM-4 Azure_Security_Benchmark_v3.0_IM-4 Microsoft cloud security benchmark IM-4 Authenticate server and services Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c15dcc82-b93c-4dcb-9332-fbf121685b54 API Management calls to API backends should be authenticated API Management Azure_Security_Benchmark_v3.0 IM-4 Azure_Security_Benchmark_v3.0_IM-4 Microsoft cloud security benchmark IM-4 Authenticate server and services Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
92bb331d-ac71-416a-8c91-02f2cb734ce4 API Management calls to API backends should not bypass certificate thumbprint or name validation API Management Azure_Security_Benchmark_v3.0 IM-4 Azure_Security_Benchmark_v3.0_IM-4 Microsoft cloud security benchmark IM-4 Authenticate server and services Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL Azure_Security_Benchmark_v3.0 IM-4 Azure_Security_Benchmark_v3.0_IM-4 Microsoft cloud security benchmark IM-4 Authenticate server and services Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration Azure_Security_Benchmark_v3.0 IM-6 Azure_Security_Benchmark_v3.0_IM-6 Microsoft cloud security benchmark IM-6 Use strong authentication controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management Azure_Security_Benchmark_v3.0 IM-8 Azure_Security_Benchmark_v3.0_IM-8 Microsoft cloud security benchmark IM-8 Restrict the exposure of credential and secrets Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f1cc7827-022c-473e-836e-5a51cae0b249 API Management secret named values should be stored in Azure Key Vault API Management Azure_Security_Benchmark_v3.0 IM-8 Azure_Security_Benchmark_v3.0_IM-8 Microsoft cloud security benchmark IM-8 Restrict the exposure of credential and secrets Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Azure_Security_Benchmark_v3.0 IM-8 Azure_Security_Benchmark_v3.0_IM-8 Microsoft cloud security benchmark IM-8 Restrict the exposure of credential and secrets Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Azure_Security_Benchmark_v3.0 IR-2 Azure_Security_Benchmark_v3.0_IR-2 Microsoft cloud security benchmark IR-2 Preparation - setup incident notification Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-2 Azure_Security_Benchmark_v3.0_IR-2 Microsoft cloud security benchmark IR-2 Preparation - setup incident notification Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-2 Azure_Security_Benchmark_v3.0_IR-2 Microsoft cloud security benchmark IR-2 Preparation - setup incident notification Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
938c4981-c2c9-4168-9cd6-972b8675f906 Microsoft Defender for SQL status should be protected for Arc-enabled SQL Servers Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c6283572-73bb-4deb-bf2c-7a2b8f7462cb SQL server-targeted autoprovisioning should be enabled for SQL servers on machines plan Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network Azure_Security_Benchmark_v3.0 IR-4 Azure_Security_Benchmark_v3.0_IR-4 Microsoft cloud security benchmark IR-4 Detection and analysis - investigate an incident Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
938c4981-c2c9-4168-9cd6-972b8675f906 Microsoft Defender for SQL status should be protected for Arc-enabled SQL Servers Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c6283572-73bb-4deb-bf2c-7a2b8f7462cb SQL server-targeted autoprovisioning should be enabled for SQL servers on machines plan Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c6283572-73bb-4deb-bf2c-7a2b8f7462cb SQL server-targeted autoprovisioning should be enabled for SQL servers on machines plan Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
938c4981-c2c9-4168-9cd6-972b8675f906 Microsoft Defender for SQL status should be protected for Arc-enabled SQL Servers Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
938c4981-c2c9-4168-9cd6-972b8675f906 Microsoft Defender for SQL status should be protected for Arc-enabled SQL Servers Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c6283572-73bb-4deb-bf2c-7a2b8f7462cb SQL server-targeted autoprovisioning should be enabled for SQL servers on machines plan Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1b4d1c4e-934c-4703-944c-27c82c06bebb Diagnostic logs in Azure AI services resources should be enabled Azure Ai Services Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
138ff14d-b687-4faa-a81c-898c91a87fa2 Resource logs in Azure Databricks Workspaces should be enabled Azure Databricks Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring Azure_Security_Benchmark_v3.0 LT-4 Azure_Security_Benchmark_v3.0_LT-4 Microsoft cloud security benchmark LT-4 Enable network logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring Azure_Security_Benchmark_v3.0 LT-4 Azure_Security_Benchmark_v3.0_LT-4 Microsoft cloud security benchmark LT-4 Enable network logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring Azure_Security_Benchmark_v3.0 LT-5 Azure_Security_Benchmark_v3.0_LT-5 Microsoft cloud security benchmark LT-5 Centralize security log management and analysis Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring Azure_Security_Benchmark_v3.0 LT-5 Azure_Security_Benchmark_v3.0_LT-5 Microsoft cloud security benchmark LT-5 Centralize security log management and analysis Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL Azure_Security_Benchmark_v3.0 LT-6 Azure_Security_Benchmark_v3.0_LT-6 Microsoft cloud security benchmark LT-6 Configure log storage retention Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center Azure_Security_Benchmark_v3.0 NS-1 Azure_Security_Benchmark_v3.0_NS-1 Microsoft cloud security benchmark NS-1 Establish network segmentation boundaries Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center Azure_Security_Benchmark_v3.0 NS-1 Azure_Security_Benchmark_v3.0_NS-1 Microsoft cloud security benchmark NS-1 Establish network segmentation boundaries Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center Azure_Security_Benchmark_v3.0 NS-1 Azure_Security_Benchmark_v3.0_NS-1 Microsoft cloud security benchmark NS-1 Establish network segmentation boundaries Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Azure_Security_Benchmark_v3.0 NS-1 Azure_Security_Benchmark_v3.0_NS-1 Microsoft cloud security benchmark NS-1 Establish network segmentation boundaries Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
9c25c9e4-ee12-4882-afd2-11fb9d87893f Azure Databricks Workspaces should be in a virtual network Azure Databricks Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
51c1490f-3319-459c-bbbc-7f391bbed753 Azure Databricks Clusters should disable public IP Azure Databricks Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0e7849de-b939-4c50-ab48-fc6b0f5eeba2 Azure Databricks Workspaces should disable public network access Azure Databricks Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
258823f2-4595-4b52-b333-cc96192710d8 Azure Databricks Workspaces should use private link Azure Databricks Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center Azure_Security_Benchmark_v3.0 NS-3 Azure_Security_Benchmark_v3.0_NS-3 Microsoft cloud security benchmark NS-3 Deploy firewall at the edge of enterprise network Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center Azure_Security_Benchmark_v3.0 NS-3 Azure_Security_Benchmark_v3.0_NS-3 Microsoft cloud security benchmark NS-3 Deploy firewall at the edge of enterprise network Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center Azure_Security_Benchmark_v3.0 NS-3 Azure_Security_Benchmark_v3.0_NS-3 Microsoft cloud security benchmark NS-3 Deploy firewall at the edge of enterprise network Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network Azure_Security_Benchmark_v3.0 NS-3 Azure_Security_Benchmark_v3.0_NS-3 Microsoft cloud security benchmark NS-3 Deploy firewall at the edge of enterprise network Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center Azure_Security_Benchmark_v3.0 NS-5 Azure_Security_Benchmark_v3.0_NS-5 Microsoft cloud security benchmark NS-5 Deploy DDOS protection Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network Azure_Security_Benchmark_v3.0 NS-6 Azure_Security_Benchmark_v3.0_NS-6 Microsoft cloud security benchmark NS-6 Deploy web application firewall Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Azure_Security_Benchmark_v3.0 NS-6 Azure_Security_Benchmark_v3.0_NS-6 Microsoft cloud security benchmark NS-6 Deploy web application firewall Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service Azure_Security_Benchmark_v3.0 NS-8 Azure_Security_Benchmark_v3.0_NS-8 Microsoft cloud security benchmark NS-8 Detect and disable insecure services and protocols Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service Azure_Security_Benchmark_v3.0 NS-8 Azure_Security_Benchmark_v3.0_NS-8 Microsoft cloud security benchmark NS-8 Detect and disable insecure services and protocols Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center Azure_Security_Benchmark_v3.0 PA-1 Azure_Security_Benchmark_v3.0_PA-1 Microsoft cloud security benchmark PA-1 Separate and limit highly privileged/administrative users Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center Azure_Security_Benchmark_v3.0 PA-1 Azure_Security_Benchmark_v3.0_PA-1 Microsoft cloud security benchmark PA-1 Separate and limit highly privileged/administrative users Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v3.0 PA-1 Azure_Security_Benchmark_v3.0_PA-1 Microsoft cloud security benchmark PA-1 Separate and limit highly privileged/administrative users Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v3.0 PA-1 Azure_Security_Benchmark_v3.0_PA-1 Microsoft cloud security benchmark PA-1 Separate and limit highly privileged/administrative users Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center Azure_Security_Benchmark_v3.0 PA-2 Azure_Security_Benchmark_v3.0_PA-2 Microsoft cloud security benchmark PA-2 Avoid standing access for accounts and permissions Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v3.0 PA-4 Azure_Security_Benchmark_v3.0_PA-4 Microsoft cloud security benchmark PA-4 Review and reconcile user access regularly Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v3.0 PA-4 Azure_Security_Benchmark_v3.0_PA-4 Microsoft cloud security benchmark PA-4 Review and reconcile user access regularly Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v3.0 PA-4 Azure_Security_Benchmark_v3.0_PA-4 Microsoft cloud security benchmark PA-4 Review and reconcile user access regularly Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v3.0 PA-4 Azure_Security_Benchmark_v3.0_PA-4 Microsoft cloud security benchmark PA-4 Review and reconcile user access regularly Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v3.0 PA-4 Azure_Security_Benchmark_v3.0_PA-4 Microsoft cloud security benchmark PA-4 Review and reconcile user access regularly Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center Azure_Security_Benchmark_v3.0 PA-7 Azure_Security_Benchmark_v3.0_PA-7 Microsoft cloud security benchmark PA-7 Follow just enough administration (least privilege) principle Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault Azure_Security_Benchmark_v3.0 PA-7 Azure_Security_Benchmark_v3.0_PA-7 Microsoft cloud security benchmark PA-7 Follow just enough administration (least privilege) principle Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
3aa03346-d8c5-4994-a5bc-7652c2a2aef1 API Management subscriptions should not be scoped to all APIs API Management Azure_Security_Benchmark_v3.0 PA-7 Azure_Security_Benchmark_v3.0_PA-7 Microsoft cloud security benchmark PA-7 Follow just enough administration (least privilege) principle Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General Azure_Security_Benchmark_v3.0 PA-7 Azure_Security_Benchmark_v3.0_PA-7 Microsoft cloud security benchmark PA-7 Follow just enough administration (least privilege) principle Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b741306c-968e-4b67-b916-5675e5c709f4 API Management direct management endpoint should not be enabled API Management Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ab6a902f-9493-453b-928d-62c30b11b5a6 Function apps should have Client Certificates (Incoming client certificates) enabled App Service Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1dc2fc00-2245-4143-99f4-874c937f13ef Azure API Management platform version should be stv2 API Management Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6b2122c1-8120-4ff5-801b-17625a355590 Azure Arc enabled Kubernetes clusters should have the Azure Policy extension installed Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
5e6bf724-0154-49bc-985f-27b2e07e636b [Preview]: Azure Stack HCI servers should meet Secured-core requirements Stack HCI Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
dad3a6b9-4451-492f-a95c-69efc6f3fada [Preview]: Azure Stack HCI servers should have consistently enforced application control policies Stack HCI Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Azure_Security_Benchmark_v3.0 PV-5 Azure_Security_Benchmark_v3.0_PV-5 Microsoft cloud security benchmark PV-5 Perform vulnerability assessments Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Azure_Security_Benchmark_v3.0 PV-5 Azure_Security_Benchmark_v3.0_PV-5 Microsoft cloud security benchmark PV-5 Perform vulnerability assessments Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Azure_Security_Benchmark_v3.0 PV-5 Azure_Security_Benchmark_v3.0_PV-5 Microsoft cloud security benchmark PV-5 Perform vulnerability assessments Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Azure_Security_Benchmark_v3.0 PV-5 Azure_Security_Benchmark_v3.0_PV-5 Microsoft cloud security benchmark PV-5 Perform vulnerability assessments Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e56962a6-4747-49cd-b67b-bf8b01975c4c Allowed locations General B.01.3 - Legal, statutory, regulatory requirements B.01.3 - Legal, statutory, regulatory requirements 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
e765b5de-1225-4ba3-bd56-1ac6695af988 Allowed locations for resource groups General B.01.3 - Legal, statutory, regulatory requirements B.01.3 - Legal, statutory, regulatory requirements 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache B.09.1 - Security aspects and stages B.09.1 - Security aspects and stages 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage B.09.1 - Security aspects and stages B.09.1 - Security aspects and stages 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center B.10.2 - Security Function B.10.2 - Security function 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center B.10.2 - Security Function B.10.2 - Security function 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center B.10.3 - Organisational position B.10.3 - Organisational position 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center B.10.3 - Organisational position B.10.3 - Organisational position 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center B.10.3 - Organizational Position B.10.3 - Organizational Position 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center B.10.3 - Organizational Position B.10.3 - Organizational Position 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center B.10.4 - Tasks, responsibilities and powers B.10.4 - Tasks, responsibilities and powers 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center B.10.4 - Tasks, responsibilities and powers B.10.4 - Tasks, responsibilities and powers 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
fb97d6e1-5c98-4743-a439-23e0977bad9e [Preview]: Boot Diagnostics should be enabled on virtual machines Automanage Boot Diagnostics Boot Diagnostics 404 not found [Preview]: Audit configuration against Automanage Best Practices (c138fd1a-e08f-4318-9490-d11ef2c2f9c1)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center C.04.3 - Technical vulnerabilities C.04.3 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center C.04.3 - Technical vulnerabilities C.04.3 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
938c4981-c2c9-4168-9cd6-972b8675f906 Microsoft Defender for SQL status should be protected for Arc-enabled SQL Servers Security Center C.04.3 - Technical vulnerabilities C.04.3 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center C.04.3 - Technical vulnerabilities C.04.3 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center C.04.3 - Technical vulnerabilities C.04.3 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center C.04.3 - Technical vulnerabilities C.04.3 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center C.04.3 - Technical vulnerabilities C.04.3 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center C.04.3 - Technical vulnerabilities C.04.3 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center C.04.3 - Technical vulnerabilities C.04.3 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center C.04.3 - Technical vulnerabilities C.04.3 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center C.04.3 - Technical vulnerabilities C.04.3 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center C.04.3 - Technical vulnerabilities C.04.3 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse C.04.3 - Technical vulnerabilities C.04.3 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center C.04.3 - Technical vulnerabilities C.04.3 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center C.04.3 - Technical vulnerabilities C.04.3 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service C.04.3 - Technical vulnerabilities C.04.3 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration C.04.3 - Technical vulnerabilities C.04.3 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center C.04.3 - Technical vulnerabilities C.04.3 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc Function apps that use Java should use a specified 'Java version' App Service C.04.3 - Technical vulnerabilities C.04.3 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service C.04.3 - Technical vulnerabilities C.04.3 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
7261b898-8a84-4db8-9e04-18527132abb3 App Service apps that use PHP should use a specified 'PHP version' App Service C.04.3 - Technical vulnerabilities C.04.3 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
7238174a-fd10-4ef0-817e-fc820a951d73 Function apps that use Python should use a specified 'Python version' App Service C.04.3 - Technical vulnerabilities C.04.3 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
7008174a-fd10-4ef0-817e-fc820a951d73 App Service apps that use Python should use a specified 'Python version' App Service C.04.3 - Technical vulnerabilities C.04.3 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
496223c3-ad65-4ecd-878a-bae78737e9ed App Service apps that use Java should use a specified 'Java version' App Service C.04.3 - Technical vulnerabilities C.04.3 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center C.04.3 - Technical vulnerabilities C.04.3 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center C.04.3 - Technical vulnerabilities C.04.3 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc Function apps that use Java should use a specified 'Java version' App Service C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
496223c3-ad65-4ecd-878a-bae78737e9ed App Service apps that use Java should use a specified 'Java version' App Service C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7008174a-fd10-4ef0-817e-fc820a951d73 App Service apps that use Python should use a specified 'Python version' App Service C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7238174a-fd10-4ef0-817e-fc820a951d73 Function apps that use Python should use a specified 'Python version' App Service C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7261b898-8a84-4db8-9e04-18527132abb3 App Service apps that use PHP should use a specified 'PHP version' App Service C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center C.04.6 - Technical vulnerabilities C.04.6 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center C.04.6 - Technical vulnerabilities C.04.6 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service C.04.6 - Technical vulnerabilities C.04.6 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
7238174a-fd10-4ef0-817e-fc820a951d73 Function apps that use Python should use a specified 'Python version' App Service C.04.6 - Technical vulnerabilities C.04.6 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
7008174a-fd10-4ef0-817e-fc820a951d73 App Service apps that use Python should use a specified 'Python version' App Service C.04.6 - Technical vulnerabilities C.04.6 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center C.04.6 - Technical vulnerabilities C.04.6 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center C.04.6 - Technical vulnerabilities C.04.6 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center C.04.6 - Technical vulnerabilities C.04.6 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center C.04.6 - Technical vulnerabilities C.04.6 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning C.04.6 - Technical vulnerabilities C.04.6 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center C.04.6 - Technical vulnerabilities C.04.6 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
938c4981-c2c9-4168-9cd6-972b8675f906 Microsoft Defender for SQL status should be protected for Arc-enabled SQL Servers Security Center C.04.6 - Technical vulnerabilities C.04.6 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center C.04.6 - Technical vulnerabilities C.04.6 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center C.04.6 - Technical vulnerabilities C.04.6 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center C.04.6 - Technical vulnerabilities C.04.6 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center C.04.6 - Technical vulnerabilities C.04.6 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration C.04.6 - Technical vulnerabilities C.04.6 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
496223c3-ad65-4ecd-878a-bae78737e9ed App Service apps that use Java should use a specified 'Java version' App Service C.04.6 - Technical vulnerabilities C.04.6 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
7261b898-8a84-4db8-9e04-18527132abb3 App Service apps that use PHP should use a specified 'PHP version' App Service C.04.6 - Technical vulnerabilities C.04.6 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center C.04.6 - Technical vulnerabilities C.04.6 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center C.04.6 - Technical vulnerabilities C.04.6 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center C.04.6 - Technical vulnerabilities C.04.6 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center C.04.6 - Technical vulnerabilities C.04.6 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center C.04.6 - Technical vulnerabilities C.04.6 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center C.04.6 - Technical vulnerabilities C.04.6 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc Function apps that use Java should use a specified 'Java version' App Service C.04.6 - Technical vulnerabilities C.04.6 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service C.04.6 - Technical vulnerabilities C.04.6 - Technical vulnerabilities 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7238174a-fd10-4ef0-817e-fc820a951d73 Function apps that use Python should use a specified 'Python version' App Service C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7261b898-8a84-4db8-9e04-18527132abb3 App Service apps that use PHP should use a specified 'PHP version' App Service C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7008174a-fd10-4ef0-817e-fc820a951d73 App Service apps that use Python should use a specified 'Python version' App Service C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc Function apps that use Java should use a specified 'Java version' App Service C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
496223c3-ad65-4ecd-878a-bae78737e9ed App Service apps that use Java should use a specified 'Java version' App Service C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
938c4981-c2c9-4168-9cd6-972b8675f906 Microsoft Defender for SQL status should be protected for Arc-enabled SQL Servers Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc Function apps that use Java should use a specified 'Java version' App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
7261b898-8a84-4db8-9e04-18527132abb3 App Service apps that use PHP should use a specified 'PHP version' App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
7238174a-fd10-4ef0-817e-fc820a951d73 Function apps that use Python should use a specified 'Python version' App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
7008174a-fd10-4ef0-817e-fc820a951d73 App Service apps that use Python should use a specified 'Python version' App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1dc2fc00-2245-4143-99f4-874c937f13ef Azure API Management platform version should be stv2 API Management C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
496223c3-ad65-4ecd-878a-bae78737e9ed App Service apps that use Java should use a specified 'Java version' App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
5e6bf724-0154-49bc-985f-27b2e07e636b [Preview]: Azure Stack HCI servers should meet Secured-core requirements Stack HCI C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
c6283572-73bb-4deb-bf2c-7a2b8f7462cb SQL server-targeted autoprovisioning should be enabled for SQL servers on machines plan Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
dad3a6b9-4451-492f-a95c-69efc6f3fada [Preview]: Azure Stack HCI servers should have consistently enforced application control policies Stack HCI C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center C.04.8 - Evaluated C.04.8 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center C.04.8 - Evaluated C.04.8 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
938c4981-c2c9-4168-9cd6-972b8675f906 Microsoft Defender for SQL status should be protected for Arc-enabled SQL Servers Security Center C.04.8 - Evaluated C.04.8 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center C.04.8 - Evaluated C.04.8 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
c6283572-73bb-4deb-bf2c-7a2b8f7462cb SQL server-targeted autoprovisioning should be enabled for SQL servers on machines plan Security Center C.04.8 - Evaluated C.04.8 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center C.04.8 - Evaluated C.04.8 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center C.04.8 - Evaluated C.04.8 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center C.04.8 - Evaluated C.04.8 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center C.05.5 - Monitored and reported C.05.5 - Monitored and reported 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center C.05.5 - Monitored and reported C.05.5 - Monitored and reported 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center C.05.5 - Monitored and reported C.05.5 - Monitored and reported 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_1 Canada_Federal_PBMM_3-1-2020_AC_1 Canada Federal PBMM 3-1-2020 AC 1 Access Control Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network Canada_Federal_PBMM_3-1-2020 AC_1 Canada_Federal_PBMM_3-1-2020_AC_1 Canada Federal PBMM 3-1-2020 AC 1 Access Control Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_1 Canada_Federal_PBMM_3-1-2020_AC_1 Canada Federal PBMM 3-1-2020 AC 1 Access Control Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Canada_Federal_PBMM_3-1-2020 AC_1 Canada_Federal_PBMM_3-1-2020_AC_1 Canada Federal PBMM 3-1-2020 AC 1 Access Control Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General Canada_Federal_PBMM_3-1-2020 AC_1 Canada_Federal_PBMM_3-1-2020_AC_1 Canada Federal PBMM 3-1-2020 AC 1 Access Control Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 AC_1 Canada_Federal_PBMM_3-1-2020_AC_1 Canada Federal PBMM 3-1-2020 AC 1 Access Control Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Canada_Federal_PBMM_3-1-2020 AC_1 Canada_Federal_PBMM_3-1-2020_AC_1 Canada Federal PBMM 3-1-2020 AC 1 Access Control Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_1 Canada_Federal_PBMM_3-1-2020_AC_1 Canada Federal PBMM 3-1-2020 AC 1 Access Control Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Canada_Federal_PBMM_3-1-2020 AC_1 Canada_Federal_PBMM_3-1-2020_AC_1 Canada Federal PBMM 3-1-2020 AC 1 Access Control Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Canada_Federal_PBMM_3-1-2020 AC_1 Canada_Federal_PBMM_3-1-2020_AC_1 Canada Federal PBMM 3-1-2020 AC 1 Access Control Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring Canada_Federal_PBMM_3-1-2020 AC_1 Canada_Federal_PBMM_3-1-2020_AC_1 Canada Federal PBMM 3-1-2020 AC 1 Access Control Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Canada_Federal_PBMM_3-1-2020 AC_1 Canada_Federal_PBMM_3-1-2020_AC_1 Canada Federal PBMM 3-1-2020 AC 1 Access Control Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network Canada_Federal_PBMM_3-1-2020 AC_1 Canada_Federal_PBMM_3-1-2020_AC_1 Canada Federal PBMM 3-1-2020 AC 1 Access Control Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_1 Canada_Federal_PBMM_3-1-2020_AC_1 Canada Federal PBMM 3-1-2020 AC 1 Access Control Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring Canada_Federal_PBMM_3-1-2020 AC_1 Canada_Federal_PBMM_3-1-2020_AC_1 Canada Federal PBMM 3-1-2020 AC 1 Access Control Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring Canada_Federal_PBMM_3-1-2020 AC_1 Canada_Federal_PBMM_3-1-2020_AC_1 Canada Federal PBMM 3-1-2020 AC 1 Access Control Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes Canada_Federal_PBMM_3-1-2020 AC_11(1) Canada_Federal_PBMM_3-1-2020_AC_11(1) Canada Federal PBMM 3-1-2020 AC 11(1) Session Lock | Pattern-Hiding Displays Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_17 Canada_Federal_PBMM_3-1-2020_AC_17 Canada Federal PBMM 3-1-2020 AC 17 Remote Access Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Canada_Federal_PBMM_3-1-2020 AC_17 Canada_Federal_PBMM_3-1-2020_AC_17 Canada Federal PBMM 3-1-2020 AC 17 Remote Access Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Canada_Federal_PBMM_3-1-2020 AC_17(1) Canada_Federal_PBMM_3-1-2020_AC_17(1) Canada Federal PBMM 3-1-2020 AC 17(1) Remote Access | Automated Monitoring / Control Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_17(1) Canada_Federal_PBMM_3-1-2020_AC_17(1) Canada Federal PBMM 3-1-2020 AC 17(1) Remote Access | Automated Monitoring / Control Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 AC_17(100) Canada_Federal_PBMM_3-1-2020_AC_17(100) Canada Federal PBMM 3-1-2020 AC 17(100) Remote Access | Remote Access to Privileged Accounts using Dedicated Management Console Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Canada_Federal_PBMM_3-1-2020 AC_17(100) Canada_Federal_PBMM_3-1-2020_AC_17(100) Canada Federal PBMM 3-1-2020 AC 17(100) Remote Access | Remote Access to Privileged Accounts using Dedicated Management Console Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring Canada_Federal_PBMM_3-1-2020 AC_17(100) Canada_Federal_PBMM_3-1-2020_AC_17(100) Canada Federal PBMM 3-1-2020 AC 17(100) Remote Access | Remote Access to Privileged Accounts using Dedicated Management Console Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring Canada_Federal_PBMM_3-1-2020 AC_17(100) Canada_Federal_PBMM_3-1-2020_AC_17(100) Canada Federal PBMM 3-1-2020 AC 17(100) Remote Access | Remote Access to Privileged Accounts using Dedicated Management Console Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network Canada_Federal_PBMM_3-1-2020 AC_17(100) Canada_Federal_PBMM_3-1-2020_AC_17(100) Canada Federal PBMM 3-1-2020 AC 17(100) Remote Access | Remote Access to Privileged Accounts using Dedicated Management Console Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_17(100) Canada_Federal_PBMM_3-1-2020_AC_17(100) Canada Federal PBMM 3-1-2020 AC 17(100) Remote Access | Remote Access to Privileged Accounts using Dedicated Management Console Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General Canada_Federal_PBMM_3-1-2020 AC_17(100) Canada_Federal_PBMM_3-1-2020_AC_17(100) Canada Federal PBMM 3-1-2020 AC 17(100) Remote Access | Remote Access to Privileged Accounts using Dedicated Management Console Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring Canada_Federal_PBMM_3-1-2020 AC_17(100) Canada_Federal_PBMM_3-1-2020_AC_17(100) Canada Federal PBMM 3-1-2020 AC 17(100) Remote Access | Remote Access to Privileged Accounts using Dedicated Management Console Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Canada_Federal_PBMM_3-1-2020 AC_17(100) Canada_Federal_PBMM_3-1-2020_AC_17(100) Canada Federal PBMM 3-1-2020 AC 17(100) Remote Access | Remote Access to Privileged Accounts using Dedicated Management Console Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_17(100) Canada_Federal_PBMM_3-1-2020_AC_17(100) Canada Federal PBMM 3-1-2020 AC 17(100) Remote Access | Remote Access to Privileged Accounts using Dedicated Management Console Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Canada_Federal_PBMM_3-1-2020 AC_17(100) Canada_Federal_PBMM_3-1-2020_AC_17(100) Canada Federal PBMM 3-1-2020 AC 17(100) Remote Access | Remote Access to Privileged Accounts using Dedicated Management Console Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Canada_Federal_PBMM_3-1-2020 AC_17(100) Canada_Federal_PBMM_3-1-2020_AC_17(100) Canada Federal PBMM 3-1-2020 AC 17(100) Remote Access | Remote Access to Privileged Accounts using Dedicated Management Console Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Canada_Federal_PBMM_3-1-2020 AC_17(100) Canada_Federal_PBMM_3-1-2020_AC_17(100) Canada Federal PBMM 3-1-2020 AC 17(100) Remote Access | Remote Access to Privileged Accounts using Dedicated Management Console Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_17(100) Canada_Federal_PBMM_3-1-2020_AC_17(100) Canada Federal PBMM 3-1-2020 AC 17(100) Remote Access | Remote Access to Privileged Accounts using Dedicated Management Console Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network Canada_Federal_PBMM_3-1-2020 AC_17(100) Canada_Federal_PBMM_3-1-2020_AC_17(100) Canada Federal PBMM 3-1-2020 AC 17(100) Remote Access | Remote Access to Privileged Accounts using Dedicated Management Console Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_17(100) Canada_Federal_PBMM_3-1-2020_AC_17(100) Canada Federal PBMM 3-1-2020 AC 17(100) Remote Access | Remote Access to Privileged Accounts using Dedicated Management Console Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_17(2) Canada_Federal_PBMM_3-1-2020_AC_17(2) Canada Federal PBMM 3-1-2020 AC 17(2) Remote Access | Protection of Confidentiality / Integrity using Encryption Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Canada_Federal_PBMM_3-1-2020 AC_17(2) Canada_Federal_PBMM_3-1-2020_AC_17(2) Canada Federal PBMM 3-1-2020 AC 17(2) Remote Access | Protection of Confidentiality / Integrity using Encryption Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_17(3) Canada_Federal_PBMM_3-1-2020_AC_17(3) Canada Federal PBMM 3-1-2020 AC 17(3) Remote Access | Managed Access Control Points Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Canada_Federal_PBMM_3-1-2020 AC_17(3) Canada_Federal_PBMM_3-1-2020_AC_17(3) Canada Federal PBMM 3-1-2020 AC 17(3) Remote Access | Managed Access Control Points Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Canada_Federal_PBMM_3-1-2020 AC_17(4) Canada_Federal_PBMM_3-1-2020_AC_17(4) Canada Federal PBMM 3-1-2020 AC 17(4) Remote Access | Privileged Commands / Access Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_17(4) Canada_Federal_PBMM_3-1-2020_AC_17(4) Canada Federal PBMM 3-1-2020 AC 17(4) Remote Access | Privileged Commands / Access Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_17(9) Canada_Federal_PBMM_3-1-2020_AC_17(9) Canada Federal PBMM 3-1-2020 AC 17(9) Remote Access | Disconnect / Disable Access Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Canada_Federal_PBMM_3-1-2020 AC_17(9) Canada_Federal_PBMM_3-1-2020_AC_17(9) Canada Federal PBMM 3-1-2020 AC 17(9) Remote Access | Disconnect / Disable Access Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center Canada_Federal_PBMM_3-1-2020 AC_18(1) Canada_Federal_PBMM_3-1-2020_AC_18(1) Canada Federal PBMM 3-1-2020 AC 18(1) Wireless Access | Authentication and Encryption Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Canada_Federal_PBMM_3-1-2020 AC_2(9) Canada_Federal_PBMM_3-1-2020_AC_2(9) Canada Federal PBMM 3-1-2020 AC 2(9) Account Management | Restrictions on Use of Shared Groups / Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 AC_2(9) Canada_Federal_PBMM_3-1-2020_AC_2(9) Canada Federal PBMM 3-1-2020 AC 2(9) Account Management | Restrictions on Use of Shared Groups / Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(9) Canada_Federal_PBMM_3-1-2020_AC_2(9) Canada Federal PBMM 3-1-2020 AC 2(9) Account Management | Restrictions on Use of Shared Groups / Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Canada_Federal_PBMM_3-1-2020 AC_2(9) Canada_Federal_PBMM_3-1-2020_AC_2(9) Canada Federal PBMM 3-1-2020 AC 2(9) Account Management | Restrictions on Use of Shared Groups / Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(9) Canada_Federal_PBMM_3-1-2020_AC_2(9) Canada Federal PBMM 3-1-2020 AC 2(9) Account Management | Restrictions on Use of Shared Groups / Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Canada_Federal_PBMM_3-1-2020 AC_2(9) Canada_Federal_PBMM_3-1-2020_AC_2(9) Canada Federal PBMM 3-1-2020 AC 2(9) Account Management | Restrictions on Use of Shared Groups / Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(9) Canada_Federal_PBMM_3-1-2020_AC_2(9) Canada Federal PBMM 3-1-2020 AC 2(9) Account Management | Restrictions on Use of Shared Groups / Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General Canada_Federal_PBMM_3-1-2020 AC_2(9) Canada_Federal_PBMM_3-1-2020_AC_2(9) Canada Federal PBMM 3-1-2020 AC 2(9) Account Management | Restrictions on Use of Shared Groups / Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(9) Canada_Federal_PBMM_3-1-2020_AC_2(9) Canada Federal PBMM 3-1-2020 AC 2(9) Account Management | Restrictions on Use of Shared Groups / Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network Canada_Federal_PBMM_3-1-2020 AC_2(9) Canada_Federal_PBMM_3-1-2020_AC_2(9) Canada Federal PBMM 3-1-2020 AC 2(9) Account Management | Restrictions on Use of Shared Groups / Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Canada_Federal_PBMM_3-1-2020 AC_2(9) Canada_Federal_PBMM_3-1-2020_AC_2(9) Canada Federal PBMM 3-1-2020 AC 2(9) Account Management | Restrictions on Use of Shared Groups / Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(9) Canada_Federal_PBMM_3-1-2020_AC_2(9) Canada Federal PBMM 3-1-2020 AC 2(9) Account Management | Restrictions on Use of Shared Groups / Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Canada_Federal_PBMM_3-1-2020 AC_2(9) Canada_Federal_PBMM_3-1-2020_AC_2(9) Canada Federal PBMM 3-1-2020 AC 2(9) Account Management | Restrictions on Use of Shared Groups / Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network Canada_Federal_PBMM_3-1-2020 AC_2(9) Canada_Federal_PBMM_3-1-2020_AC_2(9) Canada Federal PBMM 3-1-2020 AC 2(9) Account Management | Restrictions on Use of Shared Groups / Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Canada_Federal_PBMM_3-1-2020 AC_20 Canada_Federal_PBMM_3-1-2020_AC_20 Canada Federal PBMM 3-1-2020 AC 20 Use of External Information Systems Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_20 Canada_Federal_PBMM_3-1-2020_AC_20 Canada Federal PBMM 3-1-2020 AC 20 Use of External Information Systems Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_20(1) Canada_Federal_PBMM_3-1-2020_AC_20(1) Canada Federal PBMM 3-1-2020 AC 20(1) Use of External Information Systems | Limits of Authorized Use Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Canada_Federal_PBMM_3-1-2020 AC_20(1) Canada_Federal_PBMM_3-1-2020_AC_20(1) Canada Federal PBMM 3-1-2020 AC 20(1) Use of External Information Systems | Limits of Authorized Use Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Canada_Federal_PBMM_3-1-2020 AC_22 Canada_Federal_PBMM_3-1-2020_AC_22 Canada Federal PBMM 3-1-2020 AC 22 Publicly Accessible Content Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 AC_6(1) Canada_Federal_PBMM_3-1-2020_AC_6(1) Canada Federal PBMM 3-1-2020 AC 6(1) Least Privilege | Authorize Access to Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General Canada_Federal_PBMM_3-1-2020 AC_6(1) Canada_Federal_PBMM_3-1-2020_AC_6(1) Canada Federal PBMM 3-1-2020 AC 6(1) Least Privilege | Authorize Access to Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring Canada_Federal_PBMM_3-1-2020 AC_6(1) Canada_Federal_PBMM_3-1-2020_AC_6(1) Canada Federal PBMM 3-1-2020 AC 6(1) Least Privilege | Authorize Access to Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network Canada_Federal_PBMM_3-1-2020 AC_6(1) Canada_Federal_PBMM_3-1-2020_AC_6(1) Canada Federal PBMM 3-1-2020 AC 6(1) Least Privilege | Authorize Access to Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Canada_Federal_PBMM_3-1-2020 AC_6(1) Canada_Federal_PBMM_3-1-2020_AC_6(1) Canada Federal PBMM 3-1-2020 AC 6(1) Least Privilege | Authorize Access to Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_6(1) Canada_Federal_PBMM_3-1-2020_AC_6(1) Canada Federal PBMM 3-1-2020 AC 6(1) Least Privilege | Authorize Access to Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute Canada_Federal_PBMM_3-1-2020 AC_6(1) Canada_Federal_PBMM_3-1-2020_AC_6(1) Canada Federal PBMM 3-1-2020 AC 6(1) Least Privilege | Authorize Access to Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Canada_Federal_PBMM_3-1-2020 AC_6(1) Canada_Federal_PBMM_3-1-2020_AC_6(1) Canada Federal PBMM 3-1-2020 AC 6(1) Least Privilege | Authorize Access to Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Canada_Federal_PBMM_3-1-2020 AC_6(1) Canada_Federal_PBMM_3-1-2020_AC_6(1) Canada Federal PBMM 3-1-2020 AC 6(1) Least Privilege | Authorize Access to Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Canada_Federal_PBMM_3-1-2020 AC_6(1) Canada_Federal_PBMM_3-1-2020_AC_6(1) Canada Federal PBMM 3-1-2020 AC 6(1) Least Privilege | Authorize Access to Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network Canada_Federal_PBMM_3-1-2020 AC_6(10) Canada_Federal_PBMM_3-1-2020_AC_6(10) Canada Federal PBMM 3-1-2020 AC 6(10) Least Privilege | Prohibit Non-Privileged Users from Executing Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring Canada_Federal_PBMM_3-1-2020 AC_6(10) Canada_Federal_PBMM_3-1-2020_AC_6(10) Canada Federal PBMM 3-1-2020 AC 6(10) Least Privilege | Prohibit Non-Privileged Users from Executing Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General Canada_Federal_PBMM_3-1-2020 AC_6(10) Canada_Federal_PBMM_3-1-2020_AC_6(10) Canada Federal PBMM 3-1-2020 AC 6(10) Least Privilege | Prohibit Non-Privileged Users from Executing Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 AC_6(10) Canada_Federal_PBMM_3-1-2020_AC_6(10) Canada Federal PBMM 3-1-2020 AC 6(10) Least Privilege | Prohibit Non-Privileged Users from Executing Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Canada_Federal_PBMM_3-1-2020 AC_6(10) Canada_Federal_PBMM_3-1-2020_AC_6(10) Canada Federal PBMM 3-1-2020 AC 6(10) Least Privilege | Prohibit Non-Privileged Users from Executing Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute Canada_Federal_PBMM_3-1-2020 AC_6(10) Canada_Federal_PBMM_3-1-2020_AC_6(10) Canada Federal PBMM 3-1-2020 AC 6(10) Least Privilege | Prohibit Non-Privileged Users from Executing Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Canada_Federal_PBMM_3-1-2020 AC_6(10) Canada_Federal_PBMM_3-1-2020_AC_6(10) Canada Federal PBMM 3-1-2020 AC 6(10) Least Privilege | Prohibit Non-Privileged Users from Executing Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Canada_Federal_PBMM_3-1-2020 AC_6(10) Canada_Federal_PBMM_3-1-2020_AC_6(10) Canada Federal PBMM 3-1-2020 AC 6(10) Least Privilege | Prohibit Non-Privileged Users from Executing Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_6(10) Canada_Federal_PBMM_3-1-2020_AC_6(10) Canada Federal PBMM 3-1-2020 AC 6(10) Least Privilege | Prohibit Non-Privileged Users from Executing Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Canada_Federal_PBMM_3-1-2020 AC_6(10) Canada_Federal_PBMM_3-1-2020_AC_6(10) Canada Federal PBMM 3-1-2020 AC 6(10) Least Privilege | Prohibit Non-Privileged Users from Executing Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network Canada_Federal_PBMM_3-1-2020 AC_6(5) Canada_Federal_PBMM_3-1-2020_AC_6(5) Canada Federal PBMM 3-1-2020 AC 6(5) Least Privilege | Privileged Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General Canada_Federal_PBMM_3-1-2020 AC_6(5) Canada_Federal_PBMM_3-1-2020_AC_6(5) Canada Federal PBMM 3-1-2020 AC 6(5) Least Privilege | Privileged Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 AC_6(5) Canada_Federal_PBMM_3-1-2020_AC_6(5) Canada Federal PBMM 3-1-2020 AC 6(5) Least Privilege | Privileged Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Canada_Federal_PBMM_3-1-2020 AC_6(5) Canada_Federal_PBMM_3-1-2020_AC_6(5) Canada Federal PBMM 3-1-2020 AC 6(5) Least Privilege | Privileged Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Canada_Federal_PBMM_3-1-2020 AC_6(5) Canada_Federal_PBMM_3-1-2020_AC_6(5) Canada Federal PBMM 3-1-2020 AC 6(5) Least Privilege | Privileged Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute Canada_Federal_PBMM_3-1-2020 AC_6(5) Canada_Federal_PBMM_3-1-2020_AC_6(5) Canada Federal PBMM 3-1-2020 AC 6(5) Least Privilege | Privileged Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Canada_Federal_PBMM_3-1-2020 AC_6(5) Canada_Federal_PBMM_3-1-2020_AC_6(5) Canada Federal PBMM 3-1-2020 AC 6(5) Least Privilege | Privileged Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Canada_Federal_PBMM_3-1-2020 AC_6(5) Canada_Federal_PBMM_3-1-2020_AC_6(5) Canada Federal PBMM 3-1-2020 AC 6(5) Least Privilege | Privileged Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_6(5) Canada_Federal_PBMM_3-1-2020_AC_6(5) Canada Federal PBMM 3-1-2020 AC 6(5) Least Privilege | Privileged Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring Canada_Federal_PBMM_3-1-2020 AC_6(5) Canada_Federal_PBMM_3-1-2020_AC_6(5) Canada Federal PBMM 3-1-2020 AC 6(5) Least Privilege | Privileged Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring Canada_Federal_PBMM_3-1-2020 AC_6(9) Canada_Federal_PBMM_3-1-2020_AC_6(9) Canada Federal PBMM 3-1-2020 AC 6(9) Least Privilege | Auditing Use of Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Canada_Federal_PBMM_3-1-2020 AC_6(9) Canada_Federal_PBMM_3-1-2020_AC_6(9) Canada Federal PBMM 3-1-2020 AC 6(9) Least Privilege | Auditing Use of Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 AC_6(9) Canada_Federal_PBMM_3-1-2020_AC_6(9) Canada Federal PBMM 3-1-2020 AC 6(9) Least Privilege | Auditing Use of Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Canada_Federal_PBMM_3-1-2020 AC_6(9) Canada_Federal_PBMM_3-1-2020_AC_6(9) Canada Federal PBMM 3-1-2020 AC 6(9) Least Privilege | Auditing Use of Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General Canada_Federal_PBMM_3-1-2020 AC_6(9) Canada_Federal_PBMM_3-1-2020_AC_6(9) Canada Federal PBMM 3-1-2020 AC 6(9) Least Privilege | Auditing Use of Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 AC_6(9) Canada_Federal_PBMM_3-1-2020_AC_6(9) Canada Federal PBMM 3-1-2020 AC 6(9) Least Privilege | Auditing Use of Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Canada_Federal_PBMM_3-1-2020 AC_6(9) Canada_Federal_PBMM_3-1-2020_AC_6(9) Canada Federal PBMM 3-1-2020 AC 6(9) Least Privilege | Auditing Use of Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Canada_Federal_PBMM_3-1-2020 AC_6(9) Canada_Federal_PBMM_3-1-2020_AC_6(9) Canada Federal PBMM 3-1-2020 AC 6(9) Least Privilege | Auditing Use of Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Canada_Federal_PBMM_3-1-2020 AC_6(9) Canada_Federal_PBMM_3-1-2020_AC_6(9) Canada Federal PBMM 3-1-2020 AC 6(9) Least Privilege | Auditing Use of Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_6(9) Canada_Federal_PBMM_3-1-2020_AC_6(9) Canada Federal PBMM 3-1-2020 AC 6(9) Least Privilege | Auditing Use of Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Canada_Federal_PBMM_3-1-2020 AC_6(9) Canada_Federal_PBMM_3-1-2020_AC_6(9) Canada Federal PBMM 3-1-2020 AC 6(9) Least Privilege | Auditing Use of Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Canada_Federal_PBMM_3-1-2020 AC_6(9) Canada_Federal_PBMM_3-1-2020_AC_6(9) Canada Federal PBMM 3-1-2020 AC 6(9) Least Privilege | Auditing Use of Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network Canada_Federal_PBMM_3-1-2020 AC_6(9) Canada_Federal_PBMM_3-1-2020_AC_6(9) Canada Federal PBMM 3-1-2020 AC 6(9) Least Privilege | Auditing Use of Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute Canada_Federal_PBMM_3-1-2020 AC_6(9) Canada_Federal_PBMM_3-1-2020_AC_6(9) Canada Federal PBMM 3-1-2020 AC 6(9) Least Privilege | Auditing Use of Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Canada_Federal_PBMM_3-1-2020 AC_6(9) Canada_Federal_PBMM_3-1-2020_AC_6(9) Canada Federal PBMM 3-1-2020 AC 6(9) Least Privilege | Auditing Use of Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Canada_Federal_PBMM_3-1-2020 AT_1 Canada_Federal_PBMM_3-1-2020_AT_1 404 not found Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Canada_Federal_PBMM_3-1-2020 AT_2 Canada_Federal_PBMM_3-1-2020_AT_2 404 not found Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Canada_Federal_PBMM_3-1-2020 AT_2(2) Canada_Federal_PBMM_3-1-2020_AT_2(2) 404 not found Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Canada_Federal_PBMM_3-1-2020 AT_3 Canada_Federal_PBMM_3-1-2020_AT_3 404 not found Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 AU_1 Canada_Federal_PBMM_3-1-2020_AU_1 Canada Federal PBMM 3-1-2020 AU 1 Audit and Accountability Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Canada_Federal_PBMM_3-1-2020 AU_1 Canada_Federal_PBMM_3-1-2020_AU_1 Canada Federal PBMM 3-1-2020 AU 1 Audit and Accountability Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Canada_Federal_PBMM_3-1-2020 AU_1 Canada_Federal_PBMM_3-1-2020_AU_1 Canada Federal PBMM 3-1-2020 AU 1 Audit and Accountability Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Canada_Federal_PBMM_3-1-2020 AU_1 Canada_Federal_PBMM_3-1-2020_AU_1 Canada Federal PBMM 3-1-2020 AU 1 Audit and Accountability Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Canada_Federal_PBMM_3-1-2020 AU_1 Canada_Federal_PBMM_3-1-2020_AU_1 Canada Federal PBMM 3-1-2020 AU 1 Audit and Accountability Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Canada_Federal_PBMM_3-1-2020 AU_12 Canada_Federal_PBMM_3-1-2020_AU_12 Canada Federal PBMM 3-1-2020 AU 12 Audit Generation Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 AU_12 Canada_Federal_PBMM_3-1-2020_AU_12 Canada Federal PBMM 3-1-2020 AU 12 Audit Generation Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Canada_Federal_PBMM_3-1-2020 AU_12 Canada_Federal_PBMM_3-1-2020_AU_12 Canada Federal PBMM 3-1-2020 AU 12 Audit Generation Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Canada_Federal_PBMM_3-1-2020 AU_12 Canada_Federal_PBMM_3-1-2020_AU_12 Canada Federal PBMM 3-1-2020 AU 12 Audit Generation Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Canada_Federal_PBMM_3-1-2020 AU_12 Canada_Federal_PBMM_3-1-2020_AU_12 Canada Federal PBMM 3-1-2020 AU 12 Audit Generation Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Canada_Federal_PBMM_3-1-2020 AU_2 Canada_Federal_PBMM_3-1-2020_AU_2 Canada Federal PBMM 3-1-2020 AU 2 Audit Events Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 AU_2 Canada_Federal_PBMM_3-1-2020_AU_2 Canada Federal PBMM 3-1-2020 AU 2 Audit Events Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Canada_Federal_PBMM_3-1-2020 AU_2 Canada_Federal_PBMM_3-1-2020_AU_2 Canada Federal PBMM 3-1-2020 AU 2 Audit Events Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Canada_Federal_PBMM_3-1-2020 AU_2 Canada_Federal_PBMM_3-1-2020_AU_2 Canada Federal PBMM 3-1-2020 AU 2 Audit Events Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 AU_2(3) Canada_Federal_PBMM_3-1-2020_AU_2(3) Canada Federal PBMM 3-1-2020 AU 2(3) Audit Events | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Canada_Federal_PBMM_3-1-2020 AU_2(3) Canada_Federal_PBMM_3-1-2020_AU_2(3) Canada Federal PBMM 3-1-2020 AU 2(3) Audit Events | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Canada_Federal_PBMM_3-1-2020 AU_2(3) Canada_Federal_PBMM_3-1-2020_AU_2(3) Canada Federal PBMM 3-1-2020 AU 2(3) Audit Events | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Canada_Federal_PBMM_3-1-2020 AU_2(3) Canada_Federal_PBMM_3-1-2020_AU_2(3) Canada Federal PBMM 3-1-2020 AU 2(3) Audit Events | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Canada_Federal_PBMM_3-1-2020 AU_3 Canada_Federal_PBMM_3-1-2020_AU_3 Canada Federal PBMM 3-1-2020 AU 3 Content of Audit Records Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 AU_3 Canada_Federal_PBMM_3-1-2020_AU_3 Canada Federal PBMM 3-1-2020 AU 3 Content of Audit Records Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Canada_Federal_PBMM_3-1-2020 AU_3 Canada_Federal_PBMM_3-1-2020_AU_3 Canada Federal PBMM 3-1-2020 AU 3 Content of Audit Records Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Canada_Federal_PBMM_3-1-2020 AU_3 Canada_Federal_PBMM_3-1-2020_AU_3 Canada Federal PBMM 3-1-2020 AU 3 Content of Audit Records Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 AU_3(1) Canada_Federal_PBMM_3-1-2020_AU_3(1) Canada Federal PBMM 3-1-2020 AU 3(1) Content of Audit Records | Additional Audit Information Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Canada_Federal_PBMM_3-1-2020 AU_3(1) Canada_Federal_PBMM_3-1-2020_AU_3(1) Canada Federal PBMM 3-1-2020 AU 3(1) Content of Audit Records | Additional Audit Information Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Canada_Federal_PBMM_3-1-2020 AU_3(1) Canada_Federal_PBMM_3-1-2020_AU_3(1) Canada Federal PBMM 3-1-2020 AU 3(1) Content of Audit Records | Additional Audit Information Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Canada_Federal_PBMM_3-1-2020 AU_3(1) Canada_Federal_PBMM_3-1-2020_AU_3(1) Canada Federal PBMM 3-1-2020 AU 3(1) Content of Audit Records | Additional Audit Information Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 AU_6 Canada_Federal_PBMM_3-1-2020_AU_6 Canada Federal PBMM 3-1-2020 AU 6 Audit Review, Analysis, and Reporting Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Canada_Federal_PBMM_3-1-2020 AU_6 Canada_Federal_PBMM_3-1-2020_AU_6 Canada Federal PBMM 3-1-2020 AU 6 Audit Review, Analysis, and Reporting Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Canada_Federal_PBMM_3-1-2020 AU_6 Canada_Federal_PBMM_3-1-2020_AU_6 Canada Federal PBMM 3-1-2020 AU 6 Audit Review, Analysis, and Reporting Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Canada_Federal_PBMM_3-1-2020 AU_6 Canada_Federal_PBMM_3-1-2020_AU_6 Canada Federal PBMM 3-1-2020 AU 6 Audit Review, Analysis, and Reporting Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Canada_Federal_PBMM_3-1-2020 AU_6(1) Canada_Federal_PBMM_3-1-2020_AU_6(1) Canada Federal PBMM 3-1-2020 AU 6(1) Audit Review, Analysis, and Reporting | Process Integration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Canada_Federal_PBMM_3-1-2020 AU_6(1) Canada_Federal_PBMM_3-1-2020_AU_6(1) Canada Federal PBMM 3-1-2020 AU 6(1) Audit Review, Analysis, and Reporting | Process Integration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Canada_Federal_PBMM_3-1-2020 AU_6(1) Canada_Federal_PBMM_3-1-2020_AU_6(1) Canada Federal PBMM 3-1-2020 AU 6(1) Audit Review, Analysis, and Reporting | Process Integration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 AU_6(1) Canada_Federal_PBMM_3-1-2020_AU_6(1) Canada Federal PBMM 3-1-2020 AU 6(1) Audit Review, Analysis, and Reporting | Process Integration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Canada_Federal_PBMM_3-1-2020 AU_6(3) Canada_Federal_PBMM_3-1-2020_AU_6(3) Canada Federal PBMM 3-1-2020 AU 6(3) Audit Review, Analysis, and Reporting | Correlate Audit Repositories Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Canada_Federal_PBMM_3-1-2020 AU_6(3) Canada_Federal_PBMM_3-1-2020_AU_6(3) Canada Federal PBMM 3-1-2020 AU 6(3) Audit Review, Analysis, and Reporting | Correlate Audit Repositories Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Canada_Federal_PBMM_3-1-2020 AU_6(3) Canada_Federal_PBMM_3-1-2020_AU_6(3) Canada Federal PBMM 3-1-2020 AU 6(3) Audit Review, Analysis, and Reporting | Correlate Audit Repositories Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 AU_6(3) Canada_Federal_PBMM_3-1-2020_AU_6(3) Canada Federal PBMM 3-1-2020 AU 6(3) Audit Review, Analysis, and Reporting | Correlate Audit Repositories Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Canada_Federal_PBMM_3-1-2020 AU_7 Canada_Federal_PBMM_3-1-2020_AU_7 Canada Federal PBMM 3-1-2020 AU 7 Audit Reduction and Report Generation Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Canada_Federal_PBMM_3-1-2020 AU_7 Canada_Federal_PBMM_3-1-2020_AU_7 Canada Federal PBMM 3-1-2020 AU 7 Audit Reduction and Report Generation Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 AU_7 Canada_Federal_PBMM_3-1-2020_AU_7 Canada Federal PBMM 3-1-2020 AU 7 Audit Reduction and Report Generation Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Canada_Federal_PBMM_3-1-2020 AU_7 Canada_Federal_PBMM_3-1-2020_AU_7 Canada Federal PBMM 3-1-2020 AU 7 Audit Reduction and Report Generation Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 AU_9(2) Canada_Federal_PBMM_3-1-2020_AU_9(2) Canada Federal PBMM 3-1-2020 AU 9(2) Protection of Audit Information | Audit Backup on Separate Physical Systems / Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Canada_Federal_PBMM_3-1-2020 AU_9(2) Canada_Federal_PBMM_3-1-2020_AU_9(2) Canada Federal PBMM 3-1-2020 AU 9(2) Protection of Audit Information | Audit Backup on Separate Physical Systems / Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Canada_Federal_PBMM_3-1-2020 AU_9(2) Canada_Federal_PBMM_3-1-2020_AU_9(2) Canada Federal PBMM 3-1-2020 AU 9(2) Protection of Audit Information | Audit Backup on Separate Physical Systems / Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Canada_Federal_PBMM_3-1-2020 AU_9(2) Canada_Federal_PBMM_3-1-2020_AU_9(2) Canada Federal PBMM 3-1-2020 AU 9(2) Protection of Audit Information | Audit Backup on Separate Physical Systems / Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AU_9(4) Canada_Federal_PBMM_3-1-2020_AU_9(4) Canada Federal PBMM 3-1-2020 AU 9(4) Protection of Audit Information | Access by Subset of Privileged Users Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring Canada_Federal_PBMM_3-1-2020 AU_9(4) Canada_Federal_PBMM_3-1-2020_AU_9(4) Canada Federal PBMM 3-1-2020 AU 9(4) Protection of Audit Information | Access by Subset of Privileged Users Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AU_9(4) Canada_Federal_PBMM_3-1-2020_AU_9(4) Canada Federal PBMM 3-1-2020 AU 9(4) Protection of Audit Information | Access by Subset of Privileged Users Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 AU_9(4) Canada_Federal_PBMM_3-1-2020_AU_9(4) Canada Federal PBMM 3-1-2020 AU 9(4) Protection of Audit Information | Access by Subset of Privileged Users Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Canada_Federal_PBMM_3-1-2020 AU_9(4) Canada_Federal_PBMM_3-1-2020_AU_9(4) Canada Federal PBMM 3-1-2020 AU 9(4) Protection of Audit Information | Access by Subset of Privileged Users Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Canada_Federal_PBMM_3-1-2020 AU_9(4) Canada_Federal_PBMM_3-1-2020_AU_9(4) Canada Federal PBMM 3-1-2020 AU 9(4) Protection of Audit Information | Access by Subset of Privileged Users Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network Canada_Federal_PBMM_3-1-2020 AU_9(4) Canada_Federal_PBMM_3-1-2020_AU_9(4) Canada Federal PBMM 3-1-2020 AU 9(4) Protection of Audit Information | Access by Subset of Privileged Users Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Canada_Federal_PBMM_3-1-2020 AU_9(4) Canada_Federal_PBMM_3-1-2020_AU_9(4) Canada Federal PBMM 3-1-2020 AU 9(4) Protection of Audit Information | Access by Subset of Privileged Users Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network Canada_Federal_PBMM_3-1-2020 CA_2(2) Canada_Federal_PBMM_3-1-2020_CA_2(2) Canada Federal PBMM 3-1-2020 CA 2(2) Security Assessments | Specialized Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_2(2) Canada_Federal_PBMM_3-1-2020_CA_2(2) Canada Federal PBMM 3-1-2020 CA 2(2) Security Assessments | Specialized Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 CA_2(2) Canada_Federal_PBMM_3-1-2020_CA_2(2) Canada Federal PBMM 3-1-2020 CA 2(2) Security Assessments | Specialized Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring Canada_Federal_PBMM_3-1-2020 CA_2(2) Canada_Federal_PBMM_3-1-2020_CA_2(2) Canada Federal PBMM 3-1-2020 CA 2(2) Security Assessments | Specialized Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Canada_Federal_PBMM_3-1-2020 CA_2(2) Canada_Federal_PBMM_3-1-2020_CA_2(2) Canada Federal PBMM 3-1-2020 CA 2(2) Security Assessments | Specialized Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 CA_2(2) Canada_Federal_PBMM_3-1-2020_CA_2(2) Canada Federal PBMM 3-1-2020 CA 2(2) Security Assessments | Specialized Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Canada_Federal_PBMM_3-1-2020 CM_2(3) Canada_Federal_PBMM_3-1-2020_CM_2(3) Canada Federal PBMM 3-1-2020 CM 2(3) Baseline Configuration | Retention of Previous Configurations Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Canada_Federal_PBMM_3-1-2020 CM_2(3) Canada_Federal_PBMM_3-1-2020_CM_2(3) Canada Federal PBMM 3-1-2020 CM 2(3) Baseline Configuration | Retention of Previous Configurations Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Canada_Federal_PBMM_3-1-2020 CM_2(3) Canada_Federal_PBMM_3-1-2020_CM_2(3) Canada Federal PBMM 3-1-2020 CM 2(3) Baseline Configuration | Retention of Previous Configurations Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CM_2(3) Canada_Federal_PBMM_3-1-2020_CM_2(3) Canada Federal PBMM 3-1-2020 CM 2(3) Baseline Configuration | Retention of Previous Configurations Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_3 Canada_Federal_PBMM_3-1-2020_CM_3 Canada Federal PBMM 3-1-2020 CM 3 Configuration Change Control Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network Canada_Federal_PBMM_3-1-2020 CM_3 Canada_Federal_PBMM_3-1-2020_CM_3 Canada Federal PBMM 3-1-2020 CM 3 Configuration Change Control Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_3 Canada_Federal_PBMM_3-1-2020_CM_3 Canada Federal PBMM 3-1-2020 CM 3 Configuration Change Control Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network Canada_Federal_PBMM_3-1-2020 CM_3 Canada_Federal_PBMM_3-1-2020_CM_3 Canada Federal PBMM 3-1-2020 CM 3 Configuration Change Control Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CM_3 Canada_Federal_PBMM_3-1-2020_CM_3 Canada Federal PBMM 3-1-2020 CM 3 Configuration Change Control Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes Canada_Federal_PBMM_3-1-2020 CM_5 Canada_Federal_PBMM_3-1-2020_CM_5 Canada Federal PBMM 3-1-2020 CM 5 Access Restrictions for Change Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes Canada_Federal_PBMM_3-1-2020 CM_5(1) Canada_Federal_PBMM_3-1-2020_CM_5(1) Canada Federal PBMM 3-1-2020 CM 5(1) Access Restrictions for Change | Automated Access Enforcement / Auditing Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Canada_Federal_PBMM_3-1-2020 CM_5(5) Canada_Federal_PBMM_3-1-2020_CM_5(5) Canada Federal PBMM 3-1-2020 CM 5(5) Access Restrictions for Change | Limit Production / Operational Privileges Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Canada_Federal_PBMM_3-1-2020 CM_5(5) Canada_Federal_PBMM_3-1-2020_CM_5(5) Canada Federal PBMM 3-1-2020 CM 5(5) Access Restrictions for Change | Limit Production / Operational Privileges Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute Canada_Federal_PBMM_3-1-2020 CM_5(5) Canada_Federal_PBMM_3-1-2020_CM_5(5) Canada Federal PBMM 3-1-2020 CM 5(5) Access Restrictions for Change | Limit Production / Operational Privileges Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 CM_5(5) Canada_Federal_PBMM_3-1-2020_CM_5(5) Canada Federal PBMM 3-1-2020 CM 5(5) Access Restrictions for Change | Limit Production / Operational Privileges Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Canada_Federal_PBMM_3-1-2020 CM_5(6) Canada_Federal_PBMM_3-1-2020_CM_5(6) Canada Federal PBMM 3-1-2020 CM 5(6) Access Restrictions for Change | Limit Library Privileges Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Canada_Federal_PBMM_3-1-2020 CM_5(6) Canada_Federal_PBMM_3-1-2020_CM_5(6) Canada Federal PBMM 3-1-2020 CM 5(6) Access Restrictions for Change | Limit Library Privileges Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute Canada_Federal_PBMM_3-1-2020 CM_5(6) Canada_Federal_PBMM_3-1-2020_CM_5(6) Canada Federal PBMM 3-1-2020 CM 5(6) Access Restrictions for Change | Limit Library Privileges Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 CM_5(6) Canada_Federal_PBMM_3-1-2020_CM_5(6) Canada Federal PBMM 3-1-2020 CM 5(6) Access Restrictions for Change | Limit Library Privileges Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_6 Canada_Federal_PBMM_3-1-2020_CM_6 Canada Federal PBMM 3-1-2020 CM 6 Configuration Settings Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CM_6 Canada_Federal_PBMM_3-1-2020_CM_6 Canada Federal PBMM 3-1-2020 CM 6 Configuration Settings Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network Canada_Federal_PBMM_3-1-2020 CM_6 Canada_Federal_PBMM_3-1-2020_CM_6 Canada Federal PBMM 3-1-2020 CM 6 Configuration Settings Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_6 Canada_Federal_PBMM_3-1-2020_CM_6 Canada Federal PBMM 3-1-2020 CM 6 Configuration Settings Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network Canada_Federal_PBMM_3-1-2020 CM_6 Canada_Federal_PBMM_3-1-2020_CM_6 Canada Federal PBMM 3-1-2020 CM 6 Configuration Settings Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_6(1) Canada_Federal_PBMM_3-1-2020_CM_6(1) Canada Federal PBMM 3-1-2020 CM 6(1) Configuration Settings | Automated Central Management / Application / Verification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network Canada_Federal_PBMM_3-1-2020 CM_6(1) Canada_Federal_PBMM_3-1-2020_CM_6(1) Canada Federal PBMM 3-1-2020 CM 6(1) Configuration Settings | Automated Central Management / Application / Verification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network Canada_Federal_PBMM_3-1-2020 CM_6(1) Canada_Federal_PBMM_3-1-2020_CM_6(1) Canada Federal PBMM 3-1-2020 CM 6(1) Configuration Settings | Automated Central Management / Application / Verification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CM_6(1) Canada_Federal_PBMM_3-1-2020_CM_6(1) Canada Federal PBMM 3-1-2020 CM 6(1) Configuration Settings | Automated Central Management / Application / Verification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_6(1) Canada_Federal_PBMM_3-1-2020_CM_6(1) Canada Federal PBMM 3-1-2020 CM 6(1) Configuration Settings | Automated Central Management / Application / Verification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network Canada_Federal_PBMM_3-1-2020 CM_6(2) Canada_Federal_PBMM_3-1-2020_CM_6(2) Canada Federal PBMM 3-1-2020 CM 6(2) Configuration Settings | Respond to Unauthorized Changes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_6(2) Canada_Federal_PBMM_3-1-2020_CM_6(2) Canada Federal PBMM 3-1-2020 CM 6(2) Configuration Settings | Respond to Unauthorized Changes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CM_6(2) Canada_Federal_PBMM_3-1-2020_CM_6(2) Canada Federal PBMM 3-1-2020 CM 6(2) Configuration Settings | Respond to Unauthorized Changes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_6(2) Canada_Federal_PBMM_3-1-2020_CM_6(2) Canada Federal PBMM 3-1-2020 CM 6(2) Configuration Settings | Respond to Unauthorized Changes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network Canada_Federal_PBMM_3-1-2020 CM_6(2) Canada_Federal_PBMM_3-1-2020_CM_6(2) Canada Federal PBMM 3-1-2020 CM 6(2) Configuration Settings | Respond to Unauthorized Changes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network Canada_Federal_PBMM_3-1-2020 CM_7 Canada_Federal_PBMM_3-1-2020_CM_7 Canada Federal PBMM 3-1-2020 CM 7 Least Functionality Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_7 Canada_Federal_PBMM_3-1-2020_CM_7 Canada Federal PBMM 3-1-2020 CM 7 Least Functionality Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network Canada_Federal_PBMM_3-1-2020 CM_7 Canada_Federal_PBMM_3-1-2020_CM_7 Canada Federal PBMM 3-1-2020 CM 7 Least Functionality Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CM_7 Canada_Federal_PBMM_3-1-2020_CM_7 Canada Federal PBMM 3-1-2020 CM 7 Least Functionality Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_7 Canada_Federal_PBMM_3-1-2020_CM_7 Canada Federal PBMM 3-1-2020 CM 7 Least Functionality Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_7(1) Canada_Federal_PBMM_3-1-2020_CM_7(1) Canada Federal PBMM 3-1-2020 CM 7(1) Least Functionality | Periodic Review Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network Canada_Federal_PBMM_3-1-2020 CM_7(1) Canada_Federal_PBMM_3-1-2020_CM_7(1) Canada Federal PBMM 3-1-2020 CM 7(1) Least Functionality | Periodic Review Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network Canada_Federal_PBMM_3-1-2020 CM_7(1) Canada_Federal_PBMM_3-1-2020_CM_7(1) Canada Federal PBMM 3-1-2020 CM 7(1) Least Functionality | Periodic Review Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_7(1) Canada_Federal_PBMM_3-1-2020_CM_7(1) Canada Federal PBMM 3-1-2020 CM 7(1) Least Functionality | Periodic Review Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CM_7(1) Canada_Federal_PBMM_3-1-2020_CM_7(1) Canada Federal PBMM 3-1-2020 CM 7(1) Least Functionality | Periodic Review Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network Canada_Federal_PBMM_3-1-2020 CM_8 Canada_Federal_PBMM_3-1-2020_CM_8 Canada Federal PBMM 3-1-2020 CM 8 Information System Component Inventory Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL Canada_Federal_PBMM_3-1-2020 CM_8 Canada_Federal_PBMM_3-1-2020_CM_8 Canada Federal PBMM 3-1-2020 CM 8 Information System Component Inventory Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse Canada_Federal_PBMM_3-1-2020 CM_8 Canada_Federal_PBMM_3-1-2020_CM_8 Canada Federal PBMM 3-1-2020 CM 8 Information System Component Inventory Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Canada_Federal_PBMM_3-1-2020 CM_8 Canada_Federal_PBMM_3-1-2020_CM_8 Canada Federal PBMM 3-1-2020 CM 8 Information System Component Inventory Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL Canada_Federal_PBMM_3-1-2020 CM_8 Canada_Federal_PBMM_3-1-2020_CM_8 Canada Federal PBMM 3-1-2020 CM 8 Information System Component Inventory Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Canada_Federal_PBMM_3-1-2020 CM_8 Canada_Federal_PBMM_3-1-2020_CM_8 Canada Federal PBMM 3-1-2020 CM 8 Information System Component Inventory Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Canada_Federal_PBMM_3-1-2020 CM_8 Canada_Federal_PBMM_3-1-2020_CM_8 Canada Federal PBMM 3-1-2020 CM 8 Information System Component Inventory Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CM_8 Canada_Federal_PBMM_3-1-2020_CM_8 Canada Federal PBMM 3-1-2020 CM 8 Information System Component Inventory Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_8 Canada_Federal_PBMM_3-1-2020_CM_8 Canada Federal PBMM 3-1-2020 CM 8 Information System Component Inventory Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage Canada_Federal_PBMM_3-1-2020 CM_8 Canada_Federal_PBMM_3-1-2020_CM_8 Canada Federal PBMM 3-1-2020 CM 8 Information System Component Inventory Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault Canada_Federal_PBMM_3-1-2020 CM_8 Canada_Federal_PBMM_3-1-2020_CM_8 Canada Federal PBMM 3-1-2020 CM 8 Information System Component Inventory Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL Canada_Federal_PBMM_3-1-2020 CM_8(1) Canada_Federal_PBMM_3-1-2020_CM_8(1) Canada Federal PBMM 3-1-2020 CM 8(1) Information System Component Inventory | Updates During Installations / Removals Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Canada_Federal_PBMM_3-1-2020 CM_8(1) Canada_Federal_PBMM_3-1-2020_CM_8(1) Canada Federal PBMM 3-1-2020 CM 8(1) Information System Component Inventory | Updates During Installations / Removals Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL Canada_Federal_PBMM_3-1-2020 CM_8(1) Canada_Federal_PBMM_3-1-2020_CM_8(1) Canada Federal PBMM 3-1-2020 CM 8(1) Information System Component Inventory | Updates During Installations / Removals Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage Canada_Federal_PBMM_3-1-2020 CM_8(1) Canada_Federal_PBMM_3-1-2020_CM_8(1) Canada Federal PBMM 3-1-2020 CM 8(1) Information System Component Inventory | Updates During Installations / Removals Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network Canada_Federal_PBMM_3-1-2020 CM_8(1) Canada_Federal_PBMM_3-1-2020_CM_8(1) Canada Federal PBMM 3-1-2020 CM 8(1) Information System Component Inventory | Updates During Installations / Removals Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse Canada_Federal_PBMM_3-1-2020 CM_8(1) Canada_Federal_PBMM_3-1-2020_CM_8(1) Canada Federal PBMM 3-1-2020 CM 8(1) Information System Component Inventory | Updates During Installations / Removals Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_8(1) Canada_Federal_PBMM_3-1-2020_CM_8(1) Canada Federal PBMM 3-1-2020 CM 8(1) Information System Component Inventory | Updates During Installations / Removals Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault Canada_Federal_PBMM_3-1-2020 CM_8(1) Canada_Federal_PBMM_3-1-2020_CM_8(1) Canada Federal PBMM 3-1-2020 CM 8(1) Information System Component Inventory | Updates During Installations / Removals Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault Canada_Federal_PBMM_3-1-2020 CM_8(2) Canada_Federal_PBMM_3-1-2020_CM_8(2) Canada Federal PBMM 3-1-2020 CM 8(2) Information System Component Inventory | Automated Maintenance Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse Canada_Federal_PBMM_3-1-2020 CM_8(2) Canada_Federal_PBMM_3-1-2020_CM_8(2) Canada Federal PBMM 3-1-2020 CM 8(2) Information System Component Inventory | Automated Maintenance Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL Canada_Federal_PBMM_3-1-2020 CM_8(2) Canada_Federal_PBMM_3-1-2020_CM_8(2) Canada Federal PBMM 3-1-2020 CM 8(2) Information System Component Inventory | Automated Maintenance Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage Canada_Federal_PBMM_3-1-2020 CM_8(2) Canada_Federal_PBMM_3-1-2020_CM_8(2) Canada Federal PBMM 3-1-2020 CM 8(2) Information System Component Inventory | Automated Maintenance Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Canada_Federal_PBMM_3-1-2020 CM_8(2) Canada_Federal_PBMM_3-1-2020_CM_8(2) Canada Federal PBMM 3-1-2020 CM 8(2) Information System Component Inventory | Automated Maintenance Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network Canada_Federal_PBMM_3-1-2020 CM_8(2) Canada_Federal_PBMM_3-1-2020_CM_8(2) Canada Federal PBMM 3-1-2020 CM 8(2) Information System Component Inventory | Automated Maintenance Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_8(2) Canada_Federal_PBMM_3-1-2020_CM_8(2) Canada Federal PBMM 3-1-2020 CM 8(2) Information System Component Inventory | Automated Maintenance Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL Canada_Federal_PBMM_3-1-2020 CM_8(2) Canada_Federal_PBMM_3-1-2020_CM_8(2) Canada Federal PBMM 3-1-2020 CM 8(2) Information System Component Inventory | Automated Maintenance Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CM_9 Canada_Federal_PBMM_3-1-2020_CM_9 Canada Federal PBMM 3-1-2020 CM 9 Configuration Management Plan Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network Canada_Federal_PBMM_3-1-2020 CM_9 Canada_Federal_PBMM_3-1-2020_CM_9 Canada Federal PBMM 3-1-2020 CM 9 Configuration Management Plan Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_9 Canada_Federal_PBMM_3-1-2020_CM_9 Canada Federal PBMM 3-1-2020 CM 9 Configuration Management Plan Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network Canada_Federal_PBMM_3-1-2020 CM_9 Canada_Federal_PBMM_3-1-2020_CM_9 Canada Federal PBMM 3-1-2020 CM 9 Configuration Management Plan Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_9 Canada_Federal_PBMM_3-1-2020_CM_9 Canada Federal PBMM 3-1-2020 CM 9 Configuration Management Plan Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Canada_Federal_PBMM_3-1-2020 CP_10 Canada_Federal_PBMM_3-1-2020_CP_10 Canada Federal PBMM 3-1-2020 CP 10 Information System Recovery and Reconstitution Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Canada_Federal_PBMM_3-1-2020 CP_10 Canada_Federal_PBMM_3-1-2020_CP_10 Canada Federal PBMM 3-1-2020 CP 10 Information System Recovery and Reconstitution Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_10 Canada_Federal_PBMM_3-1-2020_CP_10 Canada Federal PBMM 3-1-2020 CP 10 Information System Recovery and Reconstitution Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Canada_Federal_PBMM_3-1-2020 CP_10 Canada_Federal_PBMM_3-1-2020_CP_10 Canada Federal PBMM 3-1-2020 CP 10 Information System Recovery and Reconstitution Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_10(2) Canada_Federal_PBMM_3-1-2020_CP_10(2) Canada Federal PBMM 3-1-2020 CP 10(2) Information System Recovery and Reconstitution | Transaction Recovery Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Canada_Federal_PBMM_3-1-2020 CP_10(2) Canada_Federal_PBMM_3-1-2020_CP_10(2) Canada Federal PBMM 3-1-2020 CP 10(2) Information System Recovery and Reconstitution | Transaction Recovery Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes Canada_Federal_PBMM_3-1-2020 CP_10(2) Canada_Federal_PBMM_3-1-2020_CP_10(2) Canada Federal PBMM 3-1-2020 CP 10(2) Information System Recovery and Reconstitution | Transaction Recovery Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes Canada_Federal_PBMM_3-1-2020 CP_10(2) Canada_Federal_PBMM_3-1-2020_CP_10(2) Canada Federal PBMM 3-1-2020 CP 10(2) Information System Recovery and Reconstitution | Transaction Recovery Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Canada_Federal_PBMM_3-1-2020 CP_10(2) Canada_Federal_PBMM_3-1-2020_CP_10(2) Canada Federal PBMM 3-1-2020 CP 10(2) Information System Recovery and Reconstitution | Transaction Recovery Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration Canada_Federal_PBMM_3-1-2020 CP_10(2) Canada_Federal_PBMM_3-1-2020_CP_10(2) Canada Federal PBMM 3-1-2020 CP 10(2) Information System Recovery and Reconstitution | Transaction Recovery Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ebb67efd-3c46-49b0-adfe-5599eb944998 Audit Windows machines that don't have the specified applications installed Guest Configuration Canada_Federal_PBMM_3-1-2020 CP_10(2) Canada_Federal_PBMM_3-1-2020_CP_10(2) Canada Federal PBMM 3-1-2020 CP 10(2) Information System Recovery and Reconstitution | Transaction Recovery Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_10(2) Canada_Federal_PBMM_3-1-2020_CP_10(2) Canada Federal PBMM 3-1-2020 CP 10(2) Information System Recovery and Reconstitution | Transaction Recovery Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Canada_Federal_PBMM_3-1-2020 CP_10(2) Canada_Federal_PBMM_3-1-2020_CP_10(2) Canada Federal PBMM 3-1-2020 CP 10(2) Information System Recovery and Reconstitution | Transaction Recovery Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute Canada_Federal_PBMM_3-1-2020 CP_10(2) Canada_Federal_PBMM_3-1-2020_CP_10(2) Canada Federal PBMM 3-1-2020 CP 10(2) Information System Recovery and Reconstitution | Transaction Recovery Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_10(4) Canada_Federal_PBMM_3-1-2020_CP_10(4) Canada Federal PBMM 3-1-2020 CP 10(4) Information System Recovery and Reconstitution | Restore within Time Period Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes Canada_Federal_PBMM_3-1-2020 CP_10(4) Canada_Federal_PBMM_3-1-2020_CP_10(4) Canada Federal PBMM 3-1-2020 CP 10(4) Information System Recovery and Reconstitution | Restore within Time Period Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_10(4) Canada_Federal_PBMM_3-1-2020_CP_10(4) Canada Federal PBMM 3-1-2020 CP 10(4) Information System Recovery and Reconstitution | Restore within Time Period Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Canada_Federal_PBMM_3-1-2020 CP_10(4) Canada_Federal_PBMM_3-1-2020_CP_10(4) Canada Federal PBMM 3-1-2020 CP 10(4) Information System Recovery and Reconstitution | Restore within Time Period Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ebb67efd-3c46-49b0-adfe-5599eb944998 Audit Windows machines that don't have the specified applications installed Guest Configuration Canada_Federal_PBMM_3-1-2020 CP_10(4) Canada_Federal_PBMM_3-1-2020_CP_10(4) Canada Federal PBMM 3-1-2020 CP 10(4) Information System Recovery and Reconstitution | Restore within Time Period Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Canada_Federal_PBMM_3-1-2020 CP_10(4) Canada_Federal_PBMM_3-1-2020_CP_10(4) Canada Federal PBMM 3-1-2020 CP 10(4) Information System Recovery and Reconstitution | Restore within Time Period Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes Canada_Federal_PBMM_3-1-2020 CP_10(4) Canada_Federal_PBMM_3-1-2020_CP_10(4) Canada Federal PBMM 3-1-2020 CP 10(4) Information System Recovery and Reconstitution | Restore within Time Period Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Canada_Federal_PBMM_3-1-2020 CP_10(4) Canada_Federal_PBMM_3-1-2020_CP_10(4) Canada Federal PBMM 3-1-2020 CP 10(4) Information System Recovery and Reconstitution | Restore within Time Period Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute Canada_Federal_PBMM_3-1-2020 CP_10(4) Canada_Federal_PBMM_3-1-2020_CP_10(4) Canada Federal PBMM 3-1-2020 CP 10(4) Information System Recovery and Reconstitution | Restore within Time Period Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration Canada_Federal_PBMM_3-1-2020 CP_10(4) Canada_Federal_PBMM_3-1-2020_CP_10(4) Canada Federal PBMM 3-1-2020 CP 10(4) Information System Recovery and Reconstitution | Restore within Time Period Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_2(3) Canada_Federal_PBMM_3-1-2020_CP_2(3) Canada Federal PBMM 3-1-2020 CP 2(3) Contingency Plan | Resume Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes Canada_Federal_PBMM_3-1-2020 CP_2(3) Canada_Federal_PBMM_3-1-2020_CP_2(3) Canada Federal PBMM 3-1-2020 CP 2(3) Contingency Plan | Resume Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_2(3) Canada_Federal_PBMM_3-1-2020_CP_2(3) Canada Federal PBMM 3-1-2020 CP 2(3) Contingency Plan | Resume Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Canada_Federal_PBMM_3-1-2020 CP_2(3) Canada_Federal_PBMM_3-1-2020_CP_2(3) Canada Federal PBMM 3-1-2020 CP 2(3) Contingency Plan | Resume Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ebb67efd-3c46-49b0-adfe-5599eb944998 Audit Windows machines that don't have the specified applications installed Guest Configuration Canada_Federal_PBMM_3-1-2020 CP_2(3) Canada_Federal_PBMM_3-1-2020_CP_2(3) Canada Federal PBMM 3-1-2020 CP 2(3) Contingency Plan | Resume Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Canada_Federal_PBMM_3-1-2020 CP_2(3) Canada_Federal_PBMM_3-1-2020_CP_2(3) Canada Federal PBMM 3-1-2020 CP 2(3) Contingency Plan | Resume Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration Canada_Federal_PBMM_3-1-2020 CP_2(3) Canada_Federal_PBMM_3-1-2020_CP_2(3) Canada Federal PBMM 3-1-2020 CP 2(3) Contingency Plan | Resume Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Canada_Federal_PBMM_3-1-2020 CP_2(3) Canada_Federal_PBMM_3-1-2020_CP_2(3) Canada Federal PBMM 3-1-2020 CP 2(3) Contingency Plan | Resume Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes Canada_Federal_PBMM_3-1-2020 CP_2(3) Canada_Federal_PBMM_3-1-2020_CP_2(3) Canada Federal PBMM 3-1-2020 CP 2(3) Contingency Plan | Resume Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute Canada_Federal_PBMM_3-1-2020 CP_2(3) Canada_Federal_PBMM_3-1-2020_CP_2(3) Canada Federal PBMM 3-1-2020 CP 2(3) Contingency Plan | Resume Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes Canada_Federal_PBMM_3-1-2020 CP_2(4) Canada_Federal_PBMM_3-1-2020_CP_2(4) Canada Federal PBMM 3-1-2020 CP 2(4) Contingency Plan | Resume All Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ebb67efd-3c46-49b0-adfe-5599eb944998 Audit Windows machines that don't have the specified applications installed Guest Configuration Canada_Federal_PBMM_3-1-2020 CP_2(4) Canada_Federal_PBMM_3-1-2020_CP_2(4) Canada Federal PBMM 3-1-2020 CP 2(4) Contingency Plan | Resume All Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Canada_Federal_PBMM_3-1-2020 CP_2(4) Canada_Federal_PBMM_3-1-2020_CP_2(4) Canada Federal PBMM 3-1-2020 CP 2(4) Contingency Plan | Resume All Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Canada_Federal_PBMM_3-1-2020 CP_2(4) Canada_Federal_PBMM_3-1-2020_CP_2(4) Canada Federal PBMM 3-1-2020 CP 2(4) Contingency Plan | Resume All Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes Canada_Federal_PBMM_3-1-2020 CP_2(4) Canada_Federal_PBMM_3-1-2020_CP_2(4) Canada Federal PBMM 3-1-2020 CP 2(4) Contingency Plan | Resume All Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration Canada_Federal_PBMM_3-1-2020 CP_2(4) Canada_Federal_PBMM_3-1-2020_CP_2(4) Canada Federal PBMM 3-1-2020 CP 2(4) Contingency Plan | Resume All Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_2(4) Canada_Federal_PBMM_3-1-2020_CP_2(4) Canada Federal PBMM 3-1-2020 CP 2(4) Contingency Plan | Resume All Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_2(4) Canada_Federal_PBMM_3-1-2020_CP_2(4) Canada Federal PBMM 3-1-2020 CP 2(4) Contingency Plan | Resume All Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Canada_Federal_PBMM_3-1-2020 CP_2(4) Canada_Federal_PBMM_3-1-2020_CP_2(4) Canada Federal PBMM 3-1-2020 CP 2(4) Contingency Plan | Resume All Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute Canada_Federal_PBMM_3-1-2020 CP_2(4) Canada_Federal_PBMM_3-1-2020_CP_2(4) Canada Federal PBMM 3-1-2020 CP 2(4) Contingency Plan | Resume All Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Canada_Federal_PBMM_3-1-2020 CP_2(5) Canada_Federal_PBMM_3-1-2020_CP_2(5) Canada Federal PBMM 3-1-2020 CP 2(5) Contingency Plan | Continue Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes Canada_Federal_PBMM_3-1-2020 CP_2(5) Canada_Federal_PBMM_3-1-2020_CP_2(5) Canada Federal PBMM 3-1-2020 CP 2(5) Contingency Plan | Continue Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute Canada_Federal_PBMM_3-1-2020 CP_2(5) Canada_Federal_PBMM_3-1-2020_CP_2(5) Canada Federal PBMM 3-1-2020 CP 2(5) Contingency Plan | Continue Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_2(5) Canada_Federal_PBMM_3-1-2020_CP_2(5) Canada Federal PBMM 3-1-2020 CP 2(5) Contingency Plan | Continue Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Canada_Federal_PBMM_3-1-2020 CP_2(5) Canada_Federal_PBMM_3-1-2020_CP_2(5) Canada Federal PBMM 3-1-2020 CP 2(5) Contingency Plan | Continue Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes Canada_Federal_PBMM_3-1-2020 CP_2(5) Canada_Federal_PBMM_3-1-2020_CP_2(5) Canada Federal PBMM 3-1-2020 CP 2(5) Contingency Plan | Continue Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ebb67efd-3c46-49b0-adfe-5599eb944998 Audit Windows machines that don't have the specified applications installed Guest Configuration Canada_Federal_PBMM_3-1-2020 CP_2(5) Canada_Federal_PBMM_3-1-2020_CP_2(5) Canada Federal PBMM 3-1-2020 CP 2(5) Contingency Plan | Continue Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Canada_Federal_PBMM_3-1-2020 CP_2(5) Canada_Federal_PBMM_3-1-2020_CP_2(5) Canada Federal PBMM 3-1-2020 CP 2(5) Contingency Plan | Continue Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_2(5) Canada_Federal_PBMM_3-1-2020_CP_2(5) Canada Federal PBMM 3-1-2020 CP 2(5) Contingency Plan | Continue Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration Canada_Federal_PBMM_3-1-2020 CP_2(5) Canada_Federal_PBMM_3-1-2020_CP_2(5) Canada Federal PBMM 3-1-2020 CP 2(5) Contingency Plan | Continue Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Canada_Federal_PBMM_3-1-2020 CP_2(6) Canada_Federal_PBMM_3-1-2020_CP_2(6) Canada Federal PBMM 3-1-2020 CP 2(6) Contingency Plan | Alternate Processing / Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ebb67efd-3c46-49b0-adfe-5599eb944998 Audit Windows machines that don't have the specified applications installed Guest Configuration Canada_Federal_PBMM_3-1-2020 CP_2(6) Canada_Federal_PBMM_3-1-2020_CP_2(6) Canada Federal PBMM 3-1-2020 CP 2(6) Contingency Plan | Alternate Processing / Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute Canada_Federal_PBMM_3-1-2020 CP_2(6) Canada_Federal_PBMM_3-1-2020_CP_2(6) Canada Federal PBMM 3-1-2020 CP 2(6) Contingency Plan | Alternate Processing / Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_2(6) Canada_Federal_PBMM_3-1-2020_CP_2(6) Canada Federal PBMM 3-1-2020 CP 2(6) Contingency Plan | Alternate Processing / Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes Canada_Federal_PBMM_3-1-2020 CP_2(6) Canada_Federal_PBMM_3-1-2020_CP_2(6) Canada Federal PBMM 3-1-2020 CP 2(6) Contingency Plan | Alternate Processing / Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_2(6) Canada_Federal_PBMM_3-1-2020_CP_2(6) Canada Federal PBMM 3-1-2020 CP 2(6) Contingency Plan | Alternate Processing / Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes Canada_Federal_PBMM_3-1-2020 CP_2(6) Canada_Federal_PBMM_3-1-2020_CP_2(6) Canada Federal PBMM 3-1-2020 CP 2(6) Contingency Plan | Alternate Processing / Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration Canada_Federal_PBMM_3-1-2020 CP_2(6) Canada_Federal_PBMM_3-1-2020_CP_2(6) Canada Federal PBMM 3-1-2020 CP 2(6) Contingency Plan | Alternate Processing / Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Canada_Federal_PBMM_3-1-2020 CP_2(6) Canada_Federal_PBMM_3-1-2020_CP_2(6) Canada Federal PBMM 3-1-2020 CP 2(6) Contingency Plan | Alternate Processing / Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Canada_Federal_PBMM_3-1-2020 CP_2(6) Canada_Federal_PBMM_3-1-2020_CP_2(6) Canada Federal PBMM 3-1-2020 CP 2(6) Contingency Plan | Alternate Processing / Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring Canada_Federal_PBMM_3-1-2020 CP_4 Canada_Federal_PBMM_3-1-2020_CP_4 Canada Federal PBMM 3-1-2020 CP 4 Contingency Plan Testing Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 CP_4 Canada_Federal_PBMM_3-1-2020_CP_4 Canada Federal PBMM 3-1-2020 CP 4 Contingency Plan Testing Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network Canada_Federal_PBMM_3-1-2020 CP_4 Canada_Federal_PBMM_3-1-2020_CP_4 Canada Federal PBMM 3-1-2020 CP 4 Contingency Plan Testing Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 CP_4 Canada_Federal_PBMM_3-1-2020_CP_4 Canada Federal PBMM 3-1-2020 CP 4 Contingency Plan Testing Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CP_4 Canada_Federal_PBMM_3-1-2020_CP_4 Canada Federal PBMM 3-1-2020 CP 4 Contingency Plan Testing Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Canada_Federal_PBMM_3-1-2020 CP_4 Canada_Federal_PBMM_3-1-2020_CP_4 Canada Federal PBMM 3-1-2020 CP 4 Contingency Plan Testing Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_6 Canada_Federal_PBMM_3-1-2020_CP_6 Canada Federal PBMM 3-1-2020 CP 6 Alternate Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Canada_Federal_PBMM_3-1-2020 CP_6 Canada_Federal_PBMM_3-1-2020_CP_6 Canada Federal PBMM 3-1-2020 CP 6 Alternate Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Canada_Federal_PBMM_3-1-2020 CP_6 Canada_Federal_PBMM_3-1-2020_CP_6 Canada Federal PBMM 3-1-2020 CP 6 Alternate Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Canada_Federal_PBMM_3-1-2020 CP_6 Canada_Federal_PBMM_3-1-2020_CP_6 Canada Federal PBMM 3-1-2020 CP 6 Alternate Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_6(1) Canada_Federal_PBMM_3-1-2020_CP_6(1) Canada Federal PBMM 3-1-2020 CP 6(1) Alternate Storage Site | Separation from Primary Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Canada_Federal_PBMM_3-1-2020 CP_6(1) Canada_Federal_PBMM_3-1-2020_CP_6(1) Canada Federal PBMM 3-1-2020 CP 6(1) Alternate Storage Site | Separation from Primary Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Canada_Federal_PBMM_3-1-2020 CP_6(1) Canada_Federal_PBMM_3-1-2020_CP_6(1) Canada Federal PBMM 3-1-2020 CP 6(1) Alternate Storage Site | Separation from Primary Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Canada_Federal_PBMM_3-1-2020 CP_6(1) Canada_Federal_PBMM_3-1-2020_CP_6(1) Canada Federal PBMM 3-1-2020 CP 6(1) Alternate Storage Site | Separation from Primary Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Canada_Federal_PBMM_3-1-2020 CP_6(3) Canada_Federal_PBMM_3-1-2020_CP_6(3) Canada Federal PBMM 3-1-2020 CP 6(3) Alternate Storage Site | Accessibility Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Canada_Federal_PBMM_3-1-2020 CP_6(3) Canada_Federal_PBMM_3-1-2020_CP_6(3) Canada Federal PBMM 3-1-2020 CP 6(3) Alternate Storage Site | Accessibility Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Canada_Federal_PBMM_3-1-2020 CP_6(3) Canada_Federal_PBMM_3-1-2020_CP_6(3) Canada Federal PBMM 3-1-2020 CP 6(3) Alternate Storage Site | Accessibility Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_6(3) Canada_Federal_PBMM_3-1-2020_CP_6(3) Canada Federal PBMM 3-1-2020 CP 6(3) Alternate Storage Site | Accessibility Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Canada_Federal_PBMM_3-1-2020 CP_7 Canada_Federal_PBMM_3-1-2020_CP_7 Canada Federal PBMM 3-1-2020 CP 7 Alternative Processing Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_7 Canada_Federal_PBMM_3-1-2020_CP_7 Canada Federal PBMM 3-1-2020 CP 7 Alternative Processing Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Canada_Federal_PBMM_3-1-2020 CP_7 Canada_Federal_PBMM_3-1-2020_CP_7 Canada Federal PBMM 3-1-2020 CP 7 Alternative Processing Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Canada_Federal_PBMM_3-1-2020 CP_7 Canada_Federal_PBMM_3-1-2020_CP_7 Canada Federal PBMM 3-1-2020 CP 7 Alternative Processing Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Canada_Federal_PBMM_3-1-2020 CP_7(1) Canada_Federal_PBMM_3-1-2020_CP_7(1) Canada Federal PBMM 3-1-2020 CP 7(1) Alternative Processing Site | Separation from Primary Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Canada_Federal_PBMM_3-1-2020 CP_7(1) Canada_Federal_PBMM_3-1-2020_CP_7(1) Canada Federal PBMM 3-1-2020 CP 7(1) Alternative Processing Site | Separation from Primary Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Canada_Federal_PBMM_3-1-2020 CP_7(1) Canada_Federal_PBMM_3-1-2020_CP_7(1) Canada Federal PBMM 3-1-2020 CP 7(1) Alternative Processing Site | Separation from Primary Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_7(1) Canada_Federal_PBMM_3-1-2020_CP_7(1) Canada Federal PBMM 3-1-2020 CP 7(1) Alternative Processing Site | Separation from Primary Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Canada_Federal_PBMM_3-1-2020 CP_7(3) Canada_Federal_PBMM_3-1-2020_CP_7(3) Canada Federal PBMM 3-1-2020 CP 7(3) Alternative Processing Site | Priority of Service Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_7(3) Canada_Federal_PBMM_3-1-2020_CP_7(3) Canada Federal PBMM 3-1-2020 CP 7(3) Alternative Processing Site | Priority of Service Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Canada_Federal_PBMM_3-1-2020 CP_7(3) Canada_Federal_PBMM_3-1-2020_CP_7(3) Canada Federal PBMM 3-1-2020 CP 7(3) Alternative Processing Site | Priority of Service Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Canada_Federal_PBMM_3-1-2020 CP_7(3) Canada_Federal_PBMM_3-1-2020_CP_7(3) Canada Federal PBMM 3-1-2020 CP 7(3) Alternative Processing Site | Priority of Service Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Canada_Federal_PBMM_3-1-2020 CP_9 Canada_Federal_PBMM_3-1-2020_CP_9 Canada Federal PBMM 3-1-2020 CP 9 Information System Backup Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_9 Canada_Federal_PBMM_3-1-2020_CP_9 Canada Federal PBMM 3-1-2020 CP 9 Information System Backup Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Canada_Federal_PBMM_3-1-2020 CP_9 Canada_Federal_PBMM_3-1-2020_CP_9 Canada Federal PBMM 3-1-2020 CP 9 Information System Backup Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Canada_Federal_PBMM_3-1-2020 CP_9 Canada_Federal_PBMM_3-1-2020_CP_9 Canada Federal PBMM 3-1-2020 CP 9 Information System Backup Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_9(1) Canada_Federal_PBMM_3-1-2020_CP_9(1) Canada Federal PBMM 3-1-2020 CP 9(1) Information System Backup | Testing for Reliability / Integrity Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Canada_Federal_PBMM_3-1-2020 CP_9(1) Canada_Federal_PBMM_3-1-2020_CP_9(1) Canada Federal PBMM 3-1-2020 CP 9(1) Information System Backup | Testing for Reliability / Integrity Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Canada_Federal_PBMM_3-1-2020 CP_9(1) Canada_Federal_PBMM_3-1-2020_CP_9(1) Canada Federal PBMM 3-1-2020 CP 9(1) Information System Backup | Testing for Reliability / Integrity Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Canada_Federal_PBMM_3-1-2020 CP_9(2) Canada_Federal_PBMM_3-1-2020_CP_9(2) Canada Federal PBMM 3-1-2020 CP 9(2) Information System Backup | Test Restoration using Sampling Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Canada_Federal_PBMM_3-1-2020 CP_9(2) Canada_Federal_PBMM_3-1-2020_CP_9(2) Canada Federal PBMM 3-1-2020 CP 9(2) Information System Backup | Test Restoration using Sampling Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_9(2) Canada_Federal_PBMM_3-1-2020_CP_9(2) Canada Federal PBMM 3-1-2020 CP 9(2) Information System Backup | Test Restoration using Sampling Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_9(3) Canada_Federal_PBMM_3-1-2020_CP_9(3) Canada Federal PBMM 3-1-2020 CP 9(3) Information System Backup | Separate Storage for Critical Information Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Canada_Federal_PBMM_3-1-2020 CP_9(3) Canada_Federal_PBMM_3-1-2020_CP_9(3) Canada Federal PBMM 3-1-2020 CP 9(3) Information System Backup | Separate Storage for Critical Information Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Canada_Federal_PBMM_3-1-2020 CP_9(3) Canada_Federal_PBMM_3-1-2020_CP_9(3) Canada Federal PBMM 3-1-2020 CP 9(3) Information System Backup | Separate Storage for Critical Information Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_9(5) Canada_Federal_PBMM_3-1-2020_CP_9(5) Canada Federal PBMM 3-1-2020 CP 9(5) Information System Backup | Transfer to Alternate Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Canada_Federal_PBMM_3-1-2020 CP_9(5) Canada_Federal_PBMM_3-1-2020_CP_9(5) Canada Federal PBMM 3-1-2020 CP 9(5) Information System Backup | Transfer to Alternate Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Canada_Federal_PBMM_3-1-2020 CP_9(5) Canada_Federal_PBMM_3-1-2020_CP_9(5) Canada Federal PBMM 3-1-2020 CP 9(5) Information System Backup | Transfer to Alternate Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL Canada_Federal_PBMM_3-1-2020 IA_8 Canada_Federal_PBMM_3-1-2020_IA_8 Canada Federal PBMM 3-1-2020 IA 8 Identification and Authentication (Non-Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center Canada_Federal_PBMM_3-1-2020 IA_8 Canada_Federal_PBMM_3-1-2020_IA_8 Canada Federal PBMM 3-1-2020 IA 8 Identification and Authentication (Non-Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault Canada_Federal_PBMM_3-1-2020 IA_8 Canada_Federal_PBMM_3-1-2020_IA_8 Canada Federal PBMM 3-1-2020 IA 8 Identification and Authentication (Non-Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center Canada_Federal_PBMM_3-1-2020 IA_8 Canada_Federal_PBMM_3-1-2020_IA_8 Canada Federal PBMM 3-1-2020 IA 8 Identification and Authentication (Non-Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_8 Canada_Federal_PBMM_3-1-2020_IA_8 Canada Federal PBMM 3-1-2020 IA 8 Identification and Authentication (Non-Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB Canada_Federal_PBMM_3-1-2020 IA_8 Canada_Federal_PBMM_3-1-2020_IA_8 Canada Federal PBMM 3-1-2020 IA 8 Identification and Authentication (Non-Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service Canada_Federal_PBMM_3-1-2020 IA_8 Canada_Federal_PBMM_3-1-2020_IA_8 Canada Federal PBMM 3-1-2020 IA 8 Identification and Authentication (Non-Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_8 Canada_Federal_PBMM_3-1-2020_IA_8 Canada Federal PBMM 3-1-2020 IA 8 Identification and Authentication (Non-Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_8 Canada_Federal_PBMM_3-1-2020_IA_8 Canada Federal PBMM 3-1-2020 IA 8 Identification and Authentication (Non-Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring Canada_Federal_PBMM_3-1-2020 IA_8 Canada_Federal_PBMM_3-1-2020_IA_8 Canada Federal PBMM 3-1-2020 IA 8 Identification and Authentication (Non-Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault Canada_Federal_PBMM_3-1-2020 IA_8 Canada_Federal_PBMM_3-1-2020_IA_8 Canada Federal PBMM 3-1-2020 IA 8 Identification and Authentication (Non-Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Canada_Federal_PBMM_3-1-2020 IA_8 Canada_Federal_PBMM_3-1-2020_IA_8 Canada Federal PBMM 3-1-2020 IA 8 Identification and Authentication (Non-Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network Canada_Federal_PBMM_3-1-2020 IA_8 Canada_Federal_PBMM_3-1-2020_IA_8 Canada Federal PBMM 3-1-2020 IA 8 Identification and Authentication (Non-Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring Canada_Federal_PBMM_3-1-2020 IA_8 Canada_Federal_PBMM_3-1-2020_IA_8 Canada Federal PBMM 3-1-2020 IA 8 Identification and Authentication (Non-Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL Canada_Federal_PBMM_3-1-2020 IA_8 Canada_Federal_PBMM_3-1-2020_IA_8 Canada Federal PBMM 3-1-2020 IA 8 Identification and Authentication (Non-Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring Canada_Federal_PBMM_3-1-2020 IA_8 Canada_Federal_PBMM_3-1-2020_IA_8 Canada Federal PBMM 3-1-2020 IA 8 Identification and Authentication (Non-Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Canada_Federal_PBMM_3-1-2020 IR_2 Canada_Federal_PBMM_3-1-2020_IR_2 Canada Federal PBMM 3-1-2020 IR 2 Incident Response Training Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Canada_Federal_PBMM_3-1-2020 IR_3 Canada_Federal_PBMM_3-1-2020_IR_3 Canada Federal PBMM 3-1-2020 IR 3 Incident Response Testing Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Canada_Federal_PBMM_3-1-2020 IR_6 Canada_Federal_PBMM_3-1-2020_IR_6 Canada Federal PBMM 3-1-2020 IR 6 Incident Reporting Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Canada_Federal_PBMM_3-1-2020 IR_6(1) Canada_Federal_PBMM_3-1-2020_IR_6(1) Canada Federal PBMM 3-1-2020 IR 6(1) Incident Reporting | Automated Reporting Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network Canada_Federal_PBMM_3-1-2020 IR_9(1) Canada_Federal_PBMM_3-1-2020_IR_9(1) Canada Federal PBMM 3-1-2020 IR 9(1) Information Spillage Response | Responsible Personnel Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 IR_9(1) Canada_Federal_PBMM_3-1-2020_IR_9(1) Canada Federal PBMM 3-1-2020 IR 9(1) Information Spillage Response | Responsible Personnel Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Canada_Federal_PBMM_3-1-2020 IR_9(1) Canada_Federal_PBMM_3-1-2020_IR_9(1) Canada Federal PBMM 3-1-2020 IR 9(1) Information Spillage Response | Responsible Personnel Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 IR_9(1) Canada_Federal_PBMM_3-1-2020_IR_9(1) Canada Federal PBMM 3-1-2020 IR 9(1) Information Spillage Response | Responsible Personnel Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring Canada_Federal_PBMM_3-1-2020 IR_9(1) Canada_Federal_PBMM_3-1-2020_IR_9(1) Canada Federal PBMM 3-1-2020 IR 9(1) Information Spillage Response | Responsible Personnel Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Canada_Federal_PBMM_3-1-2020 IR_9(1) Canada_Federal_PBMM_3-1-2020_IR_9(1) Canada Federal PBMM 3-1-2020 IR 9(1) Information Spillage Response | Responsible Personnel Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 IR_9(3) Canada_Federal_PBMM_3-1-2020_IR_9(3) Canada Federal PBMM 3-1-2020 IR 9(3) Information Spillage Response | Post-Spill Operations Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Canada_Federal_PBMM_3-1-2020 IR_9(3) Canada_Federal_PBMM_3-1-2020_IR_9(3) Canada Federal PBMM 3-1-2020 IR 9(3) Information Spillage Response | Post-Spill Operations Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network Canada_Federal_PBMM_3-1-2020 IR_9(3) Canada_Federal_PBMM_3-1-2020_IR_9(3) Canada Federal PBMM 3-1-2020 IR 9(3) Information Spillage Response | Post-Spill Operations Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring Canada_Federal_PBMM_3-1-2020 IR_9(3) Canada_Federal_PBMM_3-1-2020_IR_9(3) Canada Federal PBMM 3-1-2020 IR 9(3) Information Spillage Response | Post-Spill Operations Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 IR_9(3) Canada_Federal_PBMM_3-1-2020_IR_9(3) Canada Federal PBMM 3-1-2020 IR 9(3) Information Spillage Response | Post-Spill Operations Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Canada_Federal_PBMM_3-1-2020 IR_9(3) Canada_Federal_PBMM_3-1-2020_IR_9(3) Canada Federal PBMM 3-1-2020 IR 9(3) Information Spillage Response | Post-Spill Operations Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Canada_Federal_PBMM_3-1-2020 IR_9(4) Canada_Federal_PBMM_3-1-2020_IR_9(4) Canada Federal PBMM 3-1-2020 IR 9(4) Information Spillage Response | Exposure to Unauthorized Personnel Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 IR_9(4) Canada_Federal_PBMM_3-1-2020_IR_9(4) Canada Federal PBMM 3-1-2020 IR 9(4) Information Spillage Response | Exposure to Unauthorized Personnel Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 IR_9(4) Canada_Federal_PBMM_3-1-2020_IR_9(4) Canada Federal PBMM 3-1-2020 IR 9(4) Information Spillage Response | Exposure to Unauthorized Personnel Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Canada_Federal_PBMM_3-1-2020 IR_9(4) Canada_Federal_PBMM_3-1-2020_IR_9(4) Canada Federal PBMM 3-1-2020 IR 9(4) Information Spillage Response | Exposure to Unauthorized Personnel Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration Canada_Federal_PBMM_3-1-2020 MA_1 Canada_Federal_PBMM_3-1-2020_MA_1 Canada Federal PBMM 3-1-2020 MA 1 System Maintenance Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL Canada_Federal_PBMM_3-1-2020 MA_1 Canada_Federal_PBMM_3-1-2020_MA_1 Canada Federal PBMM 3-1-2020 MA 1 System Maintenance Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration Canada_Federal_PBMM_3-1-2020 MA_2 Canada_Federal_PBMM_3-1-2020_MA_2 Canada Federal PBMM 3-1-2020 MA 2 Controlled Maintenance Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL Canada_Federal_PBMM_3-1-2020 MA_2 Canada_Federal_PBMM_3-1-2020_MA_2 Canada Federal PBMM 3-1-2020 MA 2 Controlled Maintenance Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL Canada_Federal_PBMM_3-1-2020 MA_3 Canada_Federal_PBMM_3-1-2020_MA_3 Canada Federal PBMM 3-1-2020 MA 3 Maintenance Tools Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration Canada_Federal_PBMM_3-1-2020 MA_3 Canada_Federal_PBMM_3-1-2020_MA_3 Canada Federal PBMM 3-1-2020 MA 3 Maintenance Tools Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL Canada_Federal_PBMM_3-1-2020 MA_4(2) Canada_Federal_PBMM_3-1-2020_MA_4(2) Canada Federal PBMM 3-1-2020 MA 4(2) Nonlocal Maintenance | Document Nonlocal Maintenance Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration Canada_Federal_PBMM_3-1-2020 MA_4(2) Canada_Federal_PBMM_3-1-2020_MA_4(2) Canada Federal PBMM 3-1-2020 MA 4(2) Nonlocal Maintenance | Document Nonlocal Maintenance Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Canada_Federal_PBMM_3-1-2020 MP_1 Canada_Federal_PBMM_3-1-2020_MP_1 Canada Federal PBMM 3-1-2020 MP 1 Media Protection Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse Canada_Federal_PBMM_3-1-2020 MP_1 Canada_Federal_PBMM_3-1-2020_MP_1 Canada Federal PBMM 3-1-2020 MP 1 Media Protection Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 MP_1 Canada_Federal_PBMM_3-1-2020_MP_1 Canada Federal PBMM 3-1-2020 MP 1 Media Protection Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Canada_Federal_PBMM_3-1-2020 MP_1 Canada_Federal_PBMM_3-1-2020_MP_1 Canada Federal PBMM 3-1-2020 MP 1 Media Protection Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Canada_Federal_PBMM_3-1-2020 MP_1 Canada_Federal_PBMM_3-1-2020_MP_1 Canada Federal PBMM 3-1-2020 MP 1 Media Protection Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Canada_Federal_PBMM_3-1-2020 MP_1 Canada_Federal_PBMM_3-1-2020_MP_1 Canada Federal PBMM 3-1-2020 MP 1 Media Protection Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 MP_1 Canada_Federal_PBMM_3-1-2020_MP_1 Canada Federal PBMM 3-1-2020 MP 1 Media Protection Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 MP_1 Canada_Federal_PBMM_3-1-2020_MP_1 Canada Federal PBMM 3-1-2020 MP 1 Media Protection Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Canada_Federal_PBMM_3-1-2020 MP_1 Canada_Federal_PBMM_3-1-2020_MP_1 Canada Federal PBMM 3-1-2020 MP 1 Media Protection Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Canada_Federal_PBMM_3-1-2020 MP_1 Canada_Federal_PBMM_3-1-2020_MP_1 Canada Federal PBMM 3-1-2020 MP 1 Media Protection Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Canada_Federal_PBMM_3-1-2020 MP_1 Canada_Federal_PBMM_3-1-2020_MP_1 Canada Federal PBMM 3-1-2020 MP 1 Media Protection Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Canada_Federal_PBMM_3-1-2020 MP_1 Canada_Federal_PBMM_3-1-2020_MP_1 Canada Federal PBMM 3-1-2020 MP 1 Media Protection Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Canada_Federal_PBMM_3-1-2020 MP_1 Canada_Federal_PBMM_3-1-2020_MP_1 Canada Federal PBMM 3-1-2020 MP 1 Media Protection Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Canada_Federal_PBMM_3-1-2020 MP_1 Canada_Federal_PBMM_3-1-2020_MP_1 Canada Federal PBMM 3-1-2020 MP 1 Media Protection Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 MP_2 Canada_Federal_PBMM_3-1-2020_MP_2 404 not found Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 MP_2 Canada_Federal_PBMM_3-1-2020_MP_2 404 not found Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Canada_Federal_PBMM_3-1-2020 MP_2 Canada_Federal_PBMM_3-1-2020_MP_2 404 not found Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 MP_2 Canada_Federal_PBMM_3-1-2020_MP_2 404 not found Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Canada_Federal_PBMM_3-1-2020 MP_2 Canada_Federal_PBMM_3-1-2020_MP_2 404 not found Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center Canada_Federal_PBMM_3-1-2020 PE_10 Canada_Federal_PBMM_3-1-2020_PE_10 Canada Federal PBMM 3-1-2020 PE 10 Emergency Shutoff Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault Canada_Federal_PBMM_3-1-2020 PE_10 Canada_Federal_PBMM_3-1-2020_PE_10 Canada Federal PBMM 3-1-2020 PE 10 Emergency Shutoff Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center Canada_Federal_PBMM_3-1-2020 PE_11 Canada_Federal_PBMM_3-1-2020_PE_11 Canada Federal PBMM 3-1-2020 PE 11 Emergency Power Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault Canada_Federal_PBMM_3-1-2020 PE_11 Canada_Federal_PBMM_3-1-2020_PE_11 Canada Federal PBMM 3-1-2020 PE 11 Emergency Power Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center Canada_Federal_PBMM_3-1-2020 PE_12 Canada_Federal_PBMM_3-1-2020_PE_12 Canada Federal PBMM 3-1-2020 PE 12 Emergency Lighting Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault Canada_Federal_PBMM_3-1-2020 PE_12 Canada_Federal_PBMM_3-1-2020_PE_12 Canada Federal PBMM 3-1-2020 PE 12 Emergency Lighting Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center Canada_Federal_PBMM_3-1-2020 PE_13 Canada_Federal_PBMM_3-1-2020_PE_13 Canada Federal PBMM 3-1-2020 PE 13 Fire Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault Canada_Federal_PBMM_3-1-2020 PE_13 Canada_Federal_PBMM_3-1-2020_PE_13 Canada Federal PBMM 3-1-2020 PE 13 Fire Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault Canada_Federal_PBMM_3-1-2020 PE_13(2) Canada_Federal_PBMM_3-1-2020_PE_13(2) Canada Federal PBMM 3-1-2020 PE 13(2) Fire Protection | Suppression Devices / Systems Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center Canada_Federal_PBMM_3-1-2020 PE_13(2) Canada_Federal_PBMM_3-1-2020_PE_13(2) Canada Federal PBMM 3-1-2020 PE 13(2) Fire Protection | Suppression Devices / Systems Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Canada_Federal_PBMM_3-1-2020 PL_1 Canada_Federal_PBMM_3-1-2020_PL_1 Canada Federal PBMM 3-1-2020 PL 1 Security Planning Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 PL_1 Canada_Federal_PBMM_3-1-2020_PL_1 Canada Federal PBMM 3-1-2020 PL 1 Security Planning Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 PL_1 Canada_Federal_PBMM_3-1-2020_PL_1 Canada Federal PBMM 3-1-2020 PL 1 Security Planning Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Canada_Federal_PBMM_3-1-2020 PL_1 Canada_Federal_PBMM_3-1-2020_PL_1 Canada Federal PBMM 3-1-2020 PL 1 Security Planning Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Canada_Federal_PBMM_3-1-2020 PL_1 Canada_Federal_PBMM_3-1-2020_PL_1 Canada Federal PBMM 3-1-2020 PL 1 Security Planning Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 PL_1 Canada_Federal_PBMM_3-1-2020_PL_1 Canada Federal PBMM 3-1-2020 PL 1 Security Planning Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Canada_Federal_PBMM_3-1-2020 PL_1 Canada_Federal_PBMM_3-1-2020_PL_1 Canada Federal PBMM 3-1-2020 PL 1 Security Planning Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Canada_Federal_PBMM_3-1-2020 PL_1 Canada_Federal_PBMM_3-1-2020_PL_1 Canada Federal PBMM 3-1-2020 PL 1 Security Planning Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Canada_Federal_PBMM_3-1-2020 PL_1 Canada_Federal_PBMM_3-1-2020_PL_1 Canada Federal PBMM 3-1-2020 PL 1 Security Planning Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Canada_Federal_PBMM_3-1-2020 PL_1 Canada_Federal_PBMM_3-1-2020_PL_1 Canada Federal PBMM 3-1-2020 PL 1 Security Planning Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Canada_Federal_PBMM_3-1-2020 PL_1 Canada_Federal_PBMM_3-1-2020_PL_1 Canada Federal PBMM 3-1-2020 PL 1 Security Planning Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse Canada_Federal_PBMM_3-1-2020 PL_1 Canada_Federal_PBMM_3-1-2020_PL_1 Canada Federal PBMM 3-1-2020 PL 1 Security Planning Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Canada_Federal_PBMM_3-1-2020 PL_1 Canada_Federal_PBMM_3-1-2020_PL_1 Canada Federal PBMM 3-1-2020 PL 1 Security Planning Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Canada_Federal_PBMM_3-1-2020 PL_1 Canada_Federal_PBMM_3-1-2020_PL_1 Canada Federal PBMM 3-1-2020 PL 1 Security Planning Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Canada_Federal_PBMM_3-1-2020 PL_2 Canada_Federal_PBMM_3-1-2020_PL_2 Canada Federal PBMM 3-1-2020 PL 2 System Security Plan Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse Canada_Federal_PBMM_3-1-2020 PL_2 Canada_Federal_PBMM_3-1-2020_PL_2 Canada Federal PBMM 3-1-2020 PL 2 System Security Plan Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Canada_Federal_PBMM_3-1-2020 PL_2 Canada_Federal_PBMM_3-1-2020_PL_2 Canada Federal PBMM 3-1-2020 PL 2 System Security Plan Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Canada_Federal_PBMM_3-1-2020 PL_2 Canada_Federal_PBMM_3-1-2020_PL_2 Canada Federal PBMM 3-1-2020 PL 2 System Security Plan Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Canada_Federal_PBMM_3-1-2020 PL_2 Canada_Federal_PBMM_3-1-2020_PL_2 Canada Federal PBMM 3-1-2020 PL 2 System Security Plan Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Canada_Federal_PBMM_3-1-2020 PL_2 Canada_Federal_PBMM_3-1-2020_PL_2 Canada Federal PBMM 3-1-2020 PL 2 System Security Plan Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 PL_2 Canada_Federal_PBMM_3-1-2020_PL_2 Canada Federal PBMM 3-1-2020 PL 2 System Security Plan Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 PS_6 Canada_Federal_PBMM_3-1-2020_PS_6 Canada Federal PBMM 3-1-2020 PS 6 Access Agreements Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Canada_Federal_PBMM_3-1-2020 PS_6 Canada_Federal_PBMM_3-1-2020_PS_6 Canada Federal PBMM 3-1-2020 PS 6 Access Agreements Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35f9c03a-cc27-418e-9c0c-539ff999d010 Gateway subnets should not be configured with a network security group Network Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f1776c76-f58c-4245-a8d0-2b207198dc8b Virtual networks should use specified virtual network gateway Network Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center Canada_Federal_PBMM_3-1-2020 SA_10 Canada_Federal_PBMM_3-1-2020_SA_10 Canada Federal PBMM 3-1-2020 SA 10 Developer Configuration Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network Canada_Federal_PBMM_3-1-2020 SA_10 Canada_Federal_PBMM_3-1-2020_SA_10 Canada Federal PBMM 3-1-2020 SA 10 Developer Configuration Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration Canada_Federal_PBMM_3-1-2020 SA_10 Canada_Federal_PBMM_3-1-2020_SA_10 Canada Federal PBMM 3-1-2020 SA 10 Developer Configuration Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration Canada_Federal_PBMM_3-1-2020 SA_10 Canada_Federal_PBMM_3-1-2020_SA_10 Canada Federal PBMM 3-1-2020 SA 10 Developer Configuration Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network Canada_Federal_PBMM_3-1-2020 SA_10 Canada_Federal_PBMM_3-1-2020_SA_10 Canada Federal PBMM 3-1-2020 SA 10 Developer Configuration Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration Canada_Federal_PBMM_3-1-2020 SA_4(9) Canada_Federal_PBMM_3-1-2020_SA_4(9) Canada Federal PBMM 3-1-2020 SA 4(9) Acquisition Process | Functions / Ports / Protocols / Services in Use Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center Canada_Federal_PBMM_3-1-2020 SA_4(9) Canada_Federal_PBMM_3-1-2020_SA_4(9) Canada Federal PBMM 3-1-2020 SA 4(9) Acquisition Process | Functions / Ports / Protocols / Services in Use Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network Canada_Federal_PBMM_3-1-2020 SA_4(9) Canada_Federal_PBMM_3-1-2020_SA_4(9) Canada Federal PBMM 3-1-2020 SA 4(9) Acquisition Process | Functions / Ports / Protocols / Services in Use Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network Canada_Federal_PBMM_3-1-2020 SA_4(9) Canada_Federal_PBMM_3-1-2020_SA_4(9) Canada Federal PBMM 3-1-2020 SA 4(9) Acquisition Process | Functions / Ports / Protocols / Services in Use Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration Canada_Federal_PBMM_3-1-2020 SA_4(9) Canada_Federal_PBMM_3-1-2020_SA_4(9) Canada Federal PBMM 3-1-2020 SA 4(9) Acquisition Process | Functions / Ports / Protocols / Services in Use Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center Canada_Federal_PBMM_3-1-2020 SA_9(2) Canada_Federal_PBMM_3-1-2020_SA_9(2) Canada Federal PBMM 3-1-2020 SA 9(2) External Information System Services | Identification of Functions / Ports / Protocols / Services Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration Canada_Federal_PBMM_3-1-2020 SA_9(2) Canada_Federal_PBMM_3-1-2020_SA_9(2) Canada Federal PBMM 3-1-2020 SA 9(2) External Information System Services | Identification of Functions / Ports / Protocols / Services Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration Canada_Federal_PBMM_3-1-2020 SA_9(2) Canada_Federal_PBMM_3-1-2020_SA_9(2) Canada Federal PBMM 3-1-2020 SA 9(2) External Information System Services | Identification of Functions / Ports / Protocols / Services Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network Canada_Federal_PBMM_3-1-2020 SA_9(2) Canada_Federal_PBMM_3-1-2020_SA_9(2) Canada Federal PBMM 3-1-2020 SA 9(2) External Information System Services | Identification of Functions / Ports / Protocols / Services Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network Canada_Federal_PBMM_3-1-2020 SA_9(2) Canada_Federal_PBMM_3-1-2020_SA_9(2) Canada Federal PBMM 3-1-2020 SA 9(2) External Information System Services | Identification of Functions / Ports / Protocols / Services Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration Canada_Federal_PBMM_3-1-2020 SC_2 Canada_Federal_PBMM_3-1-2020_SC_2 Canada Federal PBMM 3-1-2020 SC 2 Application Partitioning Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Canada_Federal_PBMM_3-1-2020 SC_2 Canada_Federal_PBMM_3-1-2020_SC_2 Canada Federal PBMM 3-1-2020 SC 2 Application Partitioning Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SC_2 Canada_Federal_PBMM_3-1-2020_SC_2 Canada Federal PBMM 3-1-2020 SC 2 Application Partitioning Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SC_2 Canada_Federal_PBMM_3-1-2020_SC_2 Canada Federal PBMM 3-1-2020 SC 2 Application Partitioning Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SC_5 Canada_Federal_PBMM_3-1-2020_SC_5 Canada Federal PBMM 3-1-2020 SC 5 Denial of Service Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SC_5 Canada_Federal_PBMM_3-1-2020_SC_5 Canada Federal PBMM 3-1-2020 SC 5 Denial of Service Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration Canada_Federal_PBMM_3-1-2020 SC_5 Canada_Federal_PBMM_3-1-2020_SC_5 Canada Federal PBMM 3-1-2020 SC 5 Denial of Service Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Canada_Federal_PBMM_3-1-2020 SC_5 Canada_Federal_PBMM_3-1-2020_SC_5 Canada Federal PBMM 3-1-2020 SC 5 Denial of Service Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration Canada_Federal_PBMM_3-1-2020 SC_6 Canada_Federal_PBMM_3-1-2020_SC_6 Canada Federal PBMM 3-1-2020 SC 6 Resource Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Canada_Federal_PBMM_3-1-2020 SC_6 Canada_Federal_PBMM_3-1-2020_SC_6 Canada Federal PBMM 3-1-2020 SC 6 Resource Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SC_6 Canada_Federal_PBMM_3-1-2020_SC_6 Canada Federal PBMM 3-1-2020 SC 6 Resource Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SC_6 Canada_Federal_PBMM_3-1-2020_SC_6 Canada Federal PBMM 3-1-2020 SC 6 Resource Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Canada_Federal_PBMM_3-1-2020 SC_7 Canada_Federal_PBMM_3-1-2020_SC_7 Canada Federal PBMM 3-1-2020 SC 7 Boundary Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SC_7 Canada_Federal_PBMM_3-1-2020_SC_7 Canada Federal PBMM 3-1-2020 SC 7 Boundary Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SC_7 Canada_Federal_PBMM_3-1-2020_SC_7 Canada Federal PBMM 3-1-2020 SC 7 Boundary Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration Canada_Federal_PBMM_3-1-2020 SC_7 Canada_Federal_PBMM_3-1-2020_SC_7 Canada Federal PBMM 3-1-2020 SC 7 Boundary Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SC_7(12) Canada_Federal_PBMM_3-1-2020_SC_7(12) Canada Federal PBMM 3-1-2020 SC 7(12) Boundary Protection | Host-Based Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration Canada_Federal_PBMM_3-1-2020 SC_7(12) Canada_Federal_PBMM_3-1-2020_SC_7(12) Canada Federal PBMM 3-1-2020 SC 7(12) Boundary Protection | Host-Based Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SC_7(12) Canada_Federal_PBMM_3-1-2020_SC_7(12) Canada Federal PBMM 3-1-2020 SC 7(12) Boundary Protection | Host-Based Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Canada_Federal_PBMM_3-1-2020 SC_7(12) Canada_Federal_PBMM_3-1-2020_SC_7(12) Canada Federal PBMM 3-1-2020 SC 7(12) Boundary Protection | Host-Based Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration Canada_Federal_PBMM_3-1-2020 SC_7(3) Canada_Federal_PBMM_3-1-2020_SC_7(3) Canada Federal PBMM 3-1-2020 SC 7(3) Boundary Protection | Access Points Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Canada_Federal_PBMM_3-1-2020 SC_7(3) Canada_Federal_PBMM_3-1-2020_SC_7(3) Canada Federal PBMM 3-1-2020 SC 7(3) Boundary Protection | Access Points Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SC_7(3) Canada_Federal_PBMM_3-1-2020_SC_7(3) Canada Federal PBMM 3-1-2020 SC 7(3) Boundary Protection | Access Points Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SC_7(3) Canada_Federal_PBMM_3-1-2020_SC_7(3) Canada Federal PBMM 3-1-2020 SC 7(3) Boundary Protection | Access Points Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SC_7(5) Canada_Federal_PBMM_3-1-2020_SC_7(5) Canada Federal PBMM 3-1-2020 SC 7(5) Boundary Protection | Deny by Default / Allow by Exception Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SC_7(5) Canada_Federal_PBMM_3-1-2020_SC_7(5) Canada Federal PBMM 3-1-2020 SC 7(5) Boundary Protection | Deny by Default / Allow by Exception Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Canada_Federal_PBMM_3-1-2020 SC_7(5) Canada_Federal_PBMM_3-1-2020_SC_7(5) Canada Federal PBMM 3-1-2020 SC 7(5) Boundary Protection | Deny by Default / Allow by Exception Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration Canada_Federal_PBMM_3-1-2020 SC_7(5) Canada_Federal_PBMM_3-1-2020_SC_7(5) Canada Federal PBMM 3-1-2020 SC 7(5) Boundary Protection | Deny by Default / Allow by Exception Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SC_7(7) Canada_Federal_PBMM_3-1-2020_SC_7(7) Canada Federal PBMM 3-1-2020 SC 7(7) Boundary Protection | Prevent Split Tunneling for Remote Devices Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SC_7(7) Canada_Federal_PBMM_3-1-2020_SC_7(7) Canada Federal PBMM 3-1-2020 SC 7(7) Boundary Protection | Prevent Split Tunneling for Remote Devices Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration Canada_Federal_PBMM_3-1-2020 SC_7(7) Canada_Federal_PBMM_3-1-2020_SC_7(7) Canada Federal PBMM 3-1-2020 SC 7(7) Boundary Protection | Prevent Split Tunneling for Remote Devices Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Canada_Federal_PBMM_3-1-2020 SC_7(7) Canada_Federal_PBMM_3-1-2020_SC_7(7) Canada Federal PBMM 3-1-2020 SC 7(7) Boundary Protection | Prevent Split Tunneling for Remote Devices Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration Canada_Federal_PBMM_3-1-2020 SC_7(8) Canada_Federal_PBMM_3-1-2020_SC_7(8) Canada Federal PBMM 3-1-2020 SC 7(8) Boundary Protection | Route Traffic to Authenticated Proxy Servers Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Canada_Federal_PBMM_3-1-2020 SC_7(8) Canada_Federal_PBMM_3-1-2020_SC_7(8) Canada Federal PBMM 3-1-2020 SC 7(8) Boundary Protection | Route Traffic to Authenticated Proxy Servers Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SC_7(8) Canada_Federal_PBMM_3-1-2020_SC_7(8) Canada Federal PBMM 3-1-2020 SC 7(8) Boundary Protection | Route Traffic to Authenticated Proxy Servers Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SC_7(8) Canada_Federal_PBMM_3-1-2020_SC_7(8) Canada Federal PBMM 3-1-2020 SC 7(8) Boundary Protection | Route Traffic to Authenticated Proxy Servers Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring Canada_Federal_PBMM_3-1-2020 SI_10 Canada_Federal_PBMM_3-1-2020_SI_10 Canada Federal PBMM 3-1-2020 SI 10 Information Input Validation Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center Canada_Federal_PBMM_3-1-2020 SI_10 Canada_Federal_PBMM_3-1-2020_SI_10 Canada Federal PBMM 3-1-2020 SI 10 Information Input Validation Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Canada_Federal_PBMM_3-1-2020 SI_16 Canada_Federal_PBMM_3-1-2020_SI_16 404 not found Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 SI_16 Canada_Federal_PBMM_3-1-2020_SI_16 404 not found Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Canada_Federal_PBMM_3-1-2020 SI_16 Canada_Federal_PBMM_3-1-2020_SI_16 404 not found Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f1776c76-f58c-4245-a8d0-2b207198dc8b Virtual networks should use specified virtual network gateway Network Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35f9c03a-cc27-418e-9c0c-539ff999d010 Gateway subnets should not be configured with a network security group Network Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CCCS AC-17(1) CCCS_AC-17(1) CCCS AC-17(1) Remote Access | Automated Monitoring / Control Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CCCS AC-17(1) CCCS_AC-17(1) CCCS AC-17(1) Remote Access | Automated Monitoring / Control Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service CCCS AC-17(1) CCCS_AC-17(1) CCCS AC-17(1) Remote Access | Automated Monitoring / Control Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CCCS AC-17(1) CCCS_AC-17(1) CCCS AC-17(1) Remote Access | Automated Monitoring / Control Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CCCS AC-17(1) CCCS_AC-17(1) CCCS AC-17(1) Remote Access | Automated Monitoring / Control Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CCCS AC-17(1) CCCS_AC-17(1) CCCS AC-17(1) Remote Access | Automated Monitoring / Control Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration CCCS AC-17(1) CCCS_AC-17(1) CCCS AC-17(1) Remote Access | Automated Monitoring / Control Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center CCCS AC-2 CCCS_AC-2 CCCS AC-2 Account Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center CCCS AC-2 CCCS_AC-2 CCCS AC-2 Account Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center CCCS AC-2 CCCS_AC-2 CCCS AC-2 Account Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center CCCS AC-2 CCCS_AC-2 CCCS AC-2 Account Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center CCCS AC-2 CCCS_AC-2 CCCS AC-2 Account Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric CCCS AC-2(7) CCCS_AC-2(7) CCCS AC-2(7) Account Management | Role-Based Schemes Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL CCCS AC-2(7) CCCS_AC-2(7) CCCS AC-2(7) Account Management | Role-Based Schemes Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service CCCS AC-4 CCCS_AC-4 CCCS AC-4 Information Flow Enforcement Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CCCS AC-5 CCCS_AC-5 CCCS AC-5 Separation of Duties Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CCCS AC-5 CCCS_AC-5 CCCS AC-5 Separation of Duties Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center CCCS AC-5 CCCS_AC-5 CCCS AC-5 Separation of Duties Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CCCS AC-5 CCCS_AC-5 CCCS AC-5 Separation of Duties Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center CCCS AC-5 CCCS_AC-5 CCCS AC-5 Separation of Duties Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CCCS AC-5 CCCS_AC-5 CCCS AC-5 Separation of Duties Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CCCS AC-5 CCCS_AC-5 CCCS AC-5 Separation of Duties Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CCCS AC-6 CCCS_AC-6 CCCS AC-6 Least Privilege Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CCCS AC-6 CCCS_AC-6 CCCS AC-6 Least Privilege Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CCCS AC-6 CCCS_AC-6 CCCS AC-6 Least Privilege Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CCCS AC-6 CCCS_AC-6 CCCS AC-6 Least Privilege Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CCCS AC-6 CCCS_AC-6 CCCS AC-6 Least Privilege Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center CCCS AC-6 CCCS_AC-6 CCCS AC-6 Least Privilege Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center CCCS AC-6 CCCS_AC-6 CCCS AC-6 Least Privilege Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CCCS AU-12 CCCS_AU-12 CCCS AU-12 Audit Generation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CCCS AU-12 CCCS_AU-12 CCCS AU-12 Audit Generation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CCCS AU-12 CCCS_AU-12 CCCS AU-12 Audit Generation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring CCCS AU-12 CCCS_AU-12 CCCS AU-12 Audit Generation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CCCS AU-12 CCCS_AU-12 CCCS AU-12 Audit Generation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CCCS AU-12 CCCS_AU-12 CCCS AU-12 Audit Generation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CCCS AU-12 CCCS_AU-12 CCCS AU-12 Audit Generation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CCCS AU-3 CCCS_AU-3 CCCS AU-3 Content of Audit Records Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CCCS AU-3 CCCS_AU-3 CCCS AU-3 Content of Audit Records Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CCCS AU-3 CCCS_AU-3 CCCS AU-3 Content of Audit Records Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CCCS AU-5 CCCS_AU-5 CCCS AU-5 Response to Audit Processing Failures Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CCCS AU-5 CCCS_AU-5 CCCS AU-5 Response to Audit Processing Failures Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CCCS AU-5 CCCS_AU-5 CCCS AU-5 Response to Audit Processing Failures Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring CCCS AU-5 CCCS_AU-5 CCCS AU-5 Response to Audit Processing Failures Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute CCCS CP-7 CCCS_CP-7 CCCS CP-7 Alternative Processing Site Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CCCS IA-5 CCCS_IA-5 CCCS IA-5 Authenticator Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CCCS IA-5 CCCS_IA-5 CCCS IA-5 Authenticator Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration CCCS IA-5 CCCS_IA-5 CCCS IA-5 Authenticator Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration CCCS IA-5 CCCS_IA-5 CCCS IA-5 Authenticator Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration CCCS IA-5 CCCS_IA-5 CCCS IA-5 Authenticator Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration CCCS IA-5(1) CCCS_IA-5(1) CCCS IA-5(1) Authenticator Management | Password-Based Authentication Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration CCCS IA-5(1) CCCS_IA-5(1) CCCS IA-5(1) Authenticator Management | Password-Based Authentication Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CCCS IA-5(1) CCCS_IA-5(1) CCCS IA-5(1) Authenticator Management | Password-Based Authentication Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CCCS IA-5(1) CCCS_IA-5(1) CCCS IA-5(1) Authenticator Management | Password-Based Authentication Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
237b38db-ca4d-4259-9e47-7882441ca2c0 Audit Windows machines that do not have the minimum password age set to specified number of days Guest Configuration CCCS IA-5(1) CCCS_IA-5(1) CCCS IA-5(1) Authenticator Management | Password-Based Authentication Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration CCCS IA-5(1) CCCS_IA-5(1) CCCS IA-5(1) Authenticator Management | Password-Based Authentication Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CCCS IA-5(1) CCCS_IA-5(1) CCCS IA-5(1) Authenticator Management | Password-Based Authentication Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CCCS IA-5(1) CCCS_IA-5(1) CCCS IA-5(1) Authenticator Management | Password-Based Authentication Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CCCS RA-5 CCCS_RA-5 CCCS RA-5 Vulnerability Scanning Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CCCS RA-5 CCCS_RA-5 CCCS RA-5 Vulnerability Scanning Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CCCS RA-5 CCCS_RA-5 CCCS RA-5 Vulnerability Scanning Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center CCCS RA-5 CCCS_RA-5 CCCS RA-5 Vulnerability Scanning Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CCCS SC-28 CCCS_SC-28 CCCS SC-28 Protection of Information at Rest Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CCCS SC-28 CCCS_SC-28 CCCS SC-28 Protection of Information at Rest Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL CCCS SC-28 CCCS_SC-28 CCCS SC-28 Protection of Information at Rest Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center CCCS SC-5 CCCS_SC-5 CCCS SC-5 Denial of Service Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center CCCS SC-7 CCCS_SC-7 CCCS SC-7 Boundary Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CCCS SC-7 CCCS_SC-7 CCCS SC-7 Boundary Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CCCS SC-7(3) CCCS_SC-7(3) CCCS SC-7(3) Boundary Protection | Access Points Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CCCS SC-7(4) CCCS_SC-7(4) CCCS SC-7(4) Boundary Protection | External Telecommunications Services Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache CCCS SC-8(1) CCCS_SC-8(1) CCCS SC-8(1) Transmission Confidentiality and Integrity | Cryptographic or Alternate Physical Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CCCS SC-8(1) CCCS_SC-8(1) CCCS SC-8(1) Transmission Confidentiality and Integrity | Cryptographic or Alternate Physical Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service CCCS SC-8(1) CCCS_SC-8(1) CCCS SC-8(1) Transmission Confidentiality and Integrity | Cryptographic or Alternate Physical Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration CCCS SC-8(1) CCCS_SC-8(1) CCCS SC-8(1) Transmission Confidentiality and Integrity | Cryptographic or Alternate Physical Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service CCCS SC-8(1) CCCS_SC-8(1) CCCS SC-8(1) Transmission Confidentiality and Integrity | Cryptographic or Alternate Physical Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center CCCS SI-2 CCCS_SI-2 CCCS SI-2 Flaw Remediation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CCCS SI-4 CCCS_SI-4 CCCS SI-4 Information System Monitoring Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CCCS SI-4 CCCS_SI-4 CCCS SI-4 Information System Monitoring Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CCCS SI-4 CCCS_SI-4 CCCS SI-4 Information System Monitoring Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CCCS SI-4 CCCS_SI-4 CCCS SI-4 Information System Monitoring Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CCCS SI-4 CCCS_SI-4 CCCS SI-4 Information System Monitoring Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.1.0 1.1 CIS_Azure_1.1.0_1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1 Ensure that multi-factor authentication is enabled for all privileged users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.10 CIS_Azure_1.1.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.10 CIS_Azure_1.1.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.10 CIS_Azure_1.1.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.11 CIS_Azure_1.1.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure that 'Users can register applications' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.11 CIS_Azure_1.1.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure that 'Users can register applications' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.11 CIS_Azure_1.1.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure that 'Users can register applications' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.12 CIS_Azure_1.1.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.12 CIS_Azure_1.1.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.12 CIS_Azure_1.1.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.1.0 1.12 CIS_Azure_1.1.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.1.0 1.12 CIS_Azure_1.1.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.1.0 1.12 CIS_Azure_1.1.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.1.0 1.12 CIS_Azure_1.1.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.1.0 1.12 CIS_Azure_1.1.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.13 CIS_Azure_1.1.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.1.0 1.13 CIS_Azure_1.1.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.13 CIS_Azure_1.1.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.13 CIS_Azure_1.1.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.1.0 1.13 CIS_Azure_1.1.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.1.0 1.13 CIS_Azure_1.1.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.1.0 1.13 CIS_Azure_1.1.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.1.0 1.13 CIS_Azure_1.1.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.14 CIS_Azure_1.1.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.14 CIS_Azure_1.1.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.1.0 1.14 CIS_Azure_1.1.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.14 CIS_Azure_1.1.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.1.0 1.14 CIS_Azure_1.1.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.1.0 1.14 CIS_Azure_1.1.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.1.0 1.14 CIS_Azure_1.1.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.1.0 1.14 CIS_Azure_1.1.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.1.0 1.15 CIS_Azure_1.1.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.1.0 1.15 CIS_Azure_1.1.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.15 CIS_Azure_1.1.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.1.0 1.15 CIS_Azure_1.1.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.1.0 1.15 CIS_Azure_1.1.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.15 CIS_Azure_1.1.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.15 CIS_Azure_1.1.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.16 CIS_Azure_1.1.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Self-service group management enabled' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.16 CIS_Azure_1.1.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Self-service group management enabled' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.16 CIS_Azure_1.1.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Self-service group management enabled' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.1.0 1.16 CIS_Azure_1.1.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Self-service group management enabled' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.17 CIS_Azure_1.1.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Users can create security groups' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.1.0 1.17 CIS_Azure_1.1.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Users can create security groups' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.17 CIS_Azure_1.1.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Users can create security groups' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.17 CIS_Azure_1.1.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Users can create security groups' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.18 CIS_Azure_1.1.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Users who can manage security groups' is set to 'None' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.18 CIS_Azure_1.1.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Users who can manage security groups' is set to 'None' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.18 CIS_Azure_1.1.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Users who can manage security groups' is set to 'None' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.1.0 1.18 CIS_Azure_1.1.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Users who can manage security groups' is set to 'None' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.19 CIS_Azure_1.1.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create Office 365 groups' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.1.0 1.19 CIS_Azure_1.1.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create Office 365 groups' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.19 CIS_Azure_1.1.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create Office 365 groups' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.19 CIS_Azure_1.1.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create Office 365 groups' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.1.0 1.2 CIS_Azure_1.1.0_1.2 CIS Microsoft Azure Foundations Benchmark recommendation 1.2 Ensure that multi-factor authentication is enabled for all non-privileged users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.20 CIS_Azure_1.1.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Users who can manage Office 365 groups' is set to 'None' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.20 CIS_Azure_1.1.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Users who can manage Office 365 groups' is set to 'None' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.20 CIS_Azure_1.1.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Users who can manage Office 365 groups' is set to 'None' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.1.0 1.20 CIS_Azure_1.1.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Users who can manage Office 365 groups' is set to 'None' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance CIS_Azure_1.1.0 1.22 CIS_Azure_1.1.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_1.1.0 1.22 CIS_Azure_1.1.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_1.1.0 1.22 CIS_Azure_1.1.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance CIS_Azure_1.1.0 1.22 CIS_Azure_1.1.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.1.0 1.22 CIS_Azure_1.1.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance CIS_Azure_1.1.0 1.22 CIS_Azure_1.1.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance CIS_Azure_1.1.0 1.22 CIS_Azure_1.1.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance CIS_Azure_1.1.0 1.22 CIS_Azure_1.1.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.23 CIS_Azure_1.1.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.23 CIS_Azure_1.1.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.1.0 1.23 CIS_Azure_1.1.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.1.0 1.23 CIS_Azure_1.1.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.1.0 1.23 CIS_Azure_1.1.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.23 CIS_Azure_1.1.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance CIS_Azure_1.1.0 1.3 CIS_Azure_1.1.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure that there are no guest users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance CIS_Azure_1.1.0 1.3 CIS_Azure_1.1.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure that there are no guest users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 1.3 CIS_Azure_1.1.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure that there are no guest users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance CIS_Azure_1.1.0 1.3 CIS_Azure_1.1.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure that there are no guest users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center CIS_Azure_1.1.0 1.3 CIS_Azure_1.1.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure that there are no guest users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center CIS_Azure_1.1.0 1.3 CIS_Azure_1.1.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure that there are no guest users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance CIS_Azure_1.1.0 1.3 CIS_Azure_1.1.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure that there are no guest users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center CIS_Azure_1.1.0 1.3 CIS_Azure_1.1.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure that there are no guest users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_1.1.0 1.4 CIS_Azure_1.1.0_1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_1.1.0 1.4 CIS_Azure_1.1.0_1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.1.0 1.4 CIS_Azure_1.1.0_1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.1.0 1.6 CIS_Azure_1.1.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.1.0 1.6 CIS_Azure_1.1.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.1.0 1.6 CIS_Azure_1.1.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.1.0 1.6 CIS_Azure_1.1.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance CIS_Azure_1.1.0 1.7 CIS_Azure_1.1.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.1.0 1.7 CIS_Azure_1.1.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.1.0 1.7 CIS_Azure_1.1.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.1.0 1.7 CIS_Azure_1.1.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.1.0 1.7 CIS_Azure_1.1.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.9 CIS_Azure_1.1.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.9 CIS_Azure_1.1.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.9 CIS_Azure_1.1.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CIS_Azure_1.1.0 2.10 CIS_Azure_1.1.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure ASC Default policy setting "Monitor Vulnerability Assessment" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.1.0 2.11 CIS_Azure_1.1.0_2.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.11 Ensure ASC Default policy setting "Monitor Storage Blob Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.1.0 2.11 CIS_Azure_1.1.0_2.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.11 Ensure ASC Default policy setting "Monitor Storage Blob Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.1.0 2.11 CIS_Azure_1.1.0_2.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.11 Ensure ASC Default policy setting "Monitor Storage Blob Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 2.11 CIS_Azure_1.1.0_2.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.11 Ensure ASC Default policy setting "Monitor Storage Blob Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.1.0 2.12 CIS_Azure_1.1.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure ASC Default policy setting "Monitor JIT Network Access" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CIS_Azure_1.1.0 2.12 CIS_Azure_1.1.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure ASC Default policy setting "Monitor JIT Network Access" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.1.0 2.14 CIS_Azure_1.1.0_2.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.14 Ensure ASC Default policy setting "Monitor SQL Auditing" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 2.14 CIS_Azure_1.1.0_2.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.14 Ensure ASC Default policy setting "Monitor SQL Auditing" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.1.0 2.14 CIS_Azure_1.1.0_2.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.14 Ensure ASC Default policy setting "Monitor SQL Auditing" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 2.14 CIS_Azure_1.1.0_2.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.14 Ensure ASC Default policy setting "Monitor SQL Auditing" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CIS_Azure_1.1.0 2.14 CIS_Azure_1.1.0_2.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.14 Ensure ASC Default policy setting "Monitor SQL Auditing" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL CIS_Azure_1.1.0 2.15 CIS_Azure_1.1.0_2.15 CIS Microsoft Azure Foundations Benchmark recommendation 2.15 Ensure ASC Default policy setting "Monitor SQL Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.1.0 2.15 CIS_Azure_1.1.0_2.15 CIS Microsoft Azure Foundations Benchmark recommendation 2.15 Ensure ASC Default policy setting "Monitor SQL Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.1.0 2.15 CIS_Azure_1.1.0_2.15 CIS Microsoft Azure Foundations Benchmark recommendation 2.15 Ensure ASC Default policy setting "Monitor SQL Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.1.0 2.15 CIS_Azure_1.1.0_2.15 CIS Microsoft Azure Foundations Benchmark recommendation 2.15 Ensure ASC Default policy setting "Monitor SQL Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 2.15 CIS_Azure_1.1.0_2.15 CIS Microsoft Azure Foundations Benchmark recommendation 2.15 Ensure ASC Default policy setting "Monitor SQL Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CIS_Azure_1.1.0 2.16 CIS_Azure_1.1.0_2.16 CIS Microsoft Azure Foundations Benchmark recommendation 2.16 Ensure that 'Security contact emails' is set CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CIS_Azure_1.1.0 2.18 CIS_Azure_1.1.0_2.18 CIS Microsoft Azure Foundations Benchmark recommendation 2.18 Ensure that 'Send email notification for high severity alerts' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center CIS_Azure_1.1.0 2.19 CIS_Azure_1.1.0_2.19 CIS Microsoft Azure Foundations Benchmark recommendation 2.19 Ensure that 'Send email also to subscription owners' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance CIS_Azure_1.1.0 2.2 CIS_Azure_1.1.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that 'Automatic provisioning of monitoring agent' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance CIS_Azure_1.1.0 2.2 CIS_Azure_1.1.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that 'Automatic provisioning of monitoring agent' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.1.0 2.3 CIS_Azure_1.1.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure ASC Default policy setting "Monitor System Updates" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.1.0 2.4 CIS_Azure_1.1.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure ASC Default policy setting "Monitor OS Vulnerabilities" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.1.0 2.4 CIS_Azure_1.1.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure ASC Default policy setting "Monitor OS Vulnerabilities" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.1.0 2.5 CIS_Azure_1.1.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.1.0 2.5 CIS_Azure_1.1.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.1.0 2.5 CIS_Azure_1.1.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.1.0 2.5 CIS_Azure_1.1.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.1.0 2.5 CIS_Azure_1.1.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.1.0 2.5 CIS_Azure_1.1.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.1.0 2.5 CIS_Azure_1.1.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.1.0 2.6 CIS_Azure_1.1.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure ASC Default policy setting "Monitor Disk Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.1.0 2.6 CIS_Azure_1.1.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure ASC Default policy setting "Monitor Disk Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.1.0 2.6 CIS_Azure_1.1.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure ASC Default policy setting "Monitor Disk Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 2.6 CIS_Azure_1.1.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure ASC Default policy setting "Monitor Disk Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.1.0 2.7 CIS_Azure_1.1.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure ASC Default policy setting "Monitor Network Security Groups" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.1.0 2.7 CIS_Azure_1.1.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure ASC Default policy setting "Monitor Network Security Groups" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.1.0 2.8 CIS_Azure_1.1.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure ASC Default policy setting "Monitor Web Application Firewall" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.1.0 2.8 CIS_Azure_1.1.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure ASC Default policy setting "Monitor Web Application Firewall" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.1.0 2.9 CIS_Azure_1.1.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure ASC Default policy setting "Enable Next Generation Firewall(NGFW) Monitoring" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CIS_Azure_1.1.0 2.9 CIS_Azure_1.1.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure ASC Default policy setting "Enable Next Generation Firewall(NGFW) Monitoring" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center CIS_Azure_1.1.0 2.9 CIS_Azure_1.1.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure ASC Default policy setting "Enable Next Generation Firewall(NGFW) Monitoring" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.1.0 2.9 CIS_Azure_1.1.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure ASC Default policy setting "Enable Next Generation Firewall(NGFW) Monitoring" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.1.0 3.1 CIS_Azure_1.1.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.1.0 3.1 CIS_Azure_1.1.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 3.1 CIS_Azure_1.1.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CIS_Azure_1.1.0 3.1 CIS_Azure_1.1.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.1.0 3.2 CIS_Azure_1.1.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.1.0 3.2 CIS_Azure_1.1.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.1.0 3.2 CIS_Azure_1.1.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.1.0 3.2 CIS_Azure_1.1.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.1.0 3.2 CIS_Azure_1.1.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.1.0 3.2 CIS_Azure_1.1.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.1.0 3.2 CIS_Azure_1.1.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 3.3 CIS_Azure_1.1.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 3.3 CIS_Azure_1.1.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.1.0 3.3 CIS_Azure_1.1.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.1.0 3.3 CIS_Azure_1.1.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.1.0 3.3 CIS_Azure_1.1.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance CIS_Azure_1.1.0 3.4 CIS_Azure_1.1.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that shared access signature tokens expire within an hour CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance CIS_Azure_1.1.0 3.4 CIS_Azure_1.1.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that shared access signature tokens expire within an hour CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance CIS_Azure_1.1.0 3.4 CIS_Azure_1.1.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that shared access signature tokens expire within an hour CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 3.5 CIS_Azure_1.1.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that shared access signature tokens are allowed only over https CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.1.0 3.5 CIS_Azure_1.1.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that shared access signature tokens are allowed only over https CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.1.0 3.5 CIS_Azure_1.1.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that shared access signature tokens are allowed only over https CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.1.0 3.6 CIS_Azure_1.1.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.1.0 3.6 CIS_Azure_1.1.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 3.6 CIS_Azure_1.1.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.1.0 3.6 CIS_Azure_1.1.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 3.6 CIS_Azure_1.1.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CIS_Azure_1.1.0 3.6 CIS_Azure_1.1.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 3.6 CIS_Azure_1.1.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CIS_Azure_1.1.0 3.7 CIS_Azure_1.1.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure default network access rule for Storage Accounts is set to deny CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance CIS_Azure_1.1.0 3.8 CIS_Azure_1.1.0_3.8 CIS Microsoft Azure Foundations Benchmark recommendation 3.8 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance CIS_Azure_1.1.0 3.8 CIS_Azure_1.1.0_3.8 CIS Microsoft Azure Foundations Benchmark recommendation 3.8 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.1.0 3.8 CIS_Azure_1.1.0_3.8 CIS Microsoft Azure Foundations Benchmark recommendation 3.8 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance CIS_Azure_1.1.0 3.8 CIS_Azure_1.1.0_3.8 CIS Microsoft Azure Foundations Benchmark recommendation 3.8 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.1.0 3.8 CIS_Azure_1.1.0_3.8 CIS Microsoft Azure Foundations Benchmark recommendation 3.8 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage CIS_Azure_1.1.0 3.8 CIS_Azure_1.1.0_3.8 CIS Microsoft Azure Foundations Benchmark recommendation 3.8 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 4.1 CIS_Azure_1.1.0_4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CIS_Azure_1.1.0 4.1 CIS_Azure_1.1.0_4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.1.0 4.1 CIS_Azure_1.1.0_4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.1.0 4.1 CIS_Azure_1.1.0_4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 4.1 CIS_Azure_1.1.0_4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.1.0 4.10 CIS_Azure_1.1.0_4.10 CIS Microsoft Azure Foundations Benchmark recommendation 4.10 Ensure SQL server's TDE protector is encrypted with BYOK (Use your own key) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CIS_Azure_1.1.0 4.10 CIS_Azure_1.1.0_4.10 CIS Microsoft Azure Foundations Benchmark recommendation 4.10 Ensure SQL server's TDE protector is encrypted with BYOK (Use your own key) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CIS_Azure_1.1.0 4.10 CIS_Azure_1.1.0_4.10 CIS Microsoft Azure Foundations Benchmark recommendation 4.10 Ensure SQL server's TDE protector is encrypted with BYOK (Use your own key) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.1.0 4.10 CIS_Azure_1.1.0_4.10 CIS Microsoft Azure Foundations Benchmark recommendation 4.10 Ensure SQL server's TDE protector is encrypted with BYOK (Use your own key) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 4.10 CIS_Azure_1.1.0_4.10 CIS Microsoft Azure Foundations Benchmark recommendation 4.10 Ensure SQL server's TDE protector is encrypted with BYOK (Use your own key) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.1.0 4.10 CIS_Azure_1.1.0_4.10 CIS Microsoft Azure Foundations Benchmark recommendation 4.10 Ensure SQL server's TDE protector is encrypted with BYOK (Use your own key) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL CIS_Azure_1.1.0 4.11 CIS_Azure_1.1.0_4.11 CIS Microsoft Azure Foundations Benchmark recommendation 4.11 Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 4.11 CIS_Azure_1.1.0_4.11 CIS Microsoft Azure Foundations Benchmark recommendation 4.11 Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.1.0 4.11 CIS_Azure_1.1.0_4.11 CIS Microsoft Azure Foundations Benchmark recommendation 4.11 Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.1.0 4.11 CIS_Azure_1.1.0_4.11 CIS Microsoft Azure Foundations Benchmark recommendation 4.11 Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 4.12 CIS_Azure_1.1.0_4.12 CIS Microsoft Azure Foundations Benchmark recommendation 4.12 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.1.0 4.12 CIS_Azure_1.1.0_4.12 CIS Microsoft Azure Foundations Benchmark recommendation 4.12 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.1.0 4.12 CIS_Azure_1.1.0_4.12 CIS Microsoft Azure Foundations Benchmark recommendation 4.12 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 4.12 CIS_Azure_1.1.0_4.12 CIS Microsoft Azure Foundations Benchmark recommendation 4.12 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d Log checkpoints should be enabled for PostgreSQL database servers SQL CIS_Azure_1.1.0 4.12 CIS_Azure_1.1.0_4.12 CIS Microsoft Azure Foundations Benchmark recommendation 4.12 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.1.0 4.13 CIS_Azure_1.1.0_4.13 CIS Microsoft Azure Foundations Benchmark recommendation 4.13 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.1.0 4.13 CIS_Azure_1.1.0_4.13 CIS Microsoft Azure Foundations Benchmark recommendation 4.13 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL CIS_Azure_1.1.0 4.13 CIS_Azure_1.1.0_4.13 CIS Microsoft Azure Foundations Benchmark recommendation 4.13 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 4.13 CIS_Azure_1.1.0_4.13 CIS Microsoft Azure Foundations Benchmark recommendation 4.13 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.1.0 4.14 CIS_Azure_1.1.0_4.14 CIS Microsoft Azure Foundations Benchmark recommendation 4.14 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e442 Log connections should be enabled for PostgreSQL database servers SQL CIS_Azure_1.1.0 4.14 CIS_Azure_1.1.0_4.14 CIS Microsoft Azure Foundations Benchmark recommendation 4.14 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 4.14 CIS_Azure_1.1.0_4.14 CIS Microsoft Azure Foundations Benchmark recommendation 4.14 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 4.14 CIS_Azure_1.1.0_4.14 CIS Microsoft Azure Foundations Benchmark recommendation 4.14 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.1.0 4.14 CIS_Azure_1.1.0_4.14 CIS Microsoft Azure Foundations Benchmark recommendation 4.14 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 4.15 CIS_Azure_1.1.0_4.15 CIS Microsoft Azure Foundations Benchmark recommendation 4.15 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 4.15 CIS_Azure_1.1.0_4.15 CIS Microsoft Azure Foundations Benchmark recommendation 4.15 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.1.0 4.15 CIS_Azure_1.1.0_4.15 CIS Microsoft Azure Foundations Benchmark recommendation 4.15 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.1.0 4.15 CIS_Azure_1.1.0_4.15 CIS Microsoft Azure Foundations Benchmark recommendation 4.15 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e446 Disconnections should be logged for PostgreSQL database servers. SQL CIS_Azure_1.1.0 4.15 CIS_Azure_1.1.0_4.15 CIS Microsoft Azure Foundations Benchmark recommendation 4.15 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 4.16 CIS_Azure_1.1.0_4.16 CIS Microsoft Azure Foundations Benchmark recommendation 4.16 Ensure server parameter 'log_duration' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 4.16 CIS_Azure_1.1.0_4.16 CIS Microsoft Azure Foundations Benchmark recommendation 4.16 Ensure server parameter 'log_duration' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.1.0 4.16 CIS_Azure_1.1.0_4.16 CIS Microsoft Azure Foundations Benchmark recommendation 4.16 Ensure server parameter 'log_duration' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.1.0 4.16 CIS_Azure_1.1.0_4.16 CIS Microsoft Azure Foundations Benchmark recommendation 4.16 Ensure server parameter 'log_duration' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
5345bb39-67dc-4960-a1bf-427e16b9a0bd Connection throttling should be enabled for PostgreSQL database servers SQL CIS_Azure_1.1.0 4.17 CIS_Azure_1.1.0_4.17 CIS Microsoft Azure Foundations Benchmark recommendation 4.17 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 4.17 CIS_Azure_1.1.0_4.17 CIS Microsoft Azure Foundations Benchmark recommendation 4.17 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 4.17 CIS_Azure_1.1.0_4.17 CIS Microsoft Azure Foundations Benchmark recommendation 4.17 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.1.0 4.17 CIS_Azure_1.1.0_4.17 CIS Microsoft Azure Foundations Benchmark recommendation 4.17 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.1.0 4.17 CIS_Azure_1.1.0_4.17 CIS Microsoft Azure Foundations Benchmark recommendation 4.17 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.1.0 4.18 CIS_Azure_1.1.0_4.18 CIS Microsoft Azure Foundations Benchmark recommendation 4.18 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.1.0 4.18 CIS_Azure_1.1.0_4.18 CIS Microsoft Azure Foundations Benchmark recommendation 4.18 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.1.0 4.18 CIS_Azure_1.1.0_4.18 CIS Microsoft Azure Foundations Benchmark recommendation 4.18 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.1.0 4.18 CIS_Azure_1.1.0_4.18 CIS Microsoft Azure Foundations Benchmark recommendation 4.18 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.1.0 4.19 CIS_Azure_1.1.0_4.19 CIS Microsoft Azure Foundations Benchmark recommendation 4.19 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.1.0 4.19 CIS_Azure_1.1.0_4.19 CIS Microsoft Azure Foundations Benchmark recommendation 4.19 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.1.0 4.19 CIS_Azure_1.1.0_4.19 CIS Microsoft Azure Foundations Benchmark recommendation 4.19 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.1.0 4.19 CIS_Azure_1.1.0_4.19 CIS Microsoft Azure Foundations Benchmark recommendation 4.19 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.1.0 4.2 CIS_Azure_1.1.0_4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2 Ensure that 'AuditActionGroups' in 'auditing' policy for a SQL server is set properly CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.1.0 4.2 CIS_Azure_1.1.0_4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2 Ensure that 'AuditActionGroups' in 'auditing' policy for a SQL server is set properly CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 4.2 CIS_Azure_1.1.0_4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2 Ensure that 'AuditActionGroups' in 'auditing' policy for a SQL server is set properly CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 4.2 CIS_Azure_1.1.0_4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2 Ensure that 'AuditActionGroups' in 'auditing' policy for a SQL server is set properly CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL CIS_Azure_1.1.0 4.2 CIS_Azure_1.1.0_4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2 Ensure that 'AuditActionGroups' in 'auditing' policy for a SQL server is set properly CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.1.0 4.3 CIS_Azure_1.1.0_4.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.1.0 4.3 CIS_Azure_1.1.0_4.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.1.0 4.3 CIS_Azure_1.1.0_4.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL CIS_Azure_1.1.0 4.3 CIS_Azure_1.1.0_4.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.1.0 4.3 CIS_Azure_1.1.0_4.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Azure_1.1.0 4.4 CIS_Azure_1.1.0_4.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.4 Ensure that 'Advanced Data Security' on a SQL server is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CIS_Azure_1.1.0 4.4 CIS_Azure_1.1.0_4.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.4 Ensure that 'Advanced Data Security' on a SQL server is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.1.0 4.4 CIS_Azure_1.1.0_4.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.4 Ensure that 'Advanced Data Security' on a SQL server is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.1.0 4.5 CIS_Azure_1.1.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure that 'Threat Detection types' is set to 'All' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 4.6 CIS_Azure_1.1.0_4.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.6 Ensure that 'Send alerts to' is set CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 4.6 CIS_Azure_1.1.0_4.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.6 Ensure that 'Send alerts to' is set CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 4.6 CIS_Azure_1.1.0_4.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.6 Ensure that 'Send alerts to' is set CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 4.7 CIS_Azure_1.1.0_4.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.7 Ensure that 'Email service and co-administrators' is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 4.7 CIS_Azure_1.1.0_4.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.7 Ensure that 'Email service and co-administrators' is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 4.7 CIS_Azure_1.1.0_4.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.7 Ensure that 'Email service and co-administrators' is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.1.0 4.8 CIS_Azure_1.1.0_4.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.8 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.1.0 4.8 CIS_Azure_1.1.0_4.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.8 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.1.0 4.8 CIS_Azure_1.1.0_4.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.8 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.1.0 4.8 CIS_Azure_1.1.0_4.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.8 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL CIS_Azure_1.1.0 4.8 CIS_Azure_1.1.0_4.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.8 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 4.9 CIS_Azure_1.1.0_4.9 CIS Microsoft Azure Foundations Benchmark recommendation 4.9 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.1.0 4.9 CIS_Azure_1.1.0_4.9 CIS Microsoft Azure Foundations Benchmark recommendation 4.9 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.1.0 4.9 CIS_Azure_1.1.0_4.9 CIS Microsoft Azure Foundations Benchmark recommendation 4.9 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.1.0 4.9 CIS_Azure_1.1.0_4.9 CIS Microsoft Azure Foundations Benchmark recommendation 4.9 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL CIS_Azure_1.1.0 4.9 CIS_Azure_1.1.0_4.9 CIS Microsoft Azure Foundations Benchmark recommendation 4.9 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.1.0 5.1.1 CIS_Azure_1.1.0_5.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.1 Ensure that a Log Profile exists CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.1.0 5.1.1 CIS_Azure_1.1.0_5.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.1 Ensure that a Log Profile exists CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.1.0 5.1.1 CIS_Azure_1.1.0_5.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.1 Ensure that a Log Profile exists CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CIS_Azure_1.1.0 5.1.1 CIS_Azure_1.1.0_5.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.1 Ensure that a Log Profile exists CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.1.0 5.1.1 CIS_Azure_1.1.0_5.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.1 Ensure that a Log Profile exists CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring CIS_Azure_1.1.0 5.1.2 CIS_Azure_1.1.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure that Activity Log Retention is set 365 days or greater CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.1.0 5.1.2 CIS_Azure_1.1.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure that Activity Log Retention is set 365 days or greater CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.1.0 5.1.2 CIS_Azure_1.1.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure that Activity Log Retention is set 365 days or greater CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.1.0 5.1.2 CIS_Azure_1.1.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure that Activity Log Retention is set 365 days or greater CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.1.0 5.1.3 CIS_Azure_1.1.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure audit profile captures all the activities CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.1.0 5.1.3 CIS_Azure_1.1.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure audit profile captures all the activities CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring CIS_Azure_1.1.0 5.1.3 CIS_Azure_1.1.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure audit profile captures all the activities CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.1.0 5.1.3 CIS_Azure_1.1.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure audit profile captures all the activities CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.1.0 5.1.3 CIS_Azure_1.1.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure audit profile captures all the activities CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.1.0 5.1.4 CIS_Azure_1.1.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the log profile captures activity logs for all regions including global CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.1.0 5.1.4 CIS_Azure_1.1.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the log profile captures activity logs for all regions including global CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring CIS_Azure_1.1.0 5.1.4 CIS_Azure_1.1.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the log profile captures activity logs for all regions including global CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.1.0 5.1.4 CIS_Azure_1.1.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the log profile captures activity logs for all regions including global CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.1.0 5.1.4 CIS_Azure_1.1.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the log profile captures activity logs for all regions including global CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance CIS_Azure_1.1.0 5.1.5 CIS_Azure_1.1.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure the storage container storing the activity logs is not publicly accessible CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CIS_Azure_1.1.0 5.1.5 CIS_Azure_1.1.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure the storage container storing the activity logs is not publicly accessible CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance CIS_Azure_1.1.0 5.1.5 CIS_Azure_1.1.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure the storage container storing the activity logs is not publicly accessible CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
fbb99e8e-e444-4da0-9ff1-75c92f5a85b2 Storage account containing the container with activity logs must be encrypted with BYOK Monitoring CIS_Azure_1.1.0 5.1.6 CIS_Azure_1.1.0_5.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.6 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance CIS_Azure_1.1.0 5.1.6 CIS_Azure_1.1.0_5.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.6 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
c0559109-6a27-a217-6821-5a6d44f92897 Maintain integrity of audit system Regulatory Compliance CIS_Azure_1.1.0 5.1.6 CIS_Azure_1.1.0_5.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.6 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance CIS_Azure_1.1.0 5.1.6 CIS_Azure_1.1.0_5.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.6 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 5.1.7 CIS_Azure_1.1.0_5.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.7 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault CIS_Azure_1.1.0 5.1.7 CIS_Azure_1.1.0_5.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.7 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.1.0 5.1.7 CIS_Azure_1.1.0_5.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.7 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.1.0 5.1.7 CIS_Azure_1.1.0_5.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.7 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CIS_Azure_1.1.0 5.1.7 CIS_Azure_1.1.0_5.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.7 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 5.1.7 CIS_Azure_1.1.0_5.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.7 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 5.2.1 CIS_Azure_1.1.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Azure_1.1.0 5.2.1 CIS_Azure_1.1.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 5.2.1 CIS_Azure_1.1.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 5.2.1 CIS_Azure_1.1.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 5.2.2 CIS_Azure_1.1.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 5.2.2 CIS_Azure_1.1.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 5.2.2 CIS_Azure_1.1.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.1.0 5.2.2 CIS_Azure_1.1.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 5.2.3 CIS_Azure_1.1.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.1.0 5.2.3 CIS_Azure_1.1.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 5.2.3 CIS_Azure_1.1.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 5.2.3 CIS_Azure_1.1.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.1.0 5.2.4 CIS_Azure_1.1.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Create or Update Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 5.2.4 CIS_Azure_1.1.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Create or Update Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 5.2.4 CIS_Azure_1.1.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Create or Update Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 5.2.4 CIS_Azure_1.1.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Create or Update Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 5.2.5 CIS_Azure_1.1.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 5.2.5 CIS_Azure_1.1.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 5.2.5 CIS_Azure_1.1.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.1.0 5.2.5 CIS_Azure_1.1.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Azure_1.1.0 5.2.6 CIS_Azure_1.1.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 5.2.6 CIS_Azure_1.1.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 5.2.6 CIS_Azure_1.1.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 5.2.6 CIS_Azure_1.1.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 5.2.7 CIS_Azure_1.1.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 5.2.7 CIS_Azure_1.1.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Azure_1.1.0 5.2.7 CIS_Azure_1.1.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 5.2.7 CIS_Azure_1.1.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.1.0 5.2.8 CIS_Azure_1.1.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 5.2.8 CIS_Azure_1.1.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 5.2.8 CIS_Azure_1.1.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 5.2.8 CIS_Azure_1.1.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 5.2.9 CIS_Azure_1.1.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Update Security Policy CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 5.2.9 CIS_Azure_1.1.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Update Security Policy CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Azure_1.1.0 5.2.9 CIS_Azure_1.1.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Update Security Policy CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 5.2.9 CIS_Azure_1.1.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Update Security Policy CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.1.0 6.3 CIS_Azure_1.1.0_6.3 CIS Microsoft Azure Foundations Benchmark recommendation 6.3 Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.1.0 6.3 CIS_Azure_1.1.0_6.3 CIS Microsoft Azure Foundations Benchmark recommendation 6.3 Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.1.0 6.4 CIS_Azure_1.1.0_6.4 CIS Microsoft Azure Foundations Benchmark recommendation 6.4 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.1.0 6.4 CIS_Azure_1.1.0_6.4 CIS Microsoft Azure Foundations Benchmark recommendation 6.4 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.1.0 6.4 CIS_Azure_1.1.0_6.4 CIS Microsoft Azure Foundations Benchmark recommendation 6.4 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
ece8bb17-4080-5127-915f-dc7267ee8549 Verify security functions Regulatory Compliance CIS_Azure_1.1.0 6.5 CIS_Azure_1.1.0_6.5 CIS Microsoft Azure Foundations Benchmark recommendation 6.5 Ensure that Network Watcher is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network CIS_Azure_1.1.0 6.5 CIS_Azure_1.1.0_6.5 CIS Microsoft Azure Foundations Benchmark recommendation 6.5 Ensure that Network Watcher is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.1.0 7.1 CIS_Azure_1.1.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure that 'OS disk' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.1.0 7.1 CIS_Azure_1.1.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure that 'OS disk' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 7.1 CIS_Azure_1.1.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure that 'OS disk' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.1.0 7.1 CIS_Azure_1.1.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure that 'OS disk' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.1.0 7.2 CIS_Azure_1.1.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'Data disks' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.1.0 7.2 CIS_Azure_1.1.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'Data disks' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.1.0 7.2 CIS_Azure_1.1.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'Data disks' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 7.2 CIS_Azure_1.1.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'Data disks' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.1.0 7.3 CIS_Azure_1.1.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 7.3 CIS_Azure_1.1.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.1.0 7.3 CIS_Azure_1.1.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.1.0 7.3 CIS_Azure_1.1.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute CIS_Azure_1.1.0 7.4 CIS_Azure_1.1.0_7.4 CIS Microsoft Azure Foundations Benchmark recommendation 7.4 Ensure that only approved extensions are installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.1.0 7.5 CIS_Azure_1.1.0_7.5 CIS Microsoft Azure Foundations Benchmark recommendation 7.5 Ensure that the latest OS Patches for all Virtual Machines are applied CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.1.0 7.6 CIS_Azure_1.1.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.1.0 7.6 CIS_Azure_1.1.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.1.0 7.6 CIS_Azure_1.1.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.1.0 7.6 CIS_Azure_1.1.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.1.0 7.6 CIS_Azure_1.1.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.1.0 7.6 CIS_Azure_1.1.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.1.0 7.6 CIS_Azure_1.1.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance CIS_Azure_1.1.0 7.6 CIS_Azure_1.1.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance CIS_Azure_1.1.0 7.6 CIS_Azure_1.1.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance CIS_Azure_1.1.0 7.6 CIS_Azure_1.1.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.1.0 8.1 CIS_Azure_1.1.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.1.0 8.1 CIS_Azure_1.1.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.1.0 8.1 CIS_Azure_1.1.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.1.0 8.1 CIS_Azure_1.1.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.1.0 8.1 CIS_Azure_1.1.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.1.0 8.1 CIS_Azure_1.1.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CIS_Azure_1.1.0 8.1 CIS_Azure_1.1.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.1.0 8.1 CIS_Azure_1.1.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.1.0 8.2 CIS_Azure_1.1.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CIS_Azure_1.1.0 8.2 CIS_Azure_1.1.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.1.0 8.2 CIS_Azure_1.1.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.1.0 8.2 CIS_Azure_1.1.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.1.0 8.2 CIS_Azure_1.1.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.1.0 8.2 CIS_Azure_1.1.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.1.0 8.2 CIS_Azure_1.1.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.1.0 8.2 CIS_Azure_1.1.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.1.0 8.3 CIS_Azure_1.1.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that Resource Locks are set for mission critical Azure resources CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault CIS_Azure_1.1.0 8.4 CIS_Azure_1.1.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure the key vault is recoverable CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3ad7f0bc-3d03-0585-4d24-529779bb02c2 Maintain availability of information Regulatory Compliance CIS_Azure_1.1.0 8.4 CIS_Azure_1.1.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure the key vault is recoverable CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault CIS_Azure_1.1.0 8.4 CIS_Azure_1.1.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure the key vault is recoverable CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.1.0 8.5 CIS_Azure_1.1.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 8.5 CIS_Azure_1.1.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 8.5 CIS_Azure_1.1.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.1.0 8.5 CIS_Azure_1.1.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.1.0 8.5 CIS_Azure_1.1.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 8.5 CIS_Azure_1.1.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center CIS_Azure_1.1.0 8.5 CIS_Azure_1.1.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance CIS_Azure_1.1.0 9.1 CIS_Azure_1.1.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set on Azure App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service CIS_Azure_1.1.0 9.1 CIS_Azure_1.1.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set on Azure App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CIS_Azure_1.1.0 9.1 CIS_Azure_1.1.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set on Azure App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance CIS_Azure_1.1.0 9.1 CIS_Azure_1.1.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set on Azure App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_1.1.0 9.1 CIS_Azure_1.1.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set on Azure App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service CIS_Azure_1.1.0 9.10 CIS_Azure_1.1.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure that 'HTTP Version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.1.0 9.10 CIS_Azure_1.1.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure that 'HTTP Version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service CIS_Azure_1.1.0 9.10 CIS_Azure_1.1.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure that 'HTTP Version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.1.0 9.2 CIS_Azure_1.1.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 9.2 CIS_Azure_1.1.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service CIS_Azure_1.1.0 9.2 CIS_Azure_1.1.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.1.0 9.2 CIS_Azure_1.1.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service CIS_Azure_1.1.0 9.3 CIS_Azure_1.1.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure web app is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service CIS_Azure_1.1.0 9.3 CIS_Azure_1.1.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure web app is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 9.3 CIS_Azure_1.1.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure web app is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.1.0 9.3 CIS_Azure_1.1.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure web app is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.1.0 9.3 CIS_Azure_1.1.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure web app is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_1.1.0 9.4 CIS_Azure_1.1.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service CIS_Azure_1.1.0 9.4 CIS_Azure_1.1.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service CIS_Azure_1.1.0 9.4 CIS_Azure_1.1.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CIS_Azure_1.1.0 9.5 CIS_Azure_1.1.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service CIS_Azure_1.1.0 9.5 CIS_Azure_1.1.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.1.0 9.5 CIS_Azure_1.1.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.1.0 9.5 CIS_Azure_1.1.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.1.0 9.5 CIS_Azure_1.1.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.1.0 9.5 CIS_Azure_1.1.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.1.0 9.6 CIS_Azure_1.1.0_9.6 CIS Microsoft Azure Foundations Benchmark recommendation 9.6 Ensure that '.Net Framework' version is the latest, if used as a part of the web app CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.1.0 9.7 CIS_Azure_1.1.0_9.7 CIS Microsoft Azure Foundations Benchmark recommendation 9.7 Ensure that 'PHP version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.1.0 9.8 CIS_Azure_1.1.0_9.8 CIS Microsoft Azure Foundations Benchmark recommendation 9.8 Ensure that 'Python version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.1.0 9.9 CIS_Azure_1.1.0_9.9 CIS Microsoft Azure Foundations Benchmark recommendation 9.9 Ensure that 'Java version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.3.0 1.1 CIS_Azure_1.3.0_1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1 Ensure that multi-factor authentication is enabled for all privileged users CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.10 CIS_Azure_1.3.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.10 CIS_Azure_1.3.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.10 CIS_Azure_1.3.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.11 CIS_Azure_1.3.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure that 'Users can register applications' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.11 CIS_Azure_1.3.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure that 'Users can register applications' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.11 CIS_Azure_1.3.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure that 'Users can register applications' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.12 CIS_Azure_1.3.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.12 CIS_Azure_1.3.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.3.0 1.12 CIS_Azure_1.3.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.3.0 1.12 CIS_Azure_1.3.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.3.0 1.12 CIS_Azure_1.3.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.3.0 1.12 CIS_Azure_1.3.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.3.0 1.12 CIS_Azure_1.3.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.12 CIS_Azure_1.3.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.13 CIS_Azure_1.3.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.13 CIS_Azure_1.3.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.13 CIS_Azure_1.3.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.3.0 1.13 CIS_Azure_1.3.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.3.0 1.13 CIS_Azure_1.3.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.3.0 1.13 CIS_Azure_1.3.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.3.0 1.13 CIS_Azure_1.3.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.3.0 1.13 CIS_Azure_1.3.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.3.0 1.14 CIS_Azure_1.3.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.3.0 1.14 CIS_Azure_1.3.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.3.0 1.14 CIS_Azure_1.3.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.3.0 1.14 CIS_Azure_1.3.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.14 CIS_Azure_1.3.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.14 CIS_Azure_1.3.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.14 CIS_Azure_1.3.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.3.0 1.14 CIS_Azure_1.3.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.15 CIS_Azure_1.3.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.3.0 1.15 CIS_Azure_1.3.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.3.0 1.15 CIS_Azure_1.3.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.15 CIS_Azure_1.3.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.3.0 1.15 CIS_Azure_1.3.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.15 CIS_Azure_1.3.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.16 CIS_Azure_1.3.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Restrict user ability to access groups features in the Access Pane' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.3.0 1.16 CIS_Azure_1.3.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Restrict user ability to access groups features in the Access Pane' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.16 CIS_Azure_1.3.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Restrict user ability to access groups features in the Access Pane' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.16 CIS_Azure_1.3.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Restrict user ability to access groups features in the Access Pane' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.17 CIS_Azure_1.3.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Users can create security groups in Azure Portals' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.3.0 1.17 CIS_Azure_1.3.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Users can create security groups in Azure Portals' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.17 CIS_Azure_1.3.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Users can create security groups in Azure Portals' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.17 CIS_Azure_1.3.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Users can create security groups in Azure Portals' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.18 CIS_Azure_1.3.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.18 CIS_Azure_1.3.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.18 CIS_Azure_1.3.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.3.0 1.18 CIS_Azure_1.3.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.3.0 1.19 CIS_Azure_1.3.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create Microsoft 365 groups in Azure Portals' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.19 CIS_Azure_1.3.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create Microsoft 365 groups in Azure Portals' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.19 CIS_Azure_1.3.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create Microsoft 365 groups in Azure Portals' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.19 CIS_Azure_1.3.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create Microsoft 365 groups in Azure Portals' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.3.0 1.2 CIS_Azure_1.3.0_1.2 CIS Microsoft Azure Foundations Benchmark recommendation 1.2 Ensure that multi-factor authentication is enabled for all non-privileged users CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance CIS_Azure_1.3.0 1.20 CIS_Azure_1.3.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance CIS_Azure_1.3.0 1.20 CIS_Azure_1.3.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_1.3.0 1.20 CIS_Azure_1.3.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance CIS_Azure_1.3.0 1.20 CIS_Azure_1.3.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance CIS_Azure_1.3.0 1.20 CIS_Azure_1.3.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_1.3.0 1.20 CIS_Azure_1.3.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.3.0 1.20 CIS_Azure_1.3.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance CIS_Azure_1.3.0 1.20 CIS_Azure_1.3.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.21 CIS_Azure_1.3.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.21 CIS_Azure_1.3.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.3.0 1.21 CIS_Azure_1.3.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.3.0 1.21 CIS_Azure_1.3.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.3.0 1.21 CIS_Azure_1.3.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.21 CIS_Azure_1.3.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance CIS_Azure_1.3.0 1.22 CIS_Azure_1.3.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.3.0 1.22 CIS_Azure_1.3.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_1.3.0 1.22 CIS_Azure_1.3.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_1.3.0 1.22 CIS_Azure_1.3.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance CIS_Azure_1.3.0 1.22 CIS_Azure_1.3.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance CIS_Azure_1.3.0 1.22 CIS_Azure_1.3.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance CIS_Azure_1.3.0 1.22 CIS_Azure_1.3.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_1.3.0 1.22 CIS_Azure_1.3.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance CIS_Azure_1.3.0 1.22 CIS_Azure_1.3.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.3.0 1.23 CIS_Azure_1.3.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure Custom Role is assigned for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.23 CIS_Azure_1.3.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure Custom Role is assigned for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.23 CIS_Azure_1.3.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure Custom Role is assigned for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.23 CIS_Azure_1.3.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure Custom Role is assigned for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance CIS_Azure_1.3.0 1.3 CIS_Azure_1.3.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance CIS_Azure_1.3.0 1.3 CIS_Azure_1.3.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center CIS_Azure_1.3.0 1.3 CIS_Azure_1.3.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center CIS_Azure_1.3.0 1.3 CIS_Azure_1.3.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance CIS_Azure_1.3.0 1.3 CIS_Azure_1.3.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 1.3 CIS_Azure_1.3.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance CIS_Azure_1.3.0 1.3 CIS_Azure_1.3.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center CIS_Azure_1.3.0 1.3 CIS_Azure_1.3.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.3.0 1.4 CIS_Azure_1.3.0_1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_1.3.0 1.4 CIS_Azure_1.3.0_1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_1.3.0 1.4 CIS_Azure_1.3.0_1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.3.0 1.6 CIS_Azure_1.3.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to "0" CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.3.0 1.6 CIS_Azure_1.3.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to "0" CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.3.0 1.6 CIS_Azure_1.3.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to "0" CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.3.0 1.6 CIS_Azure_1.3.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to "0" CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.3.0 1.7 CIS_Azure_1.3.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.3.0 1.7 CIS_Azure_1.3.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.3.0 1.7 CIS_Azure_1.3.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.3.0 1.7 CIS_Azure_1.3.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance CIS_Azure_1.3.0 1.7 CIS_Azure_1.3.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 1.8 CIS_Azure_1.3.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance CIS_Azure_1.3.0 1.8 CIS_Azure_1.3.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.3.0 1.8 CIS_Azure_1.3.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.3.0 1.8 CIS_Azure_1.3.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.3.0 1.8 CIS_Azure_1.3.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance CIS_Azure_1.3.0 1.8 CIS_Azure_1.3.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance CIS_Azure_1.3.0 1.8 CIS_Azure_1.3.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.3.0 1.8 CIS_Azure_1.3.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance CIS_Azure_1.3.0 1.8 CIS_Azure_1.3.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance CIS_Azure_1.3.0 1.8 CIS_Azure_1.3.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.9 CIS_Azure_1.3.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.9 CIS_Azure_1.3.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.9 CIS_Azure_1.3.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 2.1 CIS_Azure_1.3.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Azure Defender is set to On for Servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 2.1 CIS_Azure_1.3.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Azure Defender is set to On for Servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 2.1 CIS_Azure_1.3.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Azure Defender is set to On for Servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 2.1 CIS_Azure_1.3.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Azure Defender is set to On for Servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 2.1 CIS_Azure_1.3.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Azure Defender is set to On for Servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.3.0 2.1 CIS_Azure_1.3.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Azure Defender is set to On for Servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 2.1 CIS_Azure_1.3.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Azure Defender is set to On for Servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 2.1 CIS_Azure_1.3.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Azure Defender is set to On for Servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CIS_Azure_1.3.0 2.1 CIS_Azure_1.3.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Azure Defender is set to On for Servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 2.10 CIS_Azure_1.3.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Cloud App Security (MCAS) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 2.10 CIS_Azure_1.3.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Cloud App Security (MCAS) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 2.10 CIS_Azure_1.3.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Cloud App Security (MCAS) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 2.10 CIS_Azure_1.3.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Cloud App Security (MCAS) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 2.10 CIS_Azure_1.3.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Cloud App Security (MCAS) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 2.10 CIS_Azure_1.3.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Cloud App Security (MCAS) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 2.10 CIS_Azure_1.3.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Cloud App Security (MCAS) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.3.0 2.10 CIS_Azure_1.3.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Cloud App Security (MCAS) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance CIS_Azure_1.3.0 2.11 CIS_Azure_1.3.0_2.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.11 Ensure that 'Automatic provisioning of monitoring agent' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance CIS_Azure_1.3.0 2.11 CIS_Azure_1.3.0_2.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.11 Ensure that 'Automatic provisioning of monitoring agent' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance CIS_Azure_1.3.0 2.12 CIS_Azure_1.3.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure any of the ASC Default policy setting is not set to "Disabled" CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance CIS_Azure_1.3.0 2.12 CIS_Azure_1.3.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure any of the ASC Default policy setting is not set to "Disabled" CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance CIS_Azure_1.3.0 2.12 CIS_Azure_1.3.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure any of the ASC Default policy setting is not set to "Disabled" CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance CIS_Azure_1.3.0 2.12 CIS_Azure_1.3.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure any of the ASC Default policy setting is not set to "Disabled" CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance CIS_Azure_1.3.0 2.12 CIS_Azure_1.3.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure any of the ASC Default policy setting is not set to "Disabled" CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance CIS_Azure_1.3.0 2.12 CIS_Azure_1.3.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure any of the ASC Default policy setting is not set to "Disabled" CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CIS_Azure_1.3.0 2.13 CIS_Azure_1.3.0_2.13 CIS Microsoft Azure Foundations Benchmark recommendation 2.13 Ensure 'Additional email addresses' is configured with a security contact email CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CIS_Azure_1.3.0 2.14 CIS_Azure_1.3.0_2.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.14 Ensure that 'Notify about alerts with the following severity' is set to 'High' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 2.2 CIS_Azure_1.3.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Azure Defender is set to On for App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 2.2 CIS_Azure_1.3.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Azure Defender is set to On for App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CIS_Azure_1.3.0 2.2 CIS_Azure_1.3.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Azure Defender is set to On for App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 2.2 CIS_Azure_1.3.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Azure Defender is set to On for App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 2.2 CIS_Azure_1.3.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Azure Defender is set to On for App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 2.2 CIS_Azure_1.3.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Azure Defender is set to On for App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 2.2 CIS_Azure_1.3.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Azure Defender is set to On for App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.3.0 2.2 CIS_Azure_1.3.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Azure Defender is set to On for App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 2.2 CIS_Azure_1.3.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Azure Defender is set to On for App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 2.3 CIS_Azure_1.3.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Azure Defender is set to On for Azure SQL database servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 2.3 CIS_Azure_1.3.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Azure Defender is set to On for Azure SQL database servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CIS_Azure_1.3.0 2.3 CIS_Azure_1.3.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Azure Defender is set to On for Azure SQL database servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.3.0 2.3 CIS_Azure_1.3.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Azure Defender is set to On for Azure SQL database servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 2.3 CIS_Azure_1.3.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Azure Defender is set to On for Azure SQL database servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 2.3 CIS_Azure_1.3.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Azure Defender is set to On for Azure SQL database servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 2.3 CIS_Azure_1.3.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Azure Defender is set to On for Azure SQL database servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 2.3 CIS_Azure_1.3.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Azure Defender is set to On for Azure SQL database servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 2.3 CIS_Azure_1.3.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Azure Defender is set to On for Azure SQL database servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.3.0 2.4 CIS_Azure_1.3.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Azure Defender is set to On for SQL servers on machines CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 2.4 CIS_Azure_1.3.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Azure Defender is set to On for SQL servers on machines CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 2.4 CIS_Azure_1.3.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Azure Defender is set to On for SQL servers on machines CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CIS_Azure_1.3.0 2.4 CIS_Azure_1.3.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Azure Defender is set to On for SQL servers on machines CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 2.4 CIS_Azure_1.3.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Azure Defender is set to On for SQL servers on machines CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 2.4 CIS_Azure_1.3.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Azure Defender is set to On for SQL servers on machines CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 2.4 CIS_Azure_1.3.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Azure Defender is set to On for SQL servers on machines CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 2.4 CIS_Azure_1.3.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Azure Defender is set to On for SQL servers on machines CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 2.4 CIS_Azure_1.3.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Azure Defender is set to On for SQL servers on machines CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 2.5 CIS_Azure_1.3.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Azure Defender is set to On for Storage CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 2.5 CIS_Azure_1.3.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Azure Defender is set to On for Storage CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 2.5 CIS_Azure_1.3.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Azure Defender is set to On for Storage CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 2.5 CIS_Azure_1.3.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Azure Defender is set to On for Storage CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CIS_Azure_1.3.0 2.5 CIS_Azure_1.3.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Azure Defender is set to On for Storage CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 2.5 CIS_Azure_1.3.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Azure Defender is set to On for Storage CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.3.0 2.5 CIS_Azure_1.3.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Azure Defender is set to On for Storage CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 2.5 CIS_Azure_1.3.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Azure Defender is set to On for Storage CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 2.5 CIS_Azure_1.3.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Azure Defender is set to On for Storage CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 2.6 CIS_Azure_1.3.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Azure Defender is set to On for Kubernetes CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 2.6 CIS_Azure_1.3.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Azure Defender is set to On for Kubernetes CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 2.6 CIS_Azure_1.3.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Azure Defender is set to On for Kubernetes CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 2.6 CIS_Azure_1.3.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Azure Defender is set to On for Kubernetes CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.3.0 2.6 CIS_Azure_1.3.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Azure Defender is set to On for Kubernetes CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 2.6 CIS_Azure_1.3.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Azure Defender is set to On for Kubernetes CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Azure_1.3.0 2.6 CIS_Azure_1.3.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Azure Defender is set to On for Kubernetes CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 2.6 CIS_Azure_1.3.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Azure Defender is set to On for Kubernetes CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 2.6 CIS_Azure_1.3.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Azure Defender is set to On for Kubernetes CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 2.7 CIS_Azure_1.3.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Azure Defender is set to On for Container Registries CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 2.7 CIS_Azure_1.3.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Azure Defender is set to On for Container Registries CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Azure_1.3.0 2.7 CIS_Azure_1.3.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Azure Defender is set to On for Container Registries CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.3.0 2.7 CIS_Azure_1.3.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Azure Defender is set to On for Container Registries CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 2.7 CIS_Azure_1.3.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Azure Defender is set to On for Container Registries CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 2.7 CIS_Azure_1.3.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Azure Defender is set to On for Container Registries CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 2.7 CIS_Azure_1.3.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Azure Defender is set to On for Container Registries CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 2.7 CIS_Azure_1.3.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Azure Defender is set to On for Container Registries CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 2.7 CIS_Azure_1.3.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Azure Defender is set to On for Container Registries CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.3.0 2.8 CIS_Azure_1.3.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Azure Defender is set to On for Key Vault CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 2.8 CIS_Azure_1.3.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Azure Defender is set to On for Key Vault CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 2.8 CIS_Azure_1.3.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Azure Defender is set to On for Key Vault CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 2.8 CIS_Azure_1.3.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Azure Defender is set to On for Key Vault CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CIS_Azure_1.3.0 2.8 CIS_Azure_1.3.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Azure Defender is set to On for Key Vault CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 2.8 CIS_Azure_1.3.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Azure Defender is set to On for Key Vault CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 2.8 CIS_Azure_1.3.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Azure Defender is set to On for Key Vault CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 2.8 CIS_Azure_1.3.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Azure Defender is set to On for Key Vault CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 2.8 CIS_Azure_1.3.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Azure Defender is set to On for Key Vault CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 2.9 CIS_Azure_1.3.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 2.9 CIS_Azure_1.3.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.3.0 2.9 CIS_Azure_1.3.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 2.9 CIS_Azure_1.3.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 2.9 CIS_Azure_1.3.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 2.9 CIS_Azure_1.3.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 2.9 CIS_Azure_1.3.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 2.9 CIS_Azure_1.3.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.3.0 3.1 CIS_Azure_1.3.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CIS_Azure_1.3.0 3.1 CIS_Azure_1.3.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.3.0 3.1 CIS_Azure_1.3.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 3.1 CIS_Azure_1.3.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.3.0 3.10 CIS_Azure_1.3.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Storage logging is enabled for Blob service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 3.10 CIS_Azure_1.3.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Storage logging is enabled for Blob service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 3.10 CIS_Azure_1.3.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Storage logging is enabled for Blob service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 3.10 CIS_Azure_1.3.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Storage logging is enabled for Blob service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 3.10 CIS_Azure_1.3.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Storage logging is enabled for Blob service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.3.0 3.11 CIS_Azure_1.3.0_3.11 CIS Microsoft Azure Foundations Benchmark recommendation 3.11 Ensure Storage logging is enabled for Table service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 3.11 CIS_Azure_1.3.0_3.11 CIS Microsoft Azure Foundations Benchmark recommendation 3.11 Ensure Storage logging is enabled for Table service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 3.11 CIS_Azure_1.3.0_3.11 CIS Microsoft Azure Foundations Benchmark recommendation 3.11 Ensure Storage logging is enabled for Table service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 3.11 CIS_Azure_1.3.0_3.11 CIS Microsoft Azure Foundations Benchmark recommendation 3.11 Ensure Storage logging is enabled for Table service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 3.11 CIS_Azure_1.3.0_3.11 CIS Microsoft Azure Foundations Benchmark recommendation 3.11 Ensure Storage logging is enabled for Table service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.3.0 3.2 CIS_Azure_1.3.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.3.0 3.2 CIS_Azure_1.3.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.3.0 3.2 CIS_Azure_1.3.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.3.0 3.2 CIS_Azure_1.3.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.3.0 3.2 CIS_Azure_1.3.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.3.0 3.2 CIS_Azure_1.3.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.3.0 3.2 CIS_Azure_1.3.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 3.3 CIS_Azure_1.3.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 3.3 CIS_Azure_1.3.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 3.3 CIS_Azure_1.3.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.3.0 3.3 CIS_Azure_1.3.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 3.3 CIS_Azure_1.3.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance CIS_Azure_1.3.0 3.4 CIS_Azure_1.3.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that shared access signature tokens expire within an hour CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance CIS_Azure_1.3.0 3.4 CIS_Azure_1.3.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that shared access signature tokens expire within an hour CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance CIS_Azure_1.3.0 3.4 CIS_Azure_1.3.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that shared access signature tokens expire within an hour CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.3.0 3.5 CIS_Azure_1.3.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.3.0 3.5 CIS_Azure_1.3.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 3.5 CIS_Azure_1.3.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 3.5 CIS_Azure_1.3.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 3.5 CIS_Azure_1.3.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CIS_Azure_1.3.0 3.5 CIS_Azure_1.3.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.3.0 3.5 CIS_Azure_1.3.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage CIS_Azure_1.3.0 3.6 CIS_Azure_1.3.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure default network access rule for Storage Accounts is set to deny CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CIS_Azure_1.3.0 3.6 CIS_Azure_1.3.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure default network access rule for Storage Accounts is set to deny CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance CIS_Azure_1.3.0 3.7 CIS_Azure_1.3.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance CIS_Azure_1.3.0 3.7 CIS_Azure_1.3.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance CIS_Azure_1.3.0 3.7 CIS_Azure_1.3.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.3.0 3.7 CIS_Azure_1.3.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage CIS_Azure_1.3.0 3.7 CIS_Azure_1.3.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.3.0 3.7 CIS_Azure_1.3.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage CIS_Azure_1.3.0 3.9 CIS_Azure_1.3.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure storage for critical data are encrypted with Customer Managed Key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 3.9 CIS_Azure_1.3.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure storage for critical data are encrypted with Customer Managed Key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.3.0 3.9 CIS_Azure_1.3.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure storage for critical data are encrypted with Customer Managed Key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.3.0 3.9 CIS_Azure_1.3.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure storage for critical data are encrypted with Customer Managed Key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.3.0 3.9 CIS_Azure_1.3.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure storage for critical data are encrypted with Customer Managed Key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 4.1.1 CIS_Azure_1.3.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CIS_Azure_1.3.0 4.1.1 CIS_Azure_1.3.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 4.1.1 CIS_Azure_1.3.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 4.1.1 CIS_Azure_1.3.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 4.1.1 CIS_Azure_1.3.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.3.0 4.1.2 CIS_Azure_1.3.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 4.1.2 CIS_Azure_1.3.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.3.0 4.1.2 CIS_Azure_1.3.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.3.0 4.1.2 CIS_Azure_1.3.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL CIS_Azure_1.3.0 4.1.2 CIS_Azure_1.3.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.3.0 4.1.3 CIS_Azure_1.3.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.3.0 4.1.3 CIS_Azure_1.3.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.3.0 4.1.3 CIS_Azure_1.3.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL CIS_Azure_1.3.0 4.1.3 CIS_Azure_1.3.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.3.0 4.1.3 CIS_Azure_1.3.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 4.2.1 CIS_Azure_1.3.0_4.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.1 Ensure that Advanced Threat Protection (ATP) on a SQL server is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Azure_1.3.0 4.2.1 CIS_Azure_1.3.0_4.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.1 Ensure that Advanced Threat Protection (ATP) on a SQL server is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CIS_Azure_1.3.0 4.2.1 CIS_Azure_1.3.0_4.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.1 Ensure that Advanced Threat Protection (ATP) on a SQL server is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CIS_Azure_1.3.0 4.2.2 CIS_Azure_1.3.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CIS_Azure_1.3.0 4.2.2 CIS_Azure_1.3.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.3.0 4.2.2 CIS_Azure_1.3.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 4.2.2 CIS_Azure_1.3.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 4.2.3 CIS_Azure_1.3.0_4.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.3 Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.3.0 4.2.3 CIS_Azure_1.3.0_4.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.3 Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.3.0 4.2.4 CIS_Azure_1.3.0_4.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.4 Ensure that VA setting Send scan reports to is configured for a SQL server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance CIS_Azure_1.3.0 4.2.4 CIS_Azure_1.3.0_4.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.4 Ensure that VA setting Send scan reports to is configured for a SQL server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 4.2.4 CIS_Azure_1.3.0_4.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.4 Ensure that VA setting Send scan reports to is configured for a SQL server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 4.2.5 CIS_Azure_1.3.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that VA setting 'Also send email notifications to admins and subscription owners' is set for a SQL server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.3.0 4.2.5 CIS_Azure_1.3.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that VA setting 'Also send email notifications to admins and subscription owners' is set for a SQL server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance CIS_Azure_1.3.0 4.2.5 CIS_Azure_1.3.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that VA setting 'Also send email notifications to admins and subscription owners' is set for a SQL server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.3.0 4.3.1 CIS_Azure_1.3.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.3.0 4.3.1 CIS_Azure_1.3.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL CIS_Azure_1.3.0 4.3.1 CIS_Azure_1.3.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 4.3.1 CIS_Azure_1.3.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.3.0 4.3.2 CIS_Azure_1.3.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL CIS_Azure_1.3.0 4.3.2 CIS_Azure_1.3.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.3.0 4.3.2 CIS_Azure_1.3.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 4.3.2 CIS_Azure_1.3.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d Log checkpoints should be enabled for PostgreSQL database servers SQL CIS_Azure_1.3.0 4.3.3 CIS_Azure_1.3.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 4.3.3 CIS_Azure_1.3.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 4.3.3 CIS_Azure_1.3.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 4.3.3 CIS_Azure_1.3.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 4.3.3 CIS_Azure_1.3.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 4.3.4 CIS_Azure_1.3.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 4.3.4 CIS_Azure_1.3.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 4.3.4 CIS_Azure_1.3.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 4.3.4 CIS_Azure_1.3.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e442 Log connections should be enabled for PostgreSQL database servers SQL CIS_Azure_1.3.0 4.3.4 CIS_Azure_1.3.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e446 Disconnections should be logged for PostgreSQL database servers. SQL CIS_Azure_1.3.0 4.3.5 CIS_Azure_1.3.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 4.3.5 CIS_Azure_1.3.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 4.3.5 CIS_Azure_1.3.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 4.3.5 CIS_Azure_1.3.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 4.3.5 CIS_Azure_1.3.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
5345bb39-67dc-4960-a1bf-427e16b9a0bd Connection throttling should be enabled for PostgreSQL database servers SQL CIS_Azure_1.3.0 4.3.6 CIS_Azure_1.3.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 4.3.6 CIS_Azure_1.3.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 4.3.6 CIS_Azure_1.3.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 4.3.6 CIS_Azure_1.3.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 4.3.6 CIS_Azure_1.3.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.3.0 4.3.7 CIS_Azure_1.3.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.3.0 4.3.7 CIS_Azure_1.3.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.3.0 4.3.7 CIS_Azure_1.3.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.3.0 4.3.7 CIS_Azure_1.3.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.3.0 4.3.8 CIS_Azure_1.3.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance CIS_Azure_1.3.0 4.3.8 CIS_Azure_1.3.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance CIS_Azure_1.3.0 4.3.8 CIS_Azure_1.3.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.3.0 4.3.8 CIS_Azure_1.3.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance CIS_Azure_1.3.0 4.3.8 CIS_Azure_1.3.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL CIS_Azure_1.3.0 4.4 CIS_Azure_1.3.0_4.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.4 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.3.0 4.4 CIS_Azure_1.3.0_4.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.4 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.3.0 4.4 CIS_Azure_1.3.0_4.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.4 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.3.0 4.4 CIS_Azure_1.3.0_4.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.4 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.3.0 4.4 CIS_Azure_1.3.0_4.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.4 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.3.0 4.5 CIS_Azure_1.3.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.3.0 4.5 CIS_Azure_1.3.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.3.0 4.5 CIS_Azure_1.3.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CIS_Azure_1.3.0 4.5 CIS_Azure_1.3.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 4.5 CIS_Azure_1.3.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CIS_Azure_1.3.0 4.5 CIS_Azure_1.3.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 5.1.1 CIS_Azure_1.3.0_5.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.1 Ensure that a 'Diagnostics Setting' exists CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 5.1.2 CIS_Azure_1.3.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 5.1.2 CIS_Azure_1.3.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 5.1.2 CIS_Azure_1.3.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.3.0 5.1.2 CIS_Azure_1.3.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 5.1.2 CIS_Azure_1.3.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CIS_Azure_1.3.0 5.1.3 CIS_Azure_1.3.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure the storage container storing the activity logs is not publicly accessible CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance CIS_Azure_1.3.0 5.1.3 CIS_Azure_1.3.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure the storage container storing the activity logs is not publicly accessible CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance CIS_Azure_1.3.0 5.1.3 CIS_Azure_1.3.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure the storage container storing the activity logs is not publicly accessible CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance CIS_Azure_1.3.0 5.1.4 CIS_Azure_1.3.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance CIS_Azure_1.3.0 5.1.4 CIS_Azure_1.3.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fbb99e8e-e444-4da0-9ff1-75c92f5a85b2 Storage account containing the container with activity logs must be encrypted with BYOK Monitoring CIS_Azure_1.3.0 5.1.4 CIS_Azure_1.3.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c0559109-6a27-a217-6821-5a6d44f92897 Maintain integrity of audit system Regulatory Compliance CIS_Azure_1.3.0 5.1.4 CIS_Azure_1.3.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 5.1.5 CIS_Azure_1.3.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 5.1.5 CIS_Azure_1.3.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 5.1.5 CIS_Azure_1.3.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 5.1.5 CIS_Azure_1.3.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CIS_Azure_1.3.0 5.1.5 CIS_Azure_1.3.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.3.0 5.2.1 CIS_Azure_1.3.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Azure_1.3.0 5.2.1 CIS_Azure_1.3.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.3.0 5.2.1 CIS_Azure_1.3.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.3.0 5.2.1 CIS_Azure_1.3.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Azure_1.3.0 5.2.2 CIS_Azure_1.3.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.3.0 5.2.2 CIS_Azure_1.3.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.3.0 5.2.2 CIS_Azure_1.3.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.3.0 5.2.2 CIS_Azure_1.3.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.3.0 5.2.3 CIS_Azure_1.3.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.3.0 5.2.3 CIS_Azure_1.3.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.3.0 5.2.3 CIS_Azure_1.3.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.3.0 5.2.3 CIS_Azure_1.3.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.3.0 5.2.4 CIS_Azure_1.3.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.3.0 5.2.4 CIS_Azure_1.3.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.3.0 5.2.4 CIS_Azure_1.3.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.3.0 5.2.4 CIS_Azure_1.3.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.3.0 5.2.5 CIS_Azure_1.3.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.3.0 5.2.5 CIS_Azure_1.3.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.3.0 5.2.5 CIS_Azure_1.3.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.3.0 5.2.5 CIS_Azure_1.3.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.3.0 5.2.6 CIS_Azure_1.3.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.3.0 5.2.6 CIS_Azure_1.3.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.3.0 5.2.6 CIS_Azure_1.3.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.3.0 5.2.6 CIS_Azure_1.3.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Azure_1.3.0 5.2.7 CIS_Azure_1.3.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.3.0 5.2.7 CIS_Azure_1.3.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.3.0 5.2.7 CIS_Azure_1.3.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.3.0 5.2.7 CIS_Azure_1.3.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.3.0 5.2.8 CIS_Azure_1.3.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.3.0 5.2.8 CIS_Azure_1.3.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.3.0 5.2.8 CIS_Azure_1.3.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Azure_1.3.0 5.2.8 CIS_Azure_1.3.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.3.0 5.2.9 CIS_Azure_1.3.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.3.0 5.2.9 CIS_Azure_1.3.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.3.0 5.2.9 CIS_Azure_1.3.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.3.0 5.2.9 CIS_Azure_1.3.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.3.0 6.3 CIS_Azure_1.3.0_6.3 CIS Microsoft Azure Foundations Benchmark recommendation 6.3 Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.3.0 6.3 CIS_Azure_1.3.0_6.3 CIS Microsoft Azure Foundations Benchmark recommendation 6.3 Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.3.0 6.4 CIS_Azure_1.3.0_6.4 CIS Microsoft Azure Foundations Benchmark recommendation 6.4 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.3.0 6.4 CIS_Azure_1.3.0_6.4 CIS Microsoft Azure Foundations Benchmark recommendation 6.4 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.3.0 6.4 CIS_Azure_1.3.0_6.4 CIS Microsoft Azure Foundations Benchmark recommendation 6.4 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network CIS_Azure_1.3.0 6.5 CIS_Azure_1.3.0_6.5 CIS Microsoft Azure Foundations Benchmark recommendation 6.5 Ensure that Network Watcher is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ece8bb17-4080-5127-915f-dc7267ee8549 Verify security functions Regulatory Compliance CIS_Azure_1.3.0 6.5 CIS_Azure_1.3.0_6.5 CIS Microsoft Azure Foundations Benchmark recommendation 6.5 Ensure that Network Watcher is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance CIS_Azure_1.3.0 7.1 CIS_Azure_1.3.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance CIS_Azure_1.3.0 7.1 CIS_Azure_1.3.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute CIS_Azure_1.3.0 7.1 CIS_Azure_1.3.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance CIS_Azure_1.3.0 7.1 CIS_Azure_1.3.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.3.0 7.2 CIS_Azure_1.3.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'OS and Data' disks are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.3.0 7.2 CIS_Azure_1.3.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'OS and Data' disks are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 7.2 CIS_Azure_1.3.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'OS and Data' disks are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.3.0 7.2 CIS_Azure_1.3.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'OS and Data' disks are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.3.0 7.3 CIS_Azure_1.3.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 7.3 CIS_Azure_1.3.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.3.0 7.3 CIS_Azure_1.3.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.3.0 7.3 CIS_Azure_1.3.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute CIS_Azure_1.3.0 7.4 CIS_Azure_1.3.0_7.4 CIS Microsoft Azure Foundations Benchmark recommendation 7.4 Ensure that only approved extensions are installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.3.0 7.5 CIS_Azure_1.3.0_7.5 CIS Microsoft Azure Foundations Benchmark recommendation 7.5 Ensure that the latest OS Patches for all Virtual Machines are applied CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 7.6 CIS_Azure_1.3.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 7.6 CIS_Azure_1.3.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance CIS_Azure_1.3.0 7.6 CIS_Azure_1.3.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 7.6 CIS_Azure_1.3.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance CIS_Azure_1.3.0 7.6 CIS_Azure_1.3.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 7.6 CIS_Azure_1.3.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 7.6 CIS_Azure_1.3.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 7.6 CIS_Azure_1.3.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance CIS_Azure_1.3.0 7.6 CIS_Azure_1.3.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 7.6 CIS_Azure_1.3.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.3.0 7.7 CIS_Azure_1.3.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 Ensure that VHD's are encrypted CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.3.0 7.7 CIS_Azure_1.3.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 Ensure that VHD's are encrypted CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 7.7 CIS_Azure_1.3.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 Ensure that VHD's are encrypted CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.3.0 7.7 CIS_Azure_1.3.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 Ensure that VHD's are encrypted CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CIS_Azure_1.3.0 8.1 CIS_Azure_1.3.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.3.0 8.1 CIS_Azure_1.3.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.3.0 8.1 CIS_Azure_1.3.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.3.0 8.1 CIS_Azure_1.3.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.3.0 8.1 CIS_Azure_1.3.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.3.0 8.1 CIS_Azure_1.3.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.3.0 8.1 CIS_Azure_1.3.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.3.0 8.1 CIS_Azure_1.3.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.3.0 8.2 CIS_Azure_1.3.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.3.0 8.2 CIS_Azure_1.3.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.3.0 8.2 CIS_Azure_1.3.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.3.0 8.2 CIS_Azure_1.3.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.3.0 8.2 CIS_Azure_1.3.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.3.0 8.2 CIS_Azure_1.3.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CIS_Azure_1.3.0 8.2 CIS_Azure_1.3.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.3.0 8.2 CIS_Azure_1.3.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.3.0 8.3 CIS_Azure_1.3.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that Resource Locks are set for mission critical Azure resources CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault CIS_Azure_1.3.0 8.4 CIS_Azure_1.3.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure the key vault is recoverable CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3ad7f0bc-3d03-0585-4d24-529779bb02c2 Maintain availability of information Regulatory Compliance CIS_Azure_1.3.0 8.4 CIS_Azure_1.3.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure the key vault is recoverable CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.3.0 8.5 CIS_Azure_1.3.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 8.5 CIS_Azure_1.3.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 8.5 CIS_Azure_1.3.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.3.0 8.5 CIS_Azure_1.3.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.3.0 8.5 CIS_Azure_1.3.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 8.5 CIS_Azure_1.3.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center CIS_Azure_1.3.0 8.5 CIS_Azure_1.3.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service CIS_Azure_1.3.0 9.1 CIS_Azure_1.3.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set on Azure App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CIS_Azure_1.3.0 9.1 CIS_Azure_1.3.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set on Azure App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance CIS_Azure_1.3.0 9.1 CIS_Azure_1.3.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set on Azure App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_1.3.0 9.1 CIS_Azure_1.3.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set on Azure App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance CIS_Azure_1.3.0 9.1 CIS_Azure_1.3.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set on Azure App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service CIS_Azure_1.3.0 9.10 CIS_Azure_1.3.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are disabled CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 9.10 CIS_Azure_1.3.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are disabled CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.3.0 9.10 CIS_Azure_1.3.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are disabled CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.3.0 9.10 CIS_Azure_1.3.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are disabled CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service CIS_Azure_1.3.0 9.10 CIS_Azure_1.3.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are disabled CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b8dad106-6444-5f55-307e-1e1cc9723e39 Ensure cryptographic mechanisms are under configuration management Regulatory Compliance CIS_Azure_1.3.0 9.11 CIS_Azure_1.3.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are used to store secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.3.0 9.11 CIS_Azure_1.3.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are used to store secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.3.0 9.11 CIS_Azure_1.3.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are used to store secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.3.0 9.11 CIS_Azure_1.3.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are used to store secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.3.0 9.11 CIS_Azure_1.3.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are used to store secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3ad7f0bc-3d03-0585-4d24-529779bb02c2 Maintain availability of information Regulatory Compliance CIS_Azure_1.3.0 9.11 CIS_Azure_1.3.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are used to store secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.3.0 9.11 CIS_Azure_1.3.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are used to store secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.3.0 9.11 CIS_Azure_1.3.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are used to store secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.3.0 9.11 CIS_Azure_1.3.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are used to store secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 9.2 CIS_Azure_1.3.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service CIS_Azure_1.3.0 9.2 CIS_Azure_1.3.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.3.0 9.2 CIS_Azure_1.3.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.3.0 9.2 CIS_Azure_1.3.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service CIS_Azure_1.3.0 9.3 CIS_Azure_1.3.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure web app is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.3.0 9.3 CIS_Azure_1.3.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure web app is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.3.0 9.3 CIS_Azure_1.3.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure web app is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service CIS_Azure_1.3.0 9.3 CIS_Azure_1.3.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure web app is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 9.3 CIS_Azure_1.3.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure web app is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_1.3.0 9.4 CIS_Azure_1.3.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service CIS_Azure_1.3.0 9.4 CIS_Azure_1.3.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service CIS_Azure_1.3.0 9.4 CIS_Azure_1.3.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.3.0 9.5 CIS_Azure_1.3.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.3.0 9.5 CIS_Azure_1.3.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.3.0 9.5 CIS_Azure_1.3.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.3.0 9.5 CIS_Azure_1.3.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service CIS_Azure_1.3.0 9.5 CIS_Azure_1.3.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CIS_Azure_1.3.0 9.5 CIS_Azure_1.3.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.3.0 9.6 CIS_Azure_1.3.0_9.6 CIS Microsoft Azure Foundations Benchmark recommendation 9.6 Ensure that 'PHP version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.3.0 9.7 CIS_Azure_1.3.0_9.7 CIS Microsoft Azure Foundations Benchmark recommendation 9.7 Ensure that 'Python version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.3.0 9.8 CIS_Azure_1.3.0_9.8 CIS Microsoft Azure Foundations Benchmark recommendation 9.8 Ensure that 'Java version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.3.0 9.9 CIS_Azure_1.3.0_9.9 CIS Microsoft Azure Foundations Benchmark recommendation 9.9 Ensure that 'HTTP Version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service CIS_Azure_1.3.0 9.9 CIS_Azure_1.3.0_9.9 CIS Microsoft Azure Foundations Benchmark recommendation 9.9 Ensure that 'HTTP Version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service CIS_Azure_1.3.0 9.9 CIS_Azure_1.3.0_9.9 CIS Microsoft Azure Foundations Benchmark recommendation 9.9 Ensure that 'HTTP Version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.4.0 1.1 CIS_Azure_1.4.0_1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.10 CIS_Azure_1.4.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure that 'Users can add gallery apps to My Apps' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.10 CIS_Azure_1.4.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure that 'Users can add gallery apps to My Apps' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.10 CIS_Azure_1.4.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure that 'Users can add gallery apps to My Apps' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.11 CIS_Azure_1.4.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure that 'Users can register applications' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.11 CIS_Azure_1.4.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure that 'Users can register applications' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.11 CIS_Azure_1.4.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure that 'Users can register applications' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.12 CIS_Azure_1.4.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.12 CIS_Azure_1.4.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.4.0 1.12 CIS_Azure_1.4.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.4.0 1.12 CIS_Azure_1.4.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.4.0 1.12 CIS_Azure_1.4.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.4.0 1.12 CIS_Azure_1.4.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.12 CIS_Azure_1.4.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.4.0 1.12 CIS_Azure_1.4.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.4.0 1.13 CIS_Azure_1.4.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.4.0 1.13 CIS_Azure_1.4.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.13 CIS_Azure_1.4.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.13 CIS_Azure_1.4.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.4.0 1.13 CIS_Azure_1.4.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.4.0 1.13 CIS_Azure_1.4.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.4.0 1.13 CIS_Azure_1.4.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.13 CIS_Azure_1.4.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.14 CIS_Azure_1.4.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure That 'Restrict access to Azure AD administration portal' is Set to "Yes" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.14 CIS_Azure_1.4.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure That 'Restrict access to Azure AD administration portal' is Set to "Yes" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.4.0 1.14 CIS_Azure_1.4.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure That 'Restrict access to Azure AD administration portal' is Set to "Yes" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.4.0 1.14 CIS_Azure_1.4.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure That 'Restrict access to Azure AD administration portal' is Set to "Yes" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.4.0 1.14 CIS_Azure_1.4.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure That 'Restrict access to Azure AD administration portal' is Set to "Yes" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.14 CIS_Azure_1.4.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure That 'Restrict access to Azure AD administration portal' is Set to "Yes" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.15 CIS_Azure_1.4.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.15 CIS_Azure_1.4.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.15 CIS_Azure_1.4.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.4.0 1.15 CIS_Azure_1.4.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.4.0 1.16 CIS_Azure_1.4.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.16 CIS_Azure_1.4.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.16 CIS_Azure_1.4.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.16 CIS_Azure_1.4.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.4.0 1.17 CIS_Azure_1.4.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.17 CIS_Azure_1.4.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.17 CIS_Azure_1.4.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.17 CIS_Azure_1.4.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.18 CIS_Azure_1.4.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.18 CIS_Azure_1.4.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.18 CIS_Azure_1.4.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.4.0 1.18 CIS_Azure_1.4.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_1.4.0 1.19 CIS_Azure_1.4.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance CIS_Azure_1.4.0 1.19 CIS_Azure_1.4.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance CIS_Azure_1.4.0 1.19 CIS_Azure_1.4.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance CIS_Azure_1.4.0 1.19 CIS_Azure_1.4.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance CIS_Azure_1.4.0 1.19 CIS_Azure_1.4.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance CIS_Azure_1.4.0 1.19 CIS_Azure_1.4.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_1.4.0 1.19 CIS_Azure_1.4.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.4.0 1.19 CIS_Azure_1.4.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.4.0 1.2 CIS_Azure_1.4.0_1.2 CIS Microsoft Azure Foundations Benchmark recommendation 1.2 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.4.0 1.20 CIS_Azure_1.4.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure That No Custom Subscription Owner Roles Are Created CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.20 CIS_Azure_1.4.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure That No Custom Subscription Owner Roles Are Created CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.4.0 1.20 CIS_Azure_1.4.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure That No Custom Subscription Owner Roles Are Created CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.4.0 1.20 CIS_Azure_1.4.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure That No Custom Subscription Owner Roles Are Created CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.20 CIS_Azure_1.4.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure That No Custom Subscription Owner Roles Are Created CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.20 CIS_Azure_1.4.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure That No Custom Subscription Owner Roles Are Created CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_1.4.0 1.21 CIS_Azure_1.4.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_1.4.0 1.21 CIS_Azure_1.4.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance CIS_Azure_1.4.0 1.21 CIS_Azure_1.4.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance CIS_Azure_1.4.0 1.21 CIS_Azure_1.4.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance CIS_Azure_1.4.0 1.21 CIS_Azure_1.4.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance CIS_Azure_1.4.0 1.21 CIS_Azure_1.4.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance CIS_Azure_1.4.0 1.21 CIS_Azure_1.4.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_1.4.0 1.21 CIS_Azure_1.4.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.4.0 1.21 CIS_Azure_1.4.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.4.0 1.22 CIS_Azure_1.4.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.22 CIS_Azure_1.4.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.22 CIS_Azure_1.4.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.22 CIS_Azure_1.4.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance CIS_Azure_1.4.0 1.3 CIS_Azure_1.4.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 1.3 CIS_Azure_1.4.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance CIS_Azure_1.4.0 1.3 CIS_Azure_1.4.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center CIS_Azure_1.4.0 1.3 CIS_Azure_1.4.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance CIS_Azure_1.4.0 1.3 CIS_Azure_1.4.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center CIS_Azure_1.4.0 1.3 CIS_Azure_1.4.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance CIS_Azure_1.4.0 1.3 CIS_Azure_1.4.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center CIS_Azure_1.4.0 1.3 CIS_Azure_1.4.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_1.4.0 1.4 CIS_Azure_1.4.0_1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.4 Ensure that 'Restore multi-factor authentication on all remembered devices' is Enabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_1.4.0 1.4 CIS_Azure_1.4.0_1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.4 Ensure that 'Restore multi-factor authentication on all remembered devices' is Enabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.4.0 1.4 CIS_Azure_1.4.0_1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.4 Ensure that 'Restore multi-factor authentication on all remembered devices' is Enabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.4.0 1.6 CIS_Azure_1.4.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.4.0 1.6 CIS_Azure_1.4.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.4.0 1.6 CIS_Azure_1.4.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.4.0 1.6 CIS_Azure_1.4.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance CIS_Azure_1.4.0 1.7 CIS_Azure_1.4.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.4.0 1.7 CIS_Azure_1.4.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.4.0 1.7 CIS_Azure_1.4.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.4.0 1.7 CIS_Azure_1.4.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.4.0 1.7 CIS_Azure_1.4.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance CIS_Azure_1.4.0 1.8 CIS_Azure_1.4.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance CIS_Azure_1.4.0 1.8 CIS_Azure_1.4.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.4.0 1.8 CIS_Azure_1.4.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance CIS_Azure_1.4.0 1.8 CIS_Azure_1.4.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance CIS_Azure_1.4.0 1.8 CIS_Azure_1.4.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 1.8 CIS_Azure_1.4.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance CIS_Azure_1.4.0 1.8 CIS_Azure_1.4.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.4.0 1.8 CIS_Azure_1.4.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.4.0 1.8 CIS_Azure_1.4.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.4.0 1.8 CIS_Azure_1.4.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.9 CIS_Azure_1.4.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.9 CIS_Azure_1.4.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.9 CIS_Azure_1.4.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.4.0 2.1 CIS_Azure_1.4.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Microsoft Defender for Servers is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 2.1 CIS_Azure_1.4.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Microsoft Defender for Servers is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 2.1 CIS_Azure_1.4.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Microsoft Defender for Servers is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CIS_Azure_1.4.0 2.1 CIS_Azure_1.4.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Microsoft Defender for Servers is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 2.1 CIS_Azure_1.4.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Microsoft Defender for Servers is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 2.1 CIS_Azure_1.4.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Microsoft Defender for Servers is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 2.1 CIS_Azure_1.4.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Microsoft Defender for Servers is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 2.1 CIS_Azure_1.4.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Microsoft Defender for Servers is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 2.1 CIS_Azure_1.4.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Microsoft Defender for Servers is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 2.10 CIS_Azure_1.4.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 2.10 CIS_Azure_1.4.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 2.10 CIS_Azure_1.4.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 2.10 CIS_Azure_1.4.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 2.10 CIS_Azure_1.4.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 2.10 CIS_Azure_1.4.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.4.0 2.10 CIS_Azure_1.4.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 2.10 CIS_Azure_1.4.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance CIS_Azure_1.4.0 2.11 CIS_Azure_1.4.0_2.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.11 Ensure That Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance CIS_Azure_1.4.0 2.11 CIS_Azure_1.4.0_2.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.11 Ensure That Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance CIS_Azure_1.4.0 2.12 CIS_Azure_1.4.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure Any of the ASC Default Policy Setting is Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance CIS_Azure_1.4.0 2.12 CIS_Azure_1.4.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure Any of the ASC Default Policy Setting is Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance CIS_Azure_1.4.0 2.12 CIS_Azure_1.4.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure Any of the ASC Default Policy Setting is Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance CIS_Azure_1.4.0 2.12 CIS_Azure_1.4.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure Any of the ASC Default Policy Setting is Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance CIS_Azure_1.4.0 2.12 CIS_Azure_1.4.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure Any of the ASC Default Policy Setting is Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance CIS_Azure_1.4.0 2.12 CIS_Azure_1.4.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure Any of the ASC Default Policy Setting is Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CIS_Azure_1.4.0 2.13 CIS_Azure_1.4.0_2.13 CIS Microsoft Azure Foundations Benchmark recommendation 2.13 Ensure 'Additional email addresses' is Configured with a Security Contact Email CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CIS_Azure_1.4.0 2.14 CIS_Azure_1.4.0_2.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.14 Ensure That 'Notify about alerts with the following severity' is Set to 'High' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 2.2 CIS_Azure_1.4.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Microsoft Defender for App Service is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CIS_Azure_1.4.0 2.2 CIS_Azure_1.4.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Microsoft Defender for App Service is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.4.0 2.2 CIS_Azure_1.4.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Microsoft Defender for App Service is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 2.2 CIS_Azure_1.4.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Microsoft Defender for App Service is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 2.2 CIS_Azure_1.4.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Microsoft Defender for App Service is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 2.2 CIS_Azure_1.4.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Microsoft Defender for App Service is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 2.2 CIS_Azure_1.4.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Microsoft Defender for App Service is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 2.2 CIS_Azure_1.4.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Microsoft Defender for App Service is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 2.2 CIS_Azure_1.4.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Microsoft Defender for App Service is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 2.3 CIS_Azure_1.4.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Microsoft Defender for Azure SQL Databases is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 2.3 CIS_Azure_1.4.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Microsoft Defender for Azure SQL Databases is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 2.3 CIS_Azure_1.4.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Microsoft Defender for Azure SQL Databases is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CIS_Azure_1.4.0 2.3 CIS_Azure_1.4.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Microsoft Defender for Azure SQL Databases is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 2.3 CIS_Azure_1.4.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Microsoft Defender for Azure SQL Databases is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 2.3 CIS_Azure_1.4.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Microsoft Defender for Azure SQL Databases is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.4.0 2.3 CIS_Azure_1.4.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Microsoft Defender for Azure SQL Databases is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 2.3 CIS_Azure_1.4.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Microsoft Defender for Azure SQL Databases is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 2.3 CIS_Azure_1.4.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Microsoft Defender for Azure SQL Databases is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 2.4 CIS_Azure_1.4.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Microsoft Defender for SQL servers on machines is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 2.4 CIS_Azure_1.4.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Microsoft Defender for SQL servers on machines is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 2.4 CIS_Azure_1.4.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Microsoft Defender for SQL servers on machines is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 2.4 CIS_Azure_1.4.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Microsoft Defender for SQL servers on machines is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 2.4 CIS_Azure_1.4.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Microsoft Defender for SQL servers on machines is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 2.4 CIS_Azure_1.4.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Microsoft Defender for SQL servers on machines is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 2.4 CIS_Azure_1.4.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Microsoft Defender for SQL servers on machines is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CIS_Azure_1.4.0 2.4 CIS_Azure_1.4.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Microsoft Defender for SQL servers on machines is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.4.0 2.4 CIS_Azure_1.4.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Microsoft Defender for SQL servers on machines is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 2.5 CIS_Azure_1.4.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Microsoft Defender for Storage is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 2.5 CIS_Azure_1.4.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Microsoft Defender for Storage is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 2.5 CIS_Azure_1.4.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Microsoft Defender for Storage is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 2.5 CIS_Azure_1.4.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Microsoft Defender for Storage is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 2.5 CIS_Azure_1.4.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Microsoft Defender for Storage is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 2.5 CIS_Azure_1.4.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Microsoft Defender for Storage is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.4.0 2.5 CIS_Azure_1.4.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Microsoft Defender for Storage is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CIS_Azure_1.4.0 2.5 CIS_Azure_1.4.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Microsoft Defender for Storage is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 2.5 CIS_Azure_1.4.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Microsoft Defender for Storage is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 2.6 CIS_Azure_1.4.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Microsoft Defender for Kubernetes is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Azure_1.4.0 2.6 CIS_Azure_1.4.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Microsoft Defender for Kubernetes is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 2.6 CIS_Azure_1.4.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Microsoft Defender for Kubernetes is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.4.0 2.6 CIS_Azure_1.4.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Microsoft Defender for Kubernetes is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 2.6 CIS_Azure_1.4.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Microsoft Defender for Kubernetes is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 2.6 CIS_Azure_1.4.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Microsoft Defender for Kubernetes is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 2.6 CIS_Azure_1.4.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Microsoft Defender for Kubernetes is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 2.6 CIS_Azure_1.4.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Microsoft Defender for Kubernetes is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 2.6 CIS_Azure_1.4.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Microsoft Defender for Kubernetes is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.4.0 2.7 CIS_Azure_1.4.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Microsoft Defender for Container Registries is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 2.7 CIS_Azure_1.4.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Microsoft Defender for Container Registries is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Azure_1.4.0 2.7 CIS_Azure_1.4.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Microsoft Defender for Container Registries is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 2.7 CIS_Azure_1.4.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Microsoft Defender for Container Registries is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 2.7 CIS_Azure_1.4.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Microsoft Defender for Container Registries is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 2.7 CIS_Azure_1.4.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Microsoft Defender for Container Registries is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 2.7 CIS_Azure_1.4.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Microsoft Defender for Container Registries is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 2.7 CIS_Azure_1.4.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Microsoft Defender for Container Registries is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 2.7 CIS_Azure_1.4.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Microsoft Defender for Container Registries is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 2.8 CIS_Azure_1.4.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Microsoft Defender for Key Vault is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 2.8 CIS_Azure_1.4.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Microsoft Defender for Key Vault is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 2.8 CIS_Azure_1.4.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Microsoft Defender for Key Vault is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 2.8 CIS_Azure_1.4.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Microsoft Defender for Key Vault is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CIS_Azure_1.4.0 2.8 CIS_Azure_1.4.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Microsoft Defender for Key Vault is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.4.0 2.8 CIS_Azure_1.4.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Microsoft Defender for Key Vault is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 2.8 CIS_Azure_1.4.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Microsoft Defender for Key Vault is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 2.8 CIS_Azure_1.4.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Microsoft Defender for Key Vault is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 2.8 CIS_Azure_1.4.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Microsoft Defender for Key Vault is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.4.0 2.9 CIS_Azure_1.4.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 2.9 CIS_Azure_1.4.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 2.9 CIS_Azure_1.4.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 2.9 CIS_Azure_1.4.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 2.9 CIS_Azure_1.4.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 2.9 CIS_Azure_1.4.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 2.9 CIS_Azure_1.4.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 2.9 CIS_Azure_1.4.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 3.1 CIS_Azure_1.4.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.4.0 3.1 CIS_Azure_1.4.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CIS_Azure_1.4.0 3.1 CIS_Azure_1.4.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.4.0 3.1 CIS_Azure_1.4.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 3.10 CIS_Azure_1.4.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.4.0 3.10 CIS_Azure_1.4.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 3.10 CIS_Azure_1.4.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 3.10 CIS_Azure_1.4.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 3.10 CIS_Azure_1.4.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 3.11 CIS_Azure_1.4.0_3.11 CIS Microsoft Azure Foundations Benchmark recommendation 3.11 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 3.11 CIS_Azure_1.4.0_3.11 CIS Microsoft Azure Foundations Benchmark recommendation 3.11 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.4.0 3.11 CIS_Azure_1.4.0_3.11 CIS Microsoft Azure Foundations Benchmark recommendation 3.11 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 3.11 CIS_Azure_1.4.0_3.11 CIS Microsoft Azure Foundations Benchmark recommendation 3.11 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 3.11 CIS_Azure_1.4.0_3.11 CIS Microsoft Azure Foundations Benchmark recommendation 3.11 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 3.12 CIS_Azure_1.4.0_3.12 CIS Microsoft Azure Foundations Benchmark recommendation 3.12 Ensure the "Minimum TLS version" is set to "Version 1.2" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.4.0 3.12 CIS_Azure_1.4.0_3.12 CIS Microsoft Azure Foundations Benchmark recommendation 3.12 Ensure the "Minimum TLS version" is set to "Version 1.2" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.4.0 3.12 CIS_Azure_1.4.0_3.12 CIS Microsoft Azure Foundations Benchmark recommendation 3.12 Ensure the "Minimum TLS version" is set to "Version 1.2" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.4.0 3.2 CIS_Azure_1.4.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure That Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.4.0 3.2 CIS_Azure_1.4.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure That Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.4.0 3.2 CIS_Azure_1.4.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure That Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.4.0 3.2 CIS_Azure_1.4.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure That Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.4.0 3.2 CIS_Azure_1.4.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure That Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.4.0 3.2 CIS_Azure_1.4.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure That Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.4.0 3.2 CIS_Azure_1.4.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure That Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 3.3 CIS_Azure_1.4.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.4.0 3.3 CIS_Azure_1.4.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 3.3 CIS_Azure_1.4.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 3.3 CIS_Azure_1.4.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 3.3 CIS_Azure_1.4.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance CIS_Azure_1.4.0 3.4 CIS_Azure_1.4.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that Shared Access Signature Tokens Expire Within an Hour CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance CIS_Azure_1.4.0 3.4 CIS_Azure_1.4.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that Shared Access Signature Tokens Expire Within an Hour CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance CIS_Azure_1.4.0 3.4 CIS_Azure_1.4.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that Shared Access Signature Tokens Expire Within an Hour CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.4.0 3.5 CIS_Azure_1.4.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CIS_Azure_1.4.0 3.5 CIS_Azure_1.4.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 3.5 CIS_Azure_1.4.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 3.5 CIS_Azure_1.4.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.4.0 3.5 CIS_Azure_1.4.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 3.5 CIS_Azure_1.4.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.4.0 3.5 CIS_Azure_1.4.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CIS_Azure_1.4.0 3.6 CIS_Azure_1.4.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure Default Network Access Rule for Storage Accounts is Set to Deny CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage CIS_Azure_1.4.0 3.6 CIS_Azure_1.4.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure Default Network Access Rule for Storage Accounts is Set to Deny CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.4.0 3.7 CIS_Azure_1.4.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' are Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.4.0 3.7 CIS_Azure_1.4.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' are Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance CIS_Azure_1.4.0 3.7 CIS_Azure_1.4.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' are Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage CIS_Azure_1.4.0 3.7 CIS_Azure_1.4.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' are Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance CIS_Azure_1.4.0 3.7 CIS_Azure_1.4.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' are Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance CIS_Azure_1.4.0 3.7 CIS_Azure_1.4.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' are Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 3.9 CIS_Azure_1.4.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.4.0 3.9 CIS_Azure_1.4.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.4.0 3.9 CIS_Azure_1.4.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.4.0 3.9 CIS_Azure_1.4.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage CIS_Azure_1.4.0 3.9 CIS_Azure_1.4.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 4.1.1 CIS_Azure_1.4.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CIS_Azure_1.4.0 4.1.1 CIS_Azure_1.4.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 4.1.1 CIS_Azure_1.4.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 4.1.1 CIS_Azure_1.4.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 4.1.1 CIS_Azure_1.4.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 4.1.2 CIS_Azure_1.4.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.4.0 4.1.2 CIS_Azure_1.4.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.4.0 4.1.2 CIS_Azure_1.4.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.4.0 4.1.2 CIS_Azure_1.4.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL CIS_Azure_1.4.0 4.1.2 CIS_Azure_1.4.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.4.0 4.1.3 CIS_Azure_1.4.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.4.0 4.1.3 CIS_Azure_1.4.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL CIS_Azure_1.4.0 4.1.3 CIS_Azure_1.4.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.4.0 4.1.3 CIS_Azure_1.4.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.4.0 4.1.3 CIS_Azure_1.4.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 4.2.1 CIS_Azure_1.4.0_4.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.1 Ensure that Advanced Threat Protection (ATP) on a SQL Server is Set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CIS_Azure_1.4.0 4.2.1 CIS_Azure_1.4.0_4.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.1 Ensure that Advanced Threat Protection (ATP) on a SQL Server is Set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Azure_1.4.0 4.2.1 CIS_Azure_1.4.0_4.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.1 Ensure that Advanced Threat Protection (ATP) on a SQL Server is Set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 4.2.2 CIS_Azure_1.4.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CIS_Azure_1.4.0 4.2.2 CIS_Azure_1.4.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CIS_Azure_1.4.0 4.2.2 CIS_Azure_1.4.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.4.0 4.2.2 CIS_Azure_1.4.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 4.2.3 CIS_Azure_1.4.0_4.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.3 Ensure that VA setting 'Periodic recurring scans' to 'on' for each SQL server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.4.0 4.2.3 CIS_Azure_1.4.0_4.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.3 Ensure that VA setting 'Periodic recurring scans' to 'on' for each SQL server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 4.2.4 CIS_Azure_1.4.0_4.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.4 Ensure that VA setting 'Send scan reports to' is configured for a SQL server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance CIS_Azure_1.4.0 4.2.4 CIS_Azure_1.4.0_4.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.4 Ensure that VA setting 'Send scan reports to' is configured for a SQL server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.4.0 4.2.4 CIS_Azure_1.4.0_4.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.4 Ensure that VA setting 'Send scan reports to' is configured for a SQL server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance CIS_Azure_1.4.0 4.2.5 CIS_Azure_1.4.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that Vulnerability Assessment Setting 'Also send email notifications to admins and subscription owners' is Set for Each SQL Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 4.2.5 CIS_Azure_1.4.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that Vulnerability Assessment Setting 'Also send email notifications to admins and subscription owners' is Set for Each SQL Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.4.0 4.2.5 CIS_Azure_1.4.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that Vulnerability Assessment Setting 'Also send email notifications to admins and subscription owners' is Set for Each SQL Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.4.0 4.3.1 CIS_Azure_1.4.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL CIS_Azure_1.4.0 4.3.1 CIS_Azure_1.4.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 4.3.1 CIS_Azure_1.4.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.4.0 4.3.1 CIS_Azure_1.4.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 4.3.2 CIS_Azure_1.4.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 4.3.2 CIS_Azure_1.4.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d Log checkpoints should be enabled for PostgreSQL database servers SQL CIS_Azure_1.4.0 4.3.2 CIS_Azure_1.4.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 4.3.2 CIS_Azure_1.4.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 4.3.2 CIS_Azure_1.4.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 4.3.3 CIS_Azure_1.4.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e442 Log connections should be enabled for PostgreSQL database servers SQL CIS_Azure_1.4.0 4.3.3 CIS_Azure_1.4.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 4.3.3 CIS_Azure_1.4.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 4.3.3 CIS_Azure_1.4.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 4.3.3 CIS_Azure_1.4.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 4.3.4 CIS_Azure_1.4.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 4.3.4 CIS_Azure_1.4.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 4.3.4 CIS_Azure_1.4.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 4.3.4 CIS_Azure_1.4.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e446 Disconnections should be logged for PostgreSQL database servers. SQL CIS_Azure_1.4.0 4.3.4 CIS_Azure_1.4.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 4.3.5 CIS_Azure_1.4.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 4.3.5 CIS_Azure_1.4.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 4.3.5 CIS_Azure_1.4.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 4.3.5 CIS_Azure_1.4.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
5345bb39-67dc-4960-a1bf-427e16b9a0bd Connection throttling should be enabled for PostgreSQL database servers SQL CIS_Azure_1.4.0 4.3.5 CIS_Azure_1.4.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.4.0 4.3.6 CIS_Azure_1.4.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.4.0 4.3.6 CIS_Azure_1.4.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.4.0 4.3.6 CIS_Azure_1.4.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.4.0 4.3.6 CIS_Azure_1.4.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.4.0 4.3.7 CIS_Azure_1.4.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance CIS_Azure_1.4.0 4.3.7 CIS_Azure_1.4.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance CIS_Azure_1.4.0 4.3.7 CIS_Azure_1.4.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.4.0 4.3.7 CIS_Azure_1.4.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance CIS_Azure_1.4.0 4.3.7 CIS_Azure_1.4.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.4.0 4.3.8 CIS_Azure_1.4.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.4.0 4.3.8 CIS_Azure_1.4.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.4.0 4.3.8 CIS_Azure_1.4.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 4.3.8 CIS_Azure_1.4.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.4.0 4.4.1 CIS_Azure_1.4.0_4.4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.1 Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.4.0 4.4.1 CIS_Azure_1.4.0_4.4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.1 Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 4.4.1 CIS_Azure_1.4.0_4.4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.1 Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.4.0 4.4.2 CIS_Azure_1.4.0_4.4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.2 Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.4.0 4.4.2 CIS_Azure_1.4.0_4.4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.2 Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 4.4.2 CIS_Azure_1.4.0_4.4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.2 Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.4.0 4.5 CIS_Azure_1.4.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.4.0 4.5 CIS_Azure_1.4.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.4.0 4.5 CIS_Azure_1.4.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.4.0 4.5 CIS_Azure_1.4.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL CIS_Azure_1.4.0 4.5 CIS_Azure_1.4.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 4.6 CIS_Azure_1.4.0_4.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.6 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CIS_Azure_1.4.0 4.6 CIS_Azure_1.4.0_4.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.6 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CIS_Azure_1.4.0 4.6 CIS_Azure_1.4.0_4.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.6 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.4.0 4.6 CIS_Azure_1.4.0_4.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.6 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.4.0 4.6 CIS_Azure_1.4.0_4.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.6 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.4.0 4.6 CIS_Azure_1.4.0_4.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.6 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 5.1.1 CIS_Azure_1.4.0_5.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.1 Ensure that a 'Diagnostics Setting' exists CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 5.1.2 CIS_Azure_1.4.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 5.1.2 CIS_Azure_1.4.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 5.1.2 CIS_Azure_1.4.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.4.0 5.1.2 CIS_Azure_1.4.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 5.1.2 CIS_Azure_1.4.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance CIS_Azure_1.4.0 5.1.3 CIS_Azure_1.4.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure the storage container storing the activity logs is not publicly accessible CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance CIS_Azure_1.4.0 5.1.3 CIS_Azure_1.4.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure the storage container storing the activity logs is not publicly accessible CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CIS_Azure_1.4.0 5.1.3 CIS_Azure_1.4.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure the storage container storing the activity logs is not publicly accessible CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c0559109-6a27-a217-6821-5a6d44f92897 Maintain integrity of audit system Regulatory Compliance CIS_Azure_1.4.0 5.1.4 CIS_Azure_1.4.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance CIS_Azure_1.4.0 5.1.4 CIS_Azure_1.4.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fbb99e8e-e444-4da0-9ff1-75c92f5a85b2 Storage account containing the container with activity logs must be encrypted with BYOK Monitoring CIS_Azure_1.4.0 5.1.4 CIS_Azure_1.4.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance CIS_Azure_1.4.0 5.1.4 CIS_Azure_1.4.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 5.1.5 CIS_Azure_1.4.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CIS_Azure_1.4.0 5.1.5 CIS_Azure_1.4.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 5.1.5 CIS_Azure_1.4.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 5.1.5 CIS_Azure_1.4.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 5.1.5 CIS_Azure_1.4.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Azure_1.4.0 5.2.1 CIS_Azure_1.4.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.4.0 5.2.1 CIS_Azure_1.4.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.4.0 5.2.1 CIS_Azure_1.4.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.4.0 5.2.1 CIS_Azure_1.4.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.4.0 5.2.2 CIS_Azure_1.4.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.4.0 5.2.2 CIS_Azure_1.4.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Azure_1.4.0 5.2.2 CIS_Azure_1.4.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.4.0 5.2.2 CIS_Azure_1.4.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.4.0 5.2.3 CIS_Azure_1.4.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.4.0 5.2.3 CIS_Azure_1.4.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.4.0 5.2.3 CIS_Azure_1.4.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.4.0 5.2.3 CIS_Azure_1.4.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.4.0 5.2.4 CIS_Azure_1.4.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.4.0 5.2.4 CIS_Azure_1.4.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.4.0 5.2.4 CIS_Azure_1.4.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.4.0 5.2.4 CIS_Azure_1.4.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.4.0 5.2.5 CIS_Azure_1.4.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.4.0 5.2.5 CIS_Azure_1.4.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.4.0 5.2.5 CIS_Azure_1.4.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.4.0 5.2.5 CIS_Azure_1.4.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.4.0 5.2.6 CIS_Azure_1.4.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.4.0 5.2.6 CIS_Azure_1.4.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.4.0 5.2.6 CIS_Azure_1.4.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.4.0 5.2.6 CIS_Azure_1.4.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Azure_1.4.0 5.2.7 CIS_Azure_1.4.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.4.0 5.2.7 CIS_Azure_1.4.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.4.0 5.2.7 CIS_Azure_1.4.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.4.0 5.2.7 CIS_Azure_1.4.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Azure_1.4.0 5.2.8 CIS_Azure_1.4.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.4.0 5.2.8 CIS_Azure_1.4.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.4.0 5.2.8 CIS_Azure_1.4.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.4.0 5.2.8 CIS_Azure_1.4.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.4.0 5.2.9 CIS_Azure_1.4.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.4.0 5.2.9 CIS_Azure_1.4.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.4.0 5.2.9 CIS_Azure_1.4.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.4.0 5.2.9 CIS_Azure_1.4.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.4.0 6.3 CIS_Azure_1.4.0_6.3 CIS Microsoft Azure Foundations Benchmark recommendation 6.3 Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.4.0 6.3 CIS_Azure_1.4.0_6.3 CIS Microsoft Azure Foundations Benchmark recommendation 6.3 Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.4.0 6.4 CIS_Azure_1.4.0_6.4 CIS Microsoft Azure Foundations Benchmark recommendation 6.4 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.4.0 6.4 CIS_Azure_1.4.0_6.4 CIS Microsoft Azure Foundations Benchmark recommendation 6.4 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.4.0 6.4 CIS_Azure_1.4.0_6.4 CIS Microsoft Azure Foundations Benchmark recommendation 6.4 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ece8bb17-4080-5127-915f-dc7267ee8549 Verify security functions Regulatory Compliance CIS_Azure_1.4.0 6.5 CIS_Azure_1.4.0_6.5 CIS Microsoft Azure Foundations Benchmark recommendation 6.5 Ensure that Network Watcher is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network CIS_Azure_1.4.0 6.5 CIS_Azure_1.4.0_6.5 CIS Microsoft Azure Foundations Benchmark recommendation 6.5 Ensure that Network Watcher is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute CIS_Azure_1.4.0 7.1 CIS_Azure_1.4.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance CIS_Azure_1.4.0 7.1 CIS_Azure_1.4.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance CIS_Azure_1.4.0 7.1 CIS_Azure_1.4.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance CIS_Azure_1.4.0 7.1 CIS_Azure_1.4.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.4.0 7.2 CIS_Azure_1.4.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 7.2 CIS_Azure_1.4.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.4.0 7.2 CIS_Azure_1.4.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.4.0 7.2 CIS_Azure_1.4.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.4.0 7.3 CIS_Azure_1.4.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.4.0 7.3 CIS_Azure_1.4.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.4.0 7.3 CIS_Azure_1.4.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 7.3 CIS_Azure_1.4.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute CIS_Azure_1.4.0 7.4 CIS_Azure_1.4.0_7.4 CIS Microsoft Azure Foundations Benchmark recommendation 7.4 Ensure that Only Approved Extensions Are Installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.4.0 7.5 CIS_Azure_1.4.0_7.5 CIS Microsoft Azure Foundations Benchmark recommendation 7.5 Ensure that the latest OS Patches for all Virtual Machines are applied CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance CIS_Azure_1.4.0 7.6 CIS_Azure_1.4.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance CIS_Azure_1.4.0 7.6 CIS_Azure_1.4.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance CIS_Azure_1.4.0 7.6 CIS_Azure_1.4.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 7.6 CIS_Azure_1.4.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 7.6 CIS_Azure_1.4.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 7.6 CIS_Azure_1.4.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 7.6 CIS_Azure_1.4.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 7.6 CIS_Azure_1.4.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 7.6 CIS_Azure_1.4.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 7.6 CIS_Azure_1.4.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.4.0 7.7 CIS_Azure_1.4.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 Ensure that VHD's are Encrypted CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.4.0 7.7 CIS_Azure_1.4.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 Ensure that VHD's are Encrypted CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 7.7 CIS_Azure_1.4.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 Ensure that VHD's are Encrypted CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.4.0 7.7 CIS_Azure_1.4.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 Ensure that VHD's are Encrypted CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CIS_Azure_1.4.0 8.1 CIS_Azure_1.4.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.4.0 8.1 CIS_Azure_1.4.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.4.0 8.1 CIS_Azure_1.4.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.4.0 8.1 CIS_Azure_1.4.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.4.0 8.1 CIS_Azure_1.4.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.4.0 8.1 CIS_Azure_1.4.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.4.0 8.1 CIS_Azure_1.4.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.4.0 8.1 CIS_Azure_1.4.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.4.0 8.2 CIS_Azure_1.4.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.4.0 8.2 CIS_Azure_1.4.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.4.0 8.2 CIS_Azure_1.4.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.4.0 8.2 CIS_Azure_1.4.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.4.0 8.2 CIS_Azure_1.4.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.4.0 8.2 CIS_Azure_1.4.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.4.0 8.2 CIS_Azure_1.4.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CIS_Azure_1.4.0 8.2 CIS_Azure_1.4.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CIS_Azure_1.4.0 8.3 CIS_Azure_1.4.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.4.0 8.3 CIS_Azure_1.4.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.4.0 8.3 CIS_Azure_1.4.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.4.0 8.3 CIS_Azure_1.4.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.4.0 8.3 CIS_Azure_1.4.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.4.0 8.3 CIS_Azure_1.4.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.4.0 8.3 CIS_Azure_1.4.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.4.0 8.3 CIS_Azure_1.4.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.4.0 8.4 CIS_Azure_1.4.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.4.0 8.4 CIS_Azure_1.4.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.4.0 8.4 CIS_Azure_1.4.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.4.0 8.4 CIS_Azure_1.4.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.4.0 8.4 CIS_Azure_1.4.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CIS_Azure_1.4.0 8.4 CIS_Azure_1.4.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.4.0 8.4 CIS_Azure_1.4.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.4.0 8.4 CIS_Azure_1.4.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.4.0 8.5 CIS_Azure_1.4.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Ensure that Resource Locks are set for Mission Critical Azure Resources CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault CIS_Azure_1.4.0 8.6 CIS_Azure_1.4.0_8.6 CIS Microsoft Azure Foundations Benchmark recommendation 8.6 Ensure the key vault is recoverable CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3ad7f0bc-3d03-0585-4d24-529779bb02c2 Maintain availability of information Regulatory Compliance CIS_Azure_1.4.0 8.6 CIS_Azure_1.4.0_8.6 CIS Microsoft Azure Foundations Benchmark recommendation 8.6 Ensure the key vault is recoverable CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 8.7 CIS_Azure_1.4.0_8.7 CIS Microsoft Azure Foundations Benchmark recommendation 8.7 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 8.7 CIS_Azure_1.4.0_8.7 CIS Microsoft Azure Foundations Benchmark recommendation 8.7 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.4.0 8.7 CIS_Azure_1.4.0_8.7 CIS Microsoft Azure Foundations Benchmark recommendation 8.7 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.4.0 8.7 CIS_Azure_1.4.0_8.7 CIS Microsoft Azure Foundations Benchmark recommendation 8.7 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center CIS_Azure_1.4.0 8.7 CIS_Azure_1.4.0_8.7 CIS Microsoft Azure Foundations Benchmark recommendation 8.7 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 8.7 CIS_Azure_1.4.0_8.7 CIS Microsoft Azure Foundations Benchmark recommendation 8.7 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.4.0 8.7 CIS_Azure_1.4.0_8.7 CIS Microsoft Azure Foundations Benchmark recommendation 8.7 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_1.4.0 9.1 CIS_Azure_1.4.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set up for apps in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance CIS_Azure_1.4.0 9.1 CIS_Azure_1.4.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set up for apps in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance CIS_Azure_1.4.0 9.1 CIS_Azure_1.4.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set up for apps in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service CIS_Azure_1.4.0 9.1 CIS_Azure_1.4.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set up for apps in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CIS_Azure_1.4.0 9.1 CIS_Azure_1.4.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set up for apps in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.4.0 9.10 CIS_Azure_1.4.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are Disabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service CIS_Azure_1.4.0 9.10 CIS_Azure_1.4.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are Disabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service CIS_Azure_1.4.0 9.10 CIS_Azure_1.4.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are Disabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.4.0 9.10 CIS_Azure_1.4.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are Disabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 9.10 CIS_Azure_1.4.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are Disabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b8dad106-6444-5f55-307e-1e1cc9723e39 Ensure cryptographic mechanisms are under configuration management Regulatory Compliance CIS_Azure_1.4.0 9.11 CIS_Azure_1.4.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.4.0 9.11 CIS_Azure_1.4.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.4.0 9.11 CIS_Azure_1.4.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3ad7f0bc-3d03-0585-4d24-529779bb02c2 Maintain availability of information Regulatory Compliance CIS_Azure_1.4.0 9.11 CIS_Azure_1.4.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.4.0 9.11 CIS_Azure_1.4.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.4.0 9.11 CIS_Azure_1.4.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.4.0 9.11 CIS_Azure_1.4.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.4.0 9.11 CIS_Azure_1.4.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.4.0 9.11 CIS_Azure_1.4.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 9.2 CIS_Azure_1.4.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service CIS_Azure_1.4.0 9.2 CIS_Azure_1.4.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.4.0 9.2 CIS_Azure_1.4.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.4.0 9.2 CIS_Azure_1.4.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service CIS_Azure_1.4.0 9.3 CIS_Azure_1.4.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure Web App is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 9.3 CIS_Azure_1.4.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure Web App is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.4.0 9.3 CIS_Azure_1.4.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure Web App is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.4.0 9.3 CIS_Azure_1.4.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure Web App is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service CIS_Azure_1.4.0 9.3 CIS_Azure_1.4.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure Web App is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service CIS_Azure_1.4.0 9.4 CIS_Azure_1.4.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service CIS_Azure_1.4.0 9.4 CIS_Azure_1.4.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_1.4.0 9.4 CIS_Azure_1.4.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.4.0 9.5 CIS_Azure_1.4.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.4.0 9.5 CIS_Azure_1.4.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.4.0 9.5 CIS_Azure_1.4.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.4.0 9.5 CIS_Azure_1.4.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CIS_Azure_1.4.0 9.5 CIS_Azure_1.4.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service CIS_Azure_1.4.0 9.5 CIS_Azure_1.4.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.4.0 9.6 CIS_Azure_1.4.0_9.6 CIS Microsoft Azure Foundations Benchmark recommendation 9.6 Ensure That 'PHP version' is the Latest, If Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.4.0 9.7 CIS_Azure_1.4.0_9.7 CIS Microsoft Azure Foundations Benchmark recommendation 9.7 Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.4.0 9.8 CIS_Azure_1.4.0_9.8 CIS Microsoft Azure Foundations Benchmark recommendation 9.8 Ensure that 'Java version' is the latest, if used to run the Web App CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service CIS_Azure_1.4.0 9.9 CIS_Azure_1.4.0_9.9 CIS Microsoft Azure Foundations Benchmark recommendation 9.9 Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service CIS_Azure_1.4.0 9.9 CIS_Azure_1.4.0_9.9 CIS Microsoft Azure Foundations Benchmark recommendation 9.9 Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.4.0 9.9 CIS_Azure_1.4.0_9.9 CIS Microsoft Azure Foundations Benchmark recommendation 9.9 Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_2.0.0 1.1.1 CIS_Azure_2.0.0_1.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.1 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_2.0.0 1.1.1 CIS_Azure_2.0.0_1.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.1 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_2.0.0 1.1.1 CIS_Azure_2.0.0_1.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.1 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_2.0.0 1.1.1 CIS_Azure_2.0.0_1.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.1 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance CIS_Azure_2.0.0 1.1.1 CIS_Azure_2.0.0_1.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.1 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance CIS_Azure_2.0.0 1.1.1 CIS_Azure_2.0.0_1.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.1 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance CIS_Azure_2.0.0 1.1.1 CIS_Azure_2.0.0_1.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.1 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance CIS_Azure_2.0.0 1.1.1 CIS_Azure_2.0.0_1.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.1 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance CIS_Azure_2.0.0 1.1.1 CIS_Azure_2.0.0_1.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.1 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_2.0.0 1.1.2 CIS_Azure_2.0.0_1.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.2 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_2.0.0 1.1.3 CIS_Azure_2.0.0_1.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.3 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_2.0.0 1.1.4 CIS_Azure_2.0.0_1.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_2.0.0 1.1.4 CIS_Azure_2.0.0_1.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_2.0.0 1.1.4 CIS_Azure_2.0.0_1.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_2.0.0 1.10 CIS_Azure_2.0.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance CIS_Azure_2.0.0 1.10 CIS_Azure_2.0.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance CIS_Azure_2.0.0 1.10 CIS_Azure_2.0.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_2.0.0 1.10 CIS_Azure_2.0.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_2.0.0 1.10 CIS_Azure_2.0.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_2.0.0 1.10 CIS_Azure_2.0.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance CIS_Azure_2.0.0 1.10 CIS_Azure_2.0.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance CIS_Azure_2.0.0 1.10 CIS_Azure_2.0.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance CIS_Azure_2.0.0 1.10 CIS_Azure_2.0.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 1.10 CIS_Azure_2.0.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.11 CIS_Azure_2.0.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure `User consent for applications` is set to `Do not allow user consent` CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.11 CIS_Azure_2.0.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure `User consent for applications` is set to `Do not allow user consent` CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.11 CIS_Azure_2.0.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure `User consent for applications` is set to `Do not allow user consent` CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.13 CIS_Azure_2.0.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Users can add gallery apps to My Apps' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.13 CIS_Azure_2.0.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Users can add gallery apps to My Apps' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.13 CIS_Azure_2.0.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Users can add gallery apps to My Apps' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.14 CIS_Azure_2.0.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure That 'Users Can Register Applications' Is Set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.14 CIS_Azure_2.0.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure That 'Users Can Register Applications' Is Set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.14 CIS_Azure_2.0.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure That 'Users Can Register Applications' Is Set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_2.0.0 1.15 CIS_Azure_2.0.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.15 CIS_Azure_2.0.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.15 CIS_Azure_2.0.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.15 CIS_Azure_2.0.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_2.0.0 1.15 CIS_Azure_2.0.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_2.0.0 1.15 CIS_Azure_2.0.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_2.0.0 1.15 CIS_Azure_2.0.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_2.0.0 1.15 CIS_Azure_2.0.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.16 CIS_Azure_2.0.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_2.0.0 1.16 CIS_Azure_2.0.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_2.0.0 1.16 CIS_Azure_2.0.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.16 CIS_Azure_2.0.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.16 CIS_Azure_2.0.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_2.0.0 1.16 CIS_Azure_2.0.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_2.0.0 1.16 CIS_Azure_2.0.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_2.0.0 1.16 CIS_Azure_2.0.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_2.0.0 1.17 CIS_Azure_2.0.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_2.0.0 1.17 CIS_Azure_2.0.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_2.0.0 1.17 CIS_Azure_2.0.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.17 CIS_Azure_2.0.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.17 CIS_Azure_2.0.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.17 CIS_Azure_2.0.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.18 CIS_Azure_2.0.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_2.0.0 1.18 CIS_Azure_2.0.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.18 CIS_Azure_2.0.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.18 CIS_Azure_2.0.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.19 CIS_Azure_2.0.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.19 CIS_Azure_2.0.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.19 CIS_Azure_2.0.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_2.0.0 1.19 CIS_Azure_2.0.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.20 CIS_Azure_2.0.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_2.0.0 1.20 CIS_Azure_2.0.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.20 CIS_Azure_2.0.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.20 CIS_Azure_2.0.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.21 CIS_Azure_2.0.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_2.0.0 1.21 CIS_Azure_2.0.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.21 CIS_Azure_2.0.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.21 CIS_Azure_2.0.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_2.0.0 1.22 CIS_Azure_2.0.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance CIS_Azure_2.0.0 1.22 CIS_Azure_2.0.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance CIS_Azure_2.0.0 1.22 CIS_Azure_2.0.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance CIS_Azure_2.0.0 1.22 CIS_Azure_2.0.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance CIS_Azure_2.0.0 1.22 CIS_Azure_2.0.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_2.0.0 1.22 CIS_Azure_2.0.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_2.0.0 1.22 CIS_Azure_2.0.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance CIS_Azure_2.0.0 1.22 CIS_Azure_2.0.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_2.0.0 1.23 CIS_Azure_2.0.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure That No Custom Subscription Administrator Roles Exist CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.23 CIS_Azure_2.0.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure That No Custom Subscription Administrator Roles Exist CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.23 CIS_Azure_2.0.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure That No Custom Subscription Administrator Roles Exist CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_2.0.0 1.23 CIS_Azure_2.0.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure That No Custom Subscription Administrator Roles Exist CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.23 CIS_Azure_2.0.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure That No Custom Subscription Administrator Roles Exist CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General CIS_Azure_2.0.0 1.23 CIS_Azure_2.0.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure That No Custom Subscription Administrator Roles Exist CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_2.0.0 1.23 CIS_Azure_2.0.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure That No Custom Subscription Administrator Roles Exist CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.24 CIS_Azure_2.0.0_1.24 CIS Microsoft Azure Foundations Benchmark recommendation 1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.24 CIS_Azure_2.0.0_1.24 CIS Microsoft Azure Foundations Benchmark recommendation 1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_2.0.0 1.24 CIS_Azure_2.0.0_1.24 CIS Microsoft Azure Foundations Benchmark recommendation 1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.24 CIS_Azure_2.0.0_1.24 CIS Microsoft Azure Foundations Benchmark recommendation 1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center CIS_Azure_2.0.0 1.5 CIS_Azure_2.0.0_1.5 CIS Microsoft Azure Foundations Benchmark recommendation 1.5 Ensure Guest Users Are Reviewed on a Regular Basis CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance CIS_Azure_2.0.0 1.5 CIS_Azure_2.0.0_1.5 CIS Microsoft Azure Foundations Benchmark recommendation 1.5 Ensure Guest Users Are Reviewed on a Regular Basis CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center CIS_Azure_2.0.0 1.5 CIS_Azure_2.0.0_1.5 CIS Microsoft Azure Foundations Benchmark recommendation 1.5 Ensure Guest Users Are Reviewed on a Regular Basis CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 1.5 CIS_Azure_2.0.0_1.5 CIS Microsoft Azure Foundations Benchmark recommendation 1.5 Ensure Guest Users Are Reviewed on a Regular Basis CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance CIS_Azure_2.0.0 1.5 CIS_Azure_2.0.0_1.5 CIS Microsoft Azure Foundations Benchmark recommendation 1.5 Ensure Guest Users Are Reviewed on a Regular Basis CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance CIS_Azure_2.0.0 1.5 CIS_Azure_2.0.0_1.5 CIS Microsoft Azure Foundations Benchmark recommendation 1.5 Ensure Guest Users Are Reviewed on a Regular Basis CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance CIS_Azure_2.0.0 1.5 CIS_Azure_2.0.0_1.5 CIS Microsoft Azure Foundations Benchmark recommendation 1.5 Ensure Guest Users Are Reviewed on a Regular Basis CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center CIS_Azure_2.0.0 1.5 CIS_Azure_2.0.0_1.5 CIS Microsoft Azure Foundations Benchmark recommendation 1.5 Ensure Guest Users Are Reviewed on a Regular Basis CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_2.0.0 1.8 CIS_Azure_2.0.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_2.0.0 1.8 CIS_Azure_2.0.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_2.0.0 1.8 CIS_Azure_2.0.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_2.0.0 1.8 CIS_Azure_2.0.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance CIS_Azure_2.0.0 1.9 CIS_Azure_2.0.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_2.0.0 1.9 CIS_Azure_2.0.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_2.0.0 1.9 CIS_Azure_2.0.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_2.0.0 1.9 CIS_Azure_2.0.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_2.0.0 1.9 CIS_Azure_2.0.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_2.0.0 10.1 CIS_Azure_2.0.0_10.1 CIS Microsoft Azure Foundations Benchmark recommendation 10.1 Ensure that Resource Locks are set for Mission-Critical Azure Resources CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 2.1.1 CIS_Azure_2.0.0_2.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.1 Ensure That Microsoft Defender for Servers Is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.1 CIS_Azure_2.0.0_2.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.1 Ensure That Microsoft Defender for Servers Is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 2.1.1 CIS_Azure_2.0.0_2.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.1 Ensure That Microsoft Defender for Servers Is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_2.0.0 2.1.1 CIS_Azure_2.0.0_2.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.1 Ensure That Microsoft Defender for Servers Is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CIS_Azure_2.0.0 2.1.1 CIS_Azure_2.0.0_2.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.1 Ensure That Microsoft Defender for Servers Is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 2.1.1 CIS_Azure_2.0.0_2.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.1 Ensure That Microsoft Defender for Servers Is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 2.1.1 CIS_Azure_2.0.0_2.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.1 Ensure That Microsoft Defender for Servers Is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.1 CIS_Azure_2.0.0_2.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.1 Ensure That Microsoft Defender for Servers Is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 2.1.1 CIS_Azure_2.0.0_2.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.1 Ensure That Microsoft Defender for Servers Is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 2.1.10 CIS_Azure_2.0.0_2.1.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.10 Ensure That Microsoft Defender for Key Vault Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 2.1.10 CIS_Azure_2.0.0_2.1.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.10 Ensure That Microsoft Defender for Key Vault Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.10 CIS_Azure_2.0.0_2.1.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.10 Ensure That Microsoft Defender for Key Vault Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_2.0.0 2.1.10 CIS_Azure_2.0.0_2.1.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.10 Ensure That Microsoft Defender for Key Vault Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 2.1.10 CIS_Azure_2.0.0_2.1.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.10 Ensure That Microsoft Defender for Key Vault Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 2.1.10 CIS_Azure_2.0.0_2.1.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.10 Ensure That Microsoft Defender for Key Vault Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CIS_Azure_2.0.0 2.1.10 CIS_Azure_2.0.0_2.1.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.10 Ensure That Microsoft Defender for Key Vault Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.10 CIS_Azure_2.0.0_2.1.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.10 Ensure That Microsoft Defender for Key Vault Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 2.1.10 CIS_Azure_2.0.0_2.1.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.10 Ensure That Microsoft Defender for Key Vault Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
bdc59948-5574-49b3-bb91-76b7c986428d [Deprecated]: Azure Defender for DNS should be enabled Security Center CIS_Azure_2.0.0 2.1.11 CIS_Azure_2.0.0_2.1.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.11 Ensure That Microsoft Defender for DNS Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center CIS_Azure_2.0.0 2.1.12 CIS_Azure_2.0.0_2.1.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.12 Ensure That Microsoft Defender for Resource Manager Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager CIS_Azure_2.0.0 2.1.13 CIS_Azure_2.0.0_2.1.13 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.13 Ensure that Microsoft Defender Recommendation for 'Apply system updates' status is 'Completed' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance CIS_Azure_2.0.0 2.1.14 CIS_Azure_2.0.0_2.1.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.14 Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance CIS_Azure_2.0.0 2.1.14 CIS_Azure_2.0.0_2.1.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.14 Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance CIS_Azure_2.0.0 2.1.14 CIS_Azure_2.0.0_2.1.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.14 Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance CIS_Azure_2.0.0 2.1.14 CIS_Azure_2.0.0_2.1.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.14 Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance CIS_Azure_2.0.0 2.1.14 CIS_Azure_2.0.0_2.1.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.14 Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance CIS_Azure_2.0.0 2.1.14 CIS_Azure_2.0.0_2.1.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.14 Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance CIS_Azure_2.0.0 2.1.15 CIS_Azure_2.0.0_2.1.15 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.15 Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance CIS_Azure_2.0.0 2.1.15 CIS_Azure_2.0.0_2.1.15 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.15 Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_2.0.0 2.1.17 CIS_Azure_2.0.0_2.1.17 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.17 Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 2.1.17 CIS_Azure_2.0.0_2.1.17 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.17 Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Azure_2.0.0 2.1.17 CIS_Azure_2.0.0_2.1.17 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.17 Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 2.1.17 CIS_Azure_2.0.0_2.1.17 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.17 Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.17 CIS_Azure_2.0.0_2.1.17 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.17 Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 2.1.17 CIS_Azure_2.0.0_2.1.17 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.17 Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 2.1.17 CIS_Azure_2.0.0_2.1.17 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.17 Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 2.1.17 CIS_Azure_2.0.0_2.1.17 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.17 Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.17 CIS_Azure_2.0.0_2.1.17 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.17 Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CIS_Azure_2.0.0 2.1.19 CIS_Azure_2.0.0_2.1.19 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.19 Ensure 'Additional email addresses' is Configured with a Security Contact Email CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.2 CIS_Azure_2.0.0_2.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.2 Ensure That Microsoft Defender for App Services Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 2.1.2 CIS_Azure_2.0.0_2.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.2 Ensure That Microsoft Defender for App Services Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 2.1.2 CIS_Azure_2.0.0_2.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.2 Ensure That Microsoft Defender for App Services Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 2.1.2 CIS_Azure_2.0.0_2.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.2 Ensure That Microsoft Defender for App Services Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 2.1.2 CIS_Azure_2.0.0_2.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.2 Ensure That Microsoft Defender for App Services Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 2.1.2 CIS_Azure_2.0.0_2.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.2 Ensure That Microsoft Defender for App Services Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_2.0.0 2.1.2 CIS_Azure_2.0.0_2.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.2 Ensure That Microsoft Defender for App Services Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.2 CIS_Azure_2.0.0_2.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.2 Ensure That Microsoft Defender for App Services Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CIS_Azure_2.0.0 2.1.2 CIS_Azure_2.0.0_2.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.2 Ensure That Microsoft Defender for App Services Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CIS_Azure_2.0.0 2.1.20 CIS_Azure_2.0.0_2.1.20 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.20 Ensure That 'Notify about alerts with the following severity' is Set to 'High' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 2.1.21 CIS_Azure_2.0.0_2.1.21 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.21 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 2.1.21 CIS_Azure_2.0.0_2.1.21 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.21 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.21 CIS_Azure_2.0.0_2.1.21 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.21 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 2.1.21 CIS_Azure_2.0.0_2.1.21 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.21 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 2.1.21 CIS_Azure_2.0.0_2.1.21 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.21 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.21 CIS_Azure_2.0.0_2.1.21 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.21 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 2.1.21 CIS_Azure_2.0.0_2.1.21 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.21 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_2.0.0 2.1.21 CIS_Azure_2.0.0_2.1.21 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.21 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 2.1.22 CIS_Azure_2.0.0_2.1.22 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.22 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 2.1.22 CIS_Azure_2.0.0_2.1.22 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.22 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 2.1.22 CIS_Azure_2.0.0_2.1.22 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.22 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.22 CIS_Azure_2.0.0_2.1.22 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.22 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_2.0.0 2.1.22 CIS_Azure_2.0.0_2.1.22 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.22 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 2.1.22 CIS_Azure_2.0.0_2.1.22 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.22 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 2.1.22 CIS_Azure_2.0.0_2.1.22 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.22 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.22 CIS_Azure_2.0.0_2.1.22 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.22 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center CIS_Azure_2.0.0 2.1.3 CIS_Azure_2.0.0_2.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.3 Ensure That Microsoft Defender for Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CIS_Azure_2.0.0 2.1.3 CIS_Azure_2.0.0_2.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.3 Ensure That Microsoft Defender for Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CIS_Azure_2.0.0 2.1.3 CIS_Azure_2.0.0_2.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.3 Ensure That Microsoft Defender for Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CIS_Azure_2.0.0 2.1.3 CIS_Azure_2.0.0_2.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.3 Ensure That Microsoft Defender for Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 2.1.4 CIS_Azure_2.0.0_2.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.4 Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 2.1.4 CIS_Azure_2.0.0_2.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.4 Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 2.1.4 CIS_Azure_2.0.0_2.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.4 Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.4 CIS_Azure_2.0.0_2.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.4 Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.4 CIS_Azure_2.0.0_2.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.4 Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 2.1.4 CIS_Azure_2.0.0_2.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.4 Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_2.0.0 2.1.4 CIS_Azure_2.0.0_2.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.4 Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CIS_Azure_2.0.0 2.1.4 CIS_Azure_2.0.0_2.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.4 Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 2.1.4 CIS_Azure_2.0.0_2.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.4 Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CIS_Azure_2.0.0 2.1.5 CIS_Azure_2.0.0_2.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.5 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 2.1.5 CIS_Azure_2.0.0_2.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.5 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 2.1.5 CIS_Azure_2.0.0_2.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.5 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 2.1.5 CIS_Azure_2.0.0_2.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.5 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.5 CIS_Azure_2.0.0_2.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.5 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_2.0.0 2.1.5 CIS_Azure_2.0.0_2.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.5 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 2.1.5 CIS_Azure_2.0.0_2.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.5 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 2.1.5 CIS_Azure_2.0.0_2.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.5 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.5 CIS_Azure_2.0.0_2.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.5 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CIS_Azure_2.0.0 2.1.6 CIS_Azure_2.0.0_2.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.6 Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 2.1.7 CIS_Azure_2.0.0_2.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.7 Ensure That Microsoft Defender for Storage Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 2.1.7 CIS_Azure_2.0.0_2.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.7 Ensure That Microsoft Defender for Storage Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.7 CIS_Azure_2.0.0_2.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.7 Ensure That Microsoft Defender for Storage Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.7 CIS_Azure_2.0.0_2.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.7 Ensure That Microsoft Defender for Storage Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 2.1.7 CIS_Azure_2.0.0_2.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.7 Ensure That Microsoft Defender for Storage Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_2.0.0 2.1.7 CIS_Azure_2.0.0_2.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.7 Ensure That Microsoft Defender for Storage Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 2.1.7 CIS_Azure_2.0.0_2.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.7 Ensure That Microsoft Defender for Storage Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CIS_Azure_2.0.0 2.1.7 CIS_Azure_2.0.0_2.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.7 Ensure That Microsoft Defender for Storage Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 2.1.7 CIS_Azure_2.0.0_2.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.7 Ensure That Microsoft Defender for Storage Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.8 CIS_Azure_2.0.0_2.1.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.8 Ensure That Microsoft Defender for Containers Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 2.1.8 CIS_Azure_2.0.0_2.1.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.8 Ensure That Microsoft Defender for Containers Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Azure_2.0.0 2.1.8 CIS_Azure_2.0.0_2.1.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.8 Ensure That Microsoft Defender for Containers Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 2.1.8 CIS_Azure_2.0.0_2.1.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.8 Ensure That Microsoft Defender for Containers Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_2.0.0 2.1.8 CIS_Azure_2.0.0_2.1.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.8 Ensure That Microsoft Defender for Containers Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 2.1.8 CIS_Azure_2.0.0_2.1.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.8 Ensure That Microsoft Defender for Containers Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.8 CIS_Azure_2.0.0_2.1.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.8 Ensure That Microsoft Defender for Containers Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 2.1.8 CIS_Azure_2.0.0_2.1.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.8 Ensure That Microsoft Defender for Containers Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 2.1.8 CIS_Azure_2.0.0_2.1.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.8 Ensure That Microsoft Defender for Containers Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center CIS_Azure_2.0.0 2.1.9 CIS_Azure_2.0.0_2.1.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.9 Ensure That Microsoft Defender for Azure Cosmos DB Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 3.1 CIS_Azure_2.0.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_2.0.0 3.1 CIS_Azure_2.0.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CIS_Azure_2.0.0 3.1 CIS_Azure_2.0.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_2.0.0 3.1 CIS_Azure_2.0.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage CIS_Azure_2.0.0 3.10 CIS_Azure_2.0.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Private Endpoints are used to access Storage Accounts CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_2.0.0 3.12 CIS_Azure_2.0.0_3.12 CIS Microsoft Azure Foundations Benchmark recommendation 3.12 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_2.0.0 3.12 CIS_Azure_2.0.0_3.12 CIS Microsoft Azure Foundations Benchmark recommendation 3.12 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage CIS_Azure_2.0.0 3.12 CIS_Azure_2.0.0_3.12 CIS Microsoft Azure Foundations Benchmark recommendation 3.12 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_2.0.0 3.12 CIS_Azure_2.0.0_3.12 CIS Microsoft Azure Foundations Benchmark recommendation 3.12 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 3.12 CIS_Azure_2.0.0_3.12 CIS Microsoft Azure Foundations Benchmark recommendation 3.12 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 3.13 CIS_Azure_2.0.0_3.13 CIS Microsoft Azure Foundations Benchmark recommendation 3.13 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 3.13 CIS_Azure_2.0.0_3.13 CIS Microsoft Azure Foundations Benchmark recommendation 3.13 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 3.13 CIS_Azure_2.0.0_3.13 CIS Microsoft Azure Foundations Benchmark recommendation 3.13 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_2.0.0 3.13 CIS_Azure_2.0.0_3.13 CIS Microsoft Azure Foundations Benchmark recommendation 3.13 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 3.13 CIS_Azure_2.0.0_3.13 CIS Microsoft Azure Foundations Benchmark recommendation 3.13 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 3.14 CIS_Azure_2.0.0_3.14 CIS Microsoft Azure Foundations Benchmark recommendation 3.14 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 3.14 CIS_Azure_2.0.0_3.14 CIS Microsoft Azure Foundations Benchmark recommendation 3.14 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 3.14 CIS_Azure_2.0.0_3.14 CIS Microsoft Azure Foundations Benchmark recommendation 3.14 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_2.0.0 3.14 CIS_Azure_2.0.0_3.14 CIS Microsoft Azure Foundations Benchmark recommendation 3.14 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 3.14 CIS_Azure_2.0.0_3.14 CIS Microsoft Azure Foundations Benchmark recommendation 3.14 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_2.0.0 3.15 CIS_Azure_2.0.0_3.15 CIS Microsoft Azure Foundations Benchmark recommendation 3.15 Ensure the "Minimum TLS version" for storage accounts is set to "Version 1.2" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_2.0.0 3.15 CIS_Azure_2.0.0_3.15 CIS Microsoft Azure Foundations Benchmark recommendation 3.15 Ensure the "Minimum TLS version" for storage accounts is set to "Version 1.2" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fe83a0eb-a853-422d-aac2-1bffd182c5d0 Storage accounts should have the specified minimum TLS version Storage CIS_Azure_2.0.0 3.15 CIS_Azure_2.0.0_3.15 CIS Microsoft Azure Foundations Benchmark recommendation 3.15 Ensure the "Minimum TLS version" for storage accounts is set to "Version 1.2" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 3.15 CIS_Azure_2.0.0_3.15 CIS Microsoft Azure Foundations Benchmark recommendation 3.15 Ensure the "Minimum TLS version" for storage accounts is set to "Version 1.2" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage CIS_Azure_2.0.0 3.2 CIS_Azure_2.0.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that ‘Enable Infrastructure Encryption’ for Each Storage Account in Azure Storage is Set to ‘enabled’ CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_2.0.0 3.4 CIS_Azure_2.0.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_2.0.0 3.4 CIS_Azure_2.0.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_2.0.0 3.4 CIS_Azure_2.0.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_2.0.0 3.4 CIS_Azure_2.0.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_2.0.0 3.4 CIS_Azure_2.0.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_2.0.0 3.4 CIS_Azure_2.0.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_2.0.0 3.4 CIS_Azure_2.0.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_2.0.0 3.5 CIS_Azure_2.0.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 3.5 CIS_Azure_2.0.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 3.5 CIS_Azure_2.0.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 3.5 CIS_Azure_2.0.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 3.5 CIS_Azure_2.0.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance CIS_Azure_2.0.0 3.6 CIS_Azure_2.0.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure that Shared Access Signature Tokens Expire Within an Hour CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance CIS_Azure_2.0.0 3.6 CIS_Azure_2.0.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure that Shared Access Signature Tokens Expire Within an Hour CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance CIS_Azure_2.0.0 3.6 CIS_Azure_2.0.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure that Shared Access Signature Tokens Expire Within an Hour CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 3.7 CIS_Azure_2.0.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure that 'Public access level' is disabled for storage accounts with blob containers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 3.7 CIS_Azure_2.0.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure that 'Public access level' is disabled for storage accounts with blob containers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 3.7 CIS_Azure_2.0.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure that 'Public access level' is disabled for storage accounts with blob containers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_2.0.0 3.7 CIS_Azure_2.0.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure that 'Public access level' is disabled for storage accounts with blob containers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CIS_Azure_2.0.0 3.7 CIS_Azure_2.0.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure that 'Public access level' is disabled for storage accounts with blob containers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_2.0.0 3.7 CIS_Azure_2.0.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure that 'Public access level' is disabled for storage accounts with blob containers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_2.0.0 3.7 CIS_Azure_2.0.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure that 'Public access level' is disabled for storage accounts with blob containers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CIS_Azure_2.0.0 3.8 CIS_Azure_2.0.0_3.8 CIS Microsoft Azure Foundations Benchmark recommendation 3.8 Ensure Default Network Access Rule for Storage Accounts is Set to Deny CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage CIS_Azure_2.0.0 3.8 CIS_Azure_2.0.0_3.8 CIS Microsoft Azure Foundations Benchmark recommendation 3.8 Ensure Default Network Access Rule for Storage Accounts is Set to Deny CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance CIS_Azure_2.0.0 3.9 CIS_Azure_2.0.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage CIS_Azure_2.0.0 3.9 CIS_Azure_2.0.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance CIS_Azure_2.0.0 3.9 CIS_Azure_2.0.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance CIS_Azure_2.0.0 3.9 CIS_Azure_2.0.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_2.0.0 3.9 CIS_Azure_2.0.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_2.0.0 3.9 CIS_Azure_2.0.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 4.1.1 CIS_Azure_2.0.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CIS_Azure_2.0.0 4.1.1 CIS_Azure_2.0.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 4.1.1 CIS_Azure_2.0.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 4.1.1 CIS_Azure_2.0.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 4.1.1 CIS_Azure_2.0.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_2.0.0 4.1.2 CIS_Azure_2.0.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_2.0.0 4.1.2 CIS_Azure_2.0.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CIS_Azure_2.0.0 4.1.2 CIS_Azure_2.0.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_2.0.0 4.1.3 CIS_Azure_2.0.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 4.1.3 CIS_Azure_2.0.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_2.0.0 4.1.3 CIS_Azure_2.0.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CIS_Azure_2.0.0 4.1.3 CIS_Azure_2.0.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CIS_Azure_2.0.0 4.1.3 CIS_Azure_2.0.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_2.0.0 4.1.3 CIS_Azure_2.0.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL CIS_Azure_2.0.0 4.1.4 CIS_Azure_2.0.0_4.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.4 Ensure that Azure Active Directory Admin is Configured for SQL Servers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_2.0.0 4.1.4 CIS_Azure_2.0.0_4.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.4 Ensure that Azure Active Directory Admin is Configured for SQL Servers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_2.0.0 4.1.4 CIS_Azure_2.0.0_4.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.4 Ensure that Azure Active Directory Admin is Configured for SQL Servers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_2.0.0 4.1.4 CIS_Azure_2.0.0_4.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.4 Ensure that Azure Active Directory Admin is Configured for SQL Servers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_2.0.0 4.1.4 CIS_Azure_2.0.0_4.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.4 Ensure that Azure Active Directory Admin is Configured for SQL Servers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 4.1.5 CIS_Azure_2.0.0_4.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.5 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_2.0.0 4.1.5 CIS_Azure_2.0.0_4.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.5 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_2.0.0 4.1.5 CIS_Azure_2.0.0_4.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.5 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_2.0.0 4.1.5 CIS_Azure_2.0.0_4.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.5 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL CIS_Azure_2.0.0 4.1.5 CIS_Azure_2.0.0_4.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.5 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_2.0.0 4.1.6 CIS_Azure_2.0.0_4.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.6 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL CIS_Azure_2.0.0 4.1.6 CIS_Azure_2.0.0_4.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.6 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_2.0.0 4.1.6 CIS_Azure_2.0.0_4.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.6 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_2.0.0 4.1.6 CIS_Azure_2.0.0_4.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.6 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_2.0.0 4.1.6 CIS_Azure_2.0.0_4.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.6 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Azure_2.0.0 4.2.1 CIS_Azure_2.0.0_4.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.1 Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CIS_Azure_2.0.0 4.2.1 CIS_Azure_2.0.0_4.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.1 Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 4.2.1 CIS_Azure_2.0.0_4.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.1 Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 4.2.2 CIS_Azure_2.0.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CIS_Azure_2.0.0 4.2.2 CIS_Azure_2.0.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_2.0.0 4.2.2 CIS_Azure_2.0.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CIS_Azure_2.0.0 4.2.2 CIS_Azure_2.0.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CIS_Azure_2.0.0 4.2.3 CIS_Azure_2.0.0_4.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.3 Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_2.0.0 4.2.3 CIS_Azure_2.0.0_4.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.3 Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 4.2.3 CIS_Azure_2.0.0_4.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.3 Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_2.0.0 4.2.4 CIS_Azure_2.0.0_4.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.4 Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance CIS_Azure_2.0.0 4.2.4 CIS_Azure_2.0.0_4.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.4 Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CIS_Azure_2.0.0 4.2.4 CIS_Azure_2.0.0_4.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.4 Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 4.2.4 CIS_Azure_2.0.0_4.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.4 Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center CIS_Azure_2.0.0 4.2.5 CIS_Azure_2.0.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_2.0.0 4.2.5 CIS_Azure_2.0.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CIS_Azure_2.0.0 4.2.5 CIS_Azure_2.0.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 4.2.5 CIS_Azure_2.0.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance CIS_Azure_2.0.0 4.2.5 CIS_Azure_2.0.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 4.3.1 CIS_Azure_2.0.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL CIS_Azure_2.0.0 4.3.1 CIS_Azure_2.0.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_2.0.0 4.3.1 CIS_Azure_2.0.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_2.0.0 4.3.1 CIS_Azure_2.0.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 4.3.2 CIS_Azure_2.0.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 4.3.2 CIS_Azure_2.0.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 4.3.2 CIS_Azure_2.0.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d Log checkpoints should be enabled for PostgreSQL database servers SQL CIS_Azure_2.0.0 4.3.2 CIS_Azure_2.0.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 4.3.2 CIS_Azure_2.0.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 4.3.3 CIS_Azure_2.0.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e442 Log connections should be enabled for PostgreSQL database servers SQL CIS_Azure_2.0.0 4.3.3 CIS_Azure_2.0.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 4.3.3 CIS_Azure_2.0.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 4.3.3 CIS_Azure_2.0.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 4.3.3 CIS_Azure_2.0.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 4.3.4 CIS_Azure_2.0.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e446 Disconnections should be logged for PostgreSQL database servers. SQL CIS_Azure_2.0.0 4.3.4 CIS_Azure_2.0.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 4.3.4 CIS_Azure_2.0.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 4.3.4 CIS_Azure_2.0.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 4.3.4 CIS_Azure_2.0.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 4.3.5 CIS_Azure_2.0.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
5345bb39-67dc-4960-a1bf-427e16b9a0bd Connection throttling should be enabled for PostgreSQL database servers SQL CIS_Azure_2.0.0 4.3.5 CIS_Azure_2.0.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 4.3.5 CIS_Azure_2.0.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 4.3.5 CIS_Azure_2.0.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 4.3.5 CIS_Azure_2.0.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_2.0.0 4.3.6 CIS_Azure_2.0.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_2.0.0 4.3.6 CIS_Azure_2.0.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_2.0.0 4.3.6 CIS_Azure_2.0.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_2.0.0 4.3.6 CIS_Azure_2.0.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CIS_Azure_2.0.0 4.3.7 CIS_Azure_2.0.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CIS_Azure_2.0.0 4.3.7 CIS_Azure_2.0.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_2.0.0 4.3.7 CIS_Azure_2.0.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_2.0.0 4.3.7 CIS_Azure_2.0.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance CIS_Azure_2.0.0 4.3.7 CIS_Azure_2.0.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance CIS_Azure_2.0.0 4.3.7 CIS_Azure_2.0.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance CIS_Azure_2.0.0 4.3.7 CIS_Azure_2.0.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_2.0.0 4.3.8 CIS_Azure_2.0.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL CIS_Azure_2.0.0 4.3.8 CIS_Azure_2.0.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_2.0.0 4.3.8 CIS_Azure_2.0.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_2.0.0 4.3.8 CIS_Azure_2.0.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 4.3.8 CIS_Azure_2.0.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_2.0.0 4.4.1 CIS_Azure_2.0.0_4.4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.1 Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_2.0.0 4.4.1 CIS_Azure_2.0.0_4.4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.1 Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 4.4.1 CIS_Azure_2.0.0_4.4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.1 Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL CIS_Azure_2.0.0 4.4.1 CIS_Azure_2.0.0_4.4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.1 Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 4.4.2 CIS_Azure_2.0.0_4.4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.2 Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_2.0.0 4.4.2 CIS_Azure_2.0.0_4.4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.2 Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_2.0.0 4.4.2 CIS_Azure_2.0.0_4.4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.2 Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB CIS_Azure_2.0.0 4.5.1 CIS_Azure_2.0.0_4.5.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.5.1 Ensure That 'Firewalls & Networks' Is Limited to Use Selected Networks Instead of All Networks CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB CIS_Azure_2.0.0 4.5.2 CIS_Azure_2.0.0_4.5.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.5.2 Ensure That Private Endpoints Are Used Where Possible CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CIS_Azure_2.0.0 4.5.3 CIS_Azure_2.0.0_4.5.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.5.3 Use Azure Active Directory (AAD) Client Authentication and Azure RBAC where possible. CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 5.1.1 CIS_Azure_2.0.0_5.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.1 Ensure that a 'Diagnostic Setting' exists CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 5.1.2 CIS_Azure_2.0.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 5.1.2 CIS_Azure_2.0.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_2.0.0 5.1.2 CIS_Azure_2.0.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_2.0.0 5.1.2 CIS_Azure_2.0.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Azure_2.0.0 5.1.2 CIS_Azure_2.0.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 5.1.2 CIS_Azure_2.0.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 5.1.2 CIS_Azure_2.0.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Azure_2.0.0 5.1.2 CIS_Azure_2.0.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CIS_Azure_2.0.0 5.1.3 CIS_Azure_2.0.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure the Storage Container Storing the Activity Logs is not Publicly Accessible CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance CIS_Azure_2.0.0 5.1.3 CIS_Azure_2.0.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure the Storage Container Storing the Activity Logs is not Publicly Accessible CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance CIS_Azure_2.0.0 5.1.3 CIS_Azure_2.0.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure the Storage Container Storing the Activity Logs is not Publicly Accessible CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance CIS_Azure_2.0.0 5.1.4 CIS_Azure_2.0.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fbb99e8e-e444-4da0-9ff1-75c92f5a85b2 Storage account containing the container with activity logs must be encrypted with BYOK Monitoring CIS_Azure_2.0.0 5.1.4 CIS_Azure_2.0.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance CIS_Azure_2.0.0 5.1.4 CIS_Azure_2.0.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c0559109-6a27-a217-6821-5a6d44f92897 Maintain integrity of audit system Regulatory Compliance CIS_Azure_2.0.0 5.1.4 CIS_Azure_2.0.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 5.1.5 CIS_Azure_2.0.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure Key Vault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 5.1.5 CIS_Azure_2.0.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure Key Vault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 5.1.5 CIS_Azure_2.0.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure Key Vault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CIS_Azure_2.0.0 5.1.5 CIS_Azure_2.0.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure Key Vault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 5.1.5 CIS_Azure_2.0.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure Key Vault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CIS_Azure_2.0.0 5.1.6 CIS_Azure_2.0.0_5.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.6 Ensure that Network Security Group Flow logs are captured and sent to Log Analytics CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
27960feb-a23c-4577-8d36-ef8b5f35e0be All flow log resources should be in enabled state Network CIS_Azure_2.0.0 5.1.6 CIS_Azure_2.0.0_5.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.6 Ensure that Network Security Group Flow logs are captured and sent to Log Analytics CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network CIS_Azure_2.0.0 5.1.6 CIS_Azure_2.0.0_5.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.6 Ensure that Network Security Group Flow logs are captured and sent to Log Analytics CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_2.0.0 5.2.1 CIS_Azure_2.0.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_2.0.0 5.2.1 CIS_Azure_2.0.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_2.0.0 5.2.1 CIS_Azure_2.0.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Azure_2.0.0 5.2.1 CIS_Azure_2.0.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_2.0.0 5.2.2 CIS_Azure_2.0.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_2.0.0 5.2.2 CIS_Azure_2.0.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Azure_2.0.0 5.2.2 CIS_Azure_2.0.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_2.0.0 5.2.2 CIS_Azure_2.0.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_2.0.0 5.2.3 CIS_Azure_2.0.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_2.0.0 5.2.3 CIS_Azure_2.0.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_2.0.0 5.2.3 CIS_Azure_2.0.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_2.0.0 5.2.3 CIS_Azure_2.0.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_2.0.0 5.2.4 CIS_Azure_2.0.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_2.0.0 5.2.4 CIS_Azure_2.0.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_2.0.0 5.2.4 CIS_Azure_2.0.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_2.0.0 5.2.4 CIS_Azure_2.0.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_2.0.0 5.2.5 CIS_Azure_2.0.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_2.0.0 5.2.5 CIS_Azure_2.0.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_2.0.0 5.2.5 CIS_Azure_2.0.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_2.0.0 5.2.5 CIS_Azure_2.0.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_2.0.0 5.2.6 CIS_Azure_2.0.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_2.0.0 5.2.6 CIS_Azure_2.0.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_2.0.0 5.2.6 CIS_Azure_2.0.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_2.0.0 5.2.6 CIS_Azure_2.0.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_2.0.0 5.2.7 CIS_Azure_2.0.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_2.0.0 5.2.7 CIS_Azure_2.0.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_2.0.0 5.2.7 CIS_Azure_2.0.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_2.0.0 5.2.7 CIS_Azure_2.0.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_2.0.0 5.2.8 CIS_Azure_2.0.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_2.0.0 5.2.8 CIS_Azure_2.0.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_2.0.0 5.2.8 CIS_Azure_2.0.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_2.0.0 5.2.8 CIS_Azure_2.0.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CIS_Azure_2.0.0 6.1 CIS_Azure_2.0.0_6.1 CIS Microsoft Azure Foundations Benchmark recommendation 6.1 Ensure that RDP access from the Internet is evaluated and restricted CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CIS_Azure_2.0.0 6.2 CIS_Azure_2.0.0_6.2 CIS Microsoft Azure Foundations Benchmark recommendation 6.2 Ensure that SSH access from the Internet is evaluated and restricted CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_2.0.0 6.5 CIS_Azure_2.0.0_6.5 CIS Microsoft Azure Foundations Benchmark recommendation 6.5 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_2.0.0 6.5 CIS_Azure_2.0.0_6.5 CIS Microsoft Azure Foundations Benchmark recommendation 6.5 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_2.0.0 6.5 CIS_Azure_2.0.0_6.5 CIS Microsoft Azure Foundations Benchmark recommendation 6.5 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ece8bb17-4080-5127-915f-dc7267ee8549 Verify security functions Regulatory Compliance CIS_Azure_2.0.0 6.6 CIS_Azure_2.0.0_6.6 CIS Microsoft Azure Foundations Benchmark recommendation 6.6 Ensure that Network Watcher is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network CIS_Azure_2.0.0 6.6 CIS_Azure_2.0.0_6.6 CIS Microsoft Azure Foundations Benchmark recommendation 6.6 Ensure that Network Watcher is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute CIS_Azure_2.0.0 7.2 CIS_Azure_2.0.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance CIS_Azure_2.0.0 7.2 CIS_Azure_2.0.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance CIS_Azure_2.0.0 7.2 CIS_Azure_2.0.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance CIS_Azure_2.0.0 7.2 CIS_Azure_2.0.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_2.0.0 7.3 CIS_Azure_2.0.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_2.0.0 7.3 CIS_Azure_2.0.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_2.0.0 7.3 CIS_Azure_2.0.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 7.3 CIS_Azure_2.0.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_2.0.0 7.4 CIS_Azure_2.0.0_7.4 CIS Microsoft Azure Foundations Benchmark recommendation 7.4 Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 7.4 CIS_Azure_2.0.0_7.4 CIS Microsoft Azure Foundations Benchmark recommendation 7.4 Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute CIS_Azure_2.0.0 7.4 CIS_Azure_2.0.0_7.4 CIS Microsoft Azure Foundations Benchmark recommendation 7.4 Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_2.0.0 7.4 CIS_Azure_2.0.0_7.4 CIS Microsoft Azure Foundations Benchmark recommendation 7.4 Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_2.0.0 7.4 CIS_Azure_2.0.0_7.4 CIS Microsoft Azure Foundations Benchmark recommendation 7.4 Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute CIS_Azure_2.0.0 7.5 CIS_Azure_2.0.0_7.5 CIS Microsoft Azure Foundations Benchmark recommendation 7.5 Ensure that Only Approved Extensions Are Installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 7.6 CIS_Azure_2.0.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance CIS_Azure_2.0.0 7.6 CIS_Azure_2.0.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 7.6 CIS_Azure_2.0.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 7.6 CIS_Azure_2.0.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 7.6 CIS_Azure_2.0.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 7.6 CIS_Azure_2.0.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance CIS_Azure_2.0.0 7.6 CIS_Azure_2.0.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 7.6 CIS_Azure_2.0.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 7.6 CIS_Azure_2.0.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance CIS_Azure_2.0.0 7.6 CIS_Azure_2.0.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 7.7 CIS_Azure_2.0.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 [Legacy] Ensure that VHDs are Encrypted CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_2.0.0 7.7 CIS_Azure_2.0.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 [Legacy] Ensure that VHDs are Encrypted CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_2.0.0 7.7 CIS_Azure_2.0.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 [Legacy] Ensure that VHDs are Encrypted CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_2.0.0 7.7 CIS_Azure_2.0.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 [Legacy] Ensure that VHDs are Encrypted CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_2.0.0 8.1 CIS_Azure_2.0.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_2.0.0 8.1 CIS_Azure_2.0.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_2.0.0 8.1 CIS_Azure_2.0.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_2.0.0 8.1 CIS_Azure_2.0.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_2.0.0 8.1 CIS_Azure_2.0.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CIS_Azure_2.0.0 8.1 CIS_Azure_2.0.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_2.0.0 8.1 CIS_Azure_2.0.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_2.0.0 8.1 CIS_Azure_2.0.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_2.0.0 8.2 CIS_Azure_2.0.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CIS_Azure_2.0.0 8.2 CIS_Azure_2.0.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_2.0.0 8.2 CIS_Azure_2.0.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_2.0.0 8.2 CIS_Azure_2.0.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_2.0.0 8.2 CIS_Azure_2.0.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_2.0.0 8.2 CIS_Azure_2.0.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_2.0.0 8.2 CIS_Azure_2.0.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_2.0.0 8.2 CIS_Azure_2.0.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_2.0.0 8.3 CIS_Azure_2.0.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_2.0.0 8.3 CIS_Azure_2.0.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_2.0.0 8.3 CIS_Azure_2.0.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CIS_Azure_2.0.0 8.3 CIS_Azure_2.0.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_2.0.0 8.3 CIS_Azure_2.0.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_2.0.0 8.3 CIS_Azure_2.0.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_2.0.0 8.3 CIS_Azure_2.0.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_2.0.0 8.3 CIS_Azure_2.0.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_2.0.0 8.4 CIS_Azure_2.0.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_2.0.0 8.4 CIS_Azure_2.0.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_2.0.0 8.4 CIS_Azure_2.0.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CIS_Azure_2.0.0 8.4 CIS_Azure_2.0.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_2.0.0 8.4 CIS_Azure_2.0.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_2.0.0 8.4 CIS_Azure_2.0.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_2.0.0 8.4 CIS_Azure_2.0.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_2.0.0 8.4 CIS_Azure_2.0.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault CIS_Azure_2.0.0 8.5 CIS_Azure_2.0.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Ensure the Key Vault is Recoverable CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault CIS_Azure_2.0.0 8.5 CIS_Azure_2.0.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Ensure the Key Vault is Recoverable CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault CIS_Azure_2.0.0 8.6 CIS_Azure_2.0.0_8.6 CIS Microsoft Azure Foundations Benchmark recommendation 8.6 Enable Role Based Access Control for Azure Key Vault CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault CIS_Azure_2.0.0 8.7 CIS_Azure_2.0.0_8.7 CIS Microsoft Azure Foundations Benchmark recommendation 8.7 Ensure that Private Endpoints are Used for Azure Key Vault CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault CIS_Azure_2.0.0 8.8 CIS_Azure_2.0.0_8.8 CIS Microsoft Azure Foundations Benchmark recommendation 8.8 Ensure Automatic Key Rotation is Enabled Within Azure Key Vault for the Supported Services CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_2.0.0 9.1 CIS_Azure_2.0.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set up for apps in Azure App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service CIS_Azure_2.0.0 9.1 CIS_Azure_2.0.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set up for apps in Azure App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance CIS_Azure_2.0.0 9.1 CIS_Azure_2.0.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set up for apps in Azure App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance CIS_Azure_2.0.0 9.1 CIS_Azure_2.0.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set up for apps in Azure App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CIS_Azure_2.0.0 9.1 CIS_Azure_2.0.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set up for apps in Azure App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 9.10 CIS_Azure_2.0.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are Disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service CIS_Azure_2.0.0 9.10 CIS_Azure_2.0.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are Disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_2.0.0 9.10 CIS_Azure_2.0.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are Disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_2.0.0 9.10 CIS_Azure_2.0.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are Disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service CIS_Azure_2.0.0 9.10 CIS_Azure_2.0.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are Disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_2.0.0 9.11 CIS_Azure_2.0.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Key Vaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_2.0.0 9.11 CIS_Azure_2.0.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Key Vaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_2.0.0 9.11 CIS_Azure_2.0.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Key Vaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3ad7f0bc-3d03-0585-4d24-529779bb02c2 Maintain availability of information Regulatory Compliance CIS_Azure_2.0.0 9.11 CIS_Azure_2.0.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Key Vaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_2.0.0 9.11 CIS_Azure_2.0.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Key Vaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_2.0.0 9.11 CIS_Azure_2.0.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Key Vaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_2.0.0 9.11 CIS_Azure_2.0.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Key Vaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b8dad106-6444-5f55-307e-1e1cc9723e39 Ensure cryptographic mechanisms are under configuration management Regulatory Compliance CIS_Azure_2.0.0 9.11 CIS_Azure_2.0.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Key Vaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_2.0.0 9.11 CIS_Azure_2.0.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Key Vaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_2.0.0 9.2 CIS_Azure_2.0.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_2.0.0 9.2 CIS_Azure_2.0.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service CIS_Azure_2.0.0 9.2 CIS_Azure_2.0.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 9.2 CIS_Azure_2.0.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service CIS_Azure_2.0.0 9.3 CIS_Azure_2.0.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure Web App is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_2.0.0 9.3 CIS_Azure_2.0.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure Web App is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 9.3 CIS_Azure_2.0.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure Web App is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_2.0.0 9.3 CIS_Azure_2.0.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure Web App is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service CIS_Azure_2.0.0 9.3 CIS_Azure_2.0.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure Web App is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
5bb220d9-2698-4ee4-8404-b9c30c9df609 [Deprecated]: App Service apps should have 'Client Certificates (Incoming client certificates)' enabled App Service CIS_Azure_2.0.0 9.4 CIS_Azure_2.0.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service CIS_Azure_2.0.0 9.4 CIS_Azure_2.0.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_2.0.0 9.4 CIS_Azure_2.0.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service CIS_Azure_2.0.0 9.5 CIS_Azure_2.0.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_2.0.0 9.5 CIS_Azure_2.0.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_2.0.0 9.5 CIS_Azure_2.0.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CIS_Azure_2.0.0 9.5 CIS_Azure_2.0.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_2.0.0 9.5 CIS_Azure_2.0.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_2.0.0 9.5 CIS_Azure_2.0.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7261b898-8a84-4db8-9e04-18527132abb3 App Service apps that use PHP should use a specified 'PHP version' App Service CIS_Azure_2.0.0 9.6 CIS_Azure_2.0.0_9.6 CIS Microsoft Azure Foundations Benchmark recommendation 9.6 Ensure That 'PHP version' is the Latest, If Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_2.0.0 9.6 CIS_Azure_2.0.0_9.6 CIS Microsoft Azure Foundations Benchmark recommendation 9.6 Ensure That 'PHP version' is the Latest, If Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f466b2a6-823d-470d-8ea5-b031e72d79ae App Service app slots that use PHP should use a specified 'PHP version' App Service CIS_Azure_2.0.0 9.6 CIS_Azure_2.0.0_9.6 CIS Microsoft Azure Foundations Benchmark recommendation 9.6 Ensure That 'PHP version' is the Latest, If Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9c014953-ef68-4a98-82af-fd0f6b2306c8 App Service app slots that use Python should use a specified 'Python version' App Service CIS_Azure_2.0.0 9.7 CIS_Azure_2.0.0_9.7 CIS Microsoft Azure Foundations Benchmark recommendation 9.7 Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7008174a-fd10-4ef0-817e-fc820a951d73 App Service apps that use Python should use a specified 'Python version' App Service CIS_Azure_2.0.0 9.7 CIS_Azure_2.0.0_9.7 CIS Microsoft Azure Foundations Benchmark recommendation 9.7 Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_2.0.0 9.7 CIS_Azure_2.0.0_9.7 CIS Microsoft Azure Foundations Benchmark recommendation 9.7 Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e1d1b522-02b0-4d18-a04f-5ab62d20445f Function app slots that use Java should use a specified 'Java version' App Service CIS_Azure_2.0.0 9.8 CIS_Azure_2.0.0_9.8 CIS Microsoft Azure Foundations Benchmark recommendation 9.8 Ensure that 'Java version' is the latest, if used to run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc Function apps that use Java should use a specified 'Java version' App Service CIS_Azure_2.0.0 9.8 CIS_Azure_2.0.0_9.8 CIS Microsoft Azure Foundations Benchmark recommendation 9.8 Ensure that 'Java version' is the latest, if used to run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_2.0.0 9.8 CIS_Azure_2.0.0_9.8 CIS Microsoft Azure Foundations Benchmark recommendation 9.8 Ensure that 'Java version' is the latest, if used to run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service CIS_Azure_2.0.0 9.9 CIS_Azure_2.0.0_9.9 CIS Microsoft Azure Foundations Benchmark recommendation 9.9 Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service CIS_Azure_2.0.0 9.9 CIS_Azure_2.0.0_9.9 CIS Microsoft Azure Foundations Benchmark recommendation 9.9 Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_2.0.0 9.9 CIS_Azure_2.0.0_9.9 CIS Microsoft Azure Foundations Benchmark recommendation 9.9 Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager CIS_Azure_Foundations_v2.1.0 2.1.12 CIS_Azure_Foundations_v2.1.0_2.1.12 CIS Azure Foundations v2.1.0 2.1.12 Ensure that Microsoft Defender Recommendation for 'Apply system updates' status is 'Completed' CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
b8689b2e-4308-a58b-a0b4-6f3343a000df Use automated mechanisms for security alerts Regulatory Compliance CIS_Azure_Foundations_v2.1.0 2.1.18 CIS_Azure_Foundations_v2.1.0_2.1.18 CIS Azure Foundations v2.1.0 2.1.18 Ensure 'Additional email addresses' is Configured with a Security Contact Email CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CIS_Azure_Foundations_v2.1.0 2.1.18 CIS_Azure_Foundations_v2.1.0_2.1.18 CIS Azure Foundations v2.1.0 2.1.18 Ensure 'Additional email addresses' is Configured with a Security Contact Email CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
171e377b-5224-4a97-1eaa-62a3b5231dac Generate internal security alerts Regulatory Compliance CIS_Azure_Foundations_v2.1.0 2.1.18 CIS_Azure_Foundations_v2.1.0_2.1.18 CIS Azure Foundations v2.1.0 2.1.18 Ensure 'Additional email addresses' is Configured with a Security Contact Email CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
b8689b2e-4308-a58b-a0b4-6f3343a000df Use automated mechanisms for security alerts Regulatory Compliance CIS_Azure_Foundations_v2.1.0 2.1.19 CIS_Azure_Foundations_v2.1.0_2.1.19 CIS Azure Foundations v2.1.0 2.1.19 Ensure That 'Notify about alerts with the following severity' is Set to 'High' CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CIS_Azure_Foundations_v2.1.0 2.1.19 CIS_Azure_Foundations_v2.1.0_2.1.19 CIS Azure Foundations v2.1.0 2.1.19 Ensure That 'Notify about alerts with the following severity' is Set to 'High' CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
171e377b-5224-4a97-1eaa-62a3b5231dac Generate internal security alerts Regulatory Compliance CIS_Azure_Foundations_v2.1.0 2.1.19 CIS_Azure_Foundations_v2.1.0_2.1.19 CIS Azure Foundations v2.1.0 2.1.19 Ensure That 'Notify about alerts with the following severity' is Set to 'High' CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CIS_Azure_Foundations_v2.1.0 3.1 CIS_Azure_Foundations_v2.1.0_3.1 CIS Azure Foundations v2.1.0 3.1 Ensure Private Endpoints are used to access Storage Accounts CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
fe83a0eb-a853-422d-aac2-1bffd182c5d0 Storage accounts should have the specified minimum TLS version Storage CIS_Azure_Foundations_v2.1.0 3.15 CIS_Azure_Foundations_v2.1.0_3.15 CIS Azure Foundations v2.1.0 3.15 Ensure the "Minimum TLS version" for storage accounts is set to "Version 1.2" CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CIS_Azure_Foundations_v2.1.0 3.7 CIS_Azure_Foundations_v2.1.0_3.7 CIS Azure Foundations v2.1.0 3.7 Ensure that 'Public Network Access' is `Disabled' for storage accounts CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CIS_Azure_Foundations_v2.1.0 4.1.1 CIS_Azure_Foundations_v2.1.0_4.1.1 CIS Azure Foundations v2.1.0 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CIS_Azure_Foundations_v2.1.0 4.1.2 CIS_Azure_Foundations_v2.1.0_4.1.2 CIS Azure Foundations v2.1.0 4.1.2 Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL CIS_Azure_Foundations_v2.1.0 4.1.6 CIS_Azure_Foundations_v2.1.0_4.1.6 CIS Azure Foundations v2.1.0 4.1.6 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL CIS_Azure_Foundations_v2.1.0 4.3.1 CIS_Azure_Foundations_v2.1.0_4.3.1 CIS Azure Foundations v2.1.0 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CIS_Azure_Foundations_v2.1.0 4.3.7 CIS_Azure_Foundations_v2.1.0_4.3.7 CIS Azure Foundations v2.1.0 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CIS_Azure_Foundations_v2.1.0 4.3.7 CIS_Azure_Foundations_v2.1.0_4.3.7 CIS Azure Foundations v2.1.0 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL CIS_Azure_Foundations_v2.1.0 4.4.1 CIS_Azure_Foundations_v2.1.0_4.4.1 CIS Azure Foundations v2.1.0 4.4.1 Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Azure_Foundations_v2.1.0 5.2.1 CIS_Azure_Foundations_v2.1.0_5.2.1 CIS Azure Foundations v2.1.0 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_Foundations_v2.1.0 5.2.1 CIS_Azure_Foundations_v2.1.0_5.2.1 CIS Azure Foundations v2.1.0 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Azure_Foundations_v2.1.0 5.2.2 CIS_Azure_Foundations_v2.1.0_5.2.2 CIS Azure Foundations v2.1.0 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Azure_Foundations_v2.1.0 5.2.3 CIS_Azure_Foundations_v2.1.0_5.2.3 CIS Azure Foundations v2.1.0 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_Foundations_v2.1.0 5.2.3 CIS_Azure_Foundations_v2.1.0_5.2.3 CIS Azure Foundations v2.1.0 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_Foundations_v2.1.0 5.2.5 CIS_Azure_Foundations_v2.1.0_5.2.5 CIS Azure Foundations v2.1.0 5.2.5 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_Foundations_v2.1.0 5.2.6 CIS_Azure_Foundations_v2.1.0_5.2.6 CIS Azure Foundations v2.1.0 5.2.6 Ensure that Activity Log Alert exists for Delete Security Solution CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_Foundations_v2.1.0 5.2.7 CIS_Azure_Foundations_v2.1.0_5.2.7 CIS Azure Foundations v2.1.0 5.2.7 Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_Foundations_v2.1.0 5.2.8 CIS_Azure_Foundations_v2.1.0_5.2.8 CIS Azure Foundations v2.1.0 5.2.8 Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CIS_Azure_Foundations_v2.1.0 6.1 CIS_Azure_Foundations_v2.1.0_6.1 CIS Azure Foundations v2.1.0 6.1 Ensure that RDP access from the Internet is evaluated and restricted CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CIS_Azure_Foundations_v2.1.0 6.2 CIS_Azure_Foundations_v2.1.0_6.2 CIS Azure Foundations v2.1.0 6.2 Ensure that SSH access from the Internet is evaluated and restricted CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute CIS_Azure_Foundations_v2.1.0 7.2 CIS_Azure_Foundations_v2.1.0_7.2 CIS Azure Foundations v2.1.0 7.2 Ensure Virtual Machines are utilizing Managed Disks CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center CIS_Azure_Foundations_v2.1.0 7.9 CIS_Azure_Foundations_v2.1.0_7.9 CIS Azure Foundations v2.1.0 7.9 Ensure Trusted Launch is enabled on Virtual Machines CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center CIS_Azure_Foundations_v2.1.0 7.9 CIS_Azure_Foundations_v2.1.0_7.9 CIS Azure Foundations v2.1.0 7.9 Ensure Trusted Launch is enabled on Virtual Machines CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CIS_Azure_Foundations_v2.1.0 8.1 CIS_Azure_Foundations_v2.1.0_8.1 CIS Azure Foundations v2.1.0 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CIS_Azure_Foundations_v2.1.0 8.2 CIS_Azure_Foundations_v2.1.0_8.2 CIS Azure Foundations v2.1.0 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CIS_Azure_Foundations_v2.1.0 8.3 CIS_Azure_Foundations_v2.1.0_8.3 CIS Azure Foundations v2.1.0 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CIS_Azure_Foundations_v2.1.0 8.4 CIS_Azure_Foundations_v2.1.0_8.4 CIS Azure Foundations v2.1.0 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service CIS_Azure_Foundations_v2.1.0 9.2 CIS_Azure_Foundations_v2.1.0_9.2 CIS Azure Foundations v2.1.0 9.2 Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service CIS_Azure_Foundations_v2.1.0 9.3 CIS_Azure_Foundations_v2.1.0_9.3 CIS Azure Foundations v2.1.0 9.3 Ensure Web App is using the latest version of TLS encryption CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service CIS_Azure_Foundations_v2.1.0 9.3 CIS_Azure_Foundations_v2.1.0_9.3 CIS Azure Foundations v2.1.0 9.3 Ensure Web App is using the latest version of TLS encryption CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service CIS_Azure_Foundations_v2.1.0 9.4 CIS_Azure_Foundations_v2.1.0_9.4 CIS Azure Foundations v2.1.0 9.4 Ensure that Register with Entra ID is enabled on App Service CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service CIS_Azure_Foundations_v2.1.0 9.8 CIS_Azure_Foundations_v2.1.0_9.8 CIS Azure Foundations v2.1.0 9.8 Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service CIS_Azure_Foundations_v2.1.0 9.8 CIS_Azure_Foundations_v2.1.0_9.8 CIS Azure Foundations v2.1.0 9.8 Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service CIS_Azure_Foundations_v2.1.0 9.9 CIS_Azure_Foundations_v2.1.0_9.9 CIS Azure Foundations v2.1.0 9.9 Ensure FTP deployments are Disabled CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service CIS_Azure_Foundations_v2.1.0 9.9 CIS_Azure_Foundations_v2.1.0_9.9 CIS Azure Foundations v2.1.0 9.9 Ensure FTP deployments are Disabled CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CIS_Controls_v8.1 CIS_Controls_v8.1_ 404 not found CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CIS_Controls_v8.1 10.1 CIS_Controls_v8.1_10.1 CIS Controls v8.1 10.1 Deploy and maintain anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Controls_v8.1 10.1 CIS_Controls_v8.1_10.1 CIS Controls v8.1 10.1 Deploy and maintain anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CIS_Controls_v8.1 10.1 CIS_Controls_v8.1_10.1 CIS Controls v8.1 10.1 Deploy and maintain anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CIS_Controls_v8.1 10.1 CIS_Controls_v8.1_10.1 CIS Controls v8.1 10.1 Deploy and maintain anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CIS_Controls_v8.1 10.1 CIS_Controls_v8.1_10.1 CIS Controls v8.1 10.1 Deploy and maintain anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CIS_Controls_v8.1 10.1 CIS_Controls_v8.1_10.1 CIS Controls v8.1 10.1 Deploy and maintain anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CIS_Controls_v8.1 10.1 CIS_Controls_v8.1_10.1 CIS Controls v8.1 10.1 Deploy and maintain anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Controls_v8.1 10.1 CIS_Controls_v8.1_10.1 CIS Controls v8.1 10.1 Deploy and maintain anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Controls_v8.1 10.2 CIS_Controls_v8.1_10.2 CIS Controls v8.1 10.2 Configure automatic anti-malware signature updates CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Controls_v8.1 10.2 CIS_Controls_v8.1_10.2 CIS Controls v8.1 10.2 Configure automatic anti-malware signature updates CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CIS_Controls_v8.1 10.2 CIS_Controls_v8.1_10.2 CIS Controls v8.1 10.2 Configure automatic anti-malware signature updates CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CIS_Controls_v8.1 10.2 CIS_Controls_v8.1_10.2 CIS Controls v8.1 10.2 Configure automatic anti-malware signature updates CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CIS_Controls_v8.1 10.2 CIS_Controls_v8.1_10.2 CIS Controls v8.1 10.2 Configure automatic anti-malware signature updates CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CIS_Controls_v8.1 10.2 CIS_Controls_v8.1_10.2 CIS Controls v8.1 10.2 Configure automatic anti-malware signature updates CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CIS_Controls_v8.1 10.2 CIS_Controls_v8.1_10.2 CIS Controls v8.1 10.2 Configure automatic anti-malware signature updates CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CIS_Controls_v8.1 10.2 CIS_Controls_v8.1_10.2 CIS Controls v8.1 10.2 Configure automatic anti-malware signature updates CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Controls_v8.1 10.3 CIS_Controls_v8.1_10.3 CIS Controls v8.1 10.3 Disable autorun and autoplay for removable media CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CIS_Controls_v8.1 10.3 CIS_Controls_v8.1_10.3 CIS Controls v8.1 10.3 Disable autorun and autoplay for removable media CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CIS_Controls_v8.1 10.3 CIS_Controls_v8.1_10.3 CIS Controls v8.1 10.3 Disable autorun and autoplay for removable media CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Controls_v8.1 10.3 CIS_Controls_v8.1_10.3 CIS Controls v8.1 10.3 Disable autorun and autoplay for removable media CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CIS_Controls_v8.1 10.3 CIS_Controls_v8.1_10.3 CIS Controls v8.1 10.3 Disable autorun and autoplay for removable media CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CIS_Controls_v8.1 10.3 CIS_Controls_v8.1_10.3 CIS Controls v8.1 10.3 Disable autorun and autoplay for removable media CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CIS_Controls_v8.1 10.3 CIS_Controls_v8.1_10.3 CIS Controls v8.1 10.3 Disable autorun and autoplay for removable media CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CIS_Controls_v8.1 10.3 CIS_Controls_v8.1_10.3 CIS Controls v8.1 10.3 Disable autorun and autoplay for removable media CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CIS_Controls_v8.1 10.4 CIS_Controls_v8.1_10.4 CIS Controls v8.1 10.4 Configure automatic anti-malware scanning of removable media CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Controls_v8.1 10.4 CIS_Controls_v8.1_10.4 CIS Controls v8.1 10.4 Configure automatic anti-malware scanning of removable media CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CIS_Controls_v8.1 10.4 CIS_Controls_v8.1_10.4 CIS Controls v8.1 10.4 Configure automatic anti-malware scanning of removable media CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CIS_Controls_v8.1 10.4 CIS_Controls_v8.1_10.4 CIS Controls v8.1 10.4 Configure automatic anti-malware scanning of removable media CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CIS_Controls_v8.1 10.4 CIS_Controls_v8.1_10.4 CIS Controls v8.1 10.4 Configure automatic anti-malware scanning of removable media CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CIS_Controls_v8.1 10.4 CIS_Controls_v8.1_10.4 CIS Controls v8.1 10.4 Configure automatic anti-malware scanning of removable media CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CIS_Controls_v8.1 10.4 CIS_Controls_v8.1_10.4 CIS Controls v8.1 10.4 Configure automatic anti-malware scanning of removable media CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Controls_v8.1 10.4 CIS_Controls_v8.1_10.4 CIS Controls v8.1 10.4 Configure automatic anti-malware scanning of removable media CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Controls_v8.1 10.5 CIS_Controls_v8.1_10.5 CIS Controls v8.1 10.5 Enable auto-exploitation features CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CIS_Controls_v8.1 10.5 CIS_Controls_v8.1_10.5 CIS Controls v8.1 10.5 Enable auto-exploitation features CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CIS_Controls_v8.1 10.5 CIS_Controls_v8.1_10.5 CIS Controls v8.1 10.5 Enable auto-exploitation features CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CIS_Controls_v8.1 10.5 CIS_Controls_v8.1_10.5 CIS Controls v8.1 10.5 Enable auto-exploitation features CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CIS_Controls_v8.1 10.5 CIS_Controls_v8.1_10.5 CIS Controls v8.1 10.5 Enable auto-exploitation features CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CIS_Controls_v8.1 10.5 CIS_Controls_v8.1_10.5 CIS Controls v8.1 10.5 Enable auto-exploitation features CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Controls_v8.1 10.5 CIS_Controls_v8.1_10.5 CIS Controls v8.1 10.5 Enable auto-exploitation features CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CIS_Controls_v8.1 10.5 CIS_Controls_v8.1_10.5 CIS Controls v8.1 10.5 Enable auto-exploitation features CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CIS_Controls_v8.1 10.6 CIS_Controls_v8.1_10.6 CIS Controls v8.1 10.6 Centrally manage anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Controls_v8.1 10.6 CIS_Controls_v8.1_10.6 CIS Controls v8.1 10.6 Centrally manage anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CIS_Controls_v8.1 10.6 CIS_Controls_v8.1_10.6 CIS Controls v8.1 10.6 Centrally manage anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CIS_Controls_v8.1 10.6 CIS_Controls_v8.1_10.6 CIS Controls v8.1 10.6 Centrally manage anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CIS_Controls_v8.1 10.6 CIS_Controls_v8.1_10.6 CIS Controls v8.1 10.6 Centrally manage anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CIS_Controls_v8.1 10.6 CIS_Controls_v8.1_10.6 CIS Controls v8.1 10.6 Centrally manage anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CIS_Controls_v8.1 10.6 CIS_Controls_v8.1_10.6 CIS Controls v8.1 10.6 Centrally manage anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Controls_v8.1 10.6 CIS_Controls_v8.1_10.6 CIS Controls v8.1 10.6 Centrally manage anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities Kubernetes CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
56fd377d-098c-4f02-8406-81eb055902b8 IP firewall rules on Azure Synapse workspaces should be removed Synapse CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d46c275d-1680-448d-b2ec-e495a3b6cc89 Kubernetes cluster services should only use allowed external IPs Kubernetes CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault CIS_Controls_v8.1 11.1 CIS_Controls_v8.1_11.1 CIS Controls v8.1 11.1 Establish and maintain a data recovery process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault CIS_Controls_v8.1 11.1 CIS_Controls_v8.1_11.1 CIS Controls v8.1 11.1 Establish and maintain a data recovery process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CIS_Controls_v8.1 12.1 CIS_Controls_v8.1_12.1 CIS Controls v8.1 12.1 Ensure network infrastructure is up to date CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse CIS_Controls_v8.1 12.1 CIS_Controls_v8.1_12.1 CIS Controls v8.1 12.1 Ensure network infrastructure is up to date CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CIS_Controls_v8.1 12.1 CIS_Controls_v8.1_12.1 CIS Controls v8.1 12.1 Ensure network infrastructure is up to date CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center CIS_Controls_v8.1 12.1 CIS_Controls_v8.1_12.1 CIS Controls v8.1 12.1 Ensure network infrastructure is up to date CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center CIS_Controls_v8.1 12.1 CIS_Controls_v8.1_12.1 CIS Controls v8.1 12.1 Ensure network infrastructure is up to date CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CIS_Controls_v8.1 12.1 CIS_Controls_v8.1_12.1 CIS Controls v8.1 12.1 Ensure network infrastructure is up to date CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning CIS_Controls_v8.1 12.1 CIS_Controls_v8.1_12.1 CIS Controls v8.1 12.1 Ensure network infrastructure is up to date CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center CIS_Controls_v8.1 12.1 CIS_Controls_v8.1_12.1 CIS Controls v8.1 12.1 Ensure network infrastructure is up to date CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center CIS_Controls_v8.1 12.1 CIS_Controls_v8.1_12.1 CIS Controls v8.1 12.1 Ensure network infrastructure is up to date CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CIS_Controls_v8.1 12.1 CIS_Controls_v8.1_12.1 CIS Controls v8.1 12.1 Ensure network infrastructure is up to date CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CIS_Controls_v8.1 12.1 CIS_Controls_v8.1_12.1 CIS Controls v8.1 12.1 Ensure network infrastructure is up to date CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CIS_Controls_v8.1 12.1 CIS_Controls_v8.1_12.1 CIS Controls v8.1 12.1 Ensure network infrastructure is up to date CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CIS_Controls_v8.1 12.1 CIS_Controls_v8.1_12.1 CIS Controls v8.1 12.1 Ensure network infrastructure is up to date CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CIS_Controls_v8.1 12.1 CIS_Controls_v8.1_12.1 CIS Controls v8.1 12.1 Ensure network infrastructure is up to date CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CIS_Controls_v8.1 12.1 CIS_Controls_v8.1_12.1 CIS Controls v8.1 12.1 Ensure network infrastructure is up to date CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CIS_Controls_v8.1 12.1 CIS_Controls_v8.1_12.1 CIS Controls v8.1 12.1 Ensure network infrastructure is up to date CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CIS_Controls_v8.1 12.1 CIS_Controls_v8.1_12.1 CIS Controls v8.1 12.1 Ensure network infrastructure is up to date CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Controls_v8.1 12.1 CIS_Controls_v8.1_12.1 CIS Controls v8.1 12.1 Ensure network infrastructure is up to date CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CIS_Controls_v8.1 12.1 CIS_Controls_v8.1_12.1 CIS Controls v8.1 12.1 Ensure network infrastructure is up to date CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute CIS_Controls_v8.1 12.1 CIS_Controls_v8.1_12.1 CIS Controls v8.1 12.1 Ensure network infrastructure is up to date CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center CIS_Controls_v8.1 12.1 CIS_Controls_v8.1_12.1 CIS Controls v8.1 12.1 Ensure network infrastructure is up to date CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center CIS_Controls_v8.1 12.1 CIS_Controls_v8.1_12.1 CIS Controls v8.1 12.1 Ensure network infrastructure is up to date CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network CIS_Controls_v8.1 12.2 CIS_Controls_v8.1_12.2 CIS Controls v8.1 12.2 Establish and maintain a secure network architecture CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network CIS_Controls_v8.1 12.2 CIS_Controls_v8.1_12.2 CIS Controls v8.1 12.2 Establish and maintain a secure network architecture CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CIS_Controls_v8.1 12.2 CIS_Controls_v8.1_12.2 CIS Controls v8.1 12.2 Establish and maintain a secure network architecture CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch CIS_Controls_v8.1 12.2 CIS_Controls_v8.1_12.2 CIS Controls v8.1 12.2 Establish and maintain a secure network architecture CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services CIS_Controls_v8.1 12.2 CIS_Controls_v8.1_12.2 CIS Controls v8.1 12.2 Establish and maintain a secure network architecture CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network CIS_Controls_v8.1 12.2 CIS_Controls_v8.1_12.2 CIS Controls v8.1 12.2 Establish and maintain a secure network architecture CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CIS_Controls_v8.1 12.2 CIS_Controls_v8.1_12.2 CIS Controls v8.1 12.2 Establish and maintain a secure network architecture CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL CIS_Controls_v8.1 12.2 CIS_Controls_v8.1_12.2 CIS Controls v8.1 12.2 Establish and maintain a secure network architecture CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CIS_Controls_v8.1 12.2 CIS_Controls_v8.1_12.2 CIS Controls v8.1 12.2 Establish and maintain a secure network architecture CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning CIS_Controls_v8.1 12.2 CIS_Controls_v8.1_12.2 CIS Controls v8.1 12.2 Establish and maintain a secure network architecture CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CIS_Controls_v8.1 12.2 CIS_Controls_v8.1_12.2 CIS Controls v8.1 12.2 Establish and maintain a secure network architecture CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network CIS_Controls_v8.1 12.2 CIS_Controls_v8.1_12.2 CIS Controls v8.1 12.2 Establish and maintain a secure network architecture CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery CIS_Controls_v8.1 12.2 CIS_Controls_v8.1_12.2 CIS Controls v8.1 12.2 Establish and maintain a secure network architecture CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network CIS_Controls_v8.1 12.2 CIS_Controls_v8.1_12.2 CIS Controls v8.1 12.2 Establish and maintain a secure network architecture CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup CIS_Controls_v8.1 12.2 CIS_Controls_v8.1_12.2 CIS Controls v8.1 12.2 Establish and maintain a secure network architecture CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network CIS_Controls_v8.1 12.2 CIS_Controls_v8.1_12.2 CIS Controls v8.1 12.2 Establish and maintain a secure network architecture CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning CIS_Controls_v8.1 12.3 CIS_Controls_v8.1_12.3 CIS Controls v8.1 12.3 Securely manage network infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CIS_Controls_v8.1 12.5 CIS_Controls_v8.1_12.5 CIS Controls v8.1 12.5 Centralize network authentication, authorization and auditing (AAA) CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration CIS_Controls_v8.1 12.5 CIS_Controls_v8.1_12.5 CIS Controls v8.1 12.5 Centralize network authentication, authorization and auditing (AAA) CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration CIS_Controls_v8.1 12.5 CIS_Controls_v8.1_12.5 CIS Controls v8.1 12.5 Centralize network authentication, authorization and auditing (AAA) CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center CIS_Controls_v8.1 12.5 CIS_Controls_v8.1_12.5 CIS Controls v8.1 12.5 Centralize network authentication, authorization and auditing (AAA) CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration CIS_Controls_v8.1 12.5 CIS_Controls_v8.1_12.5 CIS Controls v8.1 12.5 Centralize network authentication, authorization and auditing (AAA) CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center CIS_Controls_v8.1 12.5 CIS_Controls_v8.1_12.5 CIS Controls v8.1 12.5 Centralize network authentication, authorization and auditing (AAA) CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CIS_Controls_v8.1 12.5 CIS_Controls_v8.1_12.5 CIS Controls v8.1 12.5 Centralize network authentication, authorization and auditing (AAA) CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration CIS_Controls_v8.1 12.5 CIS_Controls_v8.1_12.5 CIS Controls v8.1 12.5 Centralize network authentication, authorization and auditing (AAA) CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CIS_Controls_v8.1 12.5 CIS_Controls_v8.1_12.5 CIS Controls v8.1 12.5 Centralize network authentication, authorization and auditing (AAA) CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CIS_Controls_v8.1 12.5 CIS_Controls_v8.1_12.5 CIS Controls v8.1 12.5 Centralize network authentication, authorization and auditing (AAA) CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 12.5 CIS_Controls_v8.1_12.5 CIS Controls v8.1 12.5 Centralize network authentication, authorization and auditing (AAA) CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning CIS_Controls_v8.1 12.5 CIS_Controls_v8.1_12.5 CIS Controls v8.1 12.5 Centralize network authentication, authorization and auditing (AAA) CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL CIS_Controls_v8.1 12.5 CIS_Controls_v8.1_12.5 CIS Controls v8.1 12.5 Centralize network authentication, authorization and auditing (AAA) CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring CIS_Controls_v8.1 12.5 CIS_Controls_v8.1_12.5 CIS Controls v8.1 12.5 Centralize network authentication, authorization and auditing (AAA) CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center CIS_Controls_v8.1 12.5 CIS_Controls_v8.1_12.5 CIS Controls v8.1 12.5 Centralize network authentication, authorization and auditing (AAA) CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 12.5 CIS_Controls_v8.1_12.5 CIS Controls v8.1 12.5 Centralize network authentication, authorization and auditing (AAA) CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub CIS_Controls_v8.1 12.5 CIS_Controls_v8.1_12.5 CIS Controls v8.1 12.5 Centralize network authentication, authorization and auditing (AAA) CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring CIS_Controls_v8.1 12.5 CIS_Controls_v8.1_12.5 CIS Controls v8.1 12.5 Centralize network authentication, authorization and auditing (AAA) CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring CIS_Controls_v8.1 12.5 CIS_Controls_v8.1_12.5 CIS Controls v8.1 12.5 Centralize network authentication, authorization and auditing (AAA) CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault CIS_Controls_v8.1 12.5 CIS_Controls_v8.1_12.5 CIS Controls v8.1 12.5 Centralize network authentication, authorization and auditing (AAA) CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CIS_Controls_v8.1 12.5 CIS_Controls_v8.1_12.5 CIS Controls v8.1 12.5 Centralize network authentication, authorization and auditing (AAA) CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage CIS_Controls_v8.1 12.5 CIS_Controls_v8.1_12.5 CIS Controls v8.1 12.5 Centralize network authentication, authorization and auditing (AAA) CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network CIS_Controls_v8.1 12.7 CIS_Controls_v8.1_12.7 CIS Controls v8.1 12.7 Ensure remote devices utilize a VPN and are connecting to an enterprise's AAA infrastructure. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services CIS_Controls_v8.1 12.7 CIS_Controls_v8.1_12.7 CIS Controls v8.1 12.7 Ensure remote devices utilize a VPN and are connecting to an enterprise's AAA infrastructure. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache CIS_Controls_v8.1 12.7 CIS_Controls_v8.1_12.7 CIS Controls v8.1 12.7 Ensure remote devices utilize a VPN and are connecting to an enterprise's AAA infrastructure. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL CIS_Controls_v8.1 12.7 CIS_Controls_v8.1_12.7 CIS Controls v8.1 12.7 Ensure remote devices utilize a VPN and are connecting to an enterprise's AAA infrastructure. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup CIS_Controls_v8.1 12.7 CIS_Controls_v8.1_12.7 CIS Controls v8.1 12.7 Ensure remote devices utilize a VPN and are connecting to an enterprise's AAA infrastructure. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL CIS_Controls_v8.1 12.7 CIS_Controls_v8.1_12.7 CIS Controls v8.1 12.7 Ensure remote devices utilize a VPN and are connecting to an enterprise's AAA infrastructure. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery CIS_Controls_v8.1 12.7 CIS_Controls_v8.1_12.7 CIS Controls v8.1 12.7 Ensure remote devices utilize a VPN and are connecting to an enterprise's AAA infrastructure. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub CIS_Controls_v8.1 12.8 CIS_Controls_v8.1_12.8 CIS Controls v8.1 12.8 Establish and maintain dedicated computing resources for all administrative work CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CIS_Controls_v8.1 12.8 CIS_Controls_v8.1_12.8 CIS Controls v8.1 12.8 Establish and maintain dedicated computing resources for all administrative work CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning CIS_Controls_v8.1 12.8 CIS_Controls_v8.1_12.8 CIS Controls v8.1 12.8 Establish and maintain dedicated computing resources for all administrative work CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration CIS_Controls_v8.1 12.8 CIS_Controls_v8.1_12.8 CIS Controls v8.1 12.8 Establish and maintain dedicated computing resources for all administrative work CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration CIS_Controls_v8.1 12.8 CIS_Controls_v8.1_12.8 CIS Controls v8.1 12.8 Establish and maintain dedicated computing resources for all administrative work CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault CIS_Controls_v8.1 12.8 CIS_Controls_v8.1_12.8 CIS Controls v8.1 12.8 Establish and maintain dedicated computing resources for all administrative work CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CIS_Controls_v8.1 12.8 CIS_Controls_v8.1_12.8 CIS Controls v8.1 12.8 Establish and maintain dedicated computing resources for all administrative work CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center CIS_Controls_v8.1 12.8 CIS_Controls_v8.1_12.8 CIS Controls v8.1 12.8 Establish and maintain dedicated computing resources for all administrative work CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CIS_Controls_v8.1 12.8 CIS_Controls_v8.1_12.8 CIS Controls v8.1 12.8 Establish and maintain dedicated computing resources for all administrative work CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration CIS_Controls_v8.1 12.8 CIS_Controls_v8.1_12.8 CIS Controls v8.1 12.8 Establish and maintain dedicated computing resources for all administrative work CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CIS_Controls_v8.1 12.8 CIS_Controls_v8.1_12.8 CIS Controls v8.1 12.8 Establish and maintain dedicated computing resources for all administrative work CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration CIS_Controls_v8.1 12.8 CIS_Controls_v8.1_12.8 CIS Controls v8.1 12.8 Establish and maintain dedicated computing resources for all administrative work CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 12.8 CIS_Controls_v8.1_12.8 CIS Controls v8.1 12.8 Establish and maintain dedicated computing resources for all administrative work CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage CIS_Controls_v8.1 12.8 CIS_Controls_v8.1_12.8 CIS Controls v8.1 12.8 Establish and maintain dedicated computing resources for all administrative work CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration CIS_Controls_v8.1 12.8 CIS_Controls_v8.1_12.8 CIS Controls v8.1 12.8 Establish and maintain dedicated computing resources for all administrative work CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CIS_Controls_v8.1 12.8 CIS_Controls_v8.1_12.8 CIS Controls v8.1 12.8 Establish and maintain dedicated computing resources for all administrative work CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL CIS_Controls_v8.1 12.8 CIS_Controls_v8.1_12.8 CIS Controls v8.1 12.8 Establish and maintain dedicated computing resources for all administrative work CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration CIS_Controls_v8.1 12.8 CIS_Controls_v8.1_12.8 CIS Controls v8.1 12.8 Establish and maintain dedicated computing resources for all administrative work CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub CIS_Controls_v8.1 12.8 CIS_Controls_v8.1_12.8 CIS Controls v8.1 12.8 Establish and maintain dedicated computing resources for all administrative work CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 12.8 CIS_Controls_v8.1_12.8 CIS Controls v8.1 12.8 Establish and maintain dedicated computing resources for all administrative work CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management CIS_Controls_v8.1 12.8 CIS_Controls_v8.1_12.8 CIS Controls v8.1 12.8 Establish and maintain dedicated computing resources for all administrative work CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault CIS_Controls_v8.1 12.8 CIS_Controls_v8.1_12.8 CIS Controls v8.1 12.8 Establish and maintain dedicated computing resources for all administrative work CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
56fd377d-098c-4f02-8406-81eb055902b8 IP firewall rules on Azure Synapse workspaces should be removed Synapse CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities Kubernetes CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d46c275d-1680-448d-b2ec-e495a3b6cc89 Kubernetes cluster services should only use allowed external IPs Kubernetes CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB CIS_Controls_v8.1 13.1 CIS_Controls_v8.1_13.1 CIS Controls v8.1 13.1 Centralize security event alerting CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
171e377b-5224-4a97-1eaa-62a3b5231dac Generate internal security alerts Regulatory Compliance CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b8689b2e-4308-a58b-a0b4-6f3343a000df Use automated mechanisms for security alerts Regulatory Compliance CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Tune security event alerting thresholds CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d46c275d-1680-448d-b2ec-e495a3b6cc89 Kubernetes cluster services should only use allowed external IPs Kubernetes CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
56fd377d-098c-4f02-8406-81eb055902b8 IP firewall rules on Azure Synapse workspaces should be removed Synapse CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities Kubernetes CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network CIS_Controls_v8.1 13.3 CIS_Controls_v8.1_13.3 CIS Controls v8.1 13.3 Deploy a network intrusion detection solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning CIS_Controls_v8.1 13.4 CIS_Controls_v8.1_13.4 CIS Controls v8.1 13.4 Perform traffic filtering between network segments CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network CIS_Controls_v8.1 13.4 CIS_Controls_v8.1_13.4 CIS Controls v8.1 13.4 Perform traffic filtering between network segments CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CIS_Controls_v8.1 13.4 CIS_Controls_v8.1_13.4 CIS Controls v8.1 13.4 Perform traffic filtering between network segments CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CIS_Controls_v8.1 13.4 CIS_Controls_v8.1_13.4 CIS Controls v8.1 13.4 Perform traffic filtering between network segments CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup CIS_Controls_v8.1 13.4 CIS_Controls_v8.1_13.4 CIS Controls v8.1 13.4 Perform traffic filtering between network segments CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network CIS_Controls_v8.1 13.4 CIS_Controls_v8.1_13.4 CIS Controls v8.1 13.4 Perform traffic filtering between network segments CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch CIS_Controls_v8.1 13.4 CIS_Controls_v8.1_13.4 CIS Controls v8.1 13.4 Perform traffic filtering between network segments CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL CIS_Controls_v8.1 13.4 CIS_Controls_v8.1_13.4 CIS Controls v8.1 13.4 Perform traffic filtering between network segments CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network CIS_Controls_v8.1 13.4 CIS_Controls_v8.1_13.4 CIS Controls v8.1 13.4 Perform traffic filtering between network segments CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery CIS_Controls_v8.1 13.4 CIS_Controls_v8.1_13.4 CIS Controls v8.1 13.4 Perform traffic filtering between network segments CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network CIS_Controls_v8.1 13.4 CIS_Controls_v8.1_13.4 CIS Controls v8.1 13.4 Perform traffic filtering between network segments CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CIS_Controls_v8.1 13.4 CIS_Controls_v8.1_13.4 CIS Controls v8.1 13.4 Perform traffic filtering between network segments CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CIS_Controls_v8.1 13.4 CIS_Controls_v8.1_13.4 CIS Controls v8.1 13.4 Perform traffic filtering between network segments CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network CIS_Controls_v8.1 13.4 CIS_Controls_v8.1_13.4 CIS Controls v8.1 13.4 Perform traffic filtering between network segments CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services CIS_Controls_v8.1 13.4 CIS_Controls_v8.1_13.4 CIS Controls v8.1 13.4 Perform traffic filtering between network segments CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network CIS_Controls_v8.1 13.4 CIS_Controls_v8.1_13.4 CIS Controls v8.1 13.4 Perform traffic filtering between network segments CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CIS_Controls_v8.1 13.7 CIS_Controls_v8.1_13.7 CIS Controls v8.1 13.7 Deploy a host-based intrusion prevention solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CIS_Controls_v8.1 13.7 CIS_Controls_v8.1_13.7 CIS Controls v8.1 13.7 Deploy a host-based intrusion prevention solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Controls_v8.1 13.7 CIS_Controls_v8.1_13.7 CIS Controls v8.1 13.7 Deploy a host-based intrusion prevention solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CIS_Controls_v8.1 13.7 CIS_Controls_v8.1_13.7 CIS Controls v8.1 13.7 Deploy a host-based intrusion prevention solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CIS_Controls_v8.1 13.7 CIS_Controls_v8.1_13.7 CIS Controls v8.1 13.7 Deploy a host-based intrusion prevention solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CIS_Controls_v8.1 13.7 CIS_Controls_v8.1_13.7 CIS Controls v8.1 13.7 Deploy a host-based intrusion prevention solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Controls_v8.1 13.7 CIS_Controls_v8.1_13.7 CIS Controls v8.1 13.7 Deploy a host-based intrusion prevention solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CIS_Controls_v8.1 13.7 CIS_Controls_v8.1_13.7 CIS Controls v8.1 13.7 Deploy a host-based intrusion prevention solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center CIS_Controls_v8.1 16.06 CIS_Controls_v8.1_16.06 404 not found CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CIS_Controls_v8.1 16.06 CIS_Controls_v8.1_16.06 404 not found CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CIS_Controls_v8.1 16.06 CIS_Controls_v8.1_16.06 404 not found CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center CIS_Controls_v8.1 16.1 CIS_Controls_v8.1_16.1 CIS Controls v8.1 16.1 Establish and maintain a secure application development process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CIS_Controls_v8.1 16.1 CIS_Controls_v8.1_16.1 CIS Controls v8.1 16.1 Establish and maintain a secure application development process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CIS_Controls_v8.1 16.1 CIS_Controls_v8.1_16.1 CIS Controls v8.1 16.1 Establish and maintain a secure application development process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CIS_Controls_v8.1 16.12 CIS_Controls_v8.1_16.12 CIS Controls v8.1 16.12 Implement code-level security checks CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute CIS_Controls_v8.1 16.12 CIS_Controls_v8.1_16.12 CIS Controls v8.1 16.12 Implement code-level security checks CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CIS_Controls_v8.1 16.12 CIS_Controls_v8.1_16.12 CIS Controls v8.1 16.12 Implement code-level security checks CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Controls_v8.1 16.12 CIS_Controls_v8.1_16.12 CIS Controls v8.1 16.12 Implement code-level security checks CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse CIS_Controls_v8.1 16.12 CIS_Controls_v8.1_16.12 CIS Controls v8.1 16.12 Implement code-level security checks CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center CIS_Controls_v8.1 16.12 CIS_Controls_v8.1_16.12 CIS Controls v8.1 16.12 Implement code-level security checks CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center CIS_Controls_v8.1 16.12 CIS_Controls_v8.1_16.12 CIS Controls v8.1 16.12 Implement code-level security checks CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CIS_Controls_v8.1 16.12 CIS_Controls_v8.1_16.12 CIS Controls v8.1 16.12 Implement code-level security checks CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CIS_Controls_v8.1 16.12 CIS_Controls_v8.1_16.12 CIS Controls v8.1 16.12 Implement code-level security checks CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CIS_Controls_v8.1 16.12 CIS_Controls_v8.1_16.12 CIS Controls v8.1 16.12 Implement code-level security checks CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center CIS_Controls_v8.1 16.12 CIS_Controls_v8.1_16.12 CIS Controls v8.1 16.12 Implement code-level security checks CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CIS_Controls_v8.1 16.12 CIS_Controls_v8.1_16.12 CIS Controls v8.1 16.12 Implement code-level security checks CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning CIS_Controls_v8.1 16.12 CIS_Controls_v8.1_16.12 CIS Controls v8.1 16.12 Implement code-level security checks CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center CIS_Controls_v8.1 16.12 CIS_Controls_v8.1_16.12 CIS Controls v8.1 16.12 Implement code-level security checks CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center CIS_Controls_v8.1 16.12 CIS_Controls_v8.1_16.12 CIS Controls v8.1 16.12 Implement code-level security checks CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CIS_Controls_v8.1 16.12 CIS_Controls_v8.1_16.12 CIS Controls v8.1 16.12 Implement code-level security checks CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CIS_Controls_v8.1 16.12 CIS_Controls_v8.1_16.12 CIS Controls v8.1 16.12 Implement code-level security checks CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CIS_Controls_v8.1 16.12 CIS_Controls_v8.1_16.12 CIS Controls v8.1 16.12 Implement code-level security checks CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CIS_Controls_v8.1 16.12 CIS_Controls_v8.1_16.12 CIS Controls v8.1 16.12 Implement code-level security checks CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CIS_Controls_v8.1 16.12 CIS_Controls_v8.1_16.12 CIS Controls v8.1 16.12 Implement code-level security checks CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CIS_Controls_v8.1 16.12 CIS_Controls_v8.1_16.12 CIS Controls v8.1 16.12 Implement code-level security checks CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center CIS_Controls_v8.1 16.12 CIS_Controls_v8.1_16.12 CIS Controls v8.1 16.12 Implement code-level security checks CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CIS_Controls_v8.1 16.13 CIS_Controls_v8.1_16.13 CIS Controls v8.1 16.13 Conduct application penetration testing CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center CIS_Controls_v8.1 16.13 CIS_Controls_v8.1_16.13 CIS Controls v8.1 16.13 Conduct application penetration testing CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center CIS_Controls_v8.1 16.13 CIS_Controls_v8.1_16.13 CIS Controls v8.1 16.13 Conduct application penetration testing CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center CIS_Controls_v8.1 16.13 CIS_Controls_v8.1_16.13 CIS Controls v8.1 16.13 Conduct application penetration testing CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CIS_Controls_v8.1 16.13 CIS_Controls_v8.1_16.13 CIS Controls v8.1 16.13 Conduct application penetration testing CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute CIS_Controls_v8.1 16.13 CIS_Controls_v8.1_16.13 CIS Controls v8.1 16.13 Conduct application penetration testing CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CIS_Controls_v8.1 16.13 CIS_Controls_v8.1_16.13 CIS Controls v8.1 16.13 Conduct application penetration testing CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CIS_Controls_v8.1 16.13 CIS_Controls_v8.1_16.13 CIS Controls v8.1 16.13 Conduct application penetration testing CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CIS_Controls_v8.1 16.13 CIS_Controls_v8.1_16.13 CIS Controls v8.1 16.13 Conduct application penetration testing CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse CIS_Controls_v8.1 16.13 CIS_Controls_v8.1_16.13 CIS Controls v8.1 16.13 Conduct application penetration testing CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CIS_Controls_v8.1 16.13 CIS_Controls_v8.1_16.13 CIS Controls v8.1 16.13 Conduct application penetration testing CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center CIS_Controls_v8.1 16.13 CIS_Controls_v8.1_16.13 CIS Controls v8.1 16.13 Conduct application penetration testing CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning CIS_Controls_v8.1 16.13 CIS_Controls_v8.1_16.13 CIS Controls v8.1 16.13 Conduct application penetration testing CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CIS_Controls_v8.1 16.13 CIS_Controls_v8.1_16.13 CIS Controls v8.1 16.13 Conduct application penetration testing CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CIS_Controls_v8.1 16.13 CIS_Controls_v8.1_16.13 CIS Controls v8.1 16.13 Conduct application penetration testing CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center CIS_Controls_v8.1 16.13 CIS_Controls_v8.1_16.13 CIS Controls v8.1 16.13 Conduct application penetration testing CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center CIS_Controls_v8.1 16.13 CIS_Controls_v8.1_16.13 CIS Controls v8.1 16.13 Conduct application penetration testing CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CIS_Controls_v8.1 16.13 CIS_Controls_v8.1_16.13 CIS Controls v8.1 16.13 Conduct application penetration testing CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CIS_Controls_v8.1 16.13 CIS_Controls_v8.1_16.13 CIS Controls v8.1 16.13 Conduct application penetration testing CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CIS_Controls_v8.1 16.13 CIS_Controls_v8.1_16.13 CIS Controls v8.1 16.13 Conduct application penetration testing CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CIS_Controls_v8.1 16.13 CIS_Controls_v8.1_16.13 CIS Controls v8.1 16.13 Conduct application penetration testing CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Controls_v8.1 16.13 CIS_Controls_v8.1_16.13 CIS Controls v8.1 16.13 Conduct application penetration testing CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network CIS_Controls_v8.1 16.14 CIS_Controls_v8.1_16.14 CIS Controls v8.1 16.14 Conduct threat modeling CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance CIS_Controls_v8.1 16.14 CIS_Controls_v8.1_16.14 CIS Controls v8.1 16.14 Conduct threat modeling CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration CIS_Controls_v8.1 16.14 CIS_Controls_v8.1_16.14 CIS Controls v8.1 16.14 Conduct threat modeling CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center CIS_Controls_v8.1 16.2 CIS_Controls_v8.1_16.2 CIS Controls v8.1 16.2 Establish and maintain a process to accept and address software vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center CIS_Controls_v8.1 16.2 CIS_Controls_v8.1_16.2 CIS Controls v8.1 16.2 Establish and maintain a process to accept and address software vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CIS_Controls_v8.1 16.2 CIS_Controls_v8.1_16.2 CIS Controls v8.1 16.2 Establish and maintain a process to accept and address software vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center CIS_Controls_v8.1 16.2 CIS_Controls_v8.1_16.2 CIS Controls v8.1 16.2 Establish and maintain a process to accept and address software vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CIS_Controls_v8.1 16.2 CIS_Controls_v8.1_16.2 CIS Controls v8.1 16.2 Establish and maintain a process to accept and address software vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CIS_Controls_v8.1 16.2 CIS_Controls_v8.1_16.2 CIS Controls v8.1 16.2 Establish and maintain a process to accept and address software vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CIS_Controls_v8.1 16.2 CIS_Controls_v8.1_16.2 CIS Controls v8.1 16.2 Establish and maintain a process to accept and address software vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CIS_Controls_v8.1 16.2 CIS_Controls_v8.1_16.2 CIS Controls v8.1 16.2 Establish and maintain a process to accept and address software vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center CIS_Controls_v8.1 16.2 CIS_Controls_v8.1_16.2 CIS Controls v8.1 16.2 Establish and maintain a process to accept and address software vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning CIS_Controls_v8.1 16.2 CIS_Controls_v8.1_16.2 CIS Controls v8.1 16.2 Establish and maintain a process to accept and address software vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center CIS_Controls_v8.1 16.2 CIS_Controls_v8.1_16.2 CIS Controls v8.1 16.2 Establish and maintain a process to accept and address software vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CIS_Controls_v8.1 16.2 CIS_Controls_v8.1_16.2 CIS Controls v8.1 16.2 Establish and maintain a process to accept and address software vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CIS_Controls_v8.1 16.2 CIS_Controls_v8.1_16.2 CIS Controls v8.1 16.2 Establish and maintain a process to accept and address software vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Controls_v8.1 16.2 CIS_Controls_v8.1_16.2 CIS Controls v8.1 16.2 Establish and maintain a process to accept and address software vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CIS_Controls_v8.1 16.2 CIS_Controls_v8.1_16.2 CIS Controls v8.1 16.2 Establish and maintain a process to accept and address software vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute CIS_Controls_v8.1 16.2 CIS_Controls_v8.1_16.2 CIS Controls v8.1 16.2 Establish and maintain a process to accept and address software vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CIS_Controls_v8.1 16.2 CIS_Controls_v8.1_16.2 CIS Controls v8.1 16.2 Establish and maintain a process to accept and address software vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse CIS_Controls_v8.1 16.2 CIS_Controls_v8.1_16.2 CIS Controls v8.1 16.2 Establish and maintain a process to accept and address software vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CIS_Controls_v8.1 16.2 CIS_Controls_v8.1_16.2 CIS Controls v8.1 16.2 Establish and maintain a process to accept and address software vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center CIS_Controls_v8.1 16.2 CIS_Controls_v8.1_16.2 CIS Controls v8.1 16.2 Establish and maintain a process to accept and address software vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CIS_Controls_v8.1 16.2 CIS_Controls_v8.1_16.2 CIS Controls v8.1 16.2 Establish and maintain a process to accept and address software vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CIS_Controls_v8.1 16.2 CIS_Controls_v8.1_16.2 CIS Controls v8.1 16.2 Establish and maintain a process to accept and address software vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring CIS_Controls_v8.1 16.3 CIS_Controls_v8.1_16.3 CIS Controls v8.1 16.3 Perform root cause analysis on security vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center CIS_Controls_v8.1 16.5 CIS_Controls_v8.1_16.5 CIS Controls v8.1 16.5 Use up-to-date and trusted third-party software components CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CIS_Controls_v8.1 16.5 CIS_Controls_v8.1_16.5 CIS Controls v8.1 16.5 Use up-to-date and trusted third-party software components CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CIS_Controls_v8.1 16.5 CIS_Controls_v8.1_16.5 CIS Controls v8.1 16.5 Use up-to-date and trusted third-party software components CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CIS_Controls_v8.1 16.5 CIS_Controls_v8.1_16.5 CIS Controls v8.1 16.5 Use up-to-date and trusted third-party software components CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center CIS_Controls_v8.1 16.5 CIS_Controls_v8.1_16.5 CIS Controls v8.1 16.5 Use up-to-date and trusted third-party software components CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning CIS_Controls_v8.1 16.5 CIS_Controls_v8.1_16.5 CIS Controls v8.1 16.5 Use up-to-date and trusted third-party software components CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CIS_Controls_v8.1 16.5 CIS_Controls_v8.1_16.5 CIS Controls v8.1 16.5 Use up-to-date and trusted third-party software components CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CIS_Controls_v8.1 16.5 CIS_Controls_v8.1_16.5 CIS Controls v8.1 16.5 Use up-to-date and trusted third-party software components CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center CIS_Controls_v8.1 16.5 CIS_Controls_v8.1_16.5 CIS Controls v8.1 16.5 Use up-to-date and trusted third-party software components CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center CIS_Controls_v8.1 16.5 CIS_Controls_v8.1_16.5 CIS Controls v8.1 16.5 Use up-to-date and trusted third-party software components CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center CIS_Controls_v8.1 16.5 CIS_Controls_v8.1_16.5 CIS Controls v8.1 16.5 Use up-to-date and trusted third-party software components CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse CIS_Controls_v8.1 16.5 CIS_Controls_v8.1_16.5 CIS Controls v8.1 16.5 Use up-to-date and trusted third-party software components CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center CIS_Controls_v8.1 16.5 CIS_Controls_v8.1_16.5 CIS Controls v8.1 16.5 Use up-to-date and trusted third-party software components CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute CIS_Controls_v8.1 16.5 CIS_Controls_v8.1_16.5 CIS Controls v8.1 16.5 Use up-to-date and trusted third-party software components CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CIS_Controls_v8.1 16.5 CIS_Controls_v8.1_16.5 CIS Controls v8.1 16.5 Use up-to-date and trusted third-party software components CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CIS_Controls_v8.1 16.5 CIS_Controls_v8.1_16.5 CIS Controls v8.1 16.5 Use up-to-date and trusted third-party software components CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CIS_Controls_v8.1 16.5 CIS_Controls_v8.1_16.5 CIS Controls v8.1 16.5 Use up-to-date and trusted third-party software components CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute CIS_Controls_v8.1 16.6 CIS_Controls_v8.1_16.6 CIS Controls v8.1 16.6 Establish and maintain a severity rating system and process for application vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CIS_Controls_v8.1 16.6 CIS_Controls_v8.1_16.6 CIS Controls v8.1 16.6 Establish and maintain a severity rating system and process for application vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center CIS_Controls_v8.1 16.6 CIS_Controls_v8.1_16.6 CIS Controls v8.1 16.6 Establish and maintain a severity rating system and process for application vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CIS_Controls_v8.1 16.6 CIS_Controls_v8.1_16.6 CIS Controls v8.1 16.6 Establish and maintain a severity rating system and process for application vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CIS_Controls_v8.1 16.6 CIS_Controls_v8.1_16.6 CIS Controls v8.1 16.6 Establish and maintain a severity rating system and process for application vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse CIS_Controls_v8.1 16.6 CIS_Controls_v8.1_16.6 CIS Controls v8.1 16.6 Establish and maintain a severity rating system and process for application vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center CIS_Controls_v8.1 16.6 CIS_Controls_v8.1_16.6 CIS Controls v8.1 16.6 Establish and maintain a severity rating system and process for application vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CIS_Controls_v8.1 16.6 CIS_Controls_v8.1_16.6 CIS Controls v8.1 16.6 Establish and maintain a severity rating system and process for application vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center CIS_Controls_v8.1 16.6 CIS_Controls_v8.1_16.6 CIS Controls v8.1 16.6 Establish and maintain a severity rating system and process for application vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center CIS_Controls_v8.1 16.6 CIS_Controls_v8.1_16.6 CIS Controls v8.1 16.6 Establish and maintain a severity rating system and process for application vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CIS_Controls_v8.1 16.6 CIS_Controls_v8.1_16.6 CIS Controls v8.1 16.6 Establish and maintain a severity rating system and process for application vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning CIS_Controls_v8.1 16.6 CIS_Controls_v8.1_16.6 CIS Controls v8.1 16.6 Establish and maintain a severity rating system and process for application vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CIS_Controls_v8.1 16.6 CIS_Controls_v8.1_16.6 CIS Controls v8.1 16.6 Establish and maintain a severity rating system and process for application vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CIS_Controls_v8.1 16.6 CIS_Controls_v8.1_16.6 CIS Controls v8.1 16.6 Establish and maintain a severity rating system and process for application vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center CIS_Controls_v8.1 16.6 CIS_Controls_v8.1_16.6 CIS Controls v8.1 16.6 Establish and maintain a severity rating system and process for application vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CIS_Controls_v8.1 16.6 CIS_Controls_v8.1_16.6 CIS Controls v8.1 16.6 Establish and maintain a severity rating system and process for application vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center CIS_Controls_v8.1 16.6 CIS_Controls_v8.1_16.6 CIS Controls v8.1 16.6 Establish and maintain a severity rating system and process for application vulnerabilities CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CIS_Controls_v8.1 16.7 CIS_Controls_v8.1_16.7 CIS Controls v8.1 16.7 Use standard hardening configuration templates for application infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CIS_Controls_v8.1 16.7 CIS_Controls_v8.1_16.7 CIS Controls v8.1 16.7 Use standard hardening configuration templates for application infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CIS_Controls_v8.1 16.7 CIS_Controls_v8.1_16.7 CIS Controls v8.1 16.7 Use standard hardening configuration templates for application infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning CIS_Controls_v8.1 16.7 CIS_Controls_v8.1_16.7 CIS Controls v8.1 16.7 Use standard hardening configuration templates for application infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center CIS_Controls_v8.1 16.7 CIS_Controls_v8.1_16.7 CIS Controls v8.1 16.7 Use standard hardening configuration templates for application infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CIS_Controls_v8.1 16.7 CIS_Controls_v8.1_16.7 CIS Controls v8.1 16.7 Use standard hardening configuration templates for application infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse CIS_Controls_v8.1 16.7 CIS_Controls_v8.1_16.7 CIS Controls v8.1 16.7 Use standard hardening configuration templates for application infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center CIS_Controls_v8.1 16.7 CIS_Controls_v8.1_16.7 CIS Controls v8.1 16.7 Use standard hardening configuration templates for application infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CIS_Controls_v8.1 16.7 CIS_Controls_v8.1_16.7 CIS Controls v8.1 16.7 Use standard hardening configuration templates for application infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute CIS_Controls_v8.1 16.7 CIS_Controls_v8.1_16.7 CIS Controls v8.1 16.7 Use standard hardening configuration templates for application infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CIS_Controls_v8.1 16.7 CIS_Controls_v8.1_16.7 CIS Controls v8.1 16.7 Use standard hardening configuration templates for application infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center CIS_Controls_v8.1 16.7 CIS_Controls_v8.1_16.7 CIS Controls v8.1 16.7 Use standard hardening configuration templates for application infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CIS_Controls_v8.1 16.7 CIS_Controls_v8.1_16.7 CIS Controls v8.1 16.7 Use standard hardening configuration templates for application infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center CIS_Controls_v8.1 16.7 CIS_Controls_v8.1_16.7 CIS Controls v8.1 16.7 Use standard hardening configuration templates for application infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center CIS_Controls_v8.1 16.7 CIS_Controls_v8.1_16.7 CIS Controls v8.1 16.7 Use standard hardening configuration templates for application infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center CIS_Controls_v8.1 16.7 CIS_Controls_v8.1_16.7 CIS Controls v8.1 16.7 Use standard hardening configuration templates for application infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CIS_Controls_v8.1 16.7 CIS_Controls_v8.1_16.7 CIS Controls v8.1 16.7 Use standard hardening configuration templates for application infrastructure CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
171e377b-5224-4a97-1eaa-62a3b5231dac Generate internal security alerts Regulatory Compliance CIS_Controls_v8.1 17.2 CIS_Controls_v8.1_17.2 CIS Controls v8.1 17.2 Establish and maintain contact information for reporting security incidents CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CIS_Controls_v8.1 17.2 CIS_Controls_v8.1_17.2 CIS Controls v8.1 17.2 Establish and maintain contact information for reporting security incidents CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b8689b2e-4308-a58b-a0b4-6f3343a000df Use automated mechanisms for security alerts Regulatory Compliance CIS_Controls_v8.1 17.2 CIS_Controls_v8.1_17.2 CIS Controls v8.1 17.2 Establish and maintain contact information for reporting security incidents CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center CIS_Controls_v8.1 18.1 CIS_Controls_v8.1_18.1 CIS Controls v8.1 18.1 Establish and maintain a penetration testing program CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CIS_Controls_v8.1 18.1 CIS_Controls_v8.1_18.1 CIS Controls v8.1 18.1 Establish and maintain a penetration testing program CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning CIS_Controls_v8.1 18.1 CIS_Controls_v8.1_18.1 CIS Controls v8.1 18.1 Establish and maintain a penetration testing program CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CIS_Controls_v8.1 18.1 CIS_Controls_v8.1_18.1 CIS Controls v8.1 18.1 Establish and maintain a penetration testing program CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CIS_Controls_v8.1 18.1 CIS_Controls_v8.1_18.1 CIS Controls v8.1 18.1 Establish and maintain a penetration testing program CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center CIS_Controls_v8.1 18.1 CIS_Controls_v8.1_18.1 CIS Controls v8.1 18.1 Establish and maintain a penetration testing program CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center CIS_Controls_v8.1 18.1 CIS_Controls_v8.1_18.1 CIS Controls v8.1 18.1 Establish and maintain a penetration testing program CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center CIS_Controls_v8.1 18.1 CIS_Controls_v8.1_18.1 CIS Controls v8.1 18.1 Establish and maintain a penetration testing program CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center CIS_Controls_v8.1 18.1 CIS_Controls_v8.1_18.1 CIS Controls v8.1 18.1 Establish and maintain a penetration testing program CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CIS_Controls_v8.1 18.1 CIS_Controls_v8.1_18.1 CIS Controls v8.1 18.1 Establish and maintain a penetration testing program CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CIS_Controls_v8.1 18.1 CIS_Controls_v8.1_18.1 CIS Controls v8.1 18.1 Establish and maintain a penetration testing program CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute CIS_Controls_v8.1 18.1 CIS_Controls_v8.1_18.1 CIS Controls v8.1 18.1 Establish and maintain a penetration testing program CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CIS_Controls_v8.1 18.1 CIS_Controls_v8.1_18.1 CIS Controls v8.1 18.1 Establish and maintain a penetration testing program CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CIS_Controls_v8.1 18.1 CIS_Controls_v8.1_18.1 CIS Controls v8.1 18.1 Establish and maintain a penetration testing program CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center CIS_Controls_v8.1 18.1 CIS_Controls_v8.1_18.1 CIS Controls v8.1 18.1 Establish and maintain a penetration testing program CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse CIS_Controls_v8.1 18.1 CIS_Controls_v8.1_18.1 CIS Controls v8.1 18.1 Establish and maintain a penetration testing program CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CIS_Controls_v8.1 18.1 CIS_Controls_v8.1_18.1 CIS Controls v8.1 18.1 Establish and maintain a penetration testing program CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CIS_Controls_v8.1 18.2 CIS_Controls_v8.1_18.2 CIS Controls v8.1 18.2 Perform periodic external penetration tests CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CIS_Controls_v8.1 18.2 CIS_Controls_v8.1_18.2 CIS Controls v8.1 18.2 Perform periodic external penetration tests CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse CIS_Controls_v8.1 18.2 CIS_Controls_v8.1_18.2 CIS Controls v8.1 18.2 Perform periodic external penetration tests CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CIS_Controls_v8.1 18.2 CIS_Controls_v8.1_18.2 CIS Controls v8.1 18.2 Perform periodic external penetration tests CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute CIS_Controls_v8.1 18.2 CIS_Controls_v8.1_18.2 CIS Controls v8.1 18.2 Perform periodic external penetration tests CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning CIS_Controls_v8.1 18.2 CIS_Controls_v8.1_18.2 CIS Controls v8.1 18.2 Perform periodic external penetration tests CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center CIS_Controls_v8.1 18.2 CIS_Controls_v8.1_18.2 CIS Controls v8.1 18.2 Perform periodic external penetration tests CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center CIS_Controls_v8.1 18.2 CIS_Controls_v8.1_18.2 CIS Controls v8.1 18.2 Perform periodic external penetration tests CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CIS_Controls_v8.1 18.2 CIS_Controls_v8.1_18.2 CIS Controls v8.1 18.2 Perform periodic external penetration tests CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CIS_Controls_v8.1 18.2 CIS_Controls_v8.1_18.2 CIS Controls v8.1 18.2 Perform periodic external penetration tests CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center CIS_Controls_v8.1 18.2 CIS_Controls_v8.1_18.2 CIS Controls v8.1 18.2 Perform periodic external penetration tests CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CIS_Controls_v8.1 18.2 CIS_Controls_v8.1_18.2 CIS Controls v8.1 18.2 Perform periodic external penetration tests CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center CIS_Controls_v8.1 18.2 CIS_Controls_v8.1_18.2 CIS Controls v8.1 18.2 Perform periodic external penetration tests CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center CIS_Controls_v8.1 18.2 CIS_Controls_v8.1_18.2 CIS Controls v8.1 18.2 Perform periodic external penetration tests CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center CIS_Controls_v8.1 18.2 CIS_Controls_v8.1_18.2 CIS Controls v8.1 18.2 Perform periodic external penetration tests CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CIS_Controls_v8.1 18.2 CIS_Controls_v8.1_18.2 CIS Controls v8.1 18.2 Perform periodic external penetration tests CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CIS_Controls_v8.1 18.3 CIS_Controls_v8.1_18.3 CIS Controls v8.1 18.3 Remediate penetration test findings CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center CIS_Controls_v8.1 18.3 CIS_Controls_v8.1_18.3 CIS Controls v8.1 18.3 Remediate penetration test findings CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning CIS_Controls_v8.1 18.3 CIS_Controls_v8.1_18.3 CIS Controls v8.1 18.3 Remediate penetration test findings CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center CIS_Controls_v8.1 18.3 CIS_Controls_v8.1_18.3 CIS Controls v8.1 18.3 Remediate penetration test findings CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute CIS_Controls_v8.1 18.3 CIS_Controls_v8.1_18.3 CIS Controls v8.1 18.3 Remediate penetration test findings CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center CIS_Controls_v8.1 18.3 CIS_Controls_v8.1_18.3 CIS Controls v8.1 18.3 Remediate penetration test findings CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center CIS_Controls_v8.1 18.3 CIS_Controls_v8.1_18.3 CIS Controls v8.1 18.3 Remediate penetration test findings CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CIS_Controls_v8.1 18.3 CIS_Controls_v8.1_18.3 CIS Controls v8.1 18.3 Remediate penetration test findings CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CIS_Controls_v8.1 18.3 CIS_Controls_v8.1_18.3 CIS Controls v8.1 18.3 Remediate penetration test findings CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CIS_Controls_v8.1 18.3 CIS_Controls_v8.1_18.3 CIS Controls v8.1 18.3 Remediate penetration test findings CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse CIS_Controls_v8.1 18.3 CIS_Controls_v8.1_18.3 CIS Controls v8.1 18.3 Remediate penetration test findings CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CIS_Controls_v8.1 18.3 CIS_Controls_v8.1_18.3 CIS Controls v8.1 18.3 Remediate penetration test findings CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center CIS_Controls_v8.1 18.3 CIS_Controls_v8.1_18.3 CIS Controls v8.1 18.3 Remediate penetration test findings CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center CIS_Controls_v8.1 18.3 CIS_Controls_v8.1_18.3 CIS Controls v8.1 18.3 Remediate penetration test findings CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CIS_Controls_v8.1 18.3 CIS_Controls_v8.1_18.3 CIS Controls v8.1 18.3 Remediate penetration test findings CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CIS_Controls_v8.1 18.3 CIS_Controls_v8.1_18.3 CIS Controls v8.1 18.3 Remediate penetration test findings CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities Kubernetes CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
56fd377d-098c-4f02-8406-81eb055902b8 IP firewall rules on Azure Synapse workspaces should be removed Synapse CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d46c275d-1680-448d-b2ec-e495a3b6cc89 Kubernetes cluster services should only use allowed external IPs Kubernetes CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CIS_Controls_v8.1 18.4 CIS_Controls_v8.1_18.4 CIS Controls v8.1 18.4 Validate security measures CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CIS_Controls_v8.1 18.5 CIS_Controls_v8.1_18.5 404 not found CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute CIS_Controls_v8.1 18.5 CIS_Controls_v8.1_18.5 404 not found CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center CIS_Controls_v8.1 18.5 CIS_Controls_v8.1_18.5 404 not found CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center CIS_Controls_v8.1 18.5 CIS_Controls_v8.1_18.5 404 not found CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CIS_Controls_v8.1 18.5 CIS_Controls_v8.1_18.5 404 not found CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center CIS_Controls_v8.1 18.5 CIS_Controls_v8.1_18.5 404 not found CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center CIS_Controls_v8.1 18.5 CIS_Controls_v8.1_18.5 404 not found CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning CIS_Controls_v8.1 18.5 CIS_Controls_v8.1_18.5 404 not found CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CIS_Controls_v8.1 18.5 CIS_Controls_v8.1_18.5 404 not found CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse CIS_Controls_v8.1 18.5 CIS_Controls_v8.1_18.5 404 not found CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CIS_Controls_v8.1 18.5 CIS_Controls_v8.1_18.5 404 not found CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center CIS_Controls_v8.1 18.5 CIS_Controls_v8.1_18.5 404 not found CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CIS_Controls_v8.1 18.5 CIS_Controls_v8.1_18.5 404 not found CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CIS_Controls_v8.1 18.5 CIS_Controls_v8.1_18.5 404 not found CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center CIS_Controls_v8.1 18.5 CIS_Controls_v8.1_18.5 404 not found CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CIS_Controls_v8.1 18.5 CIS_Controls_v8.1_18.5 404 not found CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service CIS_Controls_v8.1 2.2 CIS_Controls_v8.1_2.2 CIS Controls v8.1 2.2 Ensure authorized software is currently supported CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service CIS_Controls_v8.1 2.2 CIS_Controls_v8.1_2.2 CIS Controls v8.1 2.2 Ensure authorized software is currently supported CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CIS_Controls_v8.1 3.1 CIS_Controls_v8.1_3.1 CIS Controls v8.1 3.1 Establish and maintain a data management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL CIS_Controls_v8.1 3.1 CIS_Controls_v8.1_3.1 CIS Controls v8.1 3.1 Establish and maintain a data management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CIS_Controls_v8.1 3.1 CIS_Controls_v8.1_3.1 CIS Controls v8.1 3.1 Establish and maintain a data management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service CIS_Controls_v8.1 3.10 CIS_Controls_v8.1_3.10 404 not found CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
fe83a0eb-a853-422d-aac2-1bffd182c5d0 Storage accounts should have the specified minimum TLS version Storage CIS_Controls_v8.1 3.10 CIS_Controls_v8.1_3.10 404 not found CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service CIS_Controls_v8.1 3.10 CIS_Controls_v8.1_3.10 404 not found CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL CIS_Controls_v8.1 3.10 CIS_Controls_v8.1_3.10 404 not found CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service CIS_Controls_v8.1 3.10 CIS_Controls_v8.1_3.10 404 not found CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service CIS_Controls_v8.1 3.10 CIS_Controls_v8.1_3.10 404 not found CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CIS_Controls_v8.1 3.10 CIS_Controls_v8.1_3.10 404 not found CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service CIS_Controls_v8.1 3.10 CIS_Controls_v8.1_3.10 404 not found CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL CIS_Controls_v8.1 3.11 CIS_Controls_v8.1_3.11 CIS Controls v8.1 3.11 Encrypt sensitive data at rest CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute CIS_Controls_v8.1 3.11 CIS_Controls_v8.1_3.11 CIS Controls v8.1 3.11 Encrypt sensitive data at rest CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup CIS_Controls_v8.1 3.12 CIS_Controls_v8.1_3.12 CIS Controls v8.1 3.12 Segment data processing and storage based on sensitivity CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network CIS_Controls_v8.1 3.12 CIS_Controls_v8.1_3.12 CIS Controls v8.1 3.12 Segment data processing and storage based on sensitivity CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL CIS_Controls_v8.1 3.12 CIS_Controls_v8.1_3.12 CIS Controls v8.1 3.12 Segment data processing and storage based on sensitivity CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network CIS_Controls_v8.1 3.12 CIS_Controls_v8.1_3.12 CIS Controls v8.1 3.12 Segment data processing and storage based on sensitivity CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning CIS_Controls_v8.1 3.12 CIS_Controls_v8.1_3.12 CIS Controls v8.1 3.12 Segment data processing and storage based on sensitivity CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery CIS_Controls_v8.1 3.12 CIS_Controls_v8.1_3.12 CIS Controls v8.1 3.12 Segment data processing and storage based on sensitivity CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services CIS_Controls_v8.1 3.12 CIS_Controls_v8.1_3.12 CIS Controls v8.1 3.12 Segment data processing and storage based on sensitivity CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network CIS_Controls_v8.1 3.12 CIS_Controls_v8.1_3.12 CIS Controls v8.1 3.12 Segment data processing and storage based on sensitivity CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CIS_Controls_v8.1 3.12 CIS_Controls_v8.1_3.12 CIS Controls v8.1 3.12 Segment data processing and storage based on sensitivity CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network CIS_Controls_v8.1 3.12 CIS_Controls_v8.1_3.12 CIS Controls v8.1 3.12 Segment data processing and storage based on sensitivity CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network CIS_Controls_v8.1 3.12 CIS_Controls_v8.1_3.12 CIS Controls v8.1 3.12 Segment data processing and storage based on sensitivity CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch CIS_Controls_v8.1 3.12 CIS_Controls_v8.1_3.12 CIS Controls v8.1 3.12 Segment data processing and storage based on sensitivity CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CIS_Controls_v8.1 3.12 CIS_Controls_v8.1_3.12 CIS Controls v8.1 3.12 Segment data processing and storage based on sensitivity CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CIS_Controls_v8.1 3.12 CIS_Controls_v8.1_3.12 CIS Controls v8.1 3.12 Segment data processing and storage based on sensitivity CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network CIS_Controls_v8.1 3.12 CIS_Controls_v8.1_3.12 CIS Controls v8.1 3.12 Segment data processing and storage based on sensitivity CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CIS_Controls_v8.1 3.12 CIS_Controls_v8.1_3.12 CIS Controls v8.1 3.12 Segment data processing and storage based on sensitivity CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring CIS_Controls_v8.1 3.13 CIS_Controls_v8.1_3.13 CIS Controls v8.1 3.13 Deploy a data loss prevention solution CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning CIS_Controls_v8.1 3.14 CIS_Controls_v8.1_3.14 CIS Controls v8.1 3.14 Log sensitive data access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub CIS_Controls_v8.1 3.3 CIS_Controls_v8.1_3.3 CIS Controls v8.1 3.3 Configure data access control lists CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring CIS_Controls_v8.1 3.3 CIS_Controls_v8.1_3.3 CIS Controls v8.1 3.3 Configure data access control lists CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CIS_Controls_v8.1 3.3 CIS_Controls_v8.1_3.3 CIS Controls v8.1 3.3 Configure data access control lists CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB CIS_Controls_v8.1 3.3 CIS_Controls_v8.1_3.3 CIS Controls v8.1 3.3 Configure data access control lists CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CIS_Controls_v8.1 3.3 CIS_Controls_v8.1_3.3 CIS Controls v8.1 3.3 Configure data access control lists CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes CIS_Controls_v8.1 3.3 CIS_Controls_v8.1_3.3 CIS Controls v8.1 3.3 Configure data access control lists CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL CIS_Controls_v8.1 3.3 CIS_Controls_v8.1_3.3 CIS Controls v8.1 3.3 Configure data access control lists CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration CIS_Controls_v8.1 3.3 CIS_Controls_v8.1_3.3 CIS Controls v8.1 3.3 Configure data access control lists CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch CIS_Controls_v8.1 3.3 CIS_Controls_v8.1_3.3 CIS Controls v8.1 3.3 Configure data access control lists CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service CIS_Controls_v8.1 3.3 CIS_Controls_v8.1_3.3 CIS Controls v8.1 3.3 Configure data access control lists CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CIS_Controls_v8.1 3.3 CIS_Controls_v8.1_3.3 CIS Controls v8.1 3.3 Configure data access control lists CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CIS_Controls_v8.1 3.3 CIS_Controls_v8.1_3.3 CIS Controls v8.1 3.3 Configure data access control lists CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CIS_Controls_v8.1 3.3 CIS_Controls_v8.1_3.3 CIS Controls v8.1 3.3 Configure data access control lists CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center CIS_Controls_v8.1 3.3 CIS_Controls_v8.1_3.3 CIS Controls v8.1 3.3 Configure data access control lists CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CIS_Controls_v8.1 3.3 CIS_Controls_v8.1_3.3 CIS Controls v8.1 3.3 Configure data access control lists CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring CIS_Controls_v8.1 3.3 CIS_Controls_v8.1_3.3 CIS Controls v8.1 3.3 Configure data access control lists CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning CIS_Controls_v8.1 3.3 CIS_Controls_v8.1_3.3 CIS Controls v8.1 3.3 Configure data access control lists CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL CIS_Controls_v8.1 3.3 CIS_Controls_v8.1_3.3 CIS Controls v8.1 3.3 Configure data access control lists CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CIS_Controls_v8.1 3.3 CIS_Controls_v8.1_3.3 CIS Controls v8.1 3.3 Configure data access control lists CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL CIS_Controls_v8.1 3.3 CIS_Controls_v8.1_3.3 CIS Controls v8.1 3.3 Configure data access control lists CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management CIS_Controls_v8.1 3.3 CIS_Controls_v8.1_3.3 CIS Controls v8.1 3.3 Configure data access control lists CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring CIS_Controls_v8.1 3.3 CIS_Controls_v8.1_3.3 CIS Controls v8.1 3.3 Configure data access control lists CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute CIS_Controls_v8.1 3.3 CIS_Controls_v8.1_3.3 CIS Controls v8.1 3.3 Configure data access control lists CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CIS_Controls_v8.1 3.3 CIS_Controls_v8.1_3.3 CIS Controls v8.1 3.3 Configure data access control lists CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus CIS_Controls_v8.1 3.3 CIS_Controls_v8.1_3.3 CIS Controls v8.1 3.3 Configure data access control lists CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
171e377b-5224-4a97-1eaa-62a3b5231dac Generate internal security alerts Regulatory Compliance CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
fe83a0eb-a853-422d-aac2-1bffd182c5d0 Storage accounts should have the specified minimum TLS version Storage CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b8689b2e-4308-a58b-a0b4-6f3343a000df Use automated mechanisms for security alerts Regulatory Compliance CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Establish and maintain a secure configuration process. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center CIS_Controls_v8.1 4.2 CIS_Controls_v8.1_4.2 CIS Controls v8.1 4.2 Establish and maintain a secure configuration process for network infrastructure. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center CIS_Controls_v8.1 4.2 CIS_Controls_v8.1_4.2 CIS Controls v8.1 4.2 Establish and maintain a secure configuration process for network infrastructure. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration CIS_Controls_v8.1 4.2 CIS_Controls_v8.1_4.2 CIS Controls v8.1 4.2 Establish and maintain a secure configuration process for network infrastructure. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CIS_Controls_v8.1 4.4 CIS_Controls_v8.1_4.4 CIS Controls v8.1 4.4 Implement and manage a firewall on servers. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CIS_Controls_v8.1 4.4 CIS_Controls_v8.1_4.4 CIS Controls v8.1 4.4 Implement and manage a firewall on servers. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CIS_Controls_v8.1 4.4 CIS_Controls_v8.1_4.4 CIS Controls v8.1 4.4 Implement and manage a firewall on servers. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CIS_Controls_v8.1 4.5 CIS_Controls_v8.1_4.5 CIS Controls v8.1 4.5 Implement and manage a firewall on end-user devices. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CIS_Controls_v8.1 4.6 CIS_Controls_v8.1_4.6 CIS Controls v8.1 4.6 Securely manage enterprise assets and software. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration CIS_Controls_v8.1 4.7 CIS_Controls_v8.1_4.7 CIS Controls v8.1 4.7 Manage default accounts on enterprise assets and software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration CIS_Controls_v8.1 4.7 CIS_Controls_v8.1_4.7 CIS Controls v8.1 4.7 Manage default accounts on enterprise assets and software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CIS_Controls_v8.1 4.7 CIS_Controls_v8.1_4.7 CIS Controls v8.1 4.7 Manage default accounts on enterprise assets and software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CIS_Controls_v8.1 4.7 CIS_Controls_v8.1_4.7 CIS Controls v8.1 4.7 Manage default accounts on enterprise assets and software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CIS_Controls_v8.1 4.7 CIS_Controls_v8.1_4.7 CIS Controls v8.1 4.7 Manage default accounts on enterprise assets and software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center CIS_Controls_v8.1 4.7 CIS_Controls_v8.1_4.7 CIS Controls v8.1 4.7 Manage default accounts on enterprise assets and software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CIS_Controls_v8.1 4.7 CIS_Controls_v8.1_4.7 CIS Controls v8.1 4.7 Manage default accounts on enterprise assets and software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CIS_Controls_v8.1 4.7 CIS_Controls_v8.1_4.7 CIS Controls v8.1 4.7 Manage default accounts on enterprise assets and software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network CIS_Controls_v8.1 4.7 CIS_Controls_v8.1_4.7 CIS Controls v8.1 4.7 Manage default accounts on enterprise assets and software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CIS_Controls_v8.1 4.7 CIS_Controls_v8.1_4.7 CIS Controls v8.1 4.7 Manage default accounts on enterprise assets and software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CIS_Controls_v8.1 4.7 CIS_Controls_v8.1_4.7 CIS Controls v8.1 4.7 Manage default accounts on enterprise assets and software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CIS_Controls_v8.1 4.7 CIS_Controls_v8.1_4.7 CIS Controls v8.1 4.7 Manage default accounts on enterprise assets and software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CIS_Controls_v8.1 4.7 CIS_Controls_v8.1_4.7 CIS Controls v8.1 4.7 Manage default accounts on enterprise assets and software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CIS_Controls_v8.1 4.7 CIS_Controls_v8.1_4.7 CIS Controls v8.1 4.7 Manage default accounts on enterprise assets and software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CIS_Controls_v8.1 4.7 CIS_Controls_v8.1_4.7 CIS Controls v8.1 4.7 Manage default accounts on enterprise assets and software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CIS_Controls_v8.1 4.7 CIS_Controls_v8.1_4.7 CIS Controls v8.1 4.7 Manage default accounts on enterprise assets and software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 4.7 CIS_Controls_v8.1_4.7 CIS Controls v8.1 4.7 Manage default accounts on enterprise assets and software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage CIS_Controls_v8.1 4.7 CIS_Controls_v8.1_4.7 CIS Controls v8.1 4.7 Manage default accounts on enterprise assets and software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub CIS_Controls_v8.1 4.7 CIS_Controls_v8.1_4.7 CIS Controls v8.1 4.7 Manage default accounts on enterprise assets and software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration CIS_Controls_v8.1 4.7 CIS_Controls_v8.1_4.7 CIS Controls v8.1 4.7 Manage default accounts on enterprise assets and software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning CIS_Controls_v8.1 4.7 CIS_Controls_v8.1_4.7 CIS Controls v8.1 4.7 Manage default accounts on enterprise assets and software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CIS_Controls_v8.1 4.7 CIS_Controls_v8.1_4.7 CIS Controls v8.1 4.7 Manage default accounts on enterprise assets and software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL CIS_Controls_v8.1 4.7 CIS_Controls_v8.1_4.7 CIS Controls v8.1 4.7 Manage default accounts on enterprise assets and software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes CIS_Controls_v8.1 4.7 CIS_Controls_v8.1_4.7 CIS Controls v8.1 4.7 Manage default accounts on enterprise assets and software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 4.7 CIS_Controls_v8.1_4.7 CIS Controls v8.1 4.7 Manage default accounts on enterprise assets and software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault CIS_Controls_v8.1 4.7 CIS_Controls_v8.1_4.7 CIS Controls v8.1 4.7 Manage default accounts on enterprise assets and software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes CIS_Controls_v8.1 4.8 CIS_Controls_v8.1_4.8 CIS Controls v8.1 4.8 Uninstall or disable unnecessary services on enterprise assets and software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch CIS_Controls_v8.1 5.1 CIS_Controls_v8.1_5.1 CIS Controls v8.1 5.1 Establish and maintain an inventory of accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration CIS_Controls_v8.1 5.3 CIS_Controls_v8.1_5.3 CIS Controls v8.1 5.3 Disable dormant accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub CIS_Controls_v8.1 5.3 CIS_Controls_v8.1_5.3 CIS Controls v8.1 5.3 Disable dormant accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning CIS_Controls_v8.1 5.3 CIS_Controls_v8.1_5.3 CIS Controls v8.1 5.3 Disable dormant accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 5.3 CIS_Controls_v8.1_5.3 CIS Controls v8.1 5.3 Disable dormant accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL CIS_Controls_v8.1 5.3 CIS_Controls_v8.1_5.3 CIS Controls v8.1 5.3 Disable dormant accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault CIS_Controls_v8.1 5.3 CIS_Controls_v8.1_5.3 CIS Controls v8.1 5.3 Disable dormant accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration CIS_Controls_v8.1 5.3 CIS_Controls_v8.1_5.3 CIS Controls v8.1 5.3 Disable dormant accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CIS_Controls_v8.1 5.3 CIS_Controls_v8.1_5.3 CIS Controls v8.1 5.3 Disable dormant accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CIS_Controls_v8.1 5.3 CIS_Controls_v8.1_5.3 CIS Controls v8.1 5.3 Disable dormant accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CIS_Controls_v8.1 5.3 CIS_Controls_v8.1_5.3 CIS Controls v8.1 5.3 Disable dormant accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration CIS_Controls_v8.1 5.3 CIS_Controls_v8.1_5.3 CIS Controls v8.1 5.3 Disable dormant accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center CIS_Controls_v8.1 5.3 CIS_Controls_v8.1_5.3 CIS Controls v8.1 5.3 Disable dormant accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CIS_Controls_v8.1 5.3 CIS_Controls_v8.1_5.3 CIS Controls v8.1 5.3 Disable dormant accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CIS_Controls_v8.1 5.3 CIS_Controls_v8.1_5.3 CIS Controls v8.1 5.3 Disable dormant accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CIS_Controls_v8.1 5.3 CIS_Controls_v8.1_5.3 CIS Controls v8.1 5.3 Disable dormant accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CIS_Controls_v8.1 5.3 CIS_Controls_v8.1_5.3 CIS Controls v8.1 5.3 Disable dormant accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network CIS_Controls_v8.1 5.3 CIS_Controls_v8.1_5.3 CIS Controls v8.1 5.3 Disable dormant accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CIS_Controls_v8.1 5.3 CIS_Controls_v8.1_5.3 CIS Controls v8.1 5.3 Disable dormant accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CIS_Controls_v8.1 5.3 CIS_Controls_v8.1_5.3 CIS Controls v8.1 5.3 Disable dormant accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 5.3 CIS_Controls_v8.1_5.3 CIS Controls v8.1 5.3 Disable dormant accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes CIS_Controls_v8.1 5.3 CIS_Controls_v8.1_5.3 CIS Controls v8.1 5.3 Disable dormant accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CIS_Controls_v8.1 5.3 CIS_Controls_v8.1_5.3 CIS Controls v8.1 5.3 Disable dormant accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CIS_Controls_v8.1 5.3 CIS_Controls_v8.1_5.3 CIS Controls v8.1 5.3 Disable dormant accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage CIS_Controls_v8.1 5.3 CIS_Controls_v8.1_5.3 CIS Controls v8.1 5.3 Disable dormant accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CIS_Controls_v8.1 5.3 CIS_Controls_v8.1_5.3 CIS Controls v8.1 5.3 Disable dormant accounts CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 5.4 CIS_Controls_v8.1_5.4 CIS Controls v8.1 5.4 Restrict administrator privileges to dedicated administrator accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration CIS_Controls_v8.1 5.4 CIS_Controls_v8.1_5.4 CIS Controls v8.1 5.4 Restrict administrator privileges to dedicated administrator accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault CIS_Controls_v8.1 5.4 CIS_Controls_v8.1_5.4 CIS Controls v8.1 5.4 Restrict administrator privileges to dedicated administrator accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub CIS_Controls_v8.1 5.4 CIS_Controls_v8.1_5.4 CIS Controls v8.1 5.4 Restrict administrator privileges to dedicated administrator accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 5.4 CIS_Controls_v8.1_5.4 CIS Controls v8.1 5.4 Restrict administrator privileges to dedicated administrator accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management CIS_Controls_v8.1 5.4 CIS_Controls_v8.1_5.4 CIS Controls v8.1 5.4 Restrict administrator privileges to dedicated administrator accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL CIS_Controls_v8.1 5.4 CIS_Controls_v8.1_5.4 CIS Controls v8.1 5.4 Restrict administrator privileges to dedicated administrator accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration CIS_Controls_v8.1 5.4 CIS_Controls_v8.1_5.4 CIS Controls v8.1 5.4 Restrict administrator privileges to dedicated administrator accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CIS_Controls_v8.1 5.4 CIS_Controls_v8.1_5.4 CIS Controls v8.1 5.4 Restrict administrator privileges to dedicated administrator accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault CIS_Controls_v8.1 5.4 CIS_Controls_v8.1_5.4 CIS Controls v8.1 5.4 Restrict administrator privileges to dedicated administrator accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center CIS_Controls_v8.1 5.4 CIS_Controls_v8.1_5.4 CIS Controls v8.1 5.4 Restrict administrator privileges to dedicated administrator accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CIS_Controls_v8.1 5.4 CIS_Controls_v8.1_5.4 CIS Controls v8.1 5.4 Restrict administrator privileges to dedicated administrator accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration CIS_Controls_v8.1 5.4 CIS_Controls_v8.1_5.4 CIS Controls v8.1 5.4 Restrict administrator privileges to dedicated administrator accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration CIS_Controls_v8.1 5.4 CIS_Controls_v8.1_5.4 CIS Controls v8.1 5.4 Restrict administrator privileges to dedicated administrator accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CIS_Controls_v8.1 5.4 CIS_Controls_v8.1_5.4 CIS Controls v8.1 5.4 Restrict administrator privileges to dedicated administrator accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub CIS_Controls_v8.1 5.4 CIS_Controls_v8.1_5.4 CIS Controls v8.1 5.4 Restrict administrator privileges to dedicated administrator accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage CIS_Controls_v8.1 5.4 CIS_Controls_v8.1_5.4 CIS Controls v8.1 5.4 Restrict administrator privileges to dedicated administrator accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration CIS_Controls_v8.1 5.4 CIS_Controls_v8.1_5.4 CIS Controls v8.1 5.4 Restrict administrator privileges to dedicated administrator accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning CIS_Controls_v8.1 5.4 CIS_Controls_v8.1_5.4 CIS Controls v8.1 5.4 Restrict administrator privileges to dedicated administrator accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CIS_Controls_v8.1 5.4 CIS_Controls_v8.1_5.4 CIS Controls v8.1 5.4 Restrict administrator privileges to dedicated administrator accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration CIS_Controls_v8.1 5.4 CIS_Controls_v8.1_5.4 CIS Controls v8.1 5.4 Restrict administrator privileges to dedicated administrator accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CIS_Controls_v8.1 5.4 CIS_Controls_v8.1_5.4 CIS Controls v8.1 5.4 Restrict administrator privileges to dedicated administrator accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CIS_Controls_v8.1 5.5 CIS_Controls_v8.1_5.5 CIS Controls v8.1 5.5 Establish and maintain an inventory of service accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CIS_Controls_v8.1 5.5 CIS_Controls_v8.1_5.5 CIS Controls v8.1 5.5 Establish and maintain an inventory of service accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 5.5 CIS_Controls_v8.1_5.5 CIS Controls v8.1 5.5 Establish and maintain an inventory of service accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration CIS_Controls_v8.1 5.5 CIS_Controls_v8.1_5.5 CIS Controls v8.1 5.5 Establish and maintain an inventory of service accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL CIS_Controls_v8.1 5.5 CIS_Controls_v8.1_5.5 CIS Controls v8.1 5.5 Establish and maintain an inventory of service accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring CIS_Controls_v8.1 5.5 CIS_Controls_v8.1_5.5 CIS Controls v8.1 5.5 Establish and maintain an inventory of service accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 5.5 CIS_Controls_v8.1_5.5 CIS Controls v8.1 5.5 Establish and maintain an inventory of service accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CIS_Controls_v8.1 5.5 CIS_Controls_v8.1_5.5 CIS Controls v8.1 5.5 Establish and maintain an inventory of service accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration CIS_Controls_v8.1 5.5 CIS_Controls_v8.1_5.5 CIS Controls v8.1 5.5 Establish and maintain an inventory of service accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CIS_Controls_v8.1 5.5 CIS_Controls_v8.1_5.5 CIS Controls v8.1 5.5 Establish and maintain an inventory of service accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration CIS_Controls_v8.1 5.5 CIS_Controls_v8.1_5.5 CIS Controls v8.1 5.5 Establish and maintain an inventory of service accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage CIS_Controls_v8.1 5.5 CIS_Controls_v8.1_5.5 CIS Controls v8.1 5.5 Establish and maintain an inventory of service accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub CIS_Controls_v8.1 5.5 CIS_Controls_v8.1_5.5 CIS Controls v8.1 5.5 Establish and maintain an inventory of service accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring CIS_Controls_v8.1 5.5 CIS_Controls_v8.1_5.5 CIS Controls v8.1 5.5 Establish and maintain an inventory of service accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring CIS_Controls_v8.1 5.5 CIS_Controls_v8.1_5.5 CIS Controls v8.1 5.5 Establish and maintain an inventory of service accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault CIS_Controls_v8.1 5.5 CIS_Controls_v8.1_5.5 CIS Controls v8.1 5.5 Establish and maintain an inventory of service accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center CIS_Controls_v8.1 5.5 CIS_Controls_v8.1_5.5 CIS Controls v8.1 5.5 Establish and maintain an inventory of service accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning CIS_Controls_v8.1 5.5 CIS_Controls_v8.1_5.5 CIS Controls v8.1 5.5 Establish and maintain an inventory of service accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CIS_Controls_v8.1 5.5 CIS_Controls_v8.1_5.5 CIS Controls v8.1 5.5 Establish and maintain an inventory of service accounts. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning CIS_Controls_v8.1 5.6 CIS_Controls_v8.1_5.6 CIS Controls v8.1 5.6 Centralize account management CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration CIS_Controls_v8.1 5.6 CIS_Controls_v8.1_5.6 CIS Controls v8.1 5.6 Centralize account management CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CIS_Controls_v8.1 5.6 CIS_Controls_v8.1_5.6 CIS Controls v8.1 5.6 Centralize account management CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CIS_Controls_v8.1 5.6 CIS_Controls_v8.1_5.6 CIS Controls v8.1 5.6 Centralize account management CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CIS_Controls_v8.1 5.6 CIS_Controls_v8.1_5.6 CIS Controls v8.1 5.6 Centralize account management CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL CIS_Controls_v8.1 5.6 CIS_Controls_v8.1_5.6 CIS Controls v8.1 5.6 Centralize account management CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CIS_Controls_v8.1 5.6 CIS_Controls_v8.1_5.6 CIS Controls v8.1 5.6 Centralize account management CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CIS_Controls_v8.1 5.6 CIS_Controls_v8.1_5.6 CIS Controls v8.1 5.6 Centralize account management CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 5.6 CIS_Controls_v8.1_5.6 CIS Controls v8.1 5.6 Centralize account management CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring CIS_Controls_v8.1 5.6 CIS_Controls_v8.1_5.6 CIS Controls v8.1 5.6 Centralize account management CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 5.6 CIS_Controls_v8.1_5.6 CIS Controls v8.1 5.6 Centralize account management CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub CIS_Controls_v8.1 5.6 CIS_Controls_v8.1_5.6 CIS Controls v8.1 5.6 Centralize account management CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring CIS_Controls_v8.1 5.6 CIS_Controls_v8.1_5.6 CIS Controls v8.1 5.6 Centralize account management CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring CIS_Controls_v8.1 5.6 CIS_Controls_v8.1_5.6 CIS Controls v8.1 5.6 Centralize account management CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault CIS_Controls_v8.1 5.6 CIS_Controls_v8.1_5.6 CIS Controls v8.1 5.6 Centralize account management CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center CIS_Controls_v8.1 5.6 CIS_Controls_v8.1_5.6 CIS Controls v8.1 5.6 Centralize account management CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CIS_Controls_v8.1 5.6 CIS_Controls_v8.1_5.6 CIS Controls v8.1 5.6 Centralize account management CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration CIS_Controls_v8.1 5.6 CIS_Controls_v8.1_5.6 CIS Controls v8.1 5.6 Centralize account management CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration CIS_Controls_v8.1 5.6 CIS_Controls_v8.1_5.6 CIS Controls v8.1 5.6 Centralize account management CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage CIS_Controls_v8.1 5.6 CIS_Controls_v8.1_5.6 CIS Controls v8.1 5.6 Centralize account management CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CIS_Controls_v8.1 6.1 CIS_Controls_v8.1_6.1 CIS Controls v8.1 6.1 Establish an access granting process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault CIS_Controls_v8.1 6.1 CIS_Controls_v8.1_6.1 CIS Controls v8.1 6.1 Establish an access granting process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub CIS_Controls_v8.1 6.1 CIS_Controls_v8.1_6.1 CIS Controls v8.1 6.1 Establish an access granting process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 6.1 CIS_Controls_v8.1_6.1 CIS Controls v8.1 6.1 Establish an access granting process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CIS_Controls_v8.1 6.1 CIS_Controls_v8.1_6.1 CIS Controls v8.1 6.1 Establish an access granting process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration CIS_Controls_v8.1 6.1 CIS_Controls_v8.1_6.1 CIS Controls v8.1 6.1 Establish an access granting process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CIS_Controls_v8.1 6.1 CIS_Controls_v8.1_6.1 CIS Controls v8.1 6.1 Establish an access granting process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CIS_Controls_v8.1 6.1 CIS_Controls_v8.1_6.1 CIS Controls v8.1 6.1 Establish an access granting process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CIS_Controls_v8.1 6.1 CIS_Controls_v8.1_6.1 CIS Controls v8.1 6.1 Establish an access granting process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL CIS_Controls_v8.1 6.1 CIS_Controls_v8.1_6.1 CIS Controls v8.1 6.1 Establish an access granting process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CIS_Controls_v8.1 6.1 CIS_Controls_v8.1_6.1 CIS Controls v8.1 6.1 Establish an access granting process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration CIS_Controls_v8.1 6.1 CIS_Controls_v8.1_6.1 CIS Controls v8.1 6.1 Establish an access granting process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning CIS_Controls_v8.1 6.1 CIS_Controls_v8.1_6.1 CIS Controls v8.1 6.1 Establish an access granting process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center CIS_Controls_v8.1 6.1 CIS_Controls_v8.1_6.1 CIS Controls v8.1 6.1 Establish an access granting process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CIS_Controls_v8.1 6.1 CIS_Controls_v8.1_6.1 CIS Controls v8.1 6.1 Establish an access granting process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration CIS_Controls_v8.1 6.1 CIS_Controls_v8.1_6.1 CIS Controls v8.1 6.1 Establish an access granting process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage CIS_Controls_v8.1 6.1 CIS_Controls_v8.1_6.1 CIS Controls v8.1 6.1 Establish an access granting process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CIS_Controls_v8.1 6.1 CIS_Controls_v8.1_6.1 CIS Controls v8.1 6.1 Establish an access granting process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CIS_Controls_v8.1 6.1 CIS_Controls_v8.1_6.1 CIS Controls v8.1 6.1 Establish an access granting process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes CIS_Controls_v8.1 6.1 CIS_Controls_v8.1_6.1 CIS Controls v8.1 6.1 Establish an access granting process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CIS_Controls_v8.1 6.1 CIS_Controls_v8.1_6.1 CIS Controls v8.1 6.1 Establish an access granting process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network CIS_Controls_v8.1 6.1 CIS_Controls_v8.1_6.1 CIS Controls v8.1 6.1 Establish an access granting process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 6.1 CIS_Controls_v8.1_6.1 CIS Controls v8.1 6.1 Establish an access granting process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault CIS_Controls_v8.1 6.2 CIS_Controls_v8.1_6.2 CIS Controls v8.1 6.2 Establish an access revoking process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 6.2 CIS_Controls_v8.1_6.2 CIS Controls v8.1 6.2 Establish an access revoking process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration CIS_Controls_v8.1 6.2 CIS_Controls_v8.1_6.2 CIS Controls v8.1 6.2 Establish an access revoking process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL CIS_Controls_v8.1 6.2 CIS_Controls_v8.1_6.2 CIS Controls v8.1 6.2 Establish an access revoking process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration CIS_Controls_v8.1 6.2 CIS_Controls_v8.1_6.2 CIS Controls v8.1 6.2 Establish an access revoking process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CIS_Controls_v8.1 6.2 CIS_Controls_v8.1_6.2 CIS Controls v8.1 6.2 Establish an access revoking process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CIS_Controls_v8.1 6.2 CIS_Controls_v8.1_6.2 CIS Controls v8.1 6.2 Establish an access revoking process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CIS_Controls_v8.1 6.2 CIS_Controls_v8.1_6.2 CIS Controls v8.1 6.2 Establish an access revoking process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CIS_Controls_v8.1 6.2 CIS_Controls_v8.1_6.2 CIS Controls v8.1 6.2 Establish an access revoking process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CIS_Controls_v8.1 6.2 CIS_Controls_v8.1_6.2 CIS Controls v8.1 6.2 Establish an access revoking process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub CIS_Controls_v8.1 6.2 CIS_Controls_v8.1_6.2 CIS Controls v8.1 6.2 Establish an access revoking process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center CIS_Controls_v8.1 6.2 CIS_Controls_v8.1_6.2 CIS Controls v8.1 6.2 Establish an access revoking process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CIS_Controls_v8.1 6.2 CIS_Controls_v8.1_6.2 CIS Controls v8.1 6.2 Establish an access revoking process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CIS_Controls_v8.1 6.2 CIS_Controls_v8.1_6.2 CIS Controls v8.1 6.2 Establish an access revoking process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network CIS_Controls_v8.1 6.2 CIS_Controls_v8.1_6.2 CIS Controls v8.1 6.2 Establish an access revoking process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CIS_Controls_v8.1 6.2 CIS_Controls_v8.1_6.2 CIS Controls v8.1 6.2 Establish an access revoking process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes CIS_Controls_v8.1 6.2 CIS_Controls_v8.1_6.2 CIS Controls v8.1 6.2 Establish an access revoking process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CIS_Controls_v8.1 6.2 CIS_Controls_v8.1_6.2 CIS Controls v8.1 6.2 Establish an access revoking process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning CIS_Controls_v8.1 6.2 CIS_Controls_v8.1_6.2 CIS Controls v8.1 6.2 Establish an access revoking process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 6.2 CIS_Controls_v8.1_6.2 CIS Controls v8.1 6.2 Establish an access revoking process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage CIS_Controls_v8.1 6.2 CIS_Controls_v8.1_6.2 CIS Controls v8.1 6.2 Establish an access revoking process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration CIS_Controls_v8.1 6.2 CIS_Controls_v8.1_6.2 CIS Controls v8.1 6.2 Establish an access revoking process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CIS_Controls_v8.1 6.2 CIS_Controls_v8.1_6.2 CIS Controls v8.1 6.2 Establish an access revoking process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CIS_Controls_v8.1 6.2 CIS_Controls_v8.1_6.2 CIS Controls v8.1 6.2 Establish an access revoking process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup CIS_Controls_v8.1 6.3 CIS_Controls_v8.1_6.3 CIS Controls v8.1 6.3 Require MFA for externally-exposed applications CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services CIS_Controls_v8.1 6.3 CIS_Controls_v8.1_6.3 CIS Controls v8.1 6.3 Require MFA for externally-exposed applications CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery CIS_Controls_v8.1 6.3 CIS_Controls_v8.1_6.3 CIS Controls v8.1 6.3 Require MFA for externally-exposed applications CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network CIS_Controls_v8.1 6.3 CIS_Controls_v8.1_6.3 CIS Controls v8.1 6.3 Require MFA for externally-exposed applications CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache CIS_Controls_v8.1 6.3 CIS_Controls_v8.1_6.3 CIS Controls v8.1 6.3 Require MFA for externally-exposed applications CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL CIS_Controls_v8.1 6.3 CIS_Controls_v8.1_6.3 CIS Controls v8.1 6.3 Require MFA for externally-exposed applications CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL CIS_Controls_v8.1 6.3 CIS_Controls_v8.1_6.3 CIS Controls v8.1 6.3 Require MFA for externally-exposed applications CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup CIS_Controls_v8.1 6.4 CIS_Controls_v8.1_6.4 CIS Controls v8.1 6.4 Require MFA for remote network access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL CIS_Controls_v8.1 6.4 CIS_Controls_v8.1_6.4 CIS Controls v8.1 6.4 Require MFA for remote network access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery CIS_Controls_v8.1 6.4 CIS_Controls_v8.1_6.4 CIS Controls v8.1 6.4 Require MFA for remote network access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network CIS_Controls_v8.1 6.4 CIS_Controls_v8.1_6.4 CIS Controls v8.1 6.4 Require MFA for remote network access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services CIS_Controls_v8.1 6.4 CIS_Controls_v8.1_6.4 CIS Controls v8.1 6.4 Require MFA for remote network access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL CIS_Controls_v8.1 6.4 CIS_Controls_v8.1_6.4 CIS Controls v8.1 6.4 Require MFA for remote network access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache CIS_Controls_v8.1 6.4 CIS_Controls_v8.1_6.4 CIS Controls v8.1 6.4 Require MFA for remote network access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring CIS_Controls_v8.1 6.5 CIS_Controls_v8.1_6.5 CIS Controls v8.1 6.5 Require MFA for administrative access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring CIS_Controls_v8.1 6.5 CIS_Controls_v8.1_6.5 CIS Controls v8.1 6.5 Require MFA for administrative access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring CIS_Controls_v8.1 6.5 CIS_Controls_v8.1_6.5 CIS Controls v8.1 6.5 Require MFA for administrative access CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring CIS_Controls_v8.1 6.7 CIS_Controls_v8.1_6.7 CIS Controls v8.1 6.7 Centralize access control CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring CIS_Controls_v8.1 6.7 CIS_Controls_v8.1_6.7 CIS Controls v8.1 6.7 Centralize access control CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring CIS_Controls_v8.1 6.7 CIS_Controls_v8.1_6.7 CIS Controls v8.1 6.7 Centralize access control CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring CIS_Controls_v8.1 6.8 CIS_Controls_v8.1_6.8 CIS Controls v8.1 6.8 Define and maintain role-based access control. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning CIS_Controls_v8.1 6.8 CIS_Controls_v8.1_6.8 CIS Controls v8.1 6.8 Define and maintain role-based access control. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CIS_Controls_v8.1 6.8 CIS_Controls_v8.1_6.8 CIS Controls v8.1 6.8 Define and maintain role-based access control. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL CIS_Controls_v8.1 6.8 CIS_Controls_v8.1_6.8 CIS Controls v8.1 6.8 Define and maintain role-based access control. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CIS_Controls_v8.1 6.8 CIS_Controls_v8.1_6.8 CIS Controls v8.1 6.8 Define and maintain role-based access control. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CIS_Controls_v8.1 6.8 CIS_Controls_v8.1_6.8 CIS Controls v8.1 6.8 Define and maintain role-based access control. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CIS_Controls_v8.1 6.8 CIS_Controls_v8.1_6.8 CIS Controls v8.1 6.8 Define and maintain role-based access control. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CIS_Controls_v8.1 6.8 CIS_Controls_v8.1_6.8 CIS Controls v8.1 6.8 Define and maintain role-based access control. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management CIS_Controls_v8.1 6.8 CIS_Controls_v8.1_6.8 CIS Controls v8.1 6.8 Define and maintain role-based access control. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL CIS_Controls_v8.1 6.8 CIS_Controls_v8.1_6.8 CIS Controls v8.1 6.8 Define and maintain role-based access control. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR CIS_Controls_v8.1 6.8 CIS_Controls_v8.1_6.8 CIS Controls v8.1 6.8 Define and maintain role-based access control. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center CIS_Controls_v8.1 6.8 CIS_Controls_v8.1_6.8 CIS Controls v8.1 6.8 Define and maintain role-based access control. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring CIS_Controls_v8.1 6.8 CIS_Controls_v8.1_6.8 CIS Controls v8.1 6.8 Define and maintain role-based access control. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CIS_Controls_v8.1 6.8 CIS_Controls_v8.1_6.8 CIS Controls v8.1 6.8 Define and maintain role-based access control. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus CIS_Controls_v8.1 6.8 CIS_Controls_v8.1_6.8 CIS Controls v8.1 6.8 Define and maintain role-based access control. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes CIS_Controls_v8.1 6.8 CIS_Controls_v8.1_6.8 CIS Controls v8.1 6.8 Define and maintain role-based access control. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL CIS_Controls_v8.1 6.8 CIS_Controls_v8.1_6.8 CIS Controls v8.1 6.8 Define and maintain role-based access control. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute CIS_Controls_v8.1 6.8 CIS_Controls_v8.1_6.8 CIS Controls v8.1 6.8 Define and maintain role-based access control. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring CIS_Controls_v8.1 6.8 CIS_Controls_v8.1_6.8 CIS Controls v8.1 6.8 Define and maintain role-based access control. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CIS_Controls_v8.1 6.8 CIS_Controls_v8.1_6.8 CIS Controls v8.1 6.8 Define and maintain role-based access control. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CIS_Controls_v8.1 6.8 CIS_Controls_v8.1_6.8 CIS Controls v8.1 6.8 Define and maintain role-based access control. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes CIS_Controls_v8.1 6.8 CIS_Controls_v8.1_6.8 CIS Controls v8.1 6.8 Define and maintain role-based access control. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB CIS_Controls_v8.1 6.8 CIS_Controls_v8.1_6.8 CIS Controls v8.1 6.8 Define and maintain role-based access control. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CIS_Controls_v8.1 6.8 CIS_Controls_v8.1_6.8 CIS Controls v8.1 6.8 Define and maintain role-based access control. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub CIS_Controls_v8.1 6.8 CIS_Controls_v8.1_6.8 CIS Controls v8.1 6.8 Define and maintain role-based access control. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CIS_Controls_v8.1 6.8 CIS_Controls_v8.1_6.8 CIS Controls v8.1 6.8 Define and maintain role-based access control. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration CIS_Controls_v8.1 6.8 CIS_Controls_v8.1_6.8 CIS Controls v8.1 6.8 Define and maintain role-based access control. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch CIS_Controls_v8.1 6.8 CIS_Controls_v8.1_6.8 CIS Controls v8.1 6.8 Define and maintain role-based access control. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration CIS_Controls_v8.1 6.8 CIS_Controls_v8.1_6.8 CIS Controls v8.1 6.8 Define and maintain role-based access control. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration CIS_Controls_v8.1 6.8 CIS_Controls_v8.1_6.8 CIS Controls v8.1 6.8 Define and maintain role-based access control. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CIS_Controls_v8.1 7.1 CIS_Controls_v8.1_7.1 CIS Controls v8.1 7.1 Establish and maintain a vulnerability management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager CIS_Controls_v8.1 7.3 CIS_Controls_v8.1_7.3 CIS Controls v8.1 7.3 Perform automated operating system patch management CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center CIS_Controls_v8.1 7.6 CIS_Controls_v8.1_7.6 CIS Controls v8.1 7.6 Perform automated vulnerability scans of externally-exposed enterprise assets CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration CIS_Controls_v8.1 8.1 CIS_Controls_v8.1_8.1 CIS Controls v8.1 8.1 Establish and maintain an audit log management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CIS_Controls_v8.1 8.1 CIS_Controls_v8.1_8.1 CIS Controls v8.1 8.1 Establish and maintain an audit log management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus CIS_Controls_v8.1 8.1 CIS_Controls_v8.1_8.1 CIS Controls v8.1 8.1 Establish and maintain an audit log management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics CIS_Controls_v8.1 8.1 CIS_Controls_v8.1_8.1 CIS Controls v8.1 8.1 Establish and maintain an audit log management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake CIS_Controls_v8.1 8.1 CIS_Controls_v8.1_8.1 CIS Controls v8.1 8.1 Establish and maintain an audit log management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes CIS_Controls_v8.1 8.1 CIS_Controls_v8.1_8.1 CIS Controls v8.1 8.1 Establish and maintain an audit log management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring CIS_Controls_v8.1 8.1 CIS_Controls_v8.1_8.1 CIS Controls v8.1 8.1 Establish and maintain an audit log management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake CIS_Controls_v8.1 8.1 CIS_Controls_v8.1_8.1 CIS Controls v8.1 8.1 Establish and maintain an audit log management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration CIS_Controls_v8.1 8.1 CIS_Controls_v8.1_8.1 CIS Controls v8.1 8.1 Establish and maintain an audit log management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring CIS_Controls_v8.1 8.1 CIS_Controls_v8.1_8.1 CIS Controls v8.1 8.1 Establish and maintain an audit log management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps CIS_Controls_v8.1 8.1 CIS_Controls_v8.1_8.1 CIS Controls v8.1 8.1 Establish and maintain an audit log management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CIS_Controls_v8.1 8.1 CIS_Controls_v8.1_8.1 CIS Controls v8.1 8.1 Establish and maintain an audit log management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring CIS_Controls_v8.1 8.1 CIS_Controls_v8.1_8.1 CIS Controls v8.1 8.1 Establish and maintain an audit log management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things CIS_Controls_v8.1 8.1 CIS_Controls_v8.1_8.1 CIS Controls v8.1 8.1 Establish and maintain an audit log management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration CIS_Controls_v8.1 8.1 CIS_Controls_v8.1_8.1 CIS Controls v8.1 8.1 Establish and maintain an audit log management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration CIS_Controls_v8.1 8.1 CIS_Controls_v8.1_8.1 CIS Controls v8.1 8.1 Establish and maintain an audit log management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CIS_Controls_v8.1 8.1 CIS_Controls_v8.1_8.1 CIS Controls v8.1 8.1 Establish and maintain an audit log management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network CIS_Controls_v8.1 8.1 CIS_Controls_v8.1_8.1 CIS Controls v8.1 8.1 Establish and maintain an audit log management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CIS_Controls_v8.1 8.1 CIS_Controls_v8.1_8.1 CIS Controls v8.1 8.1 Establish and maintain an audit log management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CIS_Controls_v8.1 8.1 CIS_Controls_v8.1_8.1 CIS Controls v8.1 8.1 Establish and maintain an audit log management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL CIS_Controls_v8.1 8.1 CIS_Controls_v8.1_8.1 CIS Controls v8.1 8.1 Establish and maintain an audit log management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CIS_Controls_v8.1 8.1 CIS_Controls_v8.1_8.1 CIS Controls v8.1 8.1 Establish and maintain an audit log management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault CIS_Controls_v8.1 8.1 CIS_Controls_v8.1_8.1 CIS Controls v8.1 8.1 Establish and maintain an audit log management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CIS_Controls_v8.1 8.1 CIS_Controls_v8.1_8.1 CIS Controls v8.1 8.1 Establish and maintain an audit log management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning CIS_Controls_v8.1 8.1 CIS_Controls_v8.1_8.1 CIS Controls v8.1 8.1 Establish and maintain an audit log management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Controls_v8.1 8.1 CIS_Controls_v8.1_8.1 CIS Controls v8.1 8.1 Establish and maintain an audit log management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General CIS_Controls_v8.1 8.1 CIS_Controls_v8.1_8.1 CIS Controls v8.1 8.1 Establish and maintain an audit log management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache CIS_Controls_v8.1 8.1 CIS_Controls_v8.1_8.1 CIS Controls v8.1 8.1 Establish and maintain an audit log management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service CIS_Controls_v8.1 8.1 CIS_Controls_v8.1_8.1 CIS Controls v8.1 8.1 Establish and maintain an audit log management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CIS_Controls_v8.1 8.1 CIS_Controls_v8.1_8.1 CIS Controls v8.1 8.1 Establish and maintain an audit log management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CIS_Controls_v8.1 8.1 CIS_Controls_v8.1_8.1 CIS Controls v8.1 8.1 Establish and maintain an audit log management process CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d46c275d-1680-448d-b2ec-e495a3b6cc89 Kubernetes cluster services should only use allowed external IPs Kubernetes CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities Kubernetes CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
56fd377d-098c-4f02-8406-81eb055902b8 IP firewall rules on Azure Synapse workspaces should be removed Synapse CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager CIS_Controls_v8.1 8.11 CIS_Controls_v8.1_8.11 CIS Controls v8.1 8.11 Conduct audit log reviews CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration CIS_Controls_v8.1 8.2 CIS_Controls_v8.1_8.2 CIS Controls v8.1 8.2 Collect audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache CIS_Controls_v8.1 8.2 CIS_Controls_v8.1_8.2 CIS Controls v8.1 8.2 Collect audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration CIS_Controls_v8.1 8.2 CIS_Controls_v8.1_8.2 CIS Controls v8.1 8.2 Collect audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus CIS_Controls_v8.1 8.2 CIS_Controls_v8.1_8.2 CIS Controls v8.1 8.2 Collect audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics CIS_Controls_v8.1 8.2 CIS_Controls_v8.1_8.2 CIS Controls v8.1 8.2 Collect audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service CIS_Controls_v8.1 8.2 CIS_Controls_v8.1_8.2 CIS Controls v8.1 8.2 Collect audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CIS_Controls_v8.1 8.2 CIS_Controls_v8.1_8.2 CIS Controls v8.1 8.2 Collect audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CIS_Controls_v8.1 8.2 CIS_Controls_v8.1_8.2 CIS Controls v8.1 8.2 Collect audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CIS_Controls_v8.1 8.2 CIS_Controls_v8.1_8.2 CIS Controls v8.1 8.2 Collect audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General CIS_Controls_v8.1 8.2 CIS_Controls_v8.1_8.2 CIS Controls v8.1 8.2 Collect audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network CIS_Controls_v8.1 8.2 CIS_Controls_v8.1_8.2 CIS Controls v8.1 8.2 Collect audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things CIS_Controls_v8.1 8.2 CIS_Controls_v8.1_8.2 CIS Controls v8.1 8.2 Collect audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake CIS_Controls_v8.1 8.2 CIS_Controls_v8.1_8.2 CIS Controls v8.1 8.2 Collect audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes CIS_Controls_v8.1 8.2 CIS_Controls_v8.1_8.2 CIS Controls v8.1 8.2 Collect audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring CIS_Controls_v8.1 8.2 CIS_Controls_v8.1_8.2 CIS Controls v8.1 8.2 Collect audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake CIS_Controls_v8.1 8.2 CIS_Controls_v8.1_8.2 CIS Controls v8.1 8.2 Collect audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring CIS_Controls_v8.1 8.2 CIS_Controls_v8.1_8.2 CIS Controls v8.1 8.2 Collect audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration CIS_Controls_v8.1 8.2 CIS_Controls_v8.1_8.2 CIS Controls v8.1 8.2 Collect audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring CIS_Controls_v8.1 8.2 CIS_Controls_v8.1_8.2 CIS Controls v8.1 8.2 Collect audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration CIS_Controls_v8.1 8.2 CIS_Controls_v8.1_8.2 CIS Controls v8.1 8.2 Collect audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CIS_Controls_v8.1 8.2 CIS_Controls_v8.1_8.2 CIS Controls v8.1 8.2 Collect audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration CIS_Controls_v8.1 8.2 CIS_Controls_v8.1_8.2 CIS Controls v8.1 8.2 Collect audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning CIS_Controls_v8.1 8.2 CIS_Controls_v8.1_8.2 CIS Controls v8.1 8.2 Collect audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps CIS_Controls_v8.1 8.2 CIS_Controls_v8.1_8.2 CIS Controls v8.1 8.2 Collect audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Controls_v8.1 8.2 CIS_Controls_v8.1_8.2 CIS Controls v8.1 8.2 Collect audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CIS_Controls_v8.1 8.2 CIS_Controls_v8.1_8.2 CIS Controls v8.1 8.2 Collect audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault CIS_Controls_v8.1 8.2 CIS_Controls_v8.1_8.2 CIS Controls v8.1 8.2 Collect audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CIS_Controls_v8.1 8.2 CIS_Controls_v8.1_8.2 CIS Controls v8.1 8.2 Collect audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL CIS_Controls_v8.1 8.2 CIS_Controls_v8.1_8.2 CIS Controls v8.1 8.2 Collect audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CIS_Controls_v8.1 8.2 CIS_Controls_v8.1_8.2 CIS Controls v8.1 8.2 Collect audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CIS_Controls_v8.1 8.2 CIS_Controls_v8.1_8.2 CIS Controls v8.1 8.2 Collect audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CIS_Controls_v8.1 8.2 CIS_Controls_v8.1_8.2 CIS Controls v8.1 8.2 Collect audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps CIS_Controls_v8.1 8.3 CIS_Controls_v8.1_8.3 CIS Controls v8.1 8.3 Ensure adequate audit log storage CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CIS_Controls_v8.1 8.3 CIS_Controls_v8.1_8.3 CIS Controls v8.1 8.3 Ensure adequate audit log storage CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network CIS_Controls_v8.1 8.3 CIS_Controls_v8.1_8.3 CIS Controls v8.1 8.3 Ensure adequate audit log storage CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL CIS_Controls_v8.1 8.3 CIS_Controls_v8.1_8.3 CIS Controls v8.1 8.3 Ensure adequate audit log storage CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CIS_Controls_v8.1 8.3 CIS_Controls_v8.1_8.3 CIS Controls v8.1 8.3 Ensure adequate audit log storage CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CIS_Controls_v8.1 8.3 CIS_Controls_v8.1_8.3 CIS Controls v8.1 8.3 Ensure adequate audit log storage CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CIS_Controls_v8.1 8.3 CIS_Controls_v8.1_8.3 CIS Controls v8.1 8.3 Ensure adequate audit log storage CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CIS_Controls_v8.1 8.3 CIS_Controls_v8.1_8.3 CIS Controls v8.1 8.3 Ensure adequate audit log storage CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning CIS_Controls_v8.1 8.3 CIS_Controls_v8.1_8.3 CIS Controls v8.1 8.3 Ensure adequate audit log storage CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CIS_Controls_v8.1 8.3 CIS_Controls_v8.1_8.3 CIS Controls v8.1 8.3 Ensure adequate audit log storage CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch CIS_Controls_v8.1 8.3 CIS_Controls_v8.1_8.3 CIS Controls v8.1 8.3 Ensure adequate audit log storage CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things CIS_Controls_v8.1 8.3 CIS_Controls_v8.1_8.3 CIS Controls v8.1 8.3 Ensure adequate audit log storage CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CIS_Controls_v8.1 8.3 CIS_Controls_v8.1_8.3 CIS Controls v8.1 8.3 Ensure adequate audit log storage CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring CIS_Controls_v8.1 8.3 CIS_Controls_v8.1_8.3 CIS Controls v8.1 8.3 Ensure adequate audit log storage CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General CIS_Controls_v8.1 8.3 CIS_Controls_v8.1_8.3 CIS Controls v8.1 8.3 Ensure adequate audit log storage CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus CIS_Controls_v8.1 8.3 CIS_Controls_v8.1_8.3 CIS Controls v8.1 8.3 Ensure adequate audit log storage CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics CIS_Controls_v8.1 8.3 CIS_Controls_v8.1_8.3 CIS Controls v8.1 8.3 Ensure adequate audit log storage CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache CIS_Controls_v8.1 8.3 CIS_Controls_v8.1_8.3 CIS Controls v8.1 8.3 Ensure adequate audit log storage CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes CIS_Controls_v8.1 8.3 CIS_Controls_v8.1_8.3 CIS Controls v8.1 8.3 Ensure adequate audit log storage CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake CIS_Controls_v8.1 8.3 CIS_Controls_v8.1_8.3 CIS Controls v8.1 8.3 Ensure adequate audit log storage CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration CIS_Controls_v8.1 8.3 CIS_Controls_v8.1_8.3 CIS Controls v8.1 8.3 Ensure adequate audit log storage CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake CIS_Controls_v8.1 8.3 CIS_Controls_v8.1_8.3 CIS Controls v8.1 8.3 Ensure adequate audit log storage CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault CIS_Controls_v8.1 8.5 CIS_Controls_v8.1_8.5 CIS Controls v8.1 8.5 Collect detailed audit logs. CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring CIS_Controls_v8.1 8.6 CIS_Controls_v8.1_8.6 CIS Controls v8.1 8.6 Collect DNS query audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring CIS_Controls_v8.1 8.6 CIS_Controls_v8.1_8.6 CIS Controls v8.1 8.6 Collect DNS query audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring CIS_Controls_v8.1 8.6 CIS_Controls_v8.1_8.6 CIS Controls v8.1 8.6 Collect DNS query audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network CIS_Controls_v8.1 8.7 CIS_Controls_v8.1_8.7 CIS Controls v8.1 8.7 Collect URL request audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CIS_Controls_v8.1 8.7 CIS_Controls_v8.1_8.7 CIS Controls v8.1 8.7 Collect URL request audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Controls_v8.1 8.7 CIS_Controls_v8.1_8.7 CIS Controls v8.1 8.7 Collect URL request audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CIS_Controls_v8.1 8.7 CIS_Controls_v8.1_8.7 CIS Controls v8.1 8.7 Collect URL request audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service CIS_Controls_v8.1 8.7 CIS_Controls_v8.1_8.7 CIS Controls v8.1 8.7 Collect URL request audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration CIS_Controls_v8.1 8.7 CIS_Controls_v8.1_8.7 CIS Controls v8.1 8.7 Collect URL request audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CIS_Controls_v8.1 8.7 CIS_Controls_v8.1_8.7 CIS Controls v8.1 8.7 Collect URL request audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CIS_Controls_v8.1 8.7 CIS_Controls_v8.1_8.7 CIS Controls v8.1 8.7 Collect URL request audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CIS_Controls_v8.1 8.7 CIS_Controls_v8.1_8.7 CIS Controls v8.1 8.7 Collect URL request audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault CIS_Controls_v8.1 8.7 CIS_Controls_v8.1_8.7 CIS Controls v8.1 8.7 Collect URL request audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration CIS_Controls_v8.1 8.7 CIS_Controls_v8.1_8.7 CIS Controls v8.1 8.7 Collect URL request audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CIS_Controls_v8.1 8.7 CIS_Controls_v8.1_8.7 CIS Controls v8.1 8.7 Collect URL request audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL CIS_Controls_v8.1 8.7 CIS_Controls_v8.1_8.7 CIS Controls v8.1 8.7 Collect URL request audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General CIS_Controls_v8.1 8.7 CIS_Controls_v8.1_8.7 CIS Controls v8.1 8.7 Collect URL request audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CIS_Controls_v8.1 8.7 CIS_Controls_v8.1_8.7 CIS Controls v8.1 8.7 Collect URL request audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning CIS_Controls_v8.1 8.7 CIS_Controls_v8.1_8.7 CIS Controls v8.1 8.7 Collect URL request audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache CIS_Controls_v8.1 8.7 CIS_Controls_v8.1_8.7 CIS Controls v8.1 8.7 Collect URL request audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things CIS_Controls_v8.1 8.7 CIS_Controls_v8.1_8.7 CIS Controls v8.1 8.7 Collect URL request audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CIS_Controls_v8.1 8.7 CIS_Controls_v8.1_8.7 CIS Controls v8.1 8.7 Collect URL request audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CIS_Controls_v8.1 8.7 CIS_Controls_v8.1_8.7 CIS Controls v8.1 8.7 Collect URL request audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps CIS_Controls_v8.1 8.7 CIS_Controls_v8.1_8.7 CIS Controls v8.1 8.7 Collect URL request audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring CIS_Controls_v8.1 8.7 CIS_Controls_v8.1_8.7 CIS Controls v8.1 8.7 Collect URL request audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring CIS_Controls_v8.1 8.7 CIS_Controls_v8.1_8.7 CIS Controls v8.1 8.7 Collect URL request audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus CIS_Controls_v8.1 8.7 CIS_Controls_v8.1_8.7 CIS Controls v8.1 8.7 Collect URL request audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration CIS_Controls_v8.1 8.7 CIS_Controls_v8.1_8.7 CIS Controls v8.1 8.7 Collect URL request audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration CIS_Controls_v8.1 8.7 CIS_Controls_v8.1_8.7 CIS Controls v8.1 8.7 Collect URL request audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics CIS_Controls_v8.1 8.7 CIS_Controls_v8.1_8.7 CIS Controls v8.1 8.7 Collect URL request audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake CIS_Controls_v8.1 8.7 CIS_Controls_v8.1_8.7 CIS Controls v8.1 8.7 Collect URL request audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake CIS_Controls_v8.1 8.7 CIS_Controls_v8.1_8.7 CIS Controls v8.1 8.7 Collect URL request audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes CIS_Controls_v8.1 8.7 CIS_Controls_v8.1_8.7 CIS Controls v8.1 8.7 Collect URL request audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring CIS_Controls_v8.1 8.7 CIS_Controls_v8.1_8.7 CIS Controls v8.1 8.7 Collect URL request audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring CIS_Controls_v8.1 8.8 CIS_Controls_v8.1_8.8 CIS Controls v8.1 8.8 Collect command-line audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things CIS_Controls_v8.1 8.8 CIS_Controls_v8.1_8.8 CIS Controls v8.1 8.8 Collect command-line audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration CIS_Controls_v8.1 8.8 CIS_Controls_v8.1_8.8 CIS Controls v8.1 8.8 Collect command-line audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake CIS_Controls_v8.1 8.8 CIS_Controls_v8.1_8.8 CIS Controls v8.1 8.8 Collect command-line audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CIS_Controls_v8.1 8.8 CIS_Controls_v8.1_8.8 CIS Controls v8.1 8.8 Collect command-line audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CIS_Controls_v8.1 8.8 CIS_Controls_v8.1_8.8 CIS Controls v8.1 8.8 Collect command-line audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring CIS_Controls_v8.1 8.8 CIS_Controls_v8.1_8.8 CIS Controls v8.1 8.8 Collect command-line audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes CIS_Controls_v8.1 8.8 CIS_Controls_v8.1_8.8 CIS Controls v8.1 8.8 Collect command-line audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache CIS_Controls_v8.1 8.8 CIS_Controls_v8.1_8.8 CIS Controls v8.1 8.8 Collect command-line audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake CIS_Controls_v8.1 8.8 CIS_Controls_v8.1_8.8 CIS Controls v8.1 8.8 Collect command-line audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics CIS_Controls_v8.1 8.8 CIS_Controls_v8.1_8.8 CIS Controls v8.1 8.8 Collect command-line audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus CIS_Controls_v8.1 8.8 CIS_Controls_v8.1_8.8 CIS Controls v8.1 8.8 Collect command-line audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network CIS_Controls_v8.1 8.8 CIS_Controls_v8.1_8.8 CIS Controls v8.1 8.8 Collect command-line audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps CIS_Controls_v8.1 8.8 CIS_Controls_v8.1_8.8 CIS Controls v8.1 8.8 Collect command-line audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration CIS_Controls_v8.1 8.8 CIS_Controls_v8.1_8.8 CIS Controls v8.1 8.8 Collect command-line audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration CIS_Controls_v8.1 8.8 CIS_Controls_v8.1_8.8 CIS Controls v8.1 8.8 Collect command-line audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Controls_v8.1 8.8 CIS_Controls_v8.1_8.8 CIS Controls v8.1 8.8 Collect command-line audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CIS_Controls_v8.1 8.8 CIS_Controls_v8.1_8.8 CIS Controls v8.1 8.8 Collect command-line audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault CIS_Controls_v8.1 8.8 CIS_Controls_v8.1_8.8 CIS Controls v8.1 8.8 Collect command-line audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CIS_Controls_v8.1 8.8 CIS_Controls_v8.1_8.8 CIS Controls v8.1 8.8 Collect command-line audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL CIS_Controls_v8.1 8.8 CIS_Controls_v8.1_8.8 CIS Controls v8.1 8.8 Collect command-line audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CIS_Controls_v8.1 8.8 CIS_Controls_v8.1_8.8 CIS Controls v8.1 8.8 Collect command-line audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring CIS_Controls_v8.1 8.8 CIS_Controls_v8.1_8.8 CIS Controls v8.1 8.8 Collect command-line audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CIS_Controls_v8.1 8.8 CIS_Controls_v8.1_8.8 CIS Controls v8.1 8.8 Collect command-line audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning CIS_Controls_v8.1 8.8 CIS_Controls_v8.1_8.8 CIS Controls v8.1 8.8 Collect command-line audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CIS_Controls_v8.1 8.8 CIS_Controls_v8.1_8.8 CIS Controls v8.1 8.8 Collect command-line audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General CIS_Controls_v8.1 8.8 CIS_Controls_v8.1_8.8 CIS Controls v8.1 8.8 Collect command-line audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration CIS_Controls_v8.1 8.8 CIS_Controls_v8.1_8.8 CIS Controls v8.1 8.8 Collect command-line audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CIS_Controls_v8.1 8.8 CIS_Controls_v8.1_8.8 CIS Controls v8.1 8.8 Collect command-line audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service CIS_Controls_v8.1 8.8 CIS_Controls_v8.1_8.8 CIS Controls v8.1 8.8 Collect command-line audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CIS_Controls_v8.1 8.8 CIS_Controls_v8.1_8.8 CIS Controls v8.1 8.8 Collect command-line audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CIS_Controls_v8.1 8.9 CIS_Controls_v8.1_8.9 CIS Controls v8.1 8.9 Centralize audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL CIS_Controls_v8.1 8.9 CIS_Controls_v8.1_8.9 CIS Controls v8.1 8.9 Centralize audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration CIS_Controls_v8.1 8.9 CIS_Controls_v8.1_8.9 CIS Controls v8.1 8.9 Centralize audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration CIS_Controls_v8.1 8.9 CIS_Controls_v8.1_8.9 CIS Controls v8.1 8.9 Centralize audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration CIS_Controls_v8.1 8.9 CIS_Controls_v8.1_8.9 CIS Controls v8.1 8.9 Centralize audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake CIS_Controls_v8.1 8.9 CIS_Controls_v8.1_8.9 CIS Controls v8.1 8.9 Centralize audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring CIS_Controls_v8.1 8.9 CIS_Controls_v8.1_8.9 CIS Controls v8.1 8.9 Centralize audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CIS_Controls_v8.1 8.9 CIS_Controls_v8.1_8.9 CIS Controls v8.1 8.9 Centralize audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring CIS_Controls_v8.1 8.9 CIS_Controls_v8.1_8.9 CIS Controls v8.1 8.9 Centralize audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things CIS_Controls_v8.1 8.9 CIS_Controls_v8.1_8.9 CIS Controls v8.1 8.9 Centralize audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CIS_Controls_v8.1 8.9 CIS_Controls_v8.1_8.9 CIS Controls v8.1 8.9 Centralize audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring CIS_Controls_v8.1 8.9 CIS_Controls_v8.1_8.9 CIS Controls v8.1 8.9 Centralize audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network CIS_Controls_v8.1 8.9 CIS_Controls_v8.1_8.9 CIS Controls v8.1 8.9 Centralize audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes CIS_Controls_v8.1 8.9 CIS_Controls_v8.1_8.9 CIS Controls v8.1 8.9 Centralize audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake CIS_Controls_v8.1 8.9 CIS_Controls_v8.1_8.9 CIS Controls v8.1 8.9 Centralize audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics CIS_Controls_v8.1 8.9 CIS_Controls_v8.1_8.9 CIS Controls v8.1 8.9 Centralize audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus CIS_Controls_v8.1 8.9 CIS_Controls_v8.1_8.9 CIS Controls v8.1 8.9 Centralize audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps CIS_Controls_v8.1 8.9 CIS_Controls_v8.1_8.9 CIS Controls v8.1 8.9 Centralize audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CIS_Controls_v8.1 8.9 CIS_Controls_v8.1_8.9 CIS Controls v8.1 8.9 Centralize audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General CIS_Controls_v8.1 8.9 CIS_Controls_v8.1_8.9 CIS Controls v8.1 8.9 Centralize audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Controls_v8.1 8.9 CIS_Controls_v8.1_8.9 CIS Controls v8.1 8.9 Centralize audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CIS_Controls_v8.1 8.9 CIS_Controls_v8.1_8.9 CIS Controls v8.1 8.9 Centralize audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault CIS_Controls_v8.1 8.9 CIS_Controls_v8.1_8.9 CIS Controls v8.1 8.9 Centralize audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CIS_Controls_v8.1 8.9 CIS_Controls_v8.1_8.9 CIS Controls v8.1 8.9 Centralize audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CIS_Controls_v8.1 8.9 CIS_Controls_v8.1_8.9 CIS Controls v8.1 8.9 Centralize audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CIS_Controls_v8.1 8.9 CIS_Controls_v8.1_8.9 CIS Controls v8.1 8.9 Centralize audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning CIS_Controls_v8.1 8.9 CIS_Controls_v8.1_8.9 CIS Controls v8.1 8.9 Centralize audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service CIS_Controls_v8.1 8.9 CIS_Controls_v8.1_8.9 CIS Controls v8.1 8.9 Centralize audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration CIS_Controls_v8.1 8.9 CIS_Controls_v8.1_8.9 CIS Controls v8.1 8.9 Centralize audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CIS_Controls_v8.1 8.9 CIS_Controls_v8.1_8.9 CIS Controls v8.1 8.9 Centralize audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache CIS_Controls_v8.1 8.9 CIS_Controls_v8.1_8.9 CIS Controls v8.1 8.9 Centralize audit logs CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Controls_v8.1 9.3 CIS_Controls_v8.1_9.3 CIS Controls v8.1 9.3 Maintain and enforce network-based URL filters CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Controls_v8.1 9.3 CIS_Controls_v8.1_9.3 CIS Controls v8.1 9.3 Maintain and enforce network-based URL filters CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes CIS_Controls_v8.1 9.3 CIS_Controls_v8.1_9.3 CIS Controls v8.1 9.3 Maintain and enforce network-based URL filters CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CIS_Controls_v8.1 9.3 CIS_Controls_v8.1_9.3 CIS Controls v8.1 9.3 Maintain and enforce network-based URL filters CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CIS_Controls_v8.1 9.3 CIS_Controls_v8.1_9.3 CIS Controls v8.1 9.3 Maintain and enforce network-based URL filters CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CIS_Controls_v8.1 9.3 CIS_Controls_v8.1_9.3 CIS Controls v8.1 9.3 Maintain and enforce network-based URL filters CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Controls_v8.1 9.3 CIS_Controls_v8.1_9.3 CIS Controls v8.1 9.3 Maintain and enforce network-based URL filters CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration CIS_Controls_v8.1 9.3 CIS_Controls_v8.1_9.3 CIS Controls v8.1 9.3 Maintain and enforce network-based URL filters CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CIS_Controls_v8.1 9.3 CIS_Controls_v8.1_9.3 CIS Controls v8.1 9.3 Maintain and enforce network-based URL filters CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CIS_Controls_v8.1 9.7 CIS_Controls_v8.1_9.7 CIS Controls v8.1 9.7 Deploy and maintain email server anti-malware protections CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CIS_Controls_v8.1 9.7 CIS_Controls_v8.1_9.7 CIS Controls v8.1 9.7 Deploy and maintain email server anti-malware protections CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CIS_Controls_v8.1 9.7 CIS_Controls_v8.1_9.7 CIS Controls v8.1 9.7 Deploy and maintain email server anti-malware protections CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Controls_v8.1 9.7 CIS_Controls_v8.1_9.7 CIS Controls v8.1 9.7 Deploy and maintain email server anti-malware protections CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CIS_Controls_v8.1 9.7 CIS_Controls_v8.1_9.7 CIS Controls v8.1 9.7 Deploy and maintain email server anti-malware protections CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Controls_v8.1 9.7 CIS_Controls_v8.1_9.7 CIS Controls v8.1 9.7 Deploy and maintain email server anti-malware protections CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CIS_Controls_v8.1 9.7 CIS_Controls_v8.1_9.7 CIS Controls v8.1 9.7 Deploy and maintain email server anti-malware protections CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CIS_Controls_v8.1 9.7 CIS_Controls_v8.1_9.7 CIS Controls v8.1 9.7 Deploy and maintain email server anti-malware protections CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure AI Search services should disable public network access Search CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center CMMC_2.0_L2 AC.L2-3.1.4 CMMC_2.0_L2_AC.L2-3.1.4 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General CMMC_2.0_L2 AC.L2-3.1.5 CMMC_2.0_L2_AC.L2-3.1.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center CMMC_2.0_L2 AC.L2-3.1.5 CMMC_2.0_L2_AC.L2-3.1.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center CMMC_2.0_L2 AC.L2-3.1.5 CMMC_2.0_L2_AC.L2-3.1.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.4 CMMC_2.0_L2_AU.L2-3.3.4 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.4 CMMC_2.0_L2_AU.L2-3.3.4 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.4 CMMC_2.0_L2_AU.L2-3.3.4 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.4 CMMC_2.0_L2_AU.L2-3.3.4 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.4 CMMC_2.0_L2_AU.L2-3.3.4 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.4 CMMC_2.0_L2_AU.L2-3.3.4 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_2.0_L2 AU.L2-3.3.4 CMMC_2.0_L2_AU.L2-3.3.4 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_2.0_L2 AU.L2-3.3.4 CMMC_2.0_L2_AU.L2-3.3.4 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.4 CMMC_2.0_L2_AU.L2-3.3.4 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.4 CMMC_2.0_L2_AU.L2-3.3.4 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.5 CMMC_2.0_L2_AU.L2-3.3.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.5 CMMC_2.0_L2_AU.L2-3.3.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.5 CMMC_2.0_L2_AU.L2-3.3.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.5 CMMC_2.0_L2_AU.L2-3.3.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_2.0_L2 AU.L2-3.3.5 CMMC_2.0_L2_AU.L2-3.3.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.5 CMMC_2.0_L2_AU.L2-3.3.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.5 CMMC_2.0_L2_AU.L2-3.3.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_2.0_L2 AU.L2-3.3.5 CMMC_2.0_L2_AU.L2-3.3.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.5 CMMC_2.0_L2_AU.L2-3.3.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.5 CMMC_2.0_L2_AU.L2-3.3.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Kubernetes CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Kubernetes CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Kubernetes CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
425bea59-a659-4cbb-8d31-34499bd030b8 Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service Network CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Kubernetes CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Kubernetes CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Kubernetes CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_2.0_L2 CM.L2-3.4.6 CMMC_2.0_L2_CM.L2-3.4.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL CMMC_2.0_L2 IA.L1-3.5.1 CMMC_2.0_L2_IA.L1-3.5.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services CMMC_2.0_L2 IA.L1-3.5.1 CMMC_2.0_L2_IA.L1-3.5.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric CMMC_2.0_L2 IA.L1-3.5.1 CMMC_2.0_L2_IA.L1-3.5.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service CMMC_2.0_L2 IA.L1-3.5.1 CMMC_2.0_L2_IA.L1-3.5.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CMMC_2.0_L2 IA.L1-3.5.1 CMMC_2.0_L2_IA.L1-3.5.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration CMMC_2.0_L2 IA.L2-3.5.10 CMMC_2.0_L2_IA.L2-3.5.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CMMC_2.0_L2 IA.L2-3.5.10 CMMC_2.0_L2_IA.L2-3.5.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CMMC_2.0_L2 IA.L2-3.5.10 CMMC_2.0_L2_IA.L2-3.5.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration CMMC_2.0_L2 IA.L2-3.5.10 CMMC_2.0_L2_IA.L2-3.5.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CMMC_2.0_L2 IA.L2-3.5.10 CMMC_2.0_L2_IA.L2-3.5.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration CMMC_2.0_L2 IA.L2-3.5.10 CMMC_2.0_L2_IA.L2-3.5.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration CMMC_2.0_L2 IA.L2-3.5.10 CMMC_2.0_L2_IA.L2-3.5.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration CMMC_2.0_L2 IA.L2-3.5.4 CMMC_2.0_L2_IA.L2-3.5.4 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric CMMC_2.0_L2 IA.L2-3.5.5 CMMC_2.0_L2_IA.L2-3.5.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services CMMC_2.0_L2 IA.L2-3.5.5 CMMC_2.0_L2_IA.L2-3.5.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL CMMC_2.0_L2 IA.L2-3.5.5 CMMC_2.0_L2_IA.L2-3.5.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CMMC_2.0_L2 IA.L2-3.5.5 CMMC_2.0_L2_IA.L2-3.5.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service CMMC_2.0_L2 IA.L2-3.5.5 CMMC_2.0_L2_IA.L2-3.5.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric CMMC_2.0_L2 IA.L2-3.5.6 CMMC_2.0_L2_IA.L2-3.5.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center CMMC_2.0_L2 IA.L2-3.5.6 CMMC_2.0_L2_IA.L2-3.5.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL CMMC_2.0_L2 IA.L2-3.5.6 CMMC_2.0_L2_IA.L2-3.5.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services CMMC_2.0_L2 IA.L2-3.5.6 CMMC_2.0_L2_IA.L2-3.5.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CMMC_2.0_L2 IA.L2-3.5.6 CMMC_2.0_L2_IA.L2-3.5.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service CMMC_2.0_L2 IA.L2-3.5.6 CMMC_2.0_L2_IA.L2-3.5.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration CMMC_2.0_L2 IA.L2-3.5.7 CMMC_2.0_L2_IA.L2-3.5.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CMMC_2.0_L2 IA.L2-3.5.7 CMMC_2.0_L2_IA.L2-3.5.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CMMC_2.0_L2 IA.L2-3.5.7 CMMC_2.0_L2_IA.L2-3.5.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CMMC_2.0_L2 IA.L2-3.5.7 CMMC_2.0_L2_IA.L2-3.5.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CMMC_2.0_L2 IA.L2-3.5.7 CMMC_2.0_L2_IA.L2-3.5.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration CMMC_2.0_L2 IA.L2-3.5.8 CMMC_2.0_L2_IA.L2-3.5.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CMMC_2.0_L2 IA.L2-3.5.8 CMMC_2.0_L2_IA.L2-3.5.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CMMC_2.0_L2 IA.L2-3.5.8 CMMC_2.0_L2_IA.L2-3.5.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CMMC_2.0_L2 IA.L2-3.5.8 CMMC_2.0_L2_IA.L2-3.5.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CMMC_2.0_L2 IR.L2-3.6.2 CMMC_2.0_L2_IR.L2-3.6.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CMMC_2.0_L2 IR.L2-3.6.2 CMMC_2.0_L2_IR.L2-3.6.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center CMMC_2.0_L2 IR.L2-3.6.2 CMMC_2.0_L2_IR.L2-3.6.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL CMMC_2.0_L2 MP.L2-3.8.9 CMMC_2.0_L2_MP.L2-3.8.9 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault CMMC_2.0_L2 MP.L2-3.8.9 CMMC_2.0_L2_MP.L2-3.8.9 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault CMMC_2.0_L2 MP.L2-3.8.9 CMMC_2.0_L2_MP.L2-3.8.9 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup CMMC_2.0_L2 MP.L2-3.8.9 CMMC_2.0_L2_MP.L2-3.8.9 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL CMMC_2.0_L2 MP.L2-3.8.9 CMMC_2.0_L2_MP.L2-3.8.9 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL CMMC_2.0_L2 MP.L2-3.8.9 CMMC_2.0_L2_MP.L2-3.8.9 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure AI Search services should disable public network access Search CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
425bea59-a659-4cbb-8d31-34499bd030b8 Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service Network CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure AI Search services should disable public network access Search CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
970f84d8-71b6-4091-9979-ace7e3fb6dbb HPC Cache accounts should use customer-managed key for encryption Storage CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1f68a601-6e6d-4e42-babf-3f643a047ea2 Azure Monitor Logs clusters should be encrypted with customer-managed key Monitoring CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4ec52d6d-beb7-40c4-9a9e-fe753254690e Azure data factories should be encrypted with a customer-managed key Data Factory CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fa298e57-9444-42ba-bf04-86e8470e32c7 Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption Monitoring CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Azure AI Services resources should encrypt data at rest with a customer-managed key (CMK) Cognitive Services CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
86efb160-8de7-451d-bc08-5d475b0aadae Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password Data Box CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5 Logic Apps Integration Service Environment should be encrypted with customer-managed keys Logic Apps CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys Kubernetes CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
295fc8b1-dc9f-4f53-9c61-3f313ceab40a Service Bus Premium namespaces should use a customer-managed key for encryption Service Bus CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a1ad735a-e96f-45d2-a7b2-9a4932cab7ec Event Hub namespaces should use a customer-managed key for encryption Event Hub CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cee51871-e572-4576-855c-047c820360f0 Certificates using RSA cryptography should have the specified minimum key size Key Vault CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6 Azure HDInsight clusters should use encryption at host to encrypt data at rest HDInsight CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
99e9ccd8-3db9-4592-b0d1-14b1715a4d8a Azure Batch account should use customer-managed keys to encrypt data Batch CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
64d314f6-6062-4780-a861-c23e8951bee5 Azure HDInsight clusters should use customer-managed keys to encrypt data at rest HDInsight CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
51522a96-0869-4791-82f3-981000c2c67f Bot Service should be encrypted with a customer-managed key Bot Service CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f7d52b2d-e161-4dfa-a82b-55e564167385 Azure Synapse workspaces should use customer-managed keys to encrypt data at rest Synapse CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
702dd420-7fcc-42c5-afe8-4026edd20fe0 OS and data disks should be encrypted with a customer-managed key Compute CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault CMMC_2.0_L2 SC.L2-3.13.11 CMMC_2.0_L2_SC.L2-3.13.11 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cee51871-e572-4576-855c-047c820360f0 Certificates using RSA cryptography should have the specified minimum key size Key Vault CMMC_2.0_L2 SC.L2-3.13.11 CMMC_2.0_L2_SC.L2-3.13.11 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault CMMC_2.0_L2 SC.L2-3.13.11 CMMC_2.0_L2_SC.L2-3.13.11 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault CMMC_2.0_L2 SC.L2-3.13.11 CMMC_2.0_L2_SC.L2-3.13.11 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
3a58212a-c829-4f13-9872-6371df2fd0b4 Infrastructure encryption should be enabled for Azure Database for MySQL servers SQL CMMC_2.0_L2 SC.L2-3.13.16 CMMC_2.0_L2_SC.L2-3.13.16 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation CMMC_2.0_L2 SC.L2-3.13.16 CMMC_2.0_L2_SC.L2-3.13.16 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
41425d9f-d1a5-499a-9932-f8ed8453932c Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host Kubernetes CMMC_2.0_L2 SC.L2-3.13.16 CMMC_2.0_L2_SC.L2-3.13.16 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage CMMC_2.0_L2 SC.L2-3.13.16 CMMC_2.0_L2_SC.L2-3.13.16 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ea0dfaed-95fb-448c-934e-d6e713ce393d Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) Monitoring CMMC_2.0_L2 SC.L2-3.13.16 CMMC_2.0_L2_SC.L2-3.13.16 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric CMMC_2.0_L2 SC.L2-3.13.16 CMMC_2.0_L2_SC.L2-3.13.16 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b4ac1030-89c5-4697-8e00-28b5ba6a8811 Azure Stack Edge devices should use double-encryption Azure Stack Edge CMMC_2.0_L2 SC.L2-3.13.16 CMMC_2.0_L2_SC.L2-3.13.16 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fb74e86f-d351-4b8d-b034-93da7391c01f App Service Environment should have internal encryption enabled App Service CMMC_2.0_L2 SC.L2-3.13.16 CMMC_2.0_L2_SC.L2-3.13.16 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL CMMC_2.0_L2 SC.L2-3.13.16 CMMC_2.0_L2_SC.L2-3.13.16 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute CMMC_2.0_L2 SC.L2-3.13.16 CMMC_2.0_L2_SC.L2-3.13.16 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL CMMC_2.0_L2 SC.L2-3.13.16 CMMC_2.0_L2_SC.L2-3.13.16 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c349d81b-9985-44ae-a8da-ff98d108ede8 Azure Data Box jobs should enable double encryption for data at rest on the device Data Box CMMC_2.0_L2 SC.L2-3.13.16 CMMC_2.0_L2_SC.L2-3.13.16 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer CMMC_2.0_L2 SC.L2-3.13.16 CMMC_2.0_L2_SC.L2-3.13.16 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Double encryption should be enabled on Azure Data Explorer Azure Data Explorer CMMC_2.0_L2 SC.L2-3.13.16 CMMC_2.0_L2_SC.L2-3.13.16 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure AI Search services should disable public network access Search CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure AI Search services should disable public network access Search CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
425bea59-a659-4cbb-8d31-34499bd030b8 Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service Network CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration CMMC_2.0_L2 SC.L2-3.13.8 CMMC_2.0_L2_SC.L2-3.13.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes CMMC_2.0_L2 SC.L2-3.13.8 CMMC_2.0_L2_SC.L2-3.13.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CMMC_2.0_L2 SC.L2-3.13.8 CMMC_2.0_L2_SC.L2-3.13.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service CMMC_2.0_L2 SC.L2-3.13.8 CMMC_2.0_L2_SC.L2-3.13.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service CMMC_2.0_L2 SC.L2-3.13.8 CMMC_2.0_L2_SC.L2-3.13.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL CMMC_2.0_L2 SC.L2-3.13.8 CMMC_2.0_L2_SC.L2-3.13.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache CMMC_2.0_L2 SC.L2-3.13.8 CMMC_2.0_L2_SC.L2-3.13.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d9da03a1-f3c3-412a-9709-947156872263 Azure HDInsight clusters should use encryption in transit to encrypt communication between Azure HDInsight cluster nodes HDInsight CMMC_2.0_L2 SC.L2-3.13.8 CMMC_2.0_L2_SC.L2-3.13.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CMMC_2.0_L2 SC.L2-3.13.8 CMMC_2.0_L2_SC.L2-3.13.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL CMMC_2.0_L2 SC.L2-3.13.8 CMMC_2.0_L2_SC.L2-3.13.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service CMMC_2.0_L2 SC.L2-3.13.8 CMMC_2.0_L2_SC.L2-3.13.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service CMMC_2.0_L2 SC.L2-3.13.8 CMMC_2.0_L2_SC.L2-3.13.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service CMMC_2.0_L2 SC.L2-3.13.8 CMMC_2.0_L2_SC.L2-3.13.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service CMMC_2.0_L2 SC.L2-3.13.8 CMMC_2.0_L2_SC.L2-3.13.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CMMC_2.0_L2 SC.L2-3.13.8 CMMC_2.0_L2_SC.L2-3.13.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CMMC_2.0_L2 SC.L2-3.13.8 CMMC_2.0_L2_SC.L2-3.13.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration CMMC_2.0_L2 SI.L1-3.14.2 CMMC_2.0_L2_SI.L1-3.14.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.2 CMMC_2.0_L2_SI.L1-3.14.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.2 CMMC_2.0_L2_SI.L1-3.14.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.2 CMMC_2.0_L2_SI.L1-3.14.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CMMC_2.0_L2 SI.L1-3.14.2 CMMC_2.0_L2_SI.L1-3.14.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.2 CMMC_2.0_L2_SI.L1-3.14.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.2 CMMC_2.0_L2_SI.L1-3.14.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute CMMC_2.0_L2 SI.L1-3.14.2 CMMC_2.0_L2_SI.L1-3.14.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.2 CMMC_2.0_L2_SI.L1-3.14.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.2 CMMC_2.0_L2_SI.L1-3.14.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.2 CMMC_2.0_L2_SI.L1-3.14.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute CMMC_2.0_L2 SI.L1-3.14.4 CMMC_2.0_L2_SI.L1-3.14.4 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CMMC_2.0_L2 SI.L1-3.14.4 CMMC_2.0_L2_SI.L1-3.14.4 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration CMMC_2.0_L2 SI.L1-3.14.4 CMMC_2.0_L2_SI.L1-3.14.4 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CMMC_2.0_L2 SI.L1-3.14.5 CMMC_2.0_L2_SI.L1-3.14.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration CMMC_2.0_L2 SI.L1-3.14.5 CMMC_2.0_L2_SI.L1-3.14.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.5 CMMC_2.0_L2_SI.L1-3.14.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute CMMC_2.0_L2 SI.L1-3.14.5 CMMC_2.0_L2_SI.L1-3.14.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.3 CMMC_2.0_L2_SI.L2-3.14.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.3 CMMC_2.0_L2_SI.L2-3.14.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.3 CMMC_2.0_L2_SI.L2-3.14.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.3 CMMC_2.0_L2_SI.L2-3.14.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.3 CMMC_2.0_L2_SI.L2-3.14.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.3 CMMC_2.0_L2_SI.L2-3.14.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CMMC_2.0_L2 SI.L2-3.14.3 CMMC_2.0_L2_SI.L2-3.14.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.3 CMMC_2.0_L2_SI.L2-3.14.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.3 CMMC_2.0_L2_SI.L2-3.14.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.3 CMMC_2.0_L2_SI.L2-3.14.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.3 CMMC_2.0_L2_SI.L2-3.14.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
425bea59-a659-4cbb-8d31-34499bd030b8 Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service Network CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL CMMC_L2_v1.9.0 AC.L1_3.1.1 CMMC_L2_v1.9.0_AC.L1_3.1.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.1 Authorized Access Control Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring CMMC_L2_v1.9.0 AC.L1_3.1.1 CMMC_L2_v1.9.0_AC.L1_3.1.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.1 Authorized Access Control Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning CMMC_L2_v1.9.0 AC.L1_3.1.1 CMMC_L2_v1.9.0_AC.L1_3.1.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.1 Authorized Access Control Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CMMC_L2_v1.9.0 AC.L1_3.1.1 CMMC_L2_v1.9.0_AC.L1_3.1.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.1 Authorized Access Control Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CMMC_L2_v1.9.0 AC.L1_3.1.1 CMMC_L2_v1.9.0_AC.L1_3.1.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.1 Authorized Access Control Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CMMC_L2_v1.9.0 AC.L1_3.1.1 CMMC_L2_v1.9.0_AC.L1_3.1.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.1 Authorized Access Control Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CMMC_L2_v1.9.0 AC.L1_3.1.1 CMMC_L2_v1.9.0_AC.L1_3.1.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.1 Authorized Access Control Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL CMMC_L2_v1.9.0 AC.L1_3.1.1 CMMC_L2_v1.9.0_AC.L1_3.1.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.1 Authorized Access Control Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management CMMC_L2_v1.9.0 AC.L1_3.1.1 CMMC_L2_v1.9.0_AC.L1_3.1.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.1 Authorized Access Control Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring CMMC_L2_v1.9.0 AC.L1_3.1.1 CMMC_L2_v1.9.0_AC.L1_3.1.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.1 Authorized Access Control Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring CMMC_L2_v1.9.0 AC.L1_3.1.1 CMMC_L2_v1.9.0_AC.L1_3.1.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.1 Authorized Access Control Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CMMC_L2_v1.9.0 AC.L1_3.1.1 CMMC_L2_v1.9.0_AC.L1_3.1.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.1 Authorized Access Control Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CMMC_L2_v1.9.0 AC.L1_3.1.1 CMMC_L2_v1.9.0_AC.L1_3.1.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.1 Authorized Access Control Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center CMMC_L2_v1.9.0 AC.L1_3.1.1 CMMC_L2_v1.9.0_AC.L1_3.1.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.1 Authorized Access Control Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CMMC_L2_v1.9.0 AC.L1_3.1.1 CMMC_L2_v1.9.0_AC.L1_3.1.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.1 Authorized Access Control Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute CMMC_L2_v1.9.0 AC.L1_3.1.1 CMMC_L2_v1.9.0_AC.L1_3.1.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.1 Authorized Access Control Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CMMC_L2_v1.9.0 AC.L1_3.1.1 CMMC_L2_v1.9.0_AC.L1_3.1.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.1 Authorized Access Control Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus CMMC_L2_v1.9.0 AC.L1_3.1.1 CMMC_L2_v1.9.0_AC.L1_3.1.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.1 Authorized Access Control Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes CMMC_L2_v1.9.0 AC.L1_3.1.1 CMMC_L2_v1.9.0_AC.L1_3.1.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.1 Authorized Access Control Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes CMMC_L2_v1.9.0 AC.L1_3.1.1 CMMC_L2_v1.9.0_AC.L1_3.1.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.1 Authorized Access Control Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB CMMC_L2_v1.9.0 AC.L1_3.1.1 CMMC_L2_v1.9.0_AC.L1_3.1.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.1 Authorized Access Control Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CMMC_L2_v1.9.0 AC.L1_3.1.1 CMMC_L2_v1.9.0_AC.L1_3.1.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.1 Authorized Access Control Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch CMMC_L2_v1.9.0 AC.L1_3.1.1 CMMC_L2_v1.9.0_AC.L1_3.1.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.1 Authorized Access Control Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration CMMC_L2_v1.9.0 AC.L1_3.1.1 CMMC_L2_v1.9.0_AC.L1_3.1.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.1 Authorized Access Control Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CMMC_L2_v1.9.0 AC.L1_3.1.1 CMMC_L2_v1.9.0_AC.L1_3.1.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.1 Authorized Access Control Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CMMC_L2_v1.9.0 AC.L1_3.1.1 CMMC_L2_v1.9.0_AC.L1_3.1.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.1 Authorized Access Control Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub CMMC_L2_v1.9.0 AC.L1_3.1.1 CMMC_L2_v1.9.0_AC.L1_3.1.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.1 Authorized Access Control Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration CMMC_L2_v1.9.0 AC.L1_3.1.2 CMMC_L2_v1.9.0_AC.L1_3.1.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.2 Transaction & Function Control Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub CMMC_L2_v1.9.0 AC.L1_3.1.2 CMMC_L2_v1.9.0_AC.L1_3.1.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.2 Transaction & Function Control Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault CMMC_L2_v1.9.0 AC.L1_3.1.2 CMMC_L2_v1.9.0_AC.L1_3.1.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.2 Transaction & Function Control Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CMMC_L2_v1.9.0 AC.L1_3.1.20 CMMC_L2_v1.9.0_AC.L1_3.1.20 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.20 External Connections Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration CMMC_L2_v1.9.0 AC.L1_3.1.20 CMMC_L2_v1.9.0_AC.L1_3.1.20 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.20 External Connections Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry CMMC_L2_v1.9.0 AC.L1_3.1.20 CMMC_L2_v1.9.0_AC.L1_3.1.20 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.20 External Connections Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch CMMC_L2_v1.9.0 AC.L1_3.1.20 CMMC_L2_v1.9.0_AC.L1_3.1.20 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.20 External Connections Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CMMC_L2_v1.9.0 AC.L1_3.1.20 CMMC_L2_v1.9.0_AC.L1_3.1.20 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.20 External Connections Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration CMMC_L2_v1.9.0 AC.L1_3.1.20 CMMC_L2_v1.9.0_AC.L1_3.1.20 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.20 External Connections Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB CMMC_L2_v1.9.0 AC.L1_3.1.20 CMMC_L2_v1.9.0_AC.L1_3.1.20 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.20 External Connections Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CMMC_L2_v1.9.0 AC.L1_3.1.20 CMMC_L2_v1.9.0_AC.L1_3.1.20 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.20 External Connections Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CMMC_L2_v1.9.0 AC.L1_3.1.20 CMMC_L2_v1.9.0_AC.L1_3.1.20 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.20 External Connections Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup CMMC_L2_v1.9.0 AC.L1_3.1.20 CMMC_L2_v1.9.0_AC.L1_3.1.20 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.20 External Connections Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring CMMC_L2_v1.9.0 AC.L1_3.1.20 CMMC_L2_v1.9.0_AC.L1_3.1.20 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.20 External Connections Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute CMMC_L2_v1.9.0 AC.L1_3.1.20 CMMC_L2_v1.9.0_AC.L1_3.1.20 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.20 External Connections Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring CMMC_L2_v1.9.0 AC.L1_3.1.20 CMMC_L2_v1.9.0_AC.L1_3.1.20 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.20 External Connections Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management CMMC_L2_v1.9.0 AC.L1_3.1.20 CMMC_L2_v1.9.0_AC.L1_3.1.20 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.20 External Connections Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL CMMC_L2_v1.9.0 AC.L1_3.1.20 CMMC_L2_v1.9.0_AC.L1_3.1.20 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.20 External Connections Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CMMC_L2_v1.9.0 AC.L1_3.1.20 CMMC_L2_v1.9.0_AC.L1_3.1.20 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.20 External Connections Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL CMMC_L2_v1.9.0 AC.L1_3.1.20 CMMC_L2_v1.9.0_AC.L1_3.1.20 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.20 External Connections Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL CMMC_L2_v1.9.0 AC.L1_3.1.20 CMMC_L2_v1.9.0_AC.L1_3.1.20 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.20 External Connections Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network CMMC_L2_v1.9.0 AC.L1_3.1.20 CMMC_L2_v1.9.0_AC.L1_3.1.20 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.20 External Connections Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning CMMC_L2_v1.9.0 AC.L1_3.1.20 CMMC_L2_v1.9.0_AC.L1_3.1.20 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.20 External Connections Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CMMC_L2_v1.9.0 AC.L1_3.1.20 CMMC_L2_v1.9.0_AC.L1_3.1.20 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.20 External Connections Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes CMMC_L2_v1.9.0 AC.L1_3.1.20 CMMC_L2_v1.9.0_AC.L1_3.1.20 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.20 External Connections Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery CMMC_L2_v1.9.0 AC.L1_3.1.20 CMMC_L2_v1.9.0_AC.L1_3.1.20 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.20 External Connections Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network CMMC_L2_v1.9.0 AC.L1_3.1.20 CMMC_L2_v1.9.0_AC.L1_3.1.20 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.20 External Connections Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CMMC_L2_v1.9.0 AC.L1_3.1.20 CMMC_L2_v1.9.0_AC.L1_3.1.20 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.20 External Connections Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services CMMC_L2_v1.9.0 AC.L1_3.1.20 CMMC_L2_v1.9.0_AC.L1_3.1.20 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.20 External Connections Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance CMMC_L2_v1.9.0 AC.L1_3.1.20 CMMC_L2_v1.9.0_AC.L1_3.1.20 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L1 3.1.20 External Connections Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache CMMC_L2_v1.9.0 AC.L2_3.1.13 CMMC_L2_v1.9.0_AC.L2_3.1.13 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.13 Remote Access Confidentiality Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network CMMC_L2_v1.9.0 AC.L2_3.1.13 CMMC_L2_v1.9.0_AC.L2_3.1.13 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.13 Remote Access Confidentiality Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL CMMC_L2_v1.9.0 AC.L2_3.1.13 CMMC_L2_v1.9.0_AC.L2_3.1.13 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.13 Remote Access Confidentiality Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL CMMC_L2_v1.9.0 AC.L2_3.1.13 CMMC_L2_v1.9.0_AC.L2_3.1.13 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.13 Remote Access Confidentiality Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CMMC_L2_v1.9.0 AC.L2_3.1.14 CMMC_L2_v1.9.0_AC.L2_3.1.14 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.14 Remote Access Routing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CMMC_L2_v1.9.0 AC.L2_3.1.14 CMMC_L2_v1.9.0_AC.L2_3.1.14 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.14 Remote Access Routing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup CMMC_L2_v1.9.0 AC.L2_3.1.14 CMMC_L2_v1.9.0_AC.L2_3.1.14 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.14 Remote Access Routing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CMMC_L2_v1.9.0 AC.L2_3.1.14 CMMC_L2_v1.9.0_AC.L2_3.1.14 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.14 Remote Access Routing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery CMMC_L2_v1.9.0 AC.L2_3.1.14 CMMC_L2_v1.9.0_AC.L2_3.1.14 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.14 Remote Access Routing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services CMMC_L2_v1.9.0 AC.L2_3.1.14 CMMC_L2_v1.9.0_AC.L2_3.1.14 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.14 Remote Access Routing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery CMMC_L2_v1.9.0 AC.L2_3.1.15 CMMC_L2_v1.9.0_AC.L2_3.1.15 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.15 Privileged Remote Access Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CMMC_L2_v1.9.0 AC.L2_3.1.15 CMMC_L2_v1.9.0_AC.L2_3.1.15 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.15 Privileged Remote Access Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CMMC_L2_v1.9.0 AC.L2_3.1.15 CMMC_L2_v1.9.0_AC.L2_3.1.15 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.15 Privileged Remote Access Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CMMC_L2_v1.9.0 AC.L2_3.1.15 CMMC_L2_v1.9.0_AC.L2_3.1.15 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.15 Privileged Remote Access Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup CMMC_L2_v1.9.0 AC.L2_3.1.15 CMMC_L2_v1.9.0_AC.L2_3.1.15 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.15 Privileged Remote Access Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services CMMC_L2_v1.9.0 AC.L2_3.1.15 CMMC_L2_v1.9.0_AC.L2_3.1.15 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.15 Privileged Remote Access Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration CMMC_L2_v1.9.0 AC.L2_3.1.18 CMMC_L2_v1.9.0_AC.L2_3.1.18 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.18 Mobile Device Connection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d46c275d-1680-448d-b2ec-e495a3b6cc89 Kubernetes cluster services should only use allowed external IPs Kubernetes CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
56fd377d-098c-4f02-8406-81eb055902b8 IP firewall rules on Azure Synapse workspaces should be removed Synapse CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities Kubernetes CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Control CUI Flow Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CMMC_L2_v1.9.0 AC.L2_3.1.5 CMMC_L2_v1.9.0_AC.L2_3.1.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.5 Least Privilege Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center CMMC_L2_v1.9.0 AC.L2_3.1.5 CMMC_L2_v1.9.0_AC.L2_3.1.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.5 Least Privilege Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub CMMC_L2_v1.9.0 AC.L2_3.1.5 CMMC_L2_v1.9.0_AC.L2_3.1.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.5 Least Privilege Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CMMC_L2_v1.9.0 AC.L2_3.1.5 CMMC_L2_v1.9.0_AC.L2_3.1.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.5 Least Privilege Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB CMMC_L2_v1.9.0 AC.L2_3.1.5 CMMC_L2_v1.9.0_AC.L2_3.1.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.5 Least Privilege Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CMMC_L2_v1.9.0 AC.L2_3.1.5 CMMC_L2_v1.9.0_AC.L2_3.1.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.5 Least Privilege Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CMMC_L2_v1.9.0 AC.L2_3.1.5 CMMC_L2_v1.9.0_AC.L2_3.1.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.5 Least Privilege Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CMMC_L2_v1.9.0 AC.L2_3.1.5 CMMC_L2_v1.9.0_AC.L2_3.1.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.5 Least Privilege Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CMMC_L2_v1.9.0 AC.L2_3.1.5 CMMC_L2_v1.9.0_AC.L2_3.1.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.5 Least Privilege Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes CMMC_L2_v1.9.0 AC.L2_3.1.5 CMMC_L2_v1.9.0_AC.L2_3.1.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.5 Least Privilege Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch CMMC_L2_v1.9.0 AC.L2_3.1.5 CMMC_L2_v1.9.0_AC.L2_3.1.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.5 Least Privilege Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration CMMC_L2_v1.9.0 AC.L2_3.1.5 CMMC_L2_v1.9.0_AC.L2_3.1.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.5 Least Privilege Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CMMC_L2_v1.9.0 AC.L2_3.1.5 CMMC_L2_v1.9.0_AC.L2_3.1.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.5 Least Privilege Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CMMC_L2_v1.9.0 AC.L2_3.1.5 CMMC_L2_v1.9.0_AC.L2_3.1.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.5 Least Privilege Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CMMC_L2_v1.9.0 AC.L2_3.1.5 CMMC_L2_v1.9.0_AC.L2_3.1.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.5 Least Privilege Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL CMMC_L2_v1.9.0 AC.L2_3.1.5 CMMC_L2_v1.9.0_AC.L2_3.1.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.5 Least Privilege Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CMMC_L2_v1.9.0 AC.L2_3.1.5 CMMC_L2_v1.9.0_AC.L2_3.1.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.5 Least Privilege Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring CMMC_L2_v1.9.0 AC.L2_3.1.5 CMMC_L2_v1.9.0_AC.L2_3.1.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.5 Least Privilege Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute CMMC_L2_v1.9.0 AC.L2_3.1.5 CMMC_L2_v1.9.0_AC.L2_3.1.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.5 Least Privilege Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring CMMC_L2_v1.9.0 AC.L2_3.1.5 CMMC_L2_v1.9.0_AC.L2_3.1.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.5 Least Privilege Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL CMMC_L2_v1.9.0 AC.L2_3.1.5 CMMC_L2_v1.9.0_AC.L2_3.1.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.5 Least Privilege Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning CMMC_L2_v1.9.0 AC.L2_3.1.5 CMMC_L2_v1.9.0_AC.L2_3.1.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.5 Least Privilege Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring CMMC_L2_v1.9.0 AC.L2_3.1.5 CMMC_L2_v1.9.0_AC.L2_3.1.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.5 Least Privilege Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management CMMC_L2_v1.9.0 AC.L2_3.1.5 CMMC_L2_v1.9.0_AC.L2_3.1.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.5 Least Privilege Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus CMMC_L2_v1.9.0 AC.L2_3.1.5 CMMC_L2_v1.9.0_AC.L2_3.1.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.5 Least Privilege Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CMMC_L2_v1.9.0 AC.L2_3.1.5 CMMC_L2_v1.9.0_AC.L2_3.1.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.5 Least Privilege Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes CMMC_L2_v1.9.0 AC.L2_3.1.5 CMMC_L2_v1.9.0_AC.L2_3.1.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.5 Least Privilege Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration CMMC_L2_v1.9.0 AC.L2_3.1.6 CMMC_L2_v1.9.0_AC.L2_3.1.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.6 Non Privileged Account Use Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management CMMC_L2_v1.9.0 AC.L2_3.1.6 CMMC_L2_v1.9.0_AC.L2_3.1.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.6 Non Privileged Account Use Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration CMMC_L2_v1.9.0 AC.L2_3.1.6 CMMC_L2_v1.9.0_AC.L2_3.1.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.6 Non Privileged Account Use Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service CMMC_L2_v1.9.0 AC.L2_3.1.7 CMMC_L2_v1.9.0_AC.L2_3.1.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.7 Privileged Functions Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration CMMC_L2_v1.9.0 AC.L2_3.1.7 CMMC_L2_v1.9.0_AC.L2_3.1.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.7 Privileged Functions Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration CMMC_L2_v1.9.0 AC.L2_3.1.7 CMMC_L2_v1.9.0_AC.L2_3.1.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.7 Privileged Functions Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management CMMC_L2_v1.9.0 AC.L2_3.1.7 CMMC_L2_v1.9.0_AC.L2_3.1.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.7 Privileged Functions Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CMMC_L2_v1.9.0 AT.L2_3.2.3 CMMC_L2_v1.9.0_AT.L2_3.2.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AT.L2 3.2.3 Insider Threat Awareness Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CMMC_L2_v1.9.0 AT.L2_3.2.3 CMMC_L2_v1.9.0_AT.L2_3.2.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AT.L2 3.2.3 Insider Threat Awareness Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 System Auditing Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CMMC_L2_v1.9.0 AU.L2_3.3.2 CMMC_L2_v1.9.0_AU.L2_3.3.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.2 User Accountability Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CMMC_L2_v1.9.0 AU.L2_3.3.2 CMMC_L2_v1.9.0_AU.L2_3.3.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.2 User Accountability Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General CMMC_L2_v1.9.0 AU.L2_3.3.2 CMMC_L2_v1.9.0_AU.L2_3.3.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.2 User Accountability Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CMMC_L2_v1.9.0 AU.L2_3.3.2 CMMC_L2_v1.9.0_AU.L2_3.3.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.2 User Accountability Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network CMMC_L2_v1.9.0 AU.L2_3.3.2 CMMC_L2_v1.9.0_AU.L2_3.3.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.2 User Accountability Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration CMMC_L2_v1.9.0 AU.L2_3.3.2 CMMC_L2_v1.9.0_AU.L2_3.3.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.2 User Accountability Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch CMMC_L2_v1.9.0 AU.L2_3.3.2 CMMC_L2_v1.9.0_AU.L2_3.3.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.2 User Accountability Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CMMC_L2_v1.9.0 AU.L2_3.3.2 CMMC_L2_v1.9.0_AU.L2_3.3.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.2 User Accountability Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CMMC_L2_v1.9.0 AU.L2_3.3.2 CMMC_L2_v1.9.0_AU.L2_3.3.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.2 User Accountability Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Event Review Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CMMC_L2_v1.9.0 AU.L2_3.3.4 CMMC_L2_v1.9.0_AU.L2_3.3.4 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.4 Audit Failure Alerting Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning CMMC_L2_v1.9.0 AU.L2_3.3.5 CMMC_L2_v1.9.0_AU.L2_3.3.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.5 Audit Correlation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration CMMC_L2_v1.9.0 AU.L2_3.3.5 CMMC_L2_v1.9.0_AU.L2_3.3.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.5 Audit Correlation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring CMMC_L2_v1.9.0 AU.L2_3.3.5 CMMC_L2_v1.9.0_AU.L2_3.3.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.5 Audit Correlation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration CMMC_L2_v1.9.0 AU.L2_3.3.5 CMMC_L2_v1.9.0_AU.L2_3.3.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.5 Audit Correlation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring CMMC_L2_v1.9.0 AU.L2_3.3.5 CMMC_L2_v1.9.0_AU.L2_3.3.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.5 Audit Correlation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics CMMC_L2_v1.9.0 AU.L2_3.3.5 CMMC_L2_v1.9.0_AU.L2_3.3.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.5 Audit Correlation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus CMMC_L2_v1.9.0 AU.L2_3.3.5 CMMC_L2_v1.9.0_AU.L2_3.3.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.5 Audit Correlation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes CMMC_L2_v1.9.0 AU.L2_3.3.5 CMMC_L2_v1.9.0_AU.L2_3.3.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.5 Audit Correlation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CMMC_L2_v1.9.0 AU.L2_3.3.6 CMMC_L2_v1.9.0_AU.L2_3.3.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.6 Reduction & Reporting Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration CMMC_L2_v1.9.0 AU.L2_3.3.7 CMMC_L2_v1.9.0_AU.L2_3.3.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.7 Authoritative Time Source Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CMMC_L2_v1.9.0 AU.L2_3.3.7 CMMC_L2_v1.9.0_AU.L2_3.3.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.7 Authoritative Time Source Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network CMMC_L2_v1.9.0 AU.L2_3.3.7 CMMC_L2_v1.9.0_AU.L2_3.3.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.7 Authoritative Time Source Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CMMC_L2_v1.9.0 AU.L2_3.3.7 CMMC_L2_v1.9.0_AU.L2_3.3.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.7 Authoritative Time Source Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CMMC_L2_v1.9.0 AU.L2_3.3.7 CMMC_L2_v1.9.0_AU.L2_3.3.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.7 Authoritative Time Source Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General CMMC_L2_v1.9.0 AU.L2_3.3.7 CMMC_L2_v1.9.0_AU.L2_3.3.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.7 Authoritative Time Source Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch CMMC_L2_v1.9.0 AU.L2_3.3.7 CMMC_L2_v1.9.0_AU.L2_3.3.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.7 Authoritative Time Source Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CMMC_L2_v1.9.0 AU.L2_3.3.7 CMMC_L2_v1.9.0_AU.L2_3.3.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.7 Authoritative Time Source Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CMMC_L2_v1.9.0 AU.L2_3.3.7 CMMC_L2_v1.9.0_AU.L2_3.3.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.7 Authoritative Time Source Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring CMMC_L2_v1.9.0 AU.L2_3.3.8 CMMC_L2_v1.9.0_AU.L2_3.3.8 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.8 Audit Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring CMMC_L2_v1.9.0 AU.L2_3.3.8 CMMC_L2_v1.9.0_AU.L2_3.3.8 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.8 Audit Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring CMMC_L2_v1.9.0 AU.L2_3.3.8 CMMC_L2_v1.9.0_AU.L2_3.3.8 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.8 Audit Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CMMC_L2_v1.9.0 AU.L2_3.3.8 CMMC_L2_v1.9.0_AU.L2_3.3.8 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.8 Audit Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_L2_v1.9.0 CA.L2_3.12.2 CMMC_L2_v1.9.0_CA.L2_3.12.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CA.L2 3.12.2 Plan of Action Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center CMMC_L2_v1.9.0 CA.L2_3.12.2 CMMC_L2_v1.9.0_CA.L2_3.12.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CA.L2 3.12.2 Plan of Action Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CMMC_L2_v1.9.0 CA.L2_3.12.2 CMMC_L2_v1.9.0_CA.L2_3.12.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CA.L2 3.12.2 Plan of Action Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center CMMC_L2_v1.9.0 CA.L2_3.12.2 CMMC_L2_v1.9.0_CA.L2_3.12.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CA.L2 3.12.2 Plan of Action Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CMMC_L2_v1.9.0 CA.L2_3.12.2 CMMC_L2_v1.9.0_CA.L2_3.12.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CA.L2 3.12.2 Plan of Action Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CMMC_L2_v1.9.0 CA.L2_3.12.2 CMMC_L2_v1.9.0_CA.L2_3.12.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CA.L2 3.12.2 Plan of Action Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_L2_v1.9.0 CA.L2_3.12.2 CMMC_L2_v1.9.0_CA.L2_3.12.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CA.L2 3.12.2 Plan of Action Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CMMC_L2_v1.9.0 CA.L2_3.12.2 CMMC_L2_v1.9.0_CA.L2_3.12.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CA.L2 3.12.2 Plan of Action Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_L2_v1.9.0 CA.L2_3.12.2 CMMC_L2_v1.9.0_CA.L2_3.12.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CA.L2 3.12.2 Plan of Action Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CMMC_L2_v1.9.0 CA.L2_3.12.2 CMMC_L2_v1.9.0_CA.L2_3.12.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CA.L2 3.12.2 Plan of Action Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CMMC_L2_v1.9.0 CA.L2_3.12.2 CMMC_L2_v1.9.0_CA.L2_3.12.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CA.L2 3.12.2 Plan of Action Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_L2_v1.9.0 CA.L2_3.12.2 CMMC_L2_v1.9.0_CA.L2_3.12.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CA.L2 3.12.2 Plan of Action Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center CMMC_L2_v1.9.0 CA.L2_3.12.2 CMMC_L2_v1.9.0_CA.L2_3.12.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CA.L2 3.12.2 Plan of Action Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_L2_v1.9.0 CA.L2_3.12.2 CMMC_L2_v1.9.0_CA.L2_3.12.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CA.L2 3.12.2 Plan of Action Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center CMMC_L2_v1.9.0 CA.L2_3.12.2 CMMC_L2_v1.9.0_CA.L2_3.12.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CA.L2 3.12.2 Plan of Action Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_L2_v1.9.0 CA.L2_3.12.2 CMMC_L2_v1.9.0_CA.L2_3.12.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CA.L2 3.12.2 Plan of Action Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CMMC_L2_v1.9.0 CA.L2_3.12.2 CMMC_L2_v1.9.0_CA.L2_3.12.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CA.L2 3.12.2 Plan of Action Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes CMMC_L2_v1.9.0 CM.L2_3.4.1 CMMC_L2_v1.9.0_CM.L2_3.4.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.1 System Baselining Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center CMMC_L2_v1.9.0 CM.L2_3.4.1 CMMC_L2_v1.9.0_CM.L2_3.4.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.1 System Baselining Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration CMMC_L2_v1.9.0 CM.L2_3.4.1 CMMC_L2_v1.9.0_CM.L2_3.4.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.1 System Baselining Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CMMC_L2_v1.9.0 CM.L2_3.4.1 CMMC_L2_v1.9.0_CM.L2_3.4.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.1 System Baselining Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration CMMC_L2_v1.9.0 CM.L2_3.4.1 CMMC_L2_v1.9.0_CM.L2_3.4.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.1 System Baselining Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring CMMC_L2_v1.9.0 CM.L2_3.4.1 CMMC_L2_v1.9.0_CM.L2_3.4.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.1 System Baselining Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring CMMC_L2_v1.9.0 CM.L2_3.4.1 CMMC_L2_v1.9.0_CM.L2_3.4.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.1 System Baselining Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute CMMC_L2_v1.9.0 CM.L2_3.4.1 CMMC_L2_v1.9.0_CM.L2_3.4.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.1 System Baselining Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network CMMC_L2_v1.9.0 CM.L2_3.4.1 CMMC_L2_v1.9.0_CM.L2_3.4.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.1 System Baselining Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1dc2fc00-2245-4143-99f4-874c937f13ef Azure API Management platform version should be stv2 API Management CMMC_L2_v1.9.0 CM.L2_3.4.1 CMMC_L2_v1.9.0_CM.L2_3.4.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.1 System Baselining Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute CMMC_L2_v1.9.0 CM.L2_3.4.1 CMMC_L2_v1.9.0_CM.L2_3.4.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.1 System Baselining Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network CMMC_L2_v1.9.0 CM.L2_3.4.1 CMMC_L2_v1.9.0_CM.L2_3.4.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.1 System Baselining Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CMMC_L2_v1.9.0 CM.L2_3.4.1 CMMC_L2_v1.9.0_CM.L2_3.4.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.1 System Baselining Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
ebb67efd-3c46-49b0-adfe-5599eb944998 Audit Windows machines that don't have the specified applications installed Guest Configuration CMMC_L2_v1.9.0 CM.L2_3.4.1 CMMC_L2_v1.9.0_CM.L2_3.4.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.1 System Baselining Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CMMC_L2_v1.9.0 CM.L2_3.4.1 CMMC_L2_v1.9.0_CM.L2_3.4.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.1 System Baselining Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration CMMC_L2_v1.9.0 CM.L2_3.4.1 CMMC_L2_v1.9.0_CM.L2_3.4.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.1 System Baselining Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network CMMC_L2_v1.9.0 CM.L2_3.4.2 CMMC_L2_v1.9.0_CM.L2_3.4.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.2 Security Configuration Enforcement Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration CMMC_L2_v1.9.0 CM.L2_3.4.2 CMMC_L2_v1.9.0_CM.L2_3.4.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.2 Security Configuration Enforcement Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute CMMC_L2_v1.9.0 CM.L2_3.4.2 CMMC_L2_v1.9.0_CM.L2_3.4.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.2 Security Configuration Enforcement Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes CMMC_L2_v1.9.0 CM.L2_3.4.2 CMMC_L2_v1.9.0_CM.L2_3.4.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.2 Security Configuration Enforcement Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration CMMC_L2_v1.9.0 CM.L2_3.4.2 CMMC_L2_v1.9.0_CM.L2_3.4.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.2 Security Configuration Enforcement Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CMMC_L2_v1.9.0 CM.L2_3.4.2 CMMC_L2_v1.9.0_CM.L2_3.4.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.2 Security Configuration Enforcement Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network CMMC_L2_v1.9.0 CM.L2_3.4.2 CMMC_L2_v1.9.0_CM.L2_3.4.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.2 Security Configuration Enforcement Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration CMMC_L2_v1.9.0 CM.L2_3.4.2 CMMC_L2_v1.9.0_CM.L2_3.4.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.2 Security Configuration Enforcement Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1dc2fc00-2245-4143-99f4-874c937f13ef Azure API Management platform version should be stv2 API Management CMMC_L2_v1.9.0 CM.L2_3.4.2 CMMC_L2_v1.9.0_CM.L2_3.4.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.2 Security Configuration Enforcement Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CMMC_L2_v1.9.0 CM.L2_3.4.2 CMMC_L2_v1.9.0_CM.L2_3.4.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.2 Security Configuration Enforcement Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_L2_v1.9.0 CM.L2_3.4.3 CMMC_L2_v1.9.0_CM.L2_3.4.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.3 System Change Management Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_L2_v1.9.0 CM.L2_3.4.3 CMMC_L2_v1.9.0_CM.L2_3.4.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.3 System Change Management Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CMMC_L2_v1.9.0 CM.L2_3.4.3 CMMC_L2_v1.9.0_CM.L2_3.4.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.3 System Change Management Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center CMMC_L2_v1.9.0 CM.L2_3.4.3 CMMC_L2_v1.9.0_CM.L2_3.4.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.3 System Change Management Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center CMMC_L2_v1.9.0 CM.L2_3.4.3 CMMC_L2_v1.9.0_CM.L2_3.4.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.3 System Change Management Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CMMC_L2_v1.9.0 CM.L2_3.4.3 CMMC_L2_v1.9.0_CM.L2_3.4.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.3 System Change Management Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CMMC_L2_v1.9.0 CM.L2_3.4.3 CMMC_L2_v1.9.0_CM.L2_3.4.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.3 System Change Management Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_L2_v1.9.0 CM.L2_3.4.3 CMMC_L2_v1.9.0_CM.L2_3.4.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.3 System Change Management Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_L2_v1.9.0 CM.L2_3.4.3 CMMC_L2_v1.9.0_CM.L2_3.4.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.3 System Change Management Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center CMMC_L2_v1.9.0 CM.L2_3.4.3 CMMC_L2_v1.9.0_CM.L2_3.4.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.3 System Change Management Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_L2_v1.9.0 CM.L2_3.4.3 CMMC_L2_v1.9.0_CM.L2_3.4.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.3 System Change Management Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CMMC_L2_v1.9.0 CM.L2_3.4.3 CMMC_L2_v1.9.0_CM.L2_3.4.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.3 System Change Management Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CMMC_L2_v1.9.0 CM.L2_3.4.3 CMMC_L2_v1.9.0_CM.L2_3.4.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.3 System Change Management Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CMMC_L2_v1.9.0 CM.L2_3.4.3 CMMC_L2_v1.9.0_CM.L2_3.4.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.3 System Change Management Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_L2_v1.9.0 CM.L2_3.4.3 CMMC_L2_v1.9.0_CM.L2_3.4.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.3 System Change Management Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CMMC_L2_v1.9.0 CM.L2_3.4.4 CMMC_L2_v1.9.0_CM.L2_3.4.4 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.4 Security Impact Analysis Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus CMMC_L2_v1.9.0 CM.L2_3.4.5 CMMC_L2_v1.9.0_CM.L2_3.4.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.5 Access Restrictions for Change Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CMMC_L2_v1.9.0 CM.L2_3.4.5 CMMC_L2_v1.9.0_CM.L2_3.4.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.5 Access Restrictions for Change Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center CMMC_L2_v1.9.0 CM.L2_3.4.5 CMMC_L2_v1.9.0_CM.L2_3.4.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.5 Access Restrictions for Change Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network CMMC_L2_v1.9.0 CM.L2_3.4.6 CMMC_L2_v1.9.0_CM.L2_3.4.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.6 Least Functionality Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration CMMC_L2_v1.9.0 CM.L2_3.4.6 CMMC_L2_v1.9.0_CM.L2_3.4.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.6 Least Functionality Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1dc2fc00-2245-4143-99f4-874c937f13ef Azure API Management platform version should be stv2 API Management CMMC_L2_v1.9.0 CM.L2_3.4.6 CMMC_L2_v1.9.0_CM.L2_3.4.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.6 Least Functionality Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes CMMC_L2_v1.9.0 CM.L2_3.4.6 CMMC_L2_v1.9.0_CM.L2_3.4.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.6 Least Functionality Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network CMMC_L2_v1.9.0 CM.L2_3.4.6 CMMC_L2_v1.9.0_CM.L2_3.4.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.6 Least Functionality Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute CMMC_L2_v1.9.0 CM.L2_3.4.6 CMMC_L2_v1.9.0_CM.L2_3.4.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.6 Least Functionality Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration CMMC_L2_v1.9.0 CM.L2_3.4.6 CMMC_L2_v1.9.0_CM.L2_3.4.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.6 Least Functionality Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CMMC_L2_v1.9.0 CM.L2_3.4.6 CMMC_L2_v1.9.0_CM.L2_3.4.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.6 Least Functionality Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration CMMC_L2_v1.9.0 CM.L2_3.4.6 CMMC_L2_v1.9.0_CM.L2_3.4.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.6 Least Functionality Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CMMC_L2_v1.9.0 CM.L2_3.4.6 CMMC_L2_v1.9.0_CM.L2_3.4.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.6 Least Functionality Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center CMMC_L2_v1.9.0 CM.L2_3.4.8 CMMC_L2_v1.9.0_CM.L2_3.4.8 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.8 Application Execution Policy Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration CMMC_L2_v1.9.0 CM.L2_3.4.8 CMMC_L2_v1.9.0_CM.L2_3.4.8 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.8 Application Execution Policy Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes CMMC_L2_v1.9.0 CM.L2_3.4.8 CMMC_L2_v1.9.0_CM.L2_3.4.8 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.8 Application Execution Policy Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration CMMC_L2_v1.9.0 CM.L2_3.4.8 CMMC_L2_v1.9.0_CM.L2_3.4.8 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.8 Application Execution Policy Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration CMMC_L2_v1.9.0 CM.L2_3.4.8 CMMC_L2_v1.9.0_CM.L2_3.4.8 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.8 Application Execution Policy Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration CMMC_L2_v1.9.0 CM.L2_3.4.9 CMMC_L2_v1.9.0_CM.L2_3.4.9 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 CM.L2 3.4.9 User Installed Software Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration CMMC_L2_v1.9.0 IA.L1_3.5.1 CMMC_L2_v1.9.0_IA.L1_3.5.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L1 3.5.1 Identification Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network CMMC_L2_v1.9.0 IA.L1_3.5.1 CMMC_L2_v1.9.0_IA.L1_3.5.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L1 3.5.1 Identification Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault CMMC_L2_v1.9.0 IA.L1_3.5.1 CMMC_L2_v1.9.0_IA.L1_3.5.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L1 3.5.1 Identification Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CMMC_L2_v1.9.0 IA.L1_3.5.1 CMMC_L2_v1.9.0_IA.L1_3.5.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L1 3.5.1 Identification Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL CMMC_L2_v1.9.0 IA.L1_3.5.1 CMMC_L2_v1.9.0_IA.L1_3.5.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L1 3.5.1 Identification Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center CMMC_L2_v1.9.0 IA.L1_3.5.1 CMMC_L2_v1.9.0_IA.L1_3.5.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L1 3.5.1 Identification Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CMMC_L2_v1.9.0 IA.L1_3.5.1 CMMC_L2_v1.9.0_IA.L1_3.5.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L1 3.5.1 Identification Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL CMMC_L2_v1.9.0 IA.L1_3.5.1 CMMC_L2_v1.9.0_IA.L1_3.5.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L1 3.5.1 Identification Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning CMMC_L2_v1.9.0 IA.L1_3.5.1 CMMC_L2_v1.9.0_IA.L1_3.5.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L1 3.5.1 Identification Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CMMC_L2_v1.9.0 IA.L1_3.5.1 CMMC_L2_v1.9.0_IA.L1_3.5.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L1 3.5.1 Identification Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration CMMC_L2_v1.9.0 IA.L1_3.5.1 CMMC_L2_v1.9.0_IA.L1_3.5.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L1 3.5.1 Identification Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration CMMC_L2_v1.9.0 IA.L1_3.5.1 CMMC_L2_v1.9.0_IA.L1_3.5.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L1 3.5.1 Identification Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse CMMC_L2_v1.9.0 IA.L1_3.5.1 CMMC_L2_v1.9.0_IA.L1_3.5.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L1 3.5.1 Identification Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CMMC_L2_v1.9.0 IA.L1_3.5.1 CMMC_L2_v1.9.0_IA.L1_3.5.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L1 3.5.1 Identification Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CMMC_L2_v1.9.0 IA.L1_3.5.1 CMMC_L2_v1.9.0_IA.L1_3.5.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L1 3.5.1 Identification Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CMMC_L2_v1.9.0 IA.L1_3.5.1 CMMC_L2_v1.9.0_IA.L1_3.5.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L1 3.5.1 Identification Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CMMC_L2_v1.9.0 IA.L1_3.5.1 CMMC_L2_v1.9.0_IA.L1_3.5.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L1 3.5.1 Identification Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL CMMC_L2_v1.9.0 IA.L1_3.5.1 CMMC_L2_v1.9.0_IA.L1_3.5.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L1 3.5.1 Identification Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CMMC_L2_v1.9.0 IA.L1_3.5.1 CMMC_L2_v1.9.0_IA.L1_3.5.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L1 3.5.1 Identification Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub CMMC_L2_v1.9.0 IA.L1_3.5.1 CMMC_L2_v1.9.0_IA.L1_3.5.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L1 3.5.1 Identification Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CMMC_L2_v1.9.0 IA.L1_3.5.1 CMMC_L2_v1.9.0_IA.L1_3.5.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L1 3.5.1 Identification Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage CMMC_L2_v1.9.0 IA.L1_3.5.1 CMMC_L2_v1.9.0_IA.L1_3.5.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L1 3.5.1 Identification Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center CMMC_L2_v1.9.0 IA.L1_3.5.1 CMMC_L2_v1.9.0_IA.L1_3.5.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L1 3.5.1 Identification Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration CMMC_L2_v1.9.0 IA.L2_3.5.10 CMMC_L2_v1.9.0_IA.L2_3.5.10 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L2 3.5.10 Cryptographically Protected Passwords Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service CMMC_L2_v1.9.0 IA.L2_3.5.10 CMMC_L2_v1.9.0_IA.L2_3.5.10 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L2 3.5.10 Cryptographically Protected Passwords Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network CMMC_L2_v1.9.0 IA.L2_3.5.3 CMMC_L2_v1.9.0_IA.L2_3.5.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L2 3.5.3 Multifactor Authentication Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CMMC_L2_v1.9.0 IA.L2_3.5.7 CMMC_L2_v1.9.0_IA.L2_3.5.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L2 3.5.7 Password Complexity Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CMMC_L2_v1.9.0 IA.L2_3.5.7 CMMC_L2_v1.9.0_IA.L2_3.5.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L2 3.5.7 Password Complexity Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CMMC_L2_v1.9.0 IA.L2_3.5.7 CMMC_L2_v1.9.0_IA.L2_3.5.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L2 3.5.7 Password Complexity Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration CMMC_L2_v1.9.0 IA.L2_3.5.7 CMMC_L2_v1.9.0_IA.L2_3.5.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L2 3.5.7 Password Complexity Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL CMMC_L2_v1.9.0 IA.L2_3.5.7 CMMC_L2_v1.9.0_IA.L2_3.5.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L2 3.5.7 Password Complexity Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service CMMC_L2_v1.9.0 IA.L2_3.5.7 CMMC_L2_v1.9.0_IA.L2_3.5.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L2 3.5.7 Password Complexity Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service CMMC_L2_v1.9.0 IA.L2_3.5.9 CMMC_L2_v1.9.0_IA.L2_3.5.9 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L2 3.5.9 Temporary Passwords Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration CMMC_L2_v1.9.0 IA.L2_3.5.9 CMMC_L2_v1.9.0_IA.L2_3.5.9 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L2 3.5.9 Temporary Passwords Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CMMC_L2_v1.9.0 IR.L2_3.6.1 CMMC_L2_v1.9.0_IR.L2_3.6.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IR.L2 3.6.1 Incident Handling Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CMMC_L2_v1.9.0 IR.L2_3.6.1 CMMC_L2_v1.9.0_IR.L2_3.6.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IR.L2 3.6.1 Incident Handling Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network CMMC_L2_v1.9.0 MA.L2_3.7.5 CMMC_L2_v1.9.0_MA.L2_3.7.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 MA.L2 3.7.5 Nonlocal Maintenance Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault CMMC_L2_v1.9.0 MP.L1_3.8.3 CMMC_L2_v1.9.0_MP.L1_3.8.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 MP.L1 3.8.3 Media Disposal Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services CMMC_L2_v1.9.0 MP.L2_3.8.6 CMMC_L2_v1.9.0_MP.L2_3.8.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 MP.L2 3.8.6 Portable Storage Encryption Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage CMMC_L2_v1.9.0 MP.L2_3.8.6 CMMC_L2_v1.9.0_MP.L2_3.8.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 MP.L2 3.8.6 Portable Storage Encryption Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute CMMC_L2_v1.9.0 MP.L2_3.8.6 CMMC_L2_v1.9.0_MP.L2_3.8.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 MP.L2 3.8.6 Portable Storage Encryption Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute CMMC_L2_v1.9.0 MP.L2_3.8.6 CMMC_L2_v1.9.0_MP.L2_3.8.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 MP.L2 3.8.6 Portable Storage Encryption Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration CMMC_L2_v1.9.0 MP.L2_3.8.6 CMMC_L2_v1.9.0_MP.L2_3.8.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 MP.L2 3.8.6 Portable Storage Encryption Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring CMMC_L2_v1.9.0 MP.L2_3.8.6 CMMC_L2_v1.9.0_MP.L2_3.8.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 MP.L2 3.8.6 Portable Storage Encryption Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration CMMC_L2_v1.9.0 MP.L2_3.8.6 CMMC_L2_v1.9.0_MP.L2_3.8.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 MP.L2 3.8.6 Portable Storage Encryption Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer CMMC_L2_v1.9.0 MP.L2_3.8.6 CMMC_L2_v1.9.0_MP.L2_3.8.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 MP.L2 3.8.6 Portable Storage Encryption Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things CMMC_L2_v1.9.0 MP.L2_3.8.6 CMMC_L2_v1.9.0_MP.L2_3.8.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 MP.L2 3.8.6 Portable Storage Encryption Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL CMMC_L2_v1.9.0 MP.L2_3.8.9 CMMC_L2_v1.9.0_MP.L2_3.8.9 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 MP.L2 3.8.9 Protect Backups Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL CMMC_L2_v1.9.0 MP.L2_3.8.9 CMMC_L2_v1.9.0_MP.L2_3.8.9 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 MP.L2 3.8.9 Protect Backups Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL CMMC_L2_v1.9.0 MP.L2_3.8.9 CMMC_L2_v1.9.0_MP.L2_3.8.9 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 MP.L2 3.8.9 Protect Backups Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup CMMC_L2_v1.9.0 PE.L2_3.10.6 CMMC_L2_v1.9.0_PE.L2_3.10.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 PE.L2 3.10.6 Alternative Work Sites Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CMMC_L2_v1.9.0 PE.L2_3.10.6 CMMC_L2_v1.9.0_PE.L2_3.10.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 PE.L2 3.10.6 Alternative Work Sites Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration CMMC_L2_v1.9.0 PE.L2_3.10.6 CMMC_L2_v1.9.0_PE.L2_3.10.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 PE.L2 3.10.6 Alternative Work Sites Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network CMMC_L2_v1.9.0 PE.L2_3.10.6 CMMC_L2_v1.9.0_PE.L2_3.10.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 PE.L2 3.10.6 Alternative Work Sites Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services CMMC_L2_v1.9.0 PE.L2_3.10.6 CMMC_L2_v1.9.0_PE.L2_3.10.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 PE.L2 3.10.6 Alternative Work Sites Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage CMMC_L2_v1.9.0 PE.L2_3.10.6 CMMC_L2_v1.9.0_PE.L2_3.10.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 PE.L2 3.10.6 Alternative Work Sites Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration CMMC_L2_v1.9.0 PE.L2_3.10.6 CMMC_L2_v1.9.0_PE.L2_3.10.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 PE.L2 3.10.6 Alternative Work Sites Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CMMC_L2_v1.9.0 PE.L2_3.10.6 CMMC_L2_v1.9.0_PE.L2_3.10.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 PE.L2 3.10.6 Alternative Work Sites Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network CMMC_L2_v1.9.0 PE.L2_3.10.6 CMMC_L2_v1.9.0_PE.L2_3.10.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 PE.L2 3.10.6 Alternative Work Sites Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery CMMC_L2_v1.9.0 PE.L2_3.10.6 CMMC_L2_v1.9.0_PE.L2_3.10.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 PE.L2 3.10.6 Alternative Work Sites Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL CMMC_L2_v1.9.0 PE.L2_3.10.6 CMMC_L2_v1.9.0_PE.L2_3.10.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 PE.L2 3.10.6 Alternative Work Sites Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CMMC_L2_v1.9.0 PS.L2_3.9.2 CMMC_L2_v1.9.0_PS.L2_3.9.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 PS.L2 3.9.2 Personnel Actions Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CMMC_L2_v1.9.0 PS.L2_3.9.2 CMMC_L2_v1.9.0_PS.L2_3.9.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 PS.L2 3.9.2 Personnel Actions Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CMMC_L2_v1.9.0 PS.L2_3.9.2 CMMC_L2_v1.9.0_PS.L2_3.9.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 PS.L2 3.9.2 Personnel Actions Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CMMC_L2_v1.9.0 PS.L2_3.9.2 CMMC_L2_v1.9.0_PS.L2_3.9.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 PS.L2 3.9.2 Personnel Actions Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage CMMC_L2_v1.9.0 PS.L2_3.9.2 CMMC_L2_v1.9.0_PS.L2_3.9.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 PS.L2 3.9.2 Personnel Actions Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration CMMC_L2_v1.9.0 PS.L2_3.9.2 CMMC_L2_v1.9.0_PS.L2_3.9.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 PS.L2 3.9.2 Personnel Actions Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CMMC_L2_v1.9.0 PS.L2_3.9.2 CMMC_L2_v1.9.0_PS.L2_3.9.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 PS.L2 3.9.2 Personnel Actions Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration CMMC_L2_v1.9.0 PS.L2_3.9.2 CMMC_L2_v1.9.0_PS.L2_3.9.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 PS.L2 3.9.2 Personnel Actions Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CMMC_L2_v1.9.0 PS.L2_3.9.2 CMMC_L2_v1.9.0_PS.L2_3.9.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 PS.L2 3.9.2 Personnel Actions Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center CMMC_L2_v1.9.0 PS.L2_3.9.2 CMMC_L2_v1.9.0_PS.L2_3.9.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 PS.L2 3.9.2 Personnel Actions Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration CMMC_L2_v1.9.0 PS.L2_3.9.2 CMMC_L2_v1.9.0_PS.L2_3.9.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 PS.L2 3.9.2 Personnel Actions Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL CMMC_L2_v1.9.0 PS.L2_3.9.2 CMMC_L2_v1.9.0_PS.L2_3.9.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 PS.L2 3.9.2 Personnel Actions Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CMMC_L2_v1.9.0 PS.L2_3.9.2 CMMC_L2_v1.9.0_PS.L2_3.9.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 PS.L2 3.9.2 Personnel Actions Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub CMMC_L2_v1.9.0 PS.L2_3.9.2 CMMC_L2_v1.9.0_PS.L2_3.9.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 PS.L2 3.9.2 Personnel Actions Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault CMMC_L2_v1.9.0 PS.L2_3.9.2 CMMC_L2_v1.9.0_PS.L2_3.9.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 PS.L2 3.9.2 Personnel Actions Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning CMMC_L2_v1.9.0 PS.L2_3.9.2 CMMC_L2_v1.9.0_PS.L2_3.9.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 PS.L2 3.9.2 Personnel Actions Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CMMC_L2_v1.9.0 PS.L2_3.9.2 CMMC_L2_v1.9.0_PS.L2_3.9.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 PS.L2 3.9.2 Personnel Actions Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CMMC_L2_v1.9.0 RA.L2_3.11.2 CMMC_L2_v1.9.0_RA.L2_3.11.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 RA.L2 3.11.2 Vulnerability Scan Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center CMMC_L2_v1.9.0 RA.L2_3.11.2 CMMC_L2_v1.9.0_RA.L2_3.11.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 RA.L2 3.11.2 Vulnerability Scan Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center CMMC_L2_v1.9.0 RA.L2_3.11.2 CMMC_L2_v1.9.0_RA.L2_3.11.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 RA.L2 3.11.2 Vulnerability Scan Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_L2_v1.9.0 RA.L2_3.11.2 CMMC_L2_v1.9.0_RA.L2_3.11.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 RA.L2 3.11.2 Vulnerability Scan Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center CMMC_L2_v1.9.0 RA.L2_3.11.2 CMMC_L2_v1.9.0_RA.L2_3.11.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 RA.L2 3.11.2 Vulnerability Scan Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CMMC_L2_v1.9.0 RA.L2_3.11.2 CMMC_L2_v1.9.0_RA.L2_3.11.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 RA.L2 3.11.2 Vulnerability Scan Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_L2_v1.9.0 RA.L2_3.11.2 CMMC_L2_v1.9.0_RA.L2_3.11.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 RA.L2 3.11.2 Vulnerability Scan Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CMMC_L2_v1.9.0 RA.L2_3.11.2 CMMC_L2_v1.9.0_RA.L2_3.11.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 RA.L2 3.11.2 Vulnerability Scan Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center CMMC_L2_v1.9.0 RA.L2_3.11.2 CMMC_L2_v1.9.0_RA.L2_3.11.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 RA.L2 3.11.2 Vulnerability Scan Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CMMC_L2_v1.9.0 RA.L2_3.11.2 CMMC_L2_v1.9.0_RA.L2_3.11.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 RA.L2 3.11.2 Vulnerability Scan Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center CMMC_L2_v1.9.0 RA.L2_3.11.2 CMMC_L2_v1.9.0_RA.L2_3.11.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 RA.L2 3.11.2 Vulnerability Scan Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CMMC_L2_v1.9.0 RA.L2_3.11.2 CMMC_L2_v1.9.0_RA.L2_3.11.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 RA.L2 3.11.2 Vulnerability Scan Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CMMC_L2_v1.9.0 RA.L2_3.11.2 CMMC_L2_v1.9.0_RA.L2_3.11.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 RA.L2 3.11.2 Vulnerability Scan Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CMMC_L2_v1.9.0 RA.L2_3.11.2 CMMC_L2_v1.9.0_RA.L2_3.11.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 RA.L2 3.11.2 Vulnerability Scan Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CMMC_L2_v1.9.0 RA.L2_3.11.3 CMMC_L2_v1.9.0_RA.L2_3.11.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 RA.L2 3.11.3 Vulnerability Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center CMMC_L2_v1.9.0 RA.L2_3.11.3 CMMC_L2_v1.9.0_RA.L2_3.11.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 RA.L2 3.11.3 Vulnerability Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_L2_v1.9.0 RA.L2_3.11.3 CMMC_L2_v1.9.0_RA.L2_3.11.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 RA.L2 3.11.3 Vulnerability Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CMMC_L2_v1.9.0 RA.L2_3.11.3 CMMC_L2_v1.9.0_RA.L2_3.11.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 RA.L2 3.11.3 Vulnerability Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CMMC_L2_v1.9.0 RA.L2_3.11.3 CMMC_L2_v1.9.0_RA.L2_3.11.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 RA.L2 3.11.3 Vulnerability Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center CMMC_L2_v1.9.0 RA.L2_3.11.3 CMMC_L2_v1.9.0_RA.L2_3.11.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 RA.L2 3.11.3 Vulnerability Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CMMC_L2_v1.9.0 RA.L2_3.11.3 CMMC_L2_v1.9.0_RA.L2_3.11.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 RA.L2 3.11.3 Vulnerability Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center CMMC_L2_v1.9.0 RA.L2_3.11.3 CMMC_L2_v1.9.0_RA.L2_3.11.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 RA.L2 3.11.3 Vulnerability Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes CMMC_L2_v1.9.0 RA.L2_3.11.3 CMMC_L2_v1.9.0_RA.L2_3.11.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 RA.L2 3.11.3 Vulnerability Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CMMC_L2_v1.9.0 RA.L2_3.11.3 CMMC_L2_v1.9.0_RA.L2_3.11.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 RA.L2 3.11.3 Vulnerability Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center CMMC_L2_v1.9.0 RA.L2_3.11.3 CMMC_L2_v1.9.0_RA.L2_3.11.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 RA.L2 3.11.3 Vulnerability Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_L2_v1.9.0 RA.L2_3.11.3 CMMC_L2_v1.9.0_RA.L2_3.11.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 RA.L2 3.11.3 Vulnerability Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center CMMC_L2_v1.9.0 RA.L2_3.11.3 CMMC_L2_v1.9.0_RA.L2_3.11.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 RA.L2 3.11.3 Vulnerability Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CMMC_L2_v1.9.0 RA.L2_3.11.3 CMMC_L2_v1.9.0_RA.L2_3.11.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 RA.L2 3.11.3 Vulnerability Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CMMC_L2_v1.9.0 SC.L1_3.13.1 CMMC_L2_v1.9.0_SC.L1_3.13.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.1 Boundary Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup CMMC_L2_v1.9.0 SC.L1_3.13.5 CMMC_L2_v1.9.0_SC.L1_3.13.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L1 3.13.5 Public Access System Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration CMMC_L2_v1.9.0 SC.L2_3.13.10 CMMC_L2_v1.9.0_SC.L2_3.13.10 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.10 Key Management Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics CMMC_L2_v1.9.0 SC.L2_3.13.10 CMMC_L2_v1.9.0_SC.L2_3.13.10 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.10 Key Management Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute CMMC_L2_v1.9.0 SC.L2_3.13.10 CMMC_L2_v1.9.0_SC.L2_3.13.10 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.10 Key Management Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute CMMC_L2_v1.9.0 SC.L2_3.13.10 CMMC_L2_v1.9.0_SC.L2_3.13.10 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.10 Key Management Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CMMC_L2_v1.9.0 SC.L2_3.13.10 CMMC_L2_v1.9.0_SC.L2_3.13.10 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.10 Key Management Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CMMC_L2_v1.9.0 SC.L2_3.13.10 CMMC_L2_v1.9.0_SC.L2_3.13.10 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.10 Key Management Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault CMMC_L2_v1.9.0 SC.L2_3.13.10 CMMC_L2_v1.9.0_SC.L2_3.13.10 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.10 Key Management Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage CMMC_L2_v1.9.0 SC.L2_3.13.10 CMMC_L2_v1.9.0_SC.L2_3.13.10 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.10 Key Management Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance CMMC_L2_v1.9.0 SC.L2_3.13.10 CMMC_L2_v1.9.0_SC.L2_3.13.10 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.10 Key Management Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation CMMC_L2_v1.9.0 SC.L2_3.13.10 CMMC_L2_v1.9.0_SC.L2_3.13.10 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.10 Key Management Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things CMMC_L2_v1.9.0 SC.L2_3.13.10 CMMC_L2_v1.9.0_SC.L2_3.13.10 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.10 Key Management Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CMMC_L2_v1.9.0 SC.L2_3.13.10 CMMC_L2_v1.9.0_SC.L2_3.13.10 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.10 Key Management Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CMMC_L2_v1.9.0 SC.L2_3.13.10 CMMC_L2_v1.9.0_SC.L2_3.13.10 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.10 Key Management Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CMMC_L2_v1.9.0 SC.L2_3.13.10 CMMC_L2_v1.9.0_SC.L2_3.13.10 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.10 Key Management Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer CMMC_L2_v1.9.0 SC.L2_3.13.11 CMMC_L2_v1.9.0_SC.L2_3.13.11 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.11 CUI Encryption Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute CMMC_L2_v1.9.0 SC.L2_3.13.11 CMMC_L2_v1.9.0_SC.L2_3.13.11 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.11 CUI Encryption Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault CMMC_L2_v1.9.0 SC.L2_3.13.11 CMMC_L2_v1.9.0_SC.L2_3.13.11 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.11 CUI Encryption Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault CMMC_L2_v1.9.0 SC.L2_3.13.11 CMMC_L2_v1.9.0_SC.L2_3.13.11 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.11 CUI Encryption Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center CMMC_L2_v1.9.0 SC.L2_3.13.11 CMMC_L2_v1.9.0_SC.L2_3.13.11 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.11 CUI Encryption Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL CMMC_L2_v1.9.0 SC.L2_3.13.11 CMMC_L2_v1.9.0_SC.L2_3.13.11 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.11 CUI Encryption Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance CMMC_L2_v1.9.0 SC.L2_3.13.11 CMMC_L2_v1.9.0_SC.L2_3.13.11 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.11 CUI Encryption Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute CMMC_L2_v1.9.0 SC.L2_3.13.11 CMMC_L2_v1.9.0_SC.L2_3.13.11 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.11 CUI Encryption Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL CMMC_L2_v1.9.0 SC.L2_3.13.11 CMMC_L2_v1.9.0_SC.L2_3.13.11 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.11 CUI Encryption Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration CMMC_L2_v1.9.0 SC.L2_3.13.11 CMMC_L2_v1.9.0_SC.L2_3.13.11 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.11 CUI Encryption Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics CMMC_L2_v1.9.0 SC.L2_3.13.11 CMMC_L2_v1.9.0_SC.L2_3.13.11 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.11 CUI Encryption Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CMMC_L2_v1.9.0 SC.L2_3.13.11 CMMC_L2_v1.9.0_SC.L2_3.13.11 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.11 CUI Encryption Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer CMMC_L2_v1.9.0 SC.L2_3.13.11 CMMC_L2_v1.9.0_SC.L2_3.13.11 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.11 CUI Encryption Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CMMC_L2_v1.9.0 SC.L2_3.13.11 CMMC_L2_v1.9.0_SC.L2_3.13.11 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.11 CUI Encryption Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration CMMC_L2_v1.9.0 SC.L2_3.13.11 CMMC_L2_v1.9.0_SC.L2_3.13.11 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.11 CUI Encryption Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL CMMC_L2_v1.9.0 SC.L2_3.13.11 CMMC_L2_v1.9.0_SC.L2_3.13.11 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.11 CUI Encryption Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration CMMC_L2_v1.9.0 SC.L2_3.13.11 CMMC_L2_v1.9.0_SC.L2_3.13.11 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.11 CUI Encryption Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CMMC_L2_v1.9.0 SC.L2_3.13.11 CMMC_L2_v1.9.0_SC.L2_3.13.11 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.11 CUI Encryption Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation CMMC_L2_v1.9.0 SC.L2_3.13.11 CMMC_L2_v1.9.0_SC.L2_3.13.11 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.11 CUI Encryption Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CMMC_L2_v1.9.0 SC.L2_3.13.15 CMMC_L2_v1.9.0_SC.L2_3.13.15 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.15 Communications Authenticity Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CMMC_L2_v1.9.0 SC.L2_3.13.15 CMMC_L2_v1.9.0_SC.L2_3.13.15 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.15 Communications Authenticity Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes CMMC_L2_v1.9.0 SC.L2_3.13.3 CMMC_L2_v1.9.0_SC.L2_3.13.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.3 Role Separation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration CMMC_L2_v1.9.0 SC.L2_3.13.6 CMMC_L2_v1.9.0_SC.L2_3.13.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.6 Network Communication by Exception Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL CMMC_L2_v1.9.0 SC.L2_3.13.6 CMMC_L2_v1.9.0_SC.L2_3.13.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.6 Network Communication by Exception Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center CMMC_L2_v1.9.0 SC.L2_3.13.6 CMMC_L2_v1.9.0_SC.L2_3.13.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.6 Network Communication by Exception Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB CMMC_L2_v1.9.0 SC.L2_3.13.6 CMMC_L2_v1.9.0_SC.L2_3.13.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.6 Network Communication by Exception Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring CMMC_L2_v1.9.0 SC.L2_3.13.7 CMMC_L2_v1.9.0_SC.L2_3.13.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.7 Split Tunneling Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
f1776c76-f58c-4245-a8d0-2b207198dc8b Virtual networks should use specified virtual network gateway Network CMMC_L2_v1.9.0 SC.L2_3.13.7 CMMC_L2_v1.9.0_SC.L2_3.13.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.7 Split Tunneling Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning CMMC_L2_v1.9.0 SC.L2_3.13.7 CMMC_L2_v1.9.0_SC.L2_3.13.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.7 Split Tunneling Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network CMMC_L2_v1.9.0 SC.L2_3.13.7 CMMC_L2_v1.9.0_SC.L2_3.13.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.7 Split Tunneling Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CMMC_L2_v1.9.0 SC.L2_3.13.7 CMMC_L2_v1.9.0_SC.L2_3.13.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.7 Split Tunneling Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CMMC_L2_v1.9.0 SC.L2_3.13.7 CMMC_L2_v1.9.0_SC.L2_3.13.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.7 Split Tunneling Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CMMC_L2_v1.9.0 SC.L2_3.13.7 CMMC_L2_v1.9.0_SC.L2_3.13.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.7 Split Tunneling Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CMMC_L2_v1.9.0 SC.L2_3.13.7 CMMC_L2_v1.9.0_SC.L2_3.13.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.7 Split Tunneling Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch CMMC_L2_v1.9.0 SC.L2_3.13.7 CMMC_L2_v1.9.0_SC.L2_3.13.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.7 Split Tunneling Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL CMMC_L2_v1.9.0 SC.L2_3.13.7 CMMC_L2_v1.9.0_SC.L2_3.13.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.7 Split Tunneling Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management CMMC_L2_v1.9.0 SC.L2_3.13.7 CMMC_L2_v1.9.0_SC.L2_3.13.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.7 Split Tunneling Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute CMMC_L2_v1.9.0 SC.L2_3.13.7 CMMC_L2_v1.9.0_SC.L2_3.13.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.7 Split Tunneling Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CMMC_L2_v1.9.0 SC.L2_3.13.7 CMMC_L2_v1.9.0_SC.L2_3.13.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.7 Split Tunneling Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry CMMC_L2_v1.9.0 SC.L2_3.13.7 CMMC_L2_v1.9.0_SC.L2_3.13.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.7 Split Tunneling Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration CMMC_L2_v1.9.0 SC.L2_3.13.7 CMMC_L2_v1.9.0_SC.L2_3.13.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.7 Split Tunneling Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CMMC_L2_v1.9.0 SC.L2_3.13.7 CMMC_L2_v1.9.0_SC.L2_3.13.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.7 Split Tunneling Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
35f9c03a-cc27-418e-9c0c-539ff999d010 Gateway subnets should not be configured with a network security group Network CMMC_L2_v1.9.0 SC.L2_3.13.7 CMMC_L2_v1.9.0_SC.L2_3.13.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.7 Split Tunneling Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB CMMC_L2_v1.9.0 SC.L2_3.13.7 CMMC_L2_v1.9.0_SC.L2_3.13.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.7 Split Tunneling Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring CMMC_L2_v1.9.0 SC.L2_3.13.7 CMMC_L2_v1.9.0_SC.L2_3.13.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.7 Split Tunneling Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CMMC_L2_v1.9.0 SC.L2_3.13.7 CMMC_L2_v1.9.0_SC.L2_3.13.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.7 Split Tunneling Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CMMC_L2_v1.9.0 SC.L2_3.13.7 CMMC_L2_v1.9.0_SC.L2_3.13.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.7 Split Tunneling Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network CMMC_L2_v1.9.0 SC.L2_3.13.7 CMMC_L2_v1.9.0_SC.L2_3.13.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.7 Split Tunneling Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL CMMC_L2_v1.9.0 SC.L2_3.13.7 CMMC_L2_v1.9.0_SC.L2_3.13.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.7 Split Tunneling Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service CMMC_L2_v1.9.0 SC.L2_3.13.8 CMMC_L2_v1.9.0_SC.L2_3.13.8 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.8 Data in Transit Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration CMMC_L2_v1.9.0 SC.L2_3.13.8 CMMC_L2_v1.9.0_SC.L2_3.13.8 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.8 Data in Transit Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse CMMC_L2_v1.9.0 SI.L1_3.14.1 CMMC_L2_v1.9.0_SI.L1_3.14.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.1 Flaw Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CMMC_L2_v1.9.0 SI.L1_3.14.1 CMMC_L2_v1.9.0_SI.L1_3.14.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.1 Flaw Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CMMC_L2_v1.9.0 SI.L1_3.14.1 CMMC_L2_v1.9.0_SI.L1_3.14.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.1 Flaw Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center CMMC_L2_v1.9.0 SI.L1_3.14.1 CMMC_L2_v1.9.0_SI.L1_3.14.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.1 Flaw Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute CMMC_L2_v1.9.0 SI.L1_3.14.1 CMMC_L2_v1.9.0_SI.L1_3.14.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.1 Flaw Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center CMMC_L2_v1.9.0 SI.L1_3.14.1 CMMC_L2_v1.9.0_SI.L1_3.14.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.1 Flaw Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning CMMC_L2_v1.9.0 SI.L1_3.14.1 CMMC_L2_v1.9.0_SI.L1_3.14.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.1 Flaw Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center CMMC_L2_v1.9.0 SI.L1_3.14.1 CMMC_L2_v1.9.0_SI.L1_3.14.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.1 Flaw Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CMMC_L2_v1.9.0 SI.L1_3.14.1 CMMC_L2_v1.9.0_SI.L1_3.14.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.1 Flaw Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center CMMC_L2_v1.9.0 SI.L1_3.14.1 CMMC_L2_v1.9.0_SI.L1_3.14.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.1 Flaw Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CMMC_L2_v1.9.0 SI.L1_3.14.1 CMMC_L2_v1.9.0_SI.L1_3.14.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.1 Flaw Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CMMC_L2_v1.9.0 SI.L1_3.14.1 CMMC_L2_v1.9.0_SI.L1_3.14.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.1 Flaw Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CMMC_L2_v1.9.0 SI.L1_3.14.1 CMMC_L2_v1.9.0_SI.L1_3.14.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.1 Flaw Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CMMC_L2_v1.9.0 SI.L1_3.14.1 CMMC_L2_v1.9.0_SI.L1_3.14.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.1 Flaw Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CMMC_L2_v1.9.0 SI.L1_3.14.1 CMMC_L2_v1.9.0_SI.L1_3.14.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.1 Flaw Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CMMC_L2_v1.9.0 SI.L1_3.14.1 CMMC_L2_v1.9.0_SI.L1_3.14.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.1 Flaw Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center CMMC_L2_v1.9.0 SI.L1_3.14.1 CMMC_L2_v1.9.0_SI.L1_3.14.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.1 Flaw Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CMMC_L2_v1.9.0 SI.L1_3.14.1 CMMC_L2_v1.9.0_SI.L1_3.14.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.1 Flaw Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_L2_v1.9.0 SI.L1_3.14.1 CMMC_L2_v1.9.0_SI.L1_3.14.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.1 Flaw Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CMMC_L2_v1.9.0 SI.L1_3.14.1 CMMC_L2_v1.9.0_SI.L1_3.14.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.1 Flaw Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center CMMC_L2_v1.9.0 SI.L1_3.14.1 CMMC_L2_v1.9.0_SI.L1_3.14.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.1 Flaw Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center CMMC_L2_v1.9.0 SI.L1_3.14.1 CMMC_L2_v1.9.0_SI.L1_3.14.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.1 Flaw Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager CMMC_L2_v1.9.0 SI.L1_3.14.1 CMMC_L2_v1.9.0_SI.L1_3.14.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.1 Flaw Remediation Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_L2_v1.9.0 SI.L1_3.14.2 CMMC_L2_v1.9.0_SI.L1_3.14.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.2 Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CMMC_L2_v1.9.0 SI.L1_3.14.2 CMMC_L2_v1.9.0_SI.L1_3.14.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.2 Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute CMMC_L2_v1.9.0 SI.L1_3.14.2 CMMC_L2_v1.9.0_SI.L1_3.14.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.2 Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CMMC_L2_v1.9.0 SI.L1_3.14.2 CMMC_L2_v1.9.0_SI.L1_3.14.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.2 Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CMMC_L2_v1.9.0 SI.L1_3.14.2 CMMC_L2_v1.9.0_SI.L1_3.14.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.2 Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_L2_v1.9.0 SI.L1_3.14.2 CMMC_L2_v1.9.0_SI.L1_3.14.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.2 Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CMMC_L2_v1.9.0 SI.L1_3.14.2 CMMC_L2_v1.9.0_SI.L1_3.14.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.2 Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_L2_v1.9.0 SI.L1_3.14.2 CMMC_L2_v1.9.0_SI.L1_3.14.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.2 Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes CMMC_L2_v1.9.0 SI.L1_3.14.2 CMMC_L2_v1.9.0_SI.L1_3.14.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.2 Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CMMC_L2_v1.9.0 SI.L1_3.14.2 CMMC_L2_v1.9.0_SI.L1_3.14.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.2 Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_L2_v1.9.0 SI.L1_3.14.2 CMMC_L2_v1.9.0_SI.L1_3.14.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.2 Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_L2_v1.9.0 SI.L1_3.14.2 CMMC_L2_v1.9.0_SI.L1_3.14.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.2 Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute CMMC_L2_v1.9.0 SI.L1_3.14.2 CMMC_L2_v1.9.0_SI.L1_3.14.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.2 Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CMMC_L2_v1.9.0 SI.L1_3.14.2 CMMC_L2_v1.9.0_SI.L1_3.14.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.2 Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CMMC_L2_v1.9.0 SI.L1_3.14.2 CMMC_L2_v1.9.0_SI.L1_3.14.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.2 Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_L2_v1.9.0 SI.L1_3.14.2 CMMC_L2_v1.9.0_SI.L1_3.14.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.2 Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center CMMC_L2_v1.9.0 SI.L1_3.14.2 CMMC_L2_v1.9.0_SI.L1_3.14.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.2 Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_L2_v1.9.0 SI.L1_3.14.2 CMMC_L2_v1.9.0_SI.L1_3.14.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.2 Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CMMC_L2_v1.9.0 SI.L1_3.14.2 CMMC_L2_v1.9.0_SI.L1_3.14.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.2 Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute CMMC_L2_v1.9.0 SI.L1_3.14.4 CMMC_L2_v1.9.0_SI.L1_3.14.4 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.4 Update Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CMMC_L2_v1.9.0 SI.L1_3.14.4 CMMC_L2_v1.9.0_SI.L1_3.14.4 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.4 Update Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_L2_v1.9.0 SI.L1_3.14.4 CMMC_L2_v1.9.0_SI.L1_3.14.4 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.4 Update Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute CMMC_L2_v1.9.0 SI.L1_3.14.4 CMMC_L2_v1.9.0_SI.L1_3.14.4 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.4 Update Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CMMC_L2_v1.9.0 SI.L1_3.14.4 CMMC_L2_v1.9.0_SI.L1_3.14.4 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.4 Update Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_L2_v1.9.0 SI.L1_3.14.4 CMMC_L2_v1.9.0_SI.L1_3.14.4 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.4 Update Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes CMMC_L2_v1.9.0 SI.L1_3.14.4 CMMC_L2_v1.9.0_SI.L1_3.14.4 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.4 Update Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CMMC_L2_v1.9.0 SI.L1_3.14.4 CMMC_L2_v1.9.0_SI.L1_3.14.4 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.4 Update Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_L2_v1.9.0 SI.L1_3.14.4 CMMC_L2_v1.9.0_SI.L1_3.14.4 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.4 Update Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_L2_v1.9.0 SI.L1_3.14.4 CMMC_L2_v1.9.0_SI.L1_3.14.4 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.4 Update Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CMMC_L2_v1.9.0 SI.L1_3.14.4 CMMC_L2_v1.9.0_SI.L1_3.14.4 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.4 Update Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_L2_v1.9.0 SI.L1_3.14.4 CMMC_L2_v1.9.0_SI.L1_3.14.4 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.4 Update Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CMMC_L2_v1.9.0 SI.L1_3.14.4 CMMC_L2_v1.9.0_SI.L1_3.14.4 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.4 Update Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_L2_v1.9.0 SI.L1_3.14.4 CMMC_L2_v1.9.0_SI.L1_3.14.4 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.4 Update Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center CMMC_L2_v1.9.0 SI.L1_3.14.4 CMMC_L2_v1.9.0_SI.L1_3.14.4 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.4 Update Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CMMC_L2_v1.9.0 SI.L1_3.14.4 CMMC_L2_v1.9.0_SI.L1_3.14.4 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.4 Update Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_L2_v1.9.0 SI.L1_3.14.4 CMMC_L2_v1.9.0_SI.L1_3.14.4 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.4 Update Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CMMC_L2_v1.9.0 SI.L1_3.14.4 CMMC_L2_v1.9.0_SI.L1_3.14.4 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.4 Update Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CMMC_L2_v1.9.0 SI.L1_3.14.4 CMMC_L2_v1.9.0_SI.L1_3.14.4 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.4 Update Malicious Code Protection Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute CMMC_L2_v1.9.0 SI.L1_3.14.5 CMMC_L2_v1.9.0_SI.L1_3.14.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.5 System & File Scanning Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CMMC_L2_v1.9.0 SI.L1_3.14.5 CMMC_L2_v1.9.0_SI.L1_3.14.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.5 System & File Scanning Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CMMC_L2_v1.9.0 SI.L1_3.14.5 CMMC_L2_v1.9.0_SI.L1_3.14.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.5 System & File Scanning Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_L2_v1.9.0 SI.L1_3.14.5 CMMC_L2_v1.9.0_SI.L1_3.14.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.5 System & File Scanning Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CMMC_L2_v1.9.0 SI.L1_3.14.5 CMMC_L2_v1.9.0_SI.L1_3.14.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.5 System & File Scanning Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center CMMC_L2_v1.9.0 SI.L1_3.14.5 CMMC_L2_v1.9.0_SI.L1_3.14.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.5 System & File Scanning Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CMMC_L2_v1.9.0 SI.L1_3.14.5 CMMC_L2_v1.9.0_SI.L1_3.14.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.5 System & File Scanning Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_L2_v1.9.0 SI.L1_3.14.5 CMMC_L2_v1.9.0_SI.L1_3.14.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.5 System & File Scanning Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_L2_v1.9.0 SI.L1_3.14.5 CMMC_L2_v1.9.0_SI.L1_3.14.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.5 System & File Scanning Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_L2_v1.9.0 SI.L1_3.14.5 CMMC_L2_v1.9.0_SI.L1_3.14.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.5 System & File Scanning Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_L2_v1.9.0 SI.L1_3.14.5 CMMC_L2_v1.9.0_SI.L1_3.14.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.5 System & File Scanning Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_L2_v1.9.0 SI.L1_3.14.5 CMMC_L2_v1.9.0_SI.L1_3.14.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.5 System & File Scanning Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes CMMC_L2_v1.9.0 SI.L1_3.14.5 CMMC_L2_v1.9.0_SI.L1_3.14.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.5 System & File Scanning Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CMMC_L2_v1.9.0 SI.L1_3.14.5 CMMC_L2_v1.9.0_SI.L1_3.14.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.5 System & File Scanning Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CMMC_L2_v1.9.0 SI.L1_3.14.5 CMMC_L2_v1.9.0_SI.L1_3.14.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.5 System & File Scanning Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CMMC_L2_v1.9.0 SI.L1_3.14.5 CMMC_L2_v1.9.0_SI.L1_3.14.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.5 System & File Scanning Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CMMC_L2_v1.9.0 SI.L1_3.14.5 CMMC_L2_v1.9.0_SI.L1_3.14.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.5 System & File Scanning Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_L2_v1.9.0 SI.L1_3.14.5 CMMC_L2_v1.9.0_SI.L1_3.14.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.5 System & File Scanning Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute CMMC_L2_v1.9.0 SI.L1_3.14.5 CMMC_L2_v1.9.0_SI.L1_3.14.5 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.5 System & File Scanning Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CMMC_L2_v1.9.0 SI.L2_3.14.3 CMMC_L2_v1.9.0_SI.L2_3.14.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.3 Security Alerts & Advisories Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CMMC_L2_v1.9.0 SI.L2_3.14.3 CMMC_L2_v1.9.0_SI.L2_3.14.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.3 Security Alerts & Advisories Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CMMC_L2_v1.9.0 SI.L2_3.14.3 CMMC_L2_v1.9.0_SI.L2_3.14.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.3 Security Alerts & Advisories Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CMMC_L2_v1.9.0 SI.L2_3.14.3 CMMC_L2_v1.9.0_SI.L2_3.14.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.3 Security Alerts & Advisories Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CMMC_L2_v1.9.0 SI.L2_3.14.3 CMMC_L2_v1.9.0_SI.L2_3.14.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.3 Security Alerts & Advisories Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CMMC_L2_v1.9.0 SI.L2_3.14.3 CMMC_L2_v1.9.0_SI.L2_3.14.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.3 Security Alerts & Advisories Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center CMMC_L2_v1.9.0 SI.L2_3.14.3 CMMC_L2_v1.9.0_SI.L2_3.14.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.3 Security Alerts & Advisories Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CMMC_L2_v1.9.0 SI.L2_3.14.3 CMMC_L2_v1.9.0_SI.L2_3.14.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.3 Security Alerts & Advisories Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CMMC_L2_v1.9.0 SI.L2_3.14.3 CMMC_L2_v1.9.0_SI.L2_3.14.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.3 Security Alerts & Advisories Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CMMC_L2_v1.9.0 SI.L2_3.14.3 CMMC_L2_v1.9.0_SI.L2_3.14.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.3 Security Alerts & Advisories Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_L2_v1.9.0 SI.L2_3.14.3 CMMC_L2_v1.9.0_SI.L2_3.14.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.3 Security Alerts & Advisories Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CMMC_L2_v1.9.0 SI.L2_3.14.3 CMMC_L2_v1.9.0_SI.L2_3.14.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.3 Security Alerts & Advisories Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CMMC_L2_v1.9.0 SI.L2_3.14.3 CMMC_L2_v1.9.0_SI.L2_3.14.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.3 Security Alerts & Advisories Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CMMC_L2_v1.9.0 SI.L2_3.14.3 CMMC_L2_v1.9.0_SI.L2_3.14.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.3 Security Alerts & Advisories Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network CMMC_L2_v1.9.0 SI.L2_3.14.3 CMMC_L2_v1.9.0_SI.L2_3.14.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.3 Security Alerts & Advisories Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CMMC_L2_v1.9.0 SI.L2_3.14.3 CMMC_L2_v1.9.0_SI.L2_3.14.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.3 Security Alerts & Advisories Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CMMC_L2_v1.9.0 SI.L2_3.14.3 CMMC_L2_v1.9.0_SI.L2_3.14.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.3 Security Alerts & Advisories Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CMMC_L2_v1.9.0 SI.L2_3.14.3 CMMC_L2_v1.9.0_SI.L2_3.14.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.3 Security Alerts & Advisories Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes CMMC_L2_v1.9.0 SI.L2_3.14.3 CMMC_L2_v1.9.0_SI.L2_3.14.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.3 Security Alerts & Advisories Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CMMC_L2_v1.9.0 SI.L2_3.14.6 CMMC_L2_v1.9.0_SI.L2_3.14.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.6 Monitor Communications for Attacks Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CMMC_L2_v1.9.0 SI.L2_3.14.6 CMMC_L2_v1.9.0_SI.L2_3.14.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.6 Monitor Communications for Attacks Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CMMC_L2_v1.9.0 SI.L2_3.14.6 CMMC_L2_v1.9.0_SI.L2_3.14.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.6 Monitor Communications for Attacks Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CMMC_L2_v1.9.0 SI.L2_3.14.6 CMMC_L2_v1.9.0_SI.L2_3.14.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.6 Monitor Communications for Attacks Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CMMC_L2_v1.9.0 SI.L2_3.14.6 CMMC_L2_v1.9.0_SI.L2_3.14.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.6 Monitor Communications for Attacks Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center CMMC_L2_v1.9.0 SI.L2_3.14.6 CMMC_L2_v1.9.0_SI.L2_3.14.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.6 Monitor Communications for Attacks Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CMMC_L2_v1.9.0 SI.L2_3.14.6 CMMC_L2_v1.9.0_SI.L2_3.14.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.6 Monitor Communications for Attacks Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CMMC_L2_v1.9.0 SI.L2_3.14.6 CMMC_L2_v1.9.0_SI.L2_3.14.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.6 Monitor Communications for Attacks Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes CMMC_L2_v1.9.0 SI.L2_3.14.6 CMMC_L2_v1.9.0_SI.L2_3.14.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.6 Monitor Communications for Attacks Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CMMC_L2_v1.9.0 SI.L2_3.14.6 CMMC_L2_v1.9.0_SI.L2_3.14.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.6 Monitor Communications for Attacks Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CMMC_L2_v1.9.0 SI.L2_3.14.6 CMMC_L2_v1.9.0_SI.L2_3.14.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.6 Monitor Communications for Attacks Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CMMC_L2_v1.9.0 SI.L2_3.14.6 CMMC_L2_v1.9.0_SI.L2_3.14.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.6 Monitor Communications for Attacks Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CMMC_L2_v1.9.0 SI.L2_3.14.6 CMMC_L2_v1.9.0_SI.L2_3.14.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.6 Monitor Communications for Attacks Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CMMC_L2_v1.9.0 SI.L2_3.14.6 CMMC_L2_v1.9.0_SI.L2_3.14.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.6 Monitor Communications for Attacks Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network CMMC_L2_v1.9.0 SI.L2_3.14.6 CMMC_L2_v1.9.0_SI.L2_3.14.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.6 Monitor Communications for Attacks Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CMMC_L2_v1.9.0 SI.L2_3.14.6 CMMC_L2_v1.9.0_SI.L2_3.14.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.6 Monitor Communications for Attacks Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CMMC_L2_v1.9.0 SI.L2_3.14.6 CMMC_L2_v1.9.0_SI.L2_3.14.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.6 Monitor Communications for Attacks Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_L2_v1.9.0 SI.L2_3.14.6 CMMC_L2_v1.9.0_SI.L2_3.14.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.6 Monitor Communications for Attacks Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CMMC_L2_v1.9.0 SI.L2_3.14.6 CMMC_L2_v1.9.0_SI.L2_3.14.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.6 Monitor Communications for Attacks Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CMMC_L2_v1.9.0 SI.L2_3.14.7 CMMC_L2_v1.9.0_SI.L2_3.14.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.7 Identify Unauthorized Use Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CMMC_L2_v1.9.0 SI.L2_3.14.7 CMMC_L2_v1.9.0_SI.L2_3.14.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.7 Identify Unauthorized Use Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CMMC_L2_v1.9.0 SI.L2_3.14.7 CMMC_L2_v1.9.0_SI.L2_3.14.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.7 Identify Unauthorized Use Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes CMMC_L2_v1.9.0 SI.L2_3.14.7 CMMC_L2_v1.9.0_SI.L2_3.14.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.7 Identify Unauthorized Use Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CMMC_L2_v1.9.0 SI.L2_3.14.7 CMMC_L2_v1.9.0_SI.L2_3.14.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.7 Identify Unauthorized Use Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CMMC_L2_v1.9.0 SI.L2_3.14.7 CMMC_L2_v1.9.0_SI.L2_3.14.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.7 Identify Unauthorized Use Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CMMC_L2_v1.9.0 SI.L2_3.14.7 CMMC_L2_v1.9.0_SI.L2_3.14.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.7 Identify Unauthorized Use Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CMMC_L2_v1.9.0 SI.L2_3.14.7 CMMC_L2_v1.9.0_SI.L2_3.14.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.7 Identify Unauthorized Use Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CMMC_L2_v1.9.0 SI.L2_3.14.7 CMMC_L2_v1.9.0_SI.L2_3.14.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.7 Identify Unauthorized Use Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CMMC_L2_v1.9.0 SI.L2_3.14.7 CMMC_L2_v1.9.0_SI.L2_3.14.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.7 Identify Unauthorized Use Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CMMC_L2_v1.9.0 SI.L2_3.14.7 CMMC_L2_v1.9.0_SI.L2_3.14.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.7 Identify Unauthorized Use Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CMMC_L2_v1.9.0 SI.L2_3.14.7 CMMC_L2_v1.9.0_SI.L2_3.14.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.7 Identify Unauthorized Use Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center CMMC_L2_v1.9.0 SI.L2_3.14.7 CMMC_L2_v1.9.0_SI.L2_3.14.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.7 Identify Unauthorized Use Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CMMC_L2_v1.9.0 SI.L2_3.14.7 CMMC_L2_v1.9.0_SI.L2_3.14.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.7 Identify Unauthorized Use Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CMMC_L2_v1.9.0 SI.L2_3.14.7 CMMC_L2_v1.9.0_SI.L2_3.14.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.7 Identify Unauthorized Use Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_L2_v1.9.0 SI.L2_3.14.7 CMMC_L2_v1.9.0_SI.L2_3.14.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.7 Identify Unauthorized Use Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CMMC_L2_v1.9.0 SI.L2_3.14.7 CMMC_L2_v1.9.0_SI.L2_3.14.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.7 Identify Unauthorized Use Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CMMC_L2_v1.9.0 SI.L2_3.14.7 CMMC_L2_v1.9.0_SI.L2_3.14.7 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L2 3.14.7 Identify Unauthorized Use Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 (a4087154-2edb-4329-b56a-1cc986807f3c)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center CMMC_L3 AC.1.003 CMMC_L3_AC.1.003 CMMC L3 AC.1.003 Verify and control/limit connections to and use of external information systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network CMMC_L3 AC.1.003 CMMC_L3_AC.1.003 CMMC L3 AC.1.003 Verify and control/limit connections to and use of external information systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center CMMC_L3 AC.2.007 CMMC_L3_AC.2.007 CMMC L3 AC.2.007 Employ the principle of least privilege, including for specific security functions and privileged accounts. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center CMMC_L3 AC.2.007 CMMC_L3_AC.2.007 CMMC L3 AC.2.007 Employ the principle of least privilege, including for specific security functions and privileged accounts. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center CMMC_L3 AC.2.007 CMMC_L3_AC.2.007 CMMC L3 AC.2.007 Employ the principle of least privilege, including for specific security functions and privileged accounts. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CMMC_L3 AC.2.007 CMMC_L3_AC.2.007 CMMC L3 AC.2.007 Employ the principle of least privilege, including for specific security functions and privileged accounts. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration CMMC_L3 AC.2.008 CMMC_L3_AC.2.008 CMMC L3 AC.2.008 Use non-privileged accounts or roles when accessing nonsecurity functions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CMMC_L3 AC.2.008 CMMC_L3_AC.2.008 CMMC L3 AC.2.008 Use non-privileged accounts or roles when accessing nonsecurity functions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CMMC_L3 AC.2.013 CMMC_L3_AC.2.013 CMMC L3 AC.2.013 Monitor and control remote access sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network CMMC_L3 AC.2.013 CMMC_L3_AC.2.013 CMMC L3 AC.2.013 Monitor and control remote access sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_L3 AC.2.013 CMMC_L3_AC.2.013 CMMC L3 AC.2.013 Monitor and control remote access sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration CMMC_L3 AC.2.013 CMMC_L3_AC.2.013 CMMC L3 AC.2.013 Monitor and control remote access sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CMMC_L3 AC.2.013 CMMC_L3_AC.2.013 CMMC L3 AC.2.013 Monitor and control remote access sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CMMC_L3 AC.2.013 CMMC_L3_AC.2.013 CMMC L3 AC.2.013 Monitor and control remote access sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CMMC_L3 AC.2.013 CMMC_L3_AC.2.013 CMMC L3 AC.2.013 Monitor and control remote access sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service CMMC_L3 AC.2.013 CMMC_L3_AC.2.013 CMMC L3 AC.2.013 Monitor and control remote access sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CMMC_L3 AC.2.013 CMMC_L3_AC.2.013 CMMC L3 AC.2.013 Monitor and control remote access sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CMMC_L3 AC.2.013 CMMC_L3_AC.2.013 CMMC L3 AC.2.013 Monitor and control remote access sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CMMC_L3 AC.3.017 CMMC_L3_AC.3.017 CMMC L3 AC.3.017 Separate the duties of individuals to reduce the risk of malevolent activity without collusion. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center CMMC_L3 AC.3.017 CMMC_L3_AC.3.017 CMMC L3 AC.3.017 Separate the duties of individuals to reduce the risk of malevolent activity without collusion. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center CMMC_L3 AC.3.017 CMMC_L3_AC.3.017 CMMC L3 AC.3.017 Separate the duties of individuals to reduce the risk of malevolent activity without collusion. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CMMC_L3 AC.3.017 CMMC_L3_AC.3.017 CMMC L3 AC.3.017 Separate the duties of individuals to reduce the risk of malevolent activity without collusion. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration CMMC_L3 AC.3.018 CMMC_L3_AC.3.018 CMMC L3 AC.3.018 Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CMMC_L3 AC.3.018 CMMC_L3_AC.3.018 CMMC L3 AC.3.018 Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General CMMC_L3 AC.3.018 CMMC_L3_AC.3.018 CMMC L3 AC.3.018 Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CMMC_L3 AC.3.021 CMMC_L3_AC.3.021 CMMC L3 AC.3.021 Authorize remote execution of privileged commands and remote access to security-relevant information. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center CMMC_L3 AC.3.021 CMMC_L3_AC.3.021 CMMC L3 AC.3.021 Authorize remote execution of privileged commands and remote access to security-relevant information. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CMMC_L3 AC.3.021 CMMC_L3_AC.3.021 CMMC L3 AC.3.021 Authorize remote execution of privileged commands and remote access to security-relevant information. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration CMMC_L3 AC.3.021 CMMC_L3_AC.3.021 CMMC L3 AC.3.021 Authorize remote execution of privileged commands and remote access to security-relevant information. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CMMC_L3 AC.3.021 CMMC_L3_AC.3.021 CMMC L3 AC.3.021 Authorize remote execution of privileged commands and remote access to security-relevant information. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration CMMC_L3 AC.3.021 CMMC_L3_AC.3.021 CMMC L3 AC.3.021 Authorize remote execution of privileged commands and remote access to security-relevant information. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CMMC_L3 AC.3.021 CMMC_L3_AC.3.021 CMMC L3 AC.3.021 Authorize remote execution of privileged commands and remote access to security-relevant information. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CMMC_L3 AC.3.021 CMMC_L3_AC.3.021 CMMC L3 AC.3.021 Authorize remote execution of privileged commands and remote access to security-relevant information. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CMMC_L3 AC.3.021 CMMC_L3_AC.3.021 CMMC L3 AC.3.021 Authorize remote execution of privileged commands and remote access to security-relevant information. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CMMC_L3 AC.3.021 CMMC_L3_AC.3.021 CMMC L3 AC.3.021 Authorize remote execution of privileged commands and remote access to security-relevant information. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring CMMC_L3 AU.2.041 CMMC_L3_AU.2.041 CMMC L3 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring CMMC_L3 AU.2.041 CMMC_L3_AU.2.041 CMMC L3 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CMMC_L3 AU.2.041 CMMC_L3_AU.2.041 CMMC L3 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CMMC_L3 AU.2.041 CMMC_L3_AU.2.041 CMMC L3 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CMMC_L3 AU.2.041 CMMC_L3_AU.2.041 CMMC L3 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CMMC_L3 AU.2.041 CMMC_L3_AU.2.041 CMMC L3 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CMMC_L3 AU.2.041 CMMC_L3_AU.2.041 CMMC L3 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_L3 AU.2.041 CMMC_L3_AU.2.041 CMMC L3 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_L3 AU.2.041 CMMC_L3_AU.2.041 CMMC L3 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CMMC_L3 AU.2.041 CMMC_L3_AU.2.041 CMMC L3 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CMMC_L3 AU.2.041 CMMC_L3_AU.2.041 CMMC L3 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CMMC_L3 AU.2.041 CMMC_L3_AU.2.041 CMMC L3 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CMMC_L3 AU.2.041 CMMC_L3_AU.2.041 CMMC L3 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CMMC_L3 AU.2.041 CMMC_L3_AU.2.041 CMMC L3 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring CMMC_L3 AU.2.041 CMMC_L3_AU.2.041 CMMC L3 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CMMC_L3 AU.2.042 CMMC_L3_AU.2.042 CMMC L3 AU.2.042 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CMMC_L3 AU.2.042 CMMC_L3_AU.2.042 CMMC L3 AU.2.042 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring CMMC_L3 AU.2.042 CMMC_L3_AU.2.042 CMMC L3 AU.2.042 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CMMC_L3 AU.2.042 CMMC_L3_AU.2.042 CMMC L3 AU.2.042 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CMMC_L3 AU.2.042 CMMC_L3_AU.2.042 CMMC L3 AU.2.042 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CMMC_L3 AU.2.042 CMMC_L3_AU.2.042 CMMC L3 AU.2.042 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CMMC_L3 AU.2.042 CMMC_L3_AU.2.042 CMMC L3 AU.2.042 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CMMC_L3 AU.2.042 CMMC_L3_AU.2.042 CMMC L3 AU.2.042 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_L3 AU.2.042 CMMC_L3_AU.2.042 CMMC L3 AU.2.042 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_L3 AU.2.042 CMMC_L3_AU.2.042 CMMC L3 AU.2.042 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CMMC_L3 AU.2.042 CMMC_L3_AU.2.042 CMMC L3 AU.2.042 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CMMC_L3 AU.2.042 CMMC_L3_AU.2.042 CMMC L3 AU.2.042 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring CMMC_L3 AU.2.042 CMMC_L3_AU.2.042 CMMC L3 AU.2.042 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring CMMC_L3 AU.2.042 CMMC_L3_AU.2.042 CMMC L3 AU.2.042 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CMMC_L3 AU.2.042 CMMC_L3_AU.2.042 CMMC L3 AU.2.042 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_L3 AU.3.046 CMMC_L3_AU.3.046 CMMC L3 AU.3.046 Alert in the event of an audit logging process failure. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_L3 AU.3.046 CMMC_L3_AU.3.046 CMMC L3 AU.3.046 Alert in the event of an audit logging process failure. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CMMC_L3 AU.3.046 CMMC_L3_AU.3.046 CMMC L3 AU.3.046 Alert in the event of an audit logging process failure. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring CMMC_L3 AU.3.046 CMMC_L3_AU.3.046 CMMC L3 AU.3.046 Alert in the event of an audit logging process failure. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CMMC_L3 AU.3.046 CMMC_L3_AU.3.046 CMMC L3 AU.3.046 Alert in the event of an audit logging process failure. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CMMC_L3 AU.3.046 CMMC_L3_AU.3.046 CMMC L3 AU.3.046 Alert in the event of an audit logging process failure. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CMMC_L3 AU.3.046 CMMC_L3_AU.3.046 CMMC L3 AU.3.046 Alert in the event of an audit logging process failure. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things CMMC_L3 AU.3.048 CMMC_L3_AU.3.048 CMMC L3 AU.3.048 Collect audit information (e.g., logs) into one or more central repositories. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CMMC_L3 AU.3.048 CMMC_L3_AU.3.048 CMMC L3 AU.3.048 Collect audit information (e.g., logs) into one or more central repositories. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CMMC_L3 AU.3.048 CMMC_L3_AU.3.048 CMMC L3 AU.3.048 Collect audit information (e.g., logs) into one or more central repositories. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CMMC_L3 AU.3.048 CMMC_L3_AU.3.048 CMMC L3 AU.3.048 Collect audit information (e.g., logs) into one or more central repositories. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CMMC_L3 AU.3.048 CMMC_L3_AU.3.048 CMMC L3 AU.3.048 Collect audit information (e.g., logs) into one or more central repositories. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CMMC_L3 AU.3.048 CMMC_L3_AU.3.048 CMMC L3 AU.3.048 Collect audit information (e.g., logs) into one or more central repositories. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring CMMC_L3 AU.3.048 CMMC_L3_AU.3.048 CMMC L3 AU.3.048 Collect audit information (e.g., logs) into one or more central repositories. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service CMMC_L3 AU.3.048 CMMC_L3_AU.3.048 CMMC L3 AU.3.048 Collect audit information (e.g., logs) into one or more central repositories. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CMMC_L3 AU.3.049 CMMC_L3_AU.3.049 CMMC L3 AU.3.049 Protect audit information and audit logging tools from unauthorized access, modification, and deletion. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring CMMC_L3 AU.3.049 CMMC_L3_AU.3.049 CMMC L3 AU.3.049 Protect audit information and audit logging tools from unauthorized access, modification, and deletion. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CMMC_L3 CA.2.158 CMMC_L3_CA.2.158 CMMC L3 CA.2.158 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CMMC_L3 CA.2.158 CMMC_L3_CA.2.158 CMMC L3 CA.2.158 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CMMC_L3 CA.2.158 CMMC_L3_CA.2.158 CMMC L3 CA.2.158 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CMMC_L3 CA.2.158 CMMC_L3_CA.2.158 CMMC L3 CA.2.158 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CMMC_L3 CA.2.158 CMMC_L3_CA.2.158 CMMC L3 CA.2.158 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CMMC_L3 CA.2.158 CMMC_L3_CA.2.158 CMMC L3 CA.2.158 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CMMC_L3 CA.3.161 CMMC_L3_CA.3.161 CMMC L3 CA.3.161 Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CMMC_L3 CA.3.161 CMMC_L3_CA.3.161 CMMC L3 CA.3.161 Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CMMC_L3 CA.3.161 CMMC_L3_CA.3.161 CMMC L3 CA.3.161 Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CMMC_L3 CA.3.161 CMMC_L3_CA.3.161 CMMC L3 CA.3.161 Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CMMC_L3 CA.3.161 CMMC_L3_CA.3.161 CMMC L3 CA.3.161 Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CMMC_L3 CA.3.161 CMMC_L3_CA.3.161 CMMC L3 CA.3.161 Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CMMC_L3 CM.2.061 CMMC_L3_CM.2.061 CMMC L3 CM.2.061 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration CMMC_L3 CM.2.061 CMMC_L3_CM.2.061 CMMC L3 CM.2.061 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration CMMC_L3 CM.2.062 CMMC_L3_CM.2.062 CMMC L3 CM.2.062 Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center CMMC_L3 CM.2.062 CMMC_L3_CM.2.062 CMMC L3 CM.2.062 Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CMMC_L3 CM.2.063 CMMC_L3_CM.2.063 CMMC L3 CM.2.063 Control and monitor user-installed software. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CMMC_L3 CM.2.063 CMMC_L3_CM.2.063 CMMC L3 CM.2.063 Control and monitor user-installed software. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault CMMC_L3 CM.2.064 CMMC_L3_CM.2.064 CMMC L3 CM.2.064 Establish and enforce security configuration settings for information technology products employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network CMMC_L3 CM.2.064 CMMC_L3_CM.2.064 CMMC L3 CM.2.064 Establish and enforce security configuration settings for information technology products employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network CMMC_L3 CM.2.064 CMMC_L3_CM.2.064 CMMC L3 CM.2.064 Establish and enforce security configuration settings for information technology products employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
425bea59-a659-4cbb-8d31-34499bd030b8 Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service Network CMMC_L3 CM.2.064 CMMC_L3_CM.2.064 CMMC L3 CM.2.064 Establish and enforce security configuration settings for information technology products employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CMMC_L3 CM.2.064 CMMC_L3_CM.2.064 CMMC L3 CM.2.064 Establish and enforce security configuration settings for information technology products employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_L3 CM.2.064 CMMC_L3_CM.2.064 CMMC L3 CM.2.064 Establish and enforce security configuration settings for information technology products employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_L3 CM.2.064 CMMC_L3_CM.2.064 CMMC L3 CM.2.064 Establish and enforce security configuration settings for information technology products employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center CMMC_L3 CM.2.064 CMMC_L3_CM.2.064 CMMC L3 CM.2.064 Establish and enforce security configuration settings for information technology products employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration CMMC_L3 CM.2.064 CMMC_L3_CM.2.064 CMMC L3 CM.2.064 Establish and enforce security configuration settings for information technology products employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CMMC_L3 CM.2.064 CMMC_L3_CM.2.064 CMMC L3 CM.2.064 Establish and enforce security configuration settings for information technology products employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CMMC_L3 CM.2.065 CMMC_L3_CM.2.065 CMMC L3 CM.2.065 Track, review, approve or disapprove, and log changes to organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration CMMC_L3 CM.2.065 CMMC_L3_CM.2.065 CMMC L3 CM.2.065 Track, review, approve or disapprove, and log changes to organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring CMMC_L3 CM.2.065 CMMC_L3_CM.2.065 CMMC L3 CM.2.065 Track, review, approve or disapprove, and log changes to organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CMMC_L3 CM.2.065 CMMC_L3_CM.2.065 CMMC L3 CM.2.065 Track, review, approve or disapprove, and log changes to organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CMMC_L3 CM.2.065 CMMC_L3_CM.2.065 CMMC L3 CM.2.065 Track, review, approve or disapprove, and log changes to organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CMMC_L3 CM.2.065 CMMC_L3_CM.2.065 CMMC L3 CM.2.065 Track, review, approve or disapprove, and log changes to organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration CMMC_L3 IA.1.077 CMMC_L3_IA.1.077 CMMC L3 IA.1.077 Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration CMMC_L3 IA.1.077 CMMC_L3_IA.1.077 CMMC L3 IA.1.077 Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CMMC_L3 IA.1.077 CMMC_L3_IA.1.077 CMMC L3 IA.1.077 Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CMMC_L3 IA.1.077 CMMC_L3_IA.1.077 CMMC L3 IA.1.077 Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CMMC_L3 IA.1.077 CMMC_L3_IA.1.077 CMMC L3 IA.1.077 Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration CMMC_L3 IA.1.077 CMMC_L3_IA.1.077 CMMC L3 IA.1.077 Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration CMMC_L3 IA.2.078 CMMC_L3_IA.2.078 CMMC L3 IA.2.078 Enforce a minimum password complexity and change of characters when new passwords are created. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CMMC_L3 IA.2.078 CMMC_L3_IA.2.078 CMMC L3 IA.2.078 Enforce a minimum password complexity and change of characters when new passwords are created. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CMMC_L3 IA.2.078 CMMC_L3_IA.2.078 CMMC L3 IA.2.078 Enforce a minimum password complexity and change of characters when new passwords are created. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CMMC_L3 IA.2.078 CMMC_L3_IA.2.078 CMMC L3 IA.2.078 Enforce a minimum password complexity and change of characters when new passwords are created. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration CMMC_L3 IA.2.078 CMMC_L3_IA.2.078 CMMC L3 IA.2.078 Enforce a minimum password complexity and change of characters when new passwords are created. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CMMC_L3 IA.2.078 CMMC_L3_IA.2.078 CMMC L3 IA.2.078 Enforce a minimum password complexity and change of characters when new passwords are created. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration CMMC_L3 IA.2.078 CMMC_L3_IA.2.078 CMMC L3 IA.2.078 Enforce a minimum password complexity and change of characters when new passwords are created. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration CMMC_L3 IA.2.079 CMMC_L3_IA.2.079 CMMC L3 IA.2.079 Prohibit password reuse for a specified number of generations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration CMMC_L3 IA.2.079 CMMC_L3_IA.2.079 CMMC L3 IA.2.079 Prohibit password reuse for a specified number of generations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CMMC_L3 IA.2.079 CMMC_L3_IA.2.079 CMMC L3 IA.2.079 Prohibit password reuse for a specified number of generations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CMMC_L3 IA.2.079 CMMC_L3_IA.2.079 CMMC L3 IA.2.079 Prohibit password reuse for a specified number of generations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CMMC_L3 IA.2.079 CMMC_L3_IA.2.079 CMMC L3 IA.2.079 Prohibit password reuse for a specified number of generations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration CMMC_L3 IA.2.081 CMMC_L3_IA.2.081 CMMC L3 IA.2.081 Store and transmit only cryptographically-protected passwords. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CMMC_L3 IA.2.081 CMMC_L3_IA.2.081 CMMC L3 IA.2.081 Store and transmit only cryptographically-protected passwords. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CMMC_L3 IA.2.081 CMMC_L3_IA.2.081 CMMC L3 IA.2.081 Store and transmit only cryptographically-protected passwords. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CMMC_L3 IA.2.081 CMMC_L3_IA.2.081 CMMC L3 IA.2.081 Store and transmit only cryptographically-protected passwords. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration CMMC_L3 IA.2.081 CMMC_L3_IA.2.081 CMMC L3 IA.2.081 Store and transmit only cryptographically-protected passwords. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service CMMC_L3 IA.3.084 CMMC_L3_IA.3.084 CMMC L3 IA.3.084 Employ replay-resistant authentication mechanisms for network access to privileged and nonprivileged accounts. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration CMMC_L3 IA.3.084 CMMC_L3_IA.3.084 CMMC L3 IA.3.084 Employ replay-resistant authentication mechanisms for network access to privileged and nonprivileged accounts. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service CMMC_L3 IA.3.084 CMMC_L3_IA.3.084 CMMC L3 IA.3.084 Employ replay-resistant authentication mechanisms for network access to privileged and nonprivileged accounts. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service CMMC_L3 IA.3.084 CMMC_L3_IA.3.084 CMMC L3 IA.3.084 Employ replay-resistant authentication mechanisms for network access to privileged and nonprivileged accounts. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service CMMC_L3 IA.3.084 CMMC_L3_IA.3.084 CMMC L3 IA.3.084 Employ replay-resistant authentication mechanisms for network access to privileged and nonprivileged accounts. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CMMC_L3 IR.2.092 CMMC_L3_IR.2.092 CMMC L3 IR.2.092 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center CMMC_L3 IR.2.092 CMMC_L3_IR.2.092 CMMC L3 IR.2.092 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CMMC_L3 IR.2.092 CMMC_L3_IR.2.092 CMMC L3 IR.2.092 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b5f04e03-92a3-4b09-9410-2cc5e5047656 Deploy Advanced Threat Protection for Cosmos DB Accounts Cosmos DB CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
425bea59-a659-4cbb-8d31-34499bd030b8 Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service Network CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL CMMC_L3 RE.2.137 CMMC_L3_RE.2.137 CMMC L3 RE.2.137 Regularly perform and test data back-ups. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute CMMC_L3 RE.2.137 CMMC_L3_RE.2.137 CMMC L3 RE.2.137 Regularly perform and test data back-ups. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup CMMC_L3 RE.2.137 CMMC_L3_RE.2.137 CMMC L3 RE.2.137 Regularly perform and test data back-ups. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL CMMC_L3 RE.2.137 CMMC_L3_RE.2.137 CMMC L3 RE.2.137 Regularly perform and test data back-ups. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL CMMC_L3 RE.2.137 CMMC_L3_RE.2.137 CMMC L3 RE.2.137 Regularly perform and test data back-ups. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL CMMC_L3 RE.2.137 CMMC_L3_RE.2.137 CMMC L3 RE.2.137 Regularly perform and test data back-ups. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup CMMC_L3 RE.3.139 CMMC_L3_RE.3.139 CMMC L3 RE.3.139 Regularly perform complete, comprehensive and resilient data backups as organizationally-defined. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL CMMC_L3 RE.3.139 CMMC_L3_RE.3.139 CMMC L3 RE.3.139 Regularly perform complete, comprehensive and resilient data backups as organizationally-defined. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute CMMC_L3 RE.3.139 CMMC_L3_RE.3.139 CMMC L3 RE.3.139 Regularly perform complete, comprehensive and resilient data backups as organizationally-defined. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL CMMC_L3 RE.3.139 CMMC_L3_RE.3.139 CMMC L3 RE.3.139 Regularly perform complete, comprehensive and resilient data backups as organizationally-defined. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL CMMC_L3 RE.3.139 CMMC_L3_RE.3.139 CMMC L3 RE.3.139 Regularly perform complete, comprehensive and resilient data backups as organizationally-defined. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL CMMC_L3 RE.3.139 CMMC_L3_RE.3.139 CMMC L3 RE.3.139 Regularly perform complete, comprehensive and resilient data backups as organizationally-defined. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_L3 RM.2.141 CMMC_L3_RM.2.141 CMMC L3 RM.2.141 Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_L3 RM.2.141 CMMC_L3_RM.2.141 CMMC L3 RM.2.141 Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CMMC_L3 RM.2.141 CMMC_L3_RM.2.141 CMMC L3 RM.2.141 Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_L3 RM.2.141 CMMC_L3_RM.2.141 CMMC L3 RM.2.141 Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_L3 RM.2.141 CMMC_L3_RM.2.141 CMMC L3 RM.2.141 Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_L3 RM.2.141 CMMC_L3_RM.2.141 CMMC L3 RM.2.141 Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_L3 RM.2.141 CMMC_L3_RM.2.141 CMMC L3 RM.2.141 Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_L3 RM.2.141 CMMC_L3_RM.2.141 CMMC L3 RM.2.141 Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_L3 RM.2.141 CMMC_L3_RM.2.141 CMMC L3 RM.2.141 Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CMMC_L3 RM.2.141 CMMC_L3_RM.2.141 CMMC L3 RM.2.141 Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CMMC_L3 RM.2.141 CMMC_L3_RM.2.141 CMMC L3 RM.2.141 Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_L3 RM.2.141 CMMC_L3_RM.2.141 CMMC L3 RM.2.141 Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CMMC_L3 RM.2.141 CMMC_L3_RM.2.141 CMMC L3 RM.2.141 Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_L3 RM.2.142 CMMC_L3_RM.2.142 CMMC L3 RM.2.142 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CMMC_L3 RM.2.142 CMMC_L3_RM.2.142 CMMC L3 RM.2.142 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CMMC_L3 RM.2.142 CMMC_L3_RM.2.142 CMMC L3 RM.2.142 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_L3 RM.2.142 CMMC_L3_RM.2.142 CMMC L3 RM.2.142 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_L3 RM.2.142 CMMC_L3_RM.2.142 CMMC L3 RM.2.142 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CMMC_L3 RM.2.142 CMMC_L3_RM.2.142 CMMC L3 RM.2.142 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_L3 RM.2.142 CMMC_L3_RM.2.142 CMMC L3 RM.2.142 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_L3 RM.2.142 CMMC_L3_RM.2.142 CMMC L3 RM.2.142 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CMMC_L3 RM.2.142 CMMC_L3_RM.2.142 CMMC L3 RM.2.142 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_L3 RM.2.142 CMMC_L3_RM.2.142 CMMC L3 RM.2.142 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_L3 RM.2.142 CMMC_L3_RM.2.142 CMMC L3 RM.2.142 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_L3 RM.2.142 CMMC_L3_RM.2.142 CMMC L3 RM.2.142 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_L3 RM.2.142 CMMC_L3_RM.2.142 CMMC L3 RM.2.142 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_L3 RM.3.144 CMMC_L3_RM.3.144 CMMC L3 RM.3.144 Periodically perform risk assessments to identify and prioritize risks according to the defined risk categories, risk sources and risk measurement criteria. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_L3 RM.3.144 CMMC_L3_RM.3.144 CMMC L3 RM.3.144 Periodically perform risk assessments to identify and prioritize risks according to the defined risk categories, risk sources and risk measurement criteria. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_L3 RM.3.144 CMMC_L3_RM.3.144 CMMC L3 RM.3.144 Periodically perform risk assessments to identify and prioritize risks according to the defined risk categories, risk sources and risk measurement criteria. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_L3 RM.3.144 CMMC_L3_RM.3.144 CMMC L3 RM.3.144 Periodically perform risk assessments to identify and prioritize risks according to the defined risk categories, risk sources and risk measurement criteria. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_L3 RM.3.144 CMMC_L3_RM.3.144 CMMC L3 RM.3.144 Periodically perform risk assessments to identify and prioritize risks according to the defined risk categories, risk sources and risk measurement criteria. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_L3 RM.3.144 CMMC_L3_RM.3.144 CMMC L3 RM.3.144 Periodically perform risk assessments to identify and prioritize risks according to the defined risk categories, risk sources and risk measurement criteria. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_L3 RM.3.144 CMMC_L3_RM.3.144 CMMC L3 RM.3.144 Periodically perform risk assessments to identify and prioritize risks according to the defined risk categories, risk sources and risk measurement criteria. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CMMC_L3 RM.3.144 CMMC_L3_RM.3.144 CMMC L3 RM.3.144 Periodically perform risk assessments to identify and prioritize risks according to the defined risk categories, risk sources and risk measurement criteria. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
425bea59-a659-4cbb-8d31-34499bd030b8 Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service Network CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CMMC_L3 SC.1.176 CMMC_L3_SC.1.176 CMMC L3 SC.1.176 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center CMMC_L3 SC.1.176 CMMC_L3_SC.1.176 CMMC L3 SC.1.176 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center CMMC_L3 SC.1.176 CMMC_L3_SC.1.176 CMMC L3 SC.1.176 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_L3 SC.1.176 CMMC_L3_SC.1.176 CMMC L3 SC.1.176 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CMMC_L3 SC.2.179 CMMC_L3_SC.2.179 CMMC L3 SC.2.179 Use encrypted sessions for the management of network devices. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Double encryption should be enabled on Azure Data Explorer Azure Data Explorer CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Azure AI Services resources should encrypt data at rest with a customer-managed key (CMK) Cognitive Services CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c349d81b-9985-44ae-a8da-ff98d108ede8 Azure Data Box jobs should enable double encryption for data at rest on the device Data Box CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a7ff3161-0087-490a-9ad9-ad6217f4f43a Require encryption on Data Lake Store accounts Data Lake CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3a58212a-c829-4f13-9872-6371df2fd0b4 Infrastructure encryption should be enabled for Azure Database for MySQL servers SQL CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
cee51871-e572-4576-855c-047c820360f0 Certificates using RSA cryptography should have the specified minimum key size Key Vault CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys Kubernetes CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f7d52b2d-e161-4dfa-a82b-55e564167385 Azure Synapse workspaces should use customer-managed keys to encrypt data at rest Synapse CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CMMC_L3 SC.3.180 CMMC_L3_SC.3.180 CMMC L3 SC.3.180 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center CMMC_L3 SC.3.181 CMMC_L3_SC.3.181 CMMC L3 SC.3.181 Separate user functionality from system management functionality. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center CMMC_L3 SC.3.181 CMMC_L3_SC.3.181 CMMC L3 SC.3.181 Separate user functionality from system management functionality. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center CMMC_L3 SC.3.181 CMMC_L3_SC.3.181 CMMC L3 SC.3.181 Separate user functionality from system management functionality. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center CMMC_L3 SC.3.181 CMMC_L3_SC.3.181 CMMC L3 SC.3.181 Separate user functionality from system management functionality. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CMMC_L3 SC.3.181 CMMC_L3_SC.3.181 CMMC L3 SC.3.181 Separate user functionality from system management functionality. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL CMMC_L3 SC.3.181 CMMC_L3_SC.3.181 CMMC L3 SC.3.181 Separate user functionality from system management functionality. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
425bea59-a659-4cbb-8d31-34499bd030b8 Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service Network CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service CMMC_L3 SC.3.185 CMMC_L3_SC.3.185 CMMC L3 SC.3.185 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL CMMC_L3 SC.3.185 CMMC_L3_SC.3.185 CMMC L3 SC.3.185 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL CMMC_L3 SC.3.185 CMMC_L3_SC.3.185 CMMC L3 SC.3.185 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service CMMC_L3 SC.3.185 CMMC_L3_SC.3.185 CMMC L3 SC.3.185 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service CMMC_L3 SC.3.185 CMMC_L3_SC.3.185 CMMC L3 SC.3.185 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration CMMC_L3 SC.3.185 CMMC_L3_SC.3.185 CMMC L3 SC.3.185 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service CMMC_L3 SC.3.185 CMMC_L3_SC.3.185 CMMC L3 SC.3.185 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CMMC_L3 SC.3.185 CMMC_L3_SC.3.185 CMMC L3 SC.3.185 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_L3 SC.3.185 CMMC_L3_SC.3.185 CMMC L3 SC.3.185 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache CMMC_L3 SC.3.185 CMMC_L3_SC.3.185 CMMC L3 SC.3.185 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault CMMC_L3 SC.3.187 CMMC_L3_SC.3.187 CMMC L3 SC.3.187 Establish and manage cryptographic keys for cryptography employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault CMMC_L3 SC.3.187 CMMC_L3_SC.3.187 CMMC L3 SC.3.187 Establish and manage cryptographic keys for cryptography employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_L3 SC.3.187 CMMC_L3_SC.3.187 CMMC L3 SC.3.187 Establish and manage cryptographic keys for cryptography employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault CMMC_L3 SC.3.187 CMMC_L3_SC.3.187 CMMC L3 SC.3.187 Establish and manage cryptographic keys for cryptography employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault CMMC_L3 SC.3.187 CMMC_L3_SC.3.187 CMMC L3 SC.3.187 Establish and manage cryptographic keys for cryptography employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault CMMC_L3 SC.3.187 CMMC_L3_SC.3.187 CMMC L3 SC.3.187 Establish and manage cryptographic keys for cryptography employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault CMMC_L3 SC.3.187 CMMC_L3_SC.3.187 CMMC L3 SC.3.187 Establish and manage cryptographic keys for cryptography employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CMMC_L3 SC.3.187 CMMC_L3_SC.3.187 CMMC L3 SC.3.187 Establish and manage cryptographic keys for cryptography employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service CMMC_L3 SC.3.190 CMMC_L3_SC.3.190 CMMC L3 SC.3.190 Protect the authenticity of communications sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service CMMC_L3 SC.3.190 CMMC_L3_SC.3.190 CMMC L3 SC.3.190 Protect the authenticity of communications sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration CMMC_L3 SC.3.190 CMMC_L3_SC.3.190 CMMC L3 SC.3.190 Protect the authenticity of communications sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service CMMC_L3 SC.3.190 CMMC_L3_SC.3.190 CMMC L3 SC.3.190 Protect the authenticity of communications sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service CMMC_L3 SC.3.190 CMMC_L3_SC.3.190 CMMC L3 SC.3.190 Protect the authenticity of communications sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL CMMC_L3 SC.3.190 CMMC_L3_SC.3.190 CMMC L3 SC.3.190 Protect the authenticity of communications sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL CMMC_L3 SC.3.190 CMMC_L3_SC.3.190 CMMC L3 SC.3.190 Protect the authenticity of communications sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
cee51871-e572-4576-855c-047c820360f0 Certificates using RSA cryptography should have the specified minimum key size Key Vault CMMC_L3 SC.3.190 CMMC_L3_SC.3.190 CMMC L3 SC.3.190 Protect the authenticity of communications sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Double encryption should be enabled on Azure Data Explorer Azure Data Explorer CMMC_L3 SC.3.191 CMMC_L3_SC.3.191 CMMC L3 SC.3.191 Protect the confidentiality of CUI at rest. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c349d81b-9985-44ae-a8da-ff98d108ede8 Azure Data Box jobs should enable double encryption for data at rest on the device Data Box CMMC_L3 SC.3.191 CMMC_L3_SC.3.191 CMMC L3 SC.3.191 Protect the confidentiality of CUI at rest. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a7ff3161-0087-490a-9ad9-ad6217f4f43a Require encryption on Data Lake Store accounts Data Lake CMMC_L3 SC.3.191 CMMC_L3_SC.3.191 CMMC L3 SC.3.191 Protect the confidentiality of CUI at rest. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage CMMC_L3 SC.3.191 CMMC_L3_SC.3.191 CMMC L3 SC.3.191 Protect the confidentiality of CUI at rest. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3a58212a-c829-4f13-9872-6371df2fd0b4 Infrastructure encryption should be enabled for Azure Database for MySQL servers SQL CMMC_L3 SC.3.191 CMMC_L3_SC.3.191 CMMC L3 SC.3.191 Protect the confidentiality of CUI at rest. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric CMMC_L3 SC.3.191 CMMC_L3_SC.3.191 CMMC L3 SC.3.191 Protect the confidentiality of CUI at rest. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL CMMC_L3 SC.3.191 CMMC_L3_SC.3.191 CMMC L3 SC.3.191 Protect the confidentiality of CUI at rest. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_L3 SC.3.191 CMMC_L3_SC.3.191 CMMC L3 SC.3.191 Protect the confidentiality of CUI at rest. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_L3 SC.3.191 CMMC_L3_SC.3.191 CMMC L3 SC.3.191 Protect the confidentiality of CUI at rest. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation CMMC_L3 SC.3.191 CMMC_L3_SC.3.191 CMMC L3 SC.3.191 Protect the confidentiality of CUI at rest. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer CMMC_L3 SC.3.191 CMMC_L3_SC.3.191 CMMC L3 SC.3.191 Protect the confidentiality of CUI at rest. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL CMMC_L3 SC.3.191 CMMC_L3_SC.3.191 CMMC L3 SC.3.191 Protect the confidentiality of CUI at rest. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_L3 SC.3.191 CMMC_L3_SC.3.191 CMMC L3 SC.3.191 Protect the confidentiality of CUI at rest. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service CMMC_L3 SI.1.210 CMMC_L3_SI.1.210 CMMC L3 SI.1.210 Identify, report, and correct information and information system flaws in a timely manner. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service CMMC_L3 SI.1.210 CMMC_L3_SI.1.210 CMMC L3 SI.1.210 Identify, report, and correct information and information system flaws in a timely manner. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service CMMC_L3 SI.1.210 CMMC_L3_SI.1.210 CMMC L3 SI.1.210 Identify, report, and correct information and information system flaws in a timely manner. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service CMMC_L3 SI.1.210 CMMC_L3_SI.1.210 CMMC L3 SI.1.210 Identify, report, and correct information and information system flaws in a timely manner. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center CMMC_L3 SI.1.210 CMMC_L3_SI.1.210 CMMC L3 SI.1.210 Identify, report, and correct information and information system flaws in a timely manner. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CMMC_L3 SI.1.210 CMMC_L3_SI.1.210 CMMC L3 SI.1.210 Identify, report, and correct information and information system flaws in a timely manner. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center CMMC_L3 SI.1.210 CMMC_L3_SI.1.210 CMMC L3 SI.1.210 Identify, report, and correct information and information system flaws in a timely manner. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute CMMC_L3 SI.1.211 CMMC_L3_SI.1.211 CMMC L3 SI.1.211 Provide protection from malicious code at appropriate locations within organizational information systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CMMC_L3 SI.1.211 CMMC_L3_SI.1.211 CMMC L3 SI.1.211 Provide protection from malicious code at appropriate locations within organizational information systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CMMC_L3 SI.1.212 CMMC_L3_SI.1.212 CMMC L3 SI.1.212 Update malicious code protection mechanisms when new releases are available. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_L3 SI.1.213 CMMC_L3_SI.1.213 CMMC L3 SI.1.213 Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_L3 SI.1.213 CMMC_L3_SI.1.213 CMMC L3 SI.1.213 Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CMMC_L3 SI.1.213 CMMC_L3_SI.1.213 CMMC L3 SI.1.213 Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_L3 SI.1.213 CMMC_L3_SI.1.213 CMMC L3 SI.1.213 Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_L3 SI.1.213 CMMC_L3_SI.1.213 CMMC L3 SI.1.213 Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_L3 SI.1.213 CMMC_L3_SI.1.213 CMMC L3 SI.1.213 Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_L3 SI.1.213 CMMC_L3_SI.1.213 CMMC L3 SI.1.213 Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute CMMC_L3 SI.1.213 CMMC_L3_SI.1.213 CMMC L3 SI.1.213 Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_L3 SI.1.213 CMMC_L3_SI.1.213 CMMC L3 SI.1.213 Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
425bea59-a659-4cbb-8d31-34499bd030b8 Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service Network CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring CMMC_L3 SI.2.217 CMMC_L3_SI.2.217 CMMC L3 SI.2.217 Identify unauthorized use of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center CMMC_L3 SI.2.217 CMMC_L3_SI.2.217 CMMC L3 SI.2.217 Identify unauthorized use of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_L3 SI.2.217 CMMC_L3_SI.2.217 CMMC L3 SI.2.217 Identify unauthorized use of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_L3 SI.2.217 CMMC_L3_SI.2.217 CMMC L3 SI.2.217 Identify unauthorized use of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CMMC_L3 SI.2.217 CMMC_L3_SI.2.217 CMMC L3 SI.2.217 Identify unauthorized use of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network CMMC_L3 SI.2.217 CMMC_L3_SI.2.217 CMMC L3 SI.2.217 Identify unauthorized use of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CMMC_L3 SI.2.217 CMMC_L3_SI.2.217 CMMC L3 SI.2.217 Identify unauthorized use of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CMMC_L3 SI.2.217 CMMC_L3_SI.2.217 CMMC L3 SI.2.217 Identify unauthorized use of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring CMMC_L3 SI.2.217 CMMC_L3_SI.2.217 CMMC L3 SI.2.217 Identify unauthorized use of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring CMMC_L3 SI.2.217 CMMC_L3_SI.2.217 CMMC L3 SI.2.217 Identify unauthorized use of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CMMC_L3 SI.2.217 CMMC_L3_SI.2.217 CMMC L3 SI.2.217 Identify unauthorized use of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CPS_234_(APRA)_2019 CPS_234_(APRA)_2019_23 CPS_234_(APRA)_2019_23 APRA CPS 234 2019 23 Enable the entity to identify security breaches swiftly and take appropriate action to mitigate the impact, safeguarding its information assets and ensuring the continuity of operations. APRA CPS 234 2019 (f03d9540-4405-4365-8272-318999d1b37a)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CPS_234_(APRA)_2019 CPS_234_(APRA)_2019_24 CPS_234_(APRA)_2019_24 APRA CPS 234 2019 24 Maintain information security response plans designed to address potential security incidents that the entity deems plausible. APRA CPS 234 2019 (f03d9540-4405-4365-8272-318999d1b37a)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CPS_234_(APRA)_2019 CPS_234_(APRA)_2019_25 CPS_234_(APRA)_2019_25 APRA CPS 234 2019 25 Ensure APRA-regulated entities' information security response plans encompass managing all incident stages and facilitating escalation and reporting to relevant governing bodies. APRA CPS 234 2019 (f03d9540-4405-4365-8272-318999d1b37a)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CPS_234_(APRA)_2019 CPS_234_(APRA)_2019_26 CPS_234_(APRA)_2019_26 APRA CPS 234 2019 26 Ensure ongoing effectiveness and suitability for addressing security incidents. APRA CPS 234 2019 (f03d9540-4405-4365-8272-318999d1b37a)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center CPS_234_(APRA)_2019 CPS_234_(APRA)_2019_27 CPS_234_(APRA)_2019_27 APRA CPS 234 2019 27 Ensure that an APRA-regulated entity systematically tests the effectiveness of its information security controls. APRA CPS 234 2019 (f03d9540-4405-4365-8272-318999d1b37a)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CPS_234_(APRA)_2019 CPS_234_(APRA)_2019_27 CPS_234_(APRA)_2019_27 APRA CPS 234 2019 27 Ensure that an APRA-regulated entity systematically tests the effectiveness of its information security controls. APRA CPS 234 2019 (f03d9540-4405-4365-8272-318999d1b37a)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CPS_234_(APRA)_2019 CPS_234_(APRA)_2019_27 CPS_234_(APRA)_2019_27 APRA CPS 234 2019 27 Ensure that an APRA-regulated entity systematically tests the effectiveness of its information security controls. APRA CPS 234 2019 (f03d9540-4405-4365-8272-318999d1b37a)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CPS_234_(APRA)_2019 CPS_234_(APRA)_2019_27 CPS_234_(APRA)_2019_27 APRA CPS 234 2019 27 Ensure that an APRA-regulated entity systematically tests the effectiveness of its information security controls. APRA CPS 234 2019 (f03d9540-4405-4365-8272-318999d1b37a)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CPS_234_(APRA)_2019 CPS_234_(APRA)_2019_27 CPS_234_(APRA)_2019_27 APRA CPS 234 2019 27 Ensure that an APRA-regulated entity systematically tests the effectiveness of its information security controls. APRA CPS 234 2019 (f03d9540-4405-4365-8272-318999d1b37a)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CPS_234_(APRA)_2019 CPS_234_(APRA)_2019_27 CPS_234_(APRA)_2019_27 APRA CPS 234 2019 27 Ensure that an APRA-regulated entity systematically tests the effectiveness of its information security controls. APRA CPS 234 2019 (f03d9540-4405-4365-8272-318999d1b37a)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CPS_234_(APRA)_2019 CPS_234_(APRA)_2019_27 CPS_234_(APRA)_2019_27 APRA CPS 234 2019 27 Ensure that an APRA-regulated entity systematically tests the effectiveness of its information security controls. APRA CPS 234 2019 (f03d9540-4405-4365-8272-318999d1b37a)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CPS_234_(APRA)_2019 CPS_234_(APRA)_2019_27 CPS_234_(APRA)_2019_27 APRA CPS 234 2019 27 Ensure that an APRA-regulated entity systematically tests the effectiveness of its information security controls. APRA CPS 234 2019 (f03d9540-4405-4365-8272-318999d1b37a)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CPS_234_(APRA)_2019 CPS_234_(APRA)_2019_27 CPS_234_(APRA)_2019_27 APRA CPS 234 2019 27 Ensure that an APRA-regulated entity systematically tests the effectiveness of its information security controls. APRA CPS 234 2019 (f03d9540-4405-4365-8272-318999d1b37a)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CPS_234_(APRA)_2019 CPS_234_(APRA)_2019_27 CPS_234_(APRA)_2019_27 APRA CPS 234 2019 27 Ensure that an APRA-regulated entity systematically tests the effectiveness of its information security controls. APRA CPS 234 2019 (f03d9540-4405-4365-8272-318999d1b37a)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center CPS_234_(APRA)_2019 CPS_234_(APRA)_2019_27 CPS_234_(APRA)_2019_27 APRA CPS 234 2019 27 Ensure that an APRA-regulated entity systematically tests the effectiveness of its information security controls. APRA CPS 234 2019 (f03d9540-4405-4365-8272-318999d1b37a)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CPS_234_(APRA)_2019 CPS_234_(APRA)_2019_27 CPS_234_(APRA)_2019_27 APRA CPS 234 2019 27 Ensure that an APRA-regulated entity systematically tests the effectiveness of its information security controls. APRA CPS 234 2019 (f03d9540-4405-4365-8272-318999d1b37a)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center CPS_234_(APRA)_2019 CPS_234_(APRA)_2019_27 CPS_234_(APRA)_2019_27 APRA CPS 234 2019 27 Ensure that an APRA-regulated entity systematically tests the effectiveness of its information security controls. APRA CPS 234 2019 (f03d9540-4405-4365-8272-318999d1b37a)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CPS_234_(APRA)_2019 CPS_234_(APRA)_2019_27 CPS_234_(APRA)_2019_27 APRA CPS 234 2019 27 Ensure that an APRA-regulated entity systematically tests the effectiveness of its information security controls. APRA CPS 234 2019 (f03d9540-4405-4365-8272-318999d1b37a)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CPS_234_(APRA)_2019 CPS_234_(APRA)_2019_27 CPS_234_(APRA)_2019_27 APRA CPS 234 2019 27 Ensure that an APRA-regulated entity systematically tests the effectiveness of its information security controls. APRA CPS 234 2019 (f03d9540-4405-4365-8272-318999d1b37a)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CPS_234_(APRA)_2019 CPS_234_(APRA)_2019_27 CPS_234_(APRA)_2019_27 APRA CPS 234 2019 27 Ensure that an APRA-regulated entity systematically tests the effectiveness of its information security controls. APRA CPS 234 2019 (f03d9540-4405-4365-8272-318999d1b37a)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center CPS_234_(APRA)_2019 CPS_234_(APRA)_2019_27 CPS_234_(APRA)_2019_27 APRA CPS 234 2019 27 Ensure that an APRA-regulated entity systematically tests the effectiveness of its information security controls. APRA CPS 234 2019 (f03d9540-4405-4365-8272-318999d1b37a)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CPS_234_(APRA)_2019 CPS_234_(APRA)_2019_35 CPS_234_(APRA)_2019_35 APRA CPS 234 2019 35 Ensure transparency and enable APRA to take appropriate actions to mitigate potential risks and protect the interests of stakeholders. APRA CPS 234 2019 (f03d9540-4405-4365-8272-318999d1b37a)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CSA_v4.0.12 AIS_01 CSA_v4.0.12_AIS_01 CSA Cloud Controls Matrix v4.0.12 AIS 01 Application and Interface Security Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute CSA_v4.0.12 AIS_02 CSA_v4.0.12_AIS_02 CSA Cloud Controls Matrix v4.0.12 AIS 02 Application Security Baseline Requirements CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CSA_v4.0.12 AIS_02 CSA_v4.0.12_AIS_02 CSA Cloud Controls Matrix v4.0.12 AIS 02 Application Security Baseline Requirements CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration CSA_v4.0.12 AIS_02 CSA_v4.0.12_AIS_02 CSA Cloud Controls Matrix v4.0.12 AIS 02 Application Security Baseline Requirements CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network CSA_v4.0.12 AIS_02 CSA_v4.0.12_AIS_02 CSA Cloud Controls Matrix v4.0.12 AIS 02 Application Security Baseline Requirements CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration CSA_v4.0.12 AIS_02 CSA_v4.0.12_AIS_02 CSA Cloud Controls Matrix v4.0.12 AIS 02 Application Security Baseline Requirements CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1dc2fc00-2245-4143-99f4-874c937f13ef Azure API Management platform version should be stv2 API Management CSA_v4.0.12 AIS_02 CSA_v4.0.12_AIS_02 CSA Cloud Controls Matrix v4.0.12 AIS 02 Application Security Baseline Requirements CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes CSA_v4.0.12 AIS_02 CSA_v4.0.12_AIS_02 CSA Cloud Controls Matrix v4.0.12 AIS 02 Application Security Baseline Requirements CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CSA_v4.0.12 AIS_02 CSA_v4.0.12_AIS_02 CSA Cloud Controls Matrix v4.0.12 AIS 02 Application Security Baseline Requirements CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network CSA_v4.0.12 AIS_02 CSA_v4.0.12_AIS_02 CSA Cloud Controls Matrix v4.0.12 AIS 02 Application Security Baseline Requirements CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration CSA_v4.0.12 AIS_02 CSA_v4.0.12_AIS_02 CSA Cloud Controls Matrix v4.0.12 AIS 02 Application Security Baseline Requirements CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center CSA_v4.0.12 AIS_04 CSA_v4.0.12_AIS_04 CSA Cloud Controls Matrix v4.0.12 AIS 04 Secure Application Design and Development CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse CSA_v4.0.12 AIS_07 CSA_v4.0.12_AIS_07 CSA Cloud Controls Matrix v4.0.12 AIS 07 Application Vulnerability Remediation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CSA_v4.0.12 AIS_07 CSA_v4.0.12_AIS_07 CSA Cloud Controls Matrix v4.0.12 AIS 07 Application Vulnerability Remediation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center CSA_v4.0.12 AIS_07 CSA_v4.0.12_AIS_07 CSA Cloud Controls Matrix v4.0.12 AIS 07 Application Vulnerability Remediation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CSA_v4.0.12 AIS_07 CSA_v4.0.12_AIS_07 CSA Cloud Controls Matrix v4.0.12 AIS 07 Application Vulnerability Remediation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CSA_v4.0.12 AIS_07 CSA_v4.0.12_AIS_07 CSA Cloud Controls Matrix v4.0.12 AIS 07 Application Vulnerability Remediation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CSA_v4.0.12 AIS_07 CSA_v4.0.12_AIS_07 CSA Cloud Controls Matrix v4.0.12 AIS 07 Application Vulnerability Remediation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center CSA_v4.0.12 AIS_07 CSA_v4.0.12_AIS_07 CSA Cloud Controls Matrix v4.0.12 AIS 07 Application Vulnerability Remediation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CSA_v4.0.12 AIS_07 CSA_v4.0.12_AIS_07 CSA Cloud Controls Matrix v4.0.12 AIS 07 Application Vulnerability Remediation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center CSA_v4.0.12 AIS_07 CSA_v4.0.12_AIS_07 CSA Cloud Controls Matrix v4.0.12 AIS 07 Application Vulnerability Remediation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CSA_v4.0.12 AIS_07 CSA_v4.0.12_AIS_07 CSA Cloud Controls Matrix v4.0.12 AIS 07 Application Vulnerability Remediation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CSA_v4.0.12 AIS_07 CSA_v4.0.12_AIS_07 CSA Cloud Controls Matrix v4.0.12 AIS 07 Application Vulnerability Remediation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute CSA_v4.0.12 AIS_07 CSA_v4.0.12_AIS_07 CSA Cloud Controls Matrix v4.0.12 AIS 07 Application Vulnerability Remediation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center CSA_v4.0.12 AIS_07 CSA_v4.0.12_AIS_07 CSA Cloud Controls Matrix v4.0.12 AIS 07 Application Vulnerability Remediation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager CSA_v4.0.12 AIS_07 CSA_v4.0.12_AIS_07 CSA Cloud Controls Matrix v4.0.12 AIS 07 Application Vulnerability Remediation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center CSA_v4.0.12 AIS_07 CSA_v4.0.12_AIS_07 CSA Cloud Controls Matrix v4.0.12 AIS 07 Application Vulnerability Remediation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CSA_v4.0.12 AIS_07 CSA_v4.0.12_AIS_07 CSA Cloud Controls Matrix v4.0.12 AIS 07 Application Vulnerability Remediation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning CSA_v4.0.12 AIS_07 CSA_v4.0.12_AIS_07 CSA Cloud Controls Matrix v4.0.12 AIS 07 Application Vulnerability Remediation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CSA_v4.0.12 AIS_07 CSA_v4.0.12_AIS_07 CSA Cloud Controls Matrix v4.0.12 AIS 07 Application Vulnerability Remediation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center CSA_v4.0.12 AIS_07 CSA_v4.0.12_AIS_07 CSA Cloud Controls Matrix v4.0.12 AIS 07 Application Vulnerability Remediation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CSA_v4.0.12 AIS_07 CSA_v4.0.12_AIS_07 CSA Cloud Controls Matrix v4.0.12 AIS 07 Application Vulnerability Remediation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CSA_v4.0.12 AIS_07 CSA_v4.0.12_AIS_07 CSA Cloud Controls Matrix v4.0.12 AIS 07 Application Vulnerability Remediation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center CSA_v4.0.12 AIS_07 CSA_v4.0.12_AIS_07 CSA Cloud Controls Matrix v4.0.12 AIS 07 Application Vulnerability Remediation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL CSA_v4.0.12 BCR_08 CSA_v4.0.12_BCR_08 CSA Cloud Controls Matrix v4.0.12 BCR 08 Backup CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault CSA_v4.0.12 BCR_08 CSA_v4.0.12_BCR_08 CSA Cloud Controls Matrix v4.0.12 BCR 08 Backup CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL CSA_v4.0.12 BCR_08 CSA_v4.0.12_BCR_08 CSA Cloud Controls Matrix v4.0.12 BCR 08 Backup CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup CSA_v4.0.12 BCR_08 CSA_v4.0.12_BCR_08 CSA Cloud Controls Matrix v4.0.12 BCR 08 Backup CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance CSA_v4.0.12 BCR_08 CSA_v4.0.12_BCR_08 CSA Cloud Controls Matrix v4.0.12 BCR 08 Backup CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault CSA_v4.0.12 BCR_08 CSA_v4.0.12_BCR_08 CSA Cloud Controls Matrix v4.0.12 BCR 08 Backup CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance CSA_v4.0.12 BCR_08 CSA_v4.0.12_BCR_08 CSA Cloud Controls Matrix v4.0.12 BCR 08 Backup CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance CSA_v4.0.12 BCR_11 CSA_v4.0.12_BCR_11 CSA Cloud Controls Matrix v4.0.12 BCR 11 Equipment Redundancy CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance CSA_v4.0.12 BCR_11 CSA_v4.0.12_BCR_11 CSA Cloud Controls Matrix v4.0.12 BCR 11 Equipment Redundancy CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CSA_v4.0.12 BCR_11 CSA_v4.0.12_BCR_11 CSA Cloud Controls Matrix v4.0.12 BCR 11 Equipment Redundancy CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute CSA_v4.0.12 CCC_02 CSA_v4.0.12_CCC_02 CSA Cloud Controls Matrix v4.0.12 CCC 02 Quality Testing CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network CSA_v4.0.12 CCC_02 CSA_v4.0.12_CCC_02 CSA Cloud Controls Matrix v4.0.12 CCC 02 Quality Testing CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration CSA_v4.0.12 CCC_02 CSA_v4.0.12_CCC_02 CSA Cloud Controls Matrix v4.0.12 CCC 02 Quality Testing CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes CSA_v4.0.12 CCC_02 CSA_v4.0.12_CCC_02 CSA Cloud Controls Matrix v4.0.12 CCC 02 Quality Testing CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration CSA_v4.0.12 CCC_02 CSA_v4.0.12_CCC_02 CSA Cloud Controls Matrix v4.0.12 CCC 02 Quality Testing CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network CSA_v4.0.12 CCC_02 CSA_v4.0.12_CCC_02 CSA Cloud Controls Matrix v4.0.12 CCC 02 Quality Testing CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration CSA_v4.0.12 CCC_02 CSA_v4.0.12_CCC_02 CSA Cloud Controls Matrix v4.0.12 CCC 02 Quality Testing CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CSA_v4.0.12 CCC_02 CSA_v4.0.12_CCC_02 CSA Cloud Controls Matrix v4.0.12 CCC 02 Quality Testing CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CSA_v4.0.12 CCC_02 CSA_v4.0.12_CCC_02 CSA Cloud Controls Matrix v4.0.12 CCC 02 Quality Testing CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1dc2fc00-2245-4143-99f4-874c937f13ef Azure API Management platform version should be stv2 API Management CSA_v4.0.12 CCC_02 CSA_v4.0.12_CCC_02 CSA Cloud Controls Matrix v4.0.12 CCC 02 Quality Testing CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CSA_v4.0.12 CCC_02 CSA_v4.0.12_CCC_02 CSA Cloud Controls Matrix v4.0.12 CCC 02 Quality Testing CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CSA_v4.0.12 CCC_03 CSA_v4.0.12_CCC_03 CSA Cloud Controls Matrix v4.0.12 CCC 03 Change Management Technology CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes CSA_v4.0.12 CCC_03 CSA_v4.0.12_CCC_03 CSA Cloud Controls Matrix v4.0.12 CCC 03 Change Management Technology CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes CSA_v4.0.12 CCC_03 CSA_v4.0.12_CCC_03 CSA Cloud Controls Matrix v4.0.12 CCC 03 Change Management Technology CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration CSA_v4.0.12 CCC_03 CSA_v4.0.12_CCC_03 CSA Cloud Controls Matrix v4.0.12 CCC 03 Change Management Technology CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration CSA_v4.0.12 CCC_03 CSA_v4.0.12_CCC_03 CSA Cloud Controls Matrix v4.0.12 CCC 03 Change Management Technology CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CSA_v4.0.12 CCC_03 CSA_v4.0.12_CCC_03 CSA Cloud Controls Matrix v4.0.12 CCC 03 Change Management Technology CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CSA_v4.0.12 CCC_03 CSA_v4.0.12_CCC_03 CSA Cloud Controls Matrix v4.0.12 CCC 03 Change Management Technology CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration CSA_v4.0.12 CCC_03 CSA_v4.0.12_CCC_03 CSA Cloud Controls Matrix v4.0.12 CCC 03 Change Management Technology CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network CSA_v4.0.12 CCC_03 CSA_v4.0.12_CCC_03 CSA Cloud Controls Matrix v4.0.12 CCC 03 Change Management Technology CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration CSA_v4.0.12 CCC_03 CSA_v4.0.12_CCC_03 CSA Cloud Controls Matrix v4.0.12 CCC 03 Change Management Technology CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CSA_v4.0.12 CCC_03 CSA_v4.0.12_CCC_03 CSA Cloud Controls Matrix v4.0.12 CCC 03 Change Management Technology CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration CSA_v4.0.12 CCC_03 CSA_v4.0.12_CCC_03 CSA Cloud Controls Matrix v4.0.12 CCC 03 Change Management Technology CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute CSA_v4.0.12 CCC_03 CSA_v4.0.12_CCC_03 CSA Cloud Controls Matrix v4.0.12 CCC 03 Change Management Technology CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes CSA_v4.0.12 CCC_03 CSA_v4.0.12_CCC_03 CSA Cloud Controls Matrix v4.0.12 CCC 03 Change Management Technology CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes CSA_v4.0.12 CCC_03 CSA_v4.0.12_CCC_03 CSA Cloud Controls Matrix v4.0.12 CCC 03 Change Management Technology CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CSA_v4.0.12 CCC_03 CSA_v4.0.12_CCC_03 CSA Cloud Controls Matrix v4.0.12 CCC 03 Change Management Technology CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CSA_v4.0.12 CCC_03 CSA_v4.0.12_CCC_03 CSA Cloud Controls Matrix v4.0.12 CCC 03 Change Management Technology CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration CSA_v4.0.12 CCC_03 CSA_v4.0.12_CCC_03 CSA Cloud Controls Matrix v4.0.12 CCC 03 Change Management Technology CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CSA_v4.0.12 CCC_03 CSA_v4.0.12_CCC_03 CSA Cloud Controls Matrix v4.0.12 CCC 03 Change Management Technology CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1dc2fc00-2245-4143-99f4-874c937f13ef Azure API Management platform version should be stv2 API Management CSA_v4.0.12 CCC_03 CSA_v4.0.12_CCC_03 CSA Cloud Controls Matrix v4.0.12 CCC 03 Change Management Technology CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CSA_v4.0.12 CCC_03 CSA_v4.0.12_CCC_03 CSA Cloud Controls Matrix v4.0.12 CCC 03 Change Management Technology CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CSA_v4.0.12 CCC_03 CSA_v4.0.12_CCC_03 CSA Cloud Controls Matrix v4.0.12 CCC 03 Change Management Technology CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CSA_v4.0.12 CCC_03 CSA_v4.0.12_CCC_03 CSA Cloud Controls Matrix v4.0.12 CCC 03 Change Management Technology CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CSA_v4.0.12 CCC_03 CSA_v4.0.12_CCC_03 CSA Cloud Controls Matrix v4.0.12 CCC 03 Change Management Technology CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault CSA_v4.0.12 CCC_03 CSA_v4.0.12_CCC_03 CSA Cloud Controls Matrix v4.0.12 CCC 03 Change Management Technology CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes CSA_v4.0.12 CCC_03 CSA_v4.0.12_CCC_03 CSA Cloud Controls Matrix v4.0.12 CCC 03 Change Management Technology CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CSA_v4.0.12 CCC_03 CSA_v4.0.12_CCC_03 CSA Cloud Controls Matrix v4.0.12 CCC 03 Change Management Technology CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes CSA_v4.0.12 CCC_03 CSA_v4.0.12_CCC_03 CSA Cloud Controls Matrix v4.0.12 CCC 03 Change Management Technology CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service CSA_v4.0.12 CCC_03 CSA_v4.0.12_CCC_03 CSA Cloud Controls Matrix v4.0.12 CCC 03 Change Management Technology CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network CSA_v4.0.12 CCC_03 CSA_v4.0.12_CCC_03 CSA Cloud Controls Matrix v4.0.12 CCC 03 Change Management Technology CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CSA_v4.0.12 CCC_04 CSA_v4.0.12_CCC_04 CSA Cloud Controls Matrix v4.0.12 CCC 04 Unauthorized Change Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CSA_v4.0.12 CCC_04 CSA_v4.0.12_CCC_04 CSA Cloud Controls Matrix v4.0.12 CCC 04 Unauthorized Change Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CSA_v4.0.12 CCC_04 CSA_v4.0.12_CCC_04 CSA Cloud Controls Matrix v4.0.12 CCC 04 Unauthorized Change Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes CSA_v4.0.12 CCC_04 CSA_v4.0.12_CCC_04 CSA Cloud Controls Matrix v4.0.12 CCC 04 Unauthorized Change Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CSA_v4.0.12 CCC_04 CSA_v4.0.12_CCC_04 CSA Cloud Controls Matrix v4.0.12 CCC 04 Unauthorized Change Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute CSA_v4.0.12 CCC_04 CSA_v4.0.12_CCC_04 CSA Cloud Controls Matrix v4.0.12 CCC 04 Unauthorized Change Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center CSA_v4.0.12 CCC_04 CSA_v4.0.12_CCC_04 CSA Cloud Controls Matrix v4.0.12 CCC 04 Unauthorized Change Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CSA_v4.0.12 CCC_04 CSA_v4.0.12_CCC_04 CSA Cloud Controls Matrix v4.0.12 CCC 04 Unauthorized Change Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes CSA_v4.0.12 CCC_04 CSA_v4.0.12_CCC_04 CSA Cloud Controls Matrix v4.0.12 CCC 04 Unauthorized Change Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes CSA_v4.0.12 CCC_04 CSA_v4.0.12_CCC_04 CSA Cloud Controls Matrix v4.0.12 CCC 04 Unauthorized Change Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes CSA_v4.0.12 CCC_04 CSA_v4.0.12_CCC_04 CSA Cloud Controls Matrix v4.0.12 CCC 04 Unauthorized Change Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration CSA_v4.0.12 CCC_04 CSA_v4.0.12_CCC_04 CSA Cloud Controls Matrix v4.0.12 CCC 04 Unauthorized Change Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration CSA_v4.0.12 CCC_04 CSA_v4.0.12_CCC_04 CSA Cloud Controls Matrix v4.0.12 CCC 04 Unauthorized Change Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes CSA_v4.0.12 CCC_04 CSA_v4.0.12_CCC_04 CSA Cloud Controls Matrix v4.0.12 CCC 04 Unauthorized Change Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service CSA_v4.0.12 CCC_04 CSA_v4.0.12_CCC_04 CSA Cloud Controls Matrix v4.0.12 CCC 04 Unauthorized Change Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes CSA_v4.0.12 CCC_04 CSA_v4.0.12_CCC_04 CSA Cloud Controls Matrix v4.0.12 CCC 04 Unauthorized Change Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration CSA_v4.0.12 CCC_04 CSA_v4.0.12_CCC_04 CSA Cloud Controls Matrix v4.0.12 CCC 04 Unauthorized Change Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes CSA_v4.0.12 CCC_04 CSA_v4.0.12_CCC_04 CSA Cloud Controls Matrix v4.0.12 CCC 04 Unauthorized Change Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CSA_v4.0.12 CCC_04 CSA_v4.0.12_CCC_04 CSA Cloud Controls Matrix v4.0.12 CCC 04 Unauthorized Change Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network CSA_v4.0.12 CCC_04 CSA_v4.0.12_CCC_04 CSA Cloud Controls Matrix v4.0.12 CCC 04 Unauthorized Change Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration CSA_v4.0.12 CCC_04 CSA_v4.0.12_CCC_04 CSA Cloud Controls Matrix v4.0.12 CCC 04 Unauthorized Change Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration CSA_v4.0.12 CCC_04 CSA_v4.0.12_CCC_04 CSA Cloud Controls Matrix v4.0.12 CCC 04 Unauthorized Change Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CSA_v4.0.12 CCC_04 CSA_v4.0.12_CCC_04 CSA Cloud Controls Matrix v4.0.12 CCC 04 Unauthorized Change Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration CSA_v4.0.12 CCC_04 CSA_v4.0.12_CCC_04 CSA Cloud Controls Matrix v4.0.12 CCC 04 Unauthorized Change Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CSA_v4.0.12 CCC_04 CSA_v4.0.12_CCC_04 CSA Cloud Controls Matrix v4.0.12 CCC 04 Unauthorized Change Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CSA_v4.0.12 CCC_05 CSA_v4.0.12_CCC_05 CSA Cloud Controls Matrix v4.0.12 CCC 05 Change Agreements CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network CSA_v4.0.12 CCC_06 CSA_v4.0.12_CCC_06 CSA Cloud Controls Matrix v4.0.12 CCC 06 Change Management Baseline CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute CSA_v4.0.12 CCC_06 CSA_v4.0.12_CCC_06 CSA Cloud Controls Matrix v4.0.12 CCC 06 Change Management Baseline CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring CSA_v4.0.12 CCC_06 CSA_v4.0.12_CCC_06 CSA Cloud Controls Matrix v4.0.12 CCC 06 Change Management Baseline CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring CSA_v4.0.12 CCC_06 CSA_v4.0.12_CCC_06 CSA Cloud Controls Matrix v4.0.12 CCC 06 Change Management Baseline CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center CSA_v4.0.12 CCC_06 CSA_v4.0.12_CCC_06 CSA Cloud Controls Matrix v4.0.12 CCC 06 Change Management Baseline CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CSA_v4.0.12 CCC_06 CSA_v4.0.12_CCC_06 CSA Cloud Controls Matrix v4.0.12 CCC 06 Change Management Baseline CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CSA_v4.0.12 CCC_06 CSA_v4.0.12_CCC_06 CSA Cloud Controls Matrix v4.0.12 CCC 06 Change Management Baseline CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center CSA_v4.0.12 CCC_07 CSA_v4.0.12_CCC_07 CSA Cloud Controls Matrix v4.0.12 CCC 07 Detection of Baseline Deviation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CSA_v4.0.12 CCC_07 CSA_v4.0.12_CCC_07 CSA Cloud Controls Matrix v4.0.12 CCC 07 Detection of Baseline Deviation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CSA_v4.0.12 CCC_07 CSA_v4.0.12_CCC_07 CSA Cloud Controls Matrix v4.0.12 CCC 07 Detection of Baseline Deviation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center CSA_v4.0.12 CCC_07 CSA_v4.0.12_CCC_07 CSA Cloud Controls Matrix v4.0.12 CCC 07 Detection of Baseline Deviation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center CSA_v4.0.12 CCC_07 CSA_v4.0.12_CCC_07 CSA Cloud Controls Matrix v4.0.12 CCC 07 Detection of Baseline Deviation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CSA_v4.0.12 CCC_07 CSA_v4.0.12_CCC_07 CSA Cloud Controls Matrix v4.0.12 CCC 07 Detection of Baseline Deviation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse CSA_v4.0.12 CCC_07 CSA_v4.0.12_CCC_07 CSA Cloud Controls Matrix v4.0.12 CCC 07 Detection of Baseline Deviation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning CSA_v4.0.12 CCC_07 CSA_v4.0.12_CCC_07 CSA Cloud Controls Matrix v4.0.12 CCC 07 Detection of Baseline Deviation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center CSA_v4.0.12 CCC_07 CSA_v4.0.12_CCC_07 CSA Cloud Controls Matrix v4.0.12 CCC 07 Detection of Baseline Deviation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CSA_v4.0.12 CCC_07 CSA_v4.0.12_CCC_07 CSA Cloud Controls Matrix v4.0.12 CCC 07 Detection of Baseline Deviation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CSA_v4.0.12 CCC_07 CSA_v4.0.12_CCC_07 CSA Cloud Controls Matrix v4.0.12 CCC 07 Detection of Baseline Deviation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CSA_v4.0.12 CCC_07 CSA_v4.0.12_CCC_07 CSA Cloud Controls Matrix v4.0.12 CCC 07 Detection of Baseline Deviation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute CSA_v4.0.12 CCC_07 CSA_v4.0.12_CCC_07 CSA Cloud Controls Matrix v4.0.12 CCC 07 Detection of Baseline Deviation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CSA_v4.0.12 CCC_07 CSA_v4.0.12_CCC_07 CSA Cloud Controls Matrix v4.0.12 CCC 07 Detection of Baseline Deviation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CSA_v4.0.12 CCC_07 CSA_v4.0.12_CCC_07 CSA Cloud Controls Matrix v4.0.12 CCC 07 Detection of Baseline Deviation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CSA_v4.0.12 CCC_07 CSA_v4.0.12_CCC_07 CSA Cloud Controls Matrix v4.0.12 CCC 07 Detection of Baseline Deviation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center CSA_v4.0.12 CCC_07 CSA_v4.0.12_CCC_07 CSA Cloud Controls Matrix v4.0.12 CCC 07 Detection of Baseline Deviation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center CSA_v4.0.12 CCC_07 CSA_v4.0.12_CCC_07 CSA Cloud Controls Matrix v4.0.12 CCC 07 Detection of Baseline Deviation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager CSA_v4.0.12 CCC_07 CSA_v4.0.12_CCC_07 CSA Cloud Controls Matrix v4.0.12 CCC 07 Detection of Baseline Deviation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center CSA_v4.0.12 CCC_07 CSA_v4.0.12_CCC_07 CSA Cloud Controls Matrix v4.0.12 CCC 07 Detection of Baseline Deviation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CSA_v4.0.12 CCC_07 CSA_v4.0.12_CCC_07 CSA Cloud Controls Matrix v4.0.12 CCC 07 Detection of Baseline Deviation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CSA_v4.0.12 CCC_07 CSA_v4.0.12_CCC_07 CSA Cloud Controls Matrix v4.0.12 CCC 07 Detection of Baseline Deviation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CSA_v4.0.12 CCC_08 CSA_v4.0.12_CCC_08 CSA Cloud Controls Matrix v4.0.12 CCC 08 Exception Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network CSA_v4.0.12 CCC_09 CSA_v4.0.12_CCC_09 CSA Cloud Controls Matrix v4.0.12 CCC 09 Change Restoration CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CSA_v4.0.12 CCC_09 CSA_v4.0.12_CCC_09 CSA Cloud Controls Matrix v4.0.12 CCC 09 Change Restoration CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network CSA_v4.0.12 CCC_09 CSA_v4.0.12_CCC_09 CSA Cloud Controls Matrix v4.0.12 CCC 09 Change Restoration CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration CSA_v4.0.12 CCC_09 CSA_v4.0.12_CCC_09 CSA Cloud Controls Matrix v4.0.12 CCC 09 Change Restoration CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CSA_v4.0.12 CCC_09 CSA_v4.0.12_CCC_09 CSA Cloud Controls Matrix v4.0.12 CCC 09 Change Restoration CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute CSA_v4.0.12 CCC_09 CSA_v4.0.12_CCC_09 CSA Cloud Controls Matrix v4.0.12 CCC 09 Change Restoration CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes CSA_v4.0.12 CCC_09 CSA_v4.0.12_CCC_09 CSA Cloud Controls Matrix v4.0.12 CCC 09 Change Restoration CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CSA_v4.0.12 CCC_09 CSA_v4.0.12_CCC_09 CSA Cloud Controls Matrix v4.0.12 CCC 09 Change Restoration CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration CSA_v4.0.12 CCC_09 CSA_v4.0.12_CCC_09 CSA Cloud Controls Matrix v4.0.12 CCC 09 Change Restoration CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration CSA_v4.0.12 CCC_09 CSA_v4.0.12_CCC_09 CSA Cloud Controls Matrix v4.0.12 CCC 09 Change Restoration CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things CSA_v4.0.12 CEK_01 CSA_v4.0.12_CEK_01 CSA Cloud Controls Matrix v4.0.12 CEK 01 Encryption and Key Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration CSA_v4.0.12 CEK_01 CSA_v4.0.12_CEK_01 CSA Cloud Controls Matrix v4.0.12 CEK 01 Encryption and Key Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute CSA_v4.0.12 CEK_01 CSA_v4.0.12_CEK_01 CSA Cloud Controls Matrix v4.0.12 CEK 01 Encryption and Key Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics CSA_v4.0.12 CEK_01 CSA_v4.0.12_CEK_01 CSA Cloud Controls Matrix v4.0.12 CEK 01 Encryption and Key Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CSA_v4.0.12 CEK_01 CSA_v4.0.12_CEK_01 CSA Cloud Controls Matrix v4.0.12 CEK 01 Encryption and Key Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_01 CSA_v4.0.12_CEK_01 CSA Cloud Controls Matrix v4.0.12 CEK 01 Encryption and Key Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute CSA_v4.0.12 CEK_01 CSA_v4.0.12_CEK_01 CSA Cloud Controls Matrix v4.0.12 CEK 01 Encryption and Key Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation CSA_v4.0.12 CEK_01 CSA_v4.0.12_CEK_01 CSA Cloud Controls Matrix v4.0.12 CEK 01 Encryption and Key Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_01 CSA_v4.0.12_CEK_01 CSA Cloud Controls Matrix v4.0.12 CEK 01 Encryption and Key Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault CSA_v4.0.12 CEK_01 CSA_v4.0.12_CEK_01 CSA Cloud Controls Matrix v4.0.12 CEK 01 Encryption and Key Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance CSA_v4.0.12 CEK_01 CSA_v4.0.12_CEK_01 CSA Cloud Controls Matrix v4.0.12 CEK 01 Encryption and Key Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CSA_v4.0.12 CEK_01 CSA_v4.0.12_CEK_01 CSA Cloud Controls Matrix v4.0.12 CEK 01 Encryption and Key Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CSA_v4.0.12 CEK_01 CSA_v4.0.12_CEK_01 CSA Cloud Controls Matrix v4.0.12 CEK 01 Encryption and Key Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage CSA_v4.0.12 CEK_01 CSA_v4.0.12_CEK_01 CSA Cloud Controls Matrix v4.0.12 CEK 01 Encryption and Key Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute CSA_v4.0.12 CEK_02 CSA_v4.0.12_CEK_02 CSA Cloud Controls Matrix v4.0.12 CEK 02 CEK Roles and Responsibilities CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute CSA_v4.0.12 CEK_02 CSA_v4.0.12_CEK_02 CSA Cloud Controls Matrix v4.0.12 CEK 02 CEK Roles and Responsibilities CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation CSA_v4.0.12 CEK_02 CSA_v4.0.12_CEK_02 CSA Cloud Controls Matrix v4.0.12 CEK 02 CEK Roles and Responsibilities CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault CSA_v4.0.12 CEK_02 CSA_v4.0.12_CEK_02 CSA Cloud Controls Matrix v4.0.12 CEK 02 CEK Roles and Responsibilities CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance CSA_v4.0.12 CEK_02 CSA_v4.0.12_CEK_02 CSA Cloud Controls Matrix v4.0.12 CEK 02 CEK Roles and Responsibilities CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics CSA_v4.0.12 CEK_02 CSA_v4.0.12_CEK_02 CSA Cloud Controls Matrix v4.0.12 CEK 02 CEK Roles and Responsibilities CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things CSA_v4.0.12 CEK_02 CSA_v4.0.12_CEK_02 CSA Cloud Controls Matrix v4.0.12 CEK 02 CEK Roles and Responsibilities CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL CSA_v4.0.12 CEK_02 CSA_v4.0.12_CEK_02 CSA Cloud Controls Matrix v4.0.12 CEK 02 CEK Roles and Responsibilities CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer CSA_v4.0.12 CEK_02 CSA_v4.0.12_CEK_02 CSA Cloud Controls Matrix v4.0.12 CEK 02 CEK Roles and Responsibilities CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault CSA_v4.0.12 CEK_02 CSA_v4.0.12_CEK_02 CSA Cloud Controls Matrix v4.0.12 CEK 02 CEK Roles and Responsibilities CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_02 CSA_v4.0.12_CEK_02 CSA Cloud Controls Matrix v4.0.12 CEK 02 CEK Roles and Responsibilities CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL CSA_v4.0.12 CEK_02 CSA_v4.0.12_CEK_02 CSA Cloud Controls Matrix v4.0.12 CEK 02 CEK Roles and Responsibilities CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault CSA_v4.0.12 CEK_02 CSA_v4.0.12_CEK_02 CSA Cloud Controls Matrix v4.0.12 CEK 02 CEK Roles and Responsibilities CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer CSA_v4.0.12 CEK_02 CSA_v4.0.12_CEK_02 CSA Cloud Controls Matrix v4.0.12 CEK 02 CEK Roles and Responsibilities CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_02 CSA_v4.0.12_CEK_02 CSA Cloud Controls Matrix v4.0.12 CEK 02 CEK Roles and Responsibilities CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CSA_v4.0.12 CEK_02 CSA_v4.0.12_CEK_02 CSA Cloud Controls Matrix v4.0.12 CEK 02 CEK Roles and Responsibilities CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CSA_v4.0.12 CEK_02 CSA_v4.0.12_CEK_02 CSA Cloud Controls Matrix v4.0.12 CEK 02 CEK Roles and Responsibilities CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_02 CSA_v4.0.12_CEK_02 CSA Cloud Controls Matrix v4.0.12 CEK 02 CEK Roles and Responsibilities CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration CSA_v4.0.12 CEK_02 CSA_v4.0.12_CEK_02 CSA Cloud Controls Matrix v4.0.12 CEK 02 CEK Roles and Responsibilities CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault CSA_v4.0.12 CEK_02 CSA_v4.0.12_CEK_02 CSA Cloud Controls Matrix v4.0.12 CEK 02 CEK Roles and Responsibilities CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center CSA_v4.0.12 CEK_02 CSA_v4.0.12_CEK_02 CSA Cloud Controls Matrix v4.0.12 CEK 02 CEK Roles and Responsibilities CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CSA_v4.0.12 CEK_02 CSA_v4.0.12_CEK_02 CSA Cloud Controls Matrix v4.0.12 CEK 02 CEK Roles and Responsibilities CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration CSA_v4.0.12 CEK_02 CSA_v4.0.12_CEK_02 CSA Cloud Controls Matrix v4.0.12 CEK 02 CEK Roles and Responsibilities CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration CSA_v4.0.12 CEK_02 CSA_v4.0.12_CEK_02 CSA Cloud Controls Matrix v4.0.12 CEK 02 CEK Roles and Responsibilities CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage CSA_v4.0.12 CEK_02 CSA_v4.0.12_CEK_02 CSA Cloud Controls Matrix v4.0.12 CEK 02 CEK Roles and Responsibilities CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ca88aadc-6e2b-416c-9de2-5a0f01d1693f Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Data Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CSA_v4.0.12 CEK_04 CSA_v4.0.12_CEK_04 CSA Cloud Controls Matrix v4.0.12 CEK 04 Encryption Algorithm CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CSA_v4.0.12 CEK_04 CSA_v4.0.12_CEK_04 CSA Cloud Controls Matrix v4.0.12 CEK 04 Encryption Algorithm CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance CSA_v4.0.12 CEK_04 CSA_v4.0.12_CEK_04 CSA Cloud Controls Matrix v4.0.12 CEK 04 Encryption Algorithm CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation CSA_v4.0.12 CEK_04 CSA_v4.0.12_CEK_04 CSA Cloud Controls Matrix v4.0.12 CEK 04 Encryption Algorithm CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics CSA_v4.0.12 CEK_04 CSA_v4.0.12_CEK_04 CSA Cloud Controls Matrix v4.0.12 CEK 04 Encryption Algorithm CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute CSA_v4.0.12 CEK_04 CSA_v4.0.12_CEK_04 CSA Cloud Controls Matrix v4.0.12 CEK 04 Encryption Algorithm CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration CSA_v4.0.12 CEK_04 CSA_v4.0.12_CEK_04 CSA Cloud Controls Matrix v4.0.12 CEK 04 Encryption Algorithm CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_04 CSA_v4.0.12_CEK_04 CSA Cloud Controls Matrix v4.0.12 CEK 04 Encryption Algorithm CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_04 CSA_v4.0.12_CEK_04 CSA Cloud Controls Matrix v4.0.12 CEK 04 Encryption Algorithm CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault CSA_v4.0.12 CEK_04 CSA_v4.0.12_CEK_04 CSA Cloud Controls Matrix v4.0.12 CEK 04 Encryption Algorithm CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute CSA_v4.0.12 CEK_04 CSA_v4.0.12_CEK_04 CSA Cloud Controls Matrix v4.0.12 CEK 04 Encryption Algorithm CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage CSA_v4.0.12 CEK_04 CSA_v4.0.12_CEK_04 CSA Cloud Controls Matrix v4.0.12 CEK 04 Encryption Algorithm CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring CSA_v4.0.12 CEK_05 CSA_v4.0.12_CEK_05 CSA Cloud Controls Matrix v4.0.12 CEK 05 Encryption Change Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CSA_v4.0.12 CEK_05 CSA_v4.0.12_CEK_05 CSA Cloud Controls Matrix v4.0.12 CEK 05 Encryption Change Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault CSA_v4.0.12 CEK_05 CSA_v4.0.12_CEK_05 CSA Cloud Controls Matrix v4.0.12 CEK 05 Encryption Change Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute CSA_v4.0.12 CEK_05 CSA_v4.0.12_CEK_05 CSA Cloud Controls Matrix v4.0.12 CEK 05 Encryption Change Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CSA_v4.0.12 CEK_05 CSA_v4.0.12_CEK_05 CSA Cloud Controls Matrix v4.0.12 CEK 05 Encryption Change Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network CSA_v4.0.12 CEK_05 CSA_v4.0.12_CEK_05 CSA Cloud Controls Matrix v4.0.12 CEK 05 Encryption Change Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center CSA_v4.0.12 CEK_05 CSA_v4.0.12_CEK_05 CSA Cloud Controls Matrix v4.0.12 CEK 05 Encryption Change Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring CSA_v4.0.12 CEK_05 CSA_v4.0.12_CEK_05 CSA Cloud Controls Matrix v4.0.12 CEK 05 Encryption Change Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CSA_v4.0.12 CEK_05 CSA_v4.0.12_CEK_05 CSA Cloud Controls Matrix v4.0.12 CEK 05 Encryption Change Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CSA_v4.0.12 CEK_05 CSA_v4.0.12_CEK_05 CSA Cloud Controls Matrix v4.0.12 CEK 05 Encryption Change Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network CSA_v4.0.12 CEK_06 CSA_v4.0.12_CEK_06 CSA Cloud Controls Matrix v4.0.12 CEK 06 Encryption Change Cost Benefit Analysis CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute CSA_v4.0.12 CEK_06 CSA_v4.0.12_CEK_06 CSA Cloud Controls Matrix v4.0.12 CEK 06 Encryption Change Cost Benefit Analysis CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CSA_v4.0.12 CEK_06 CSA_v4.0.12_CEK_06 CSA Cloud Controls Matrix v4.0.12 CEK 06 Encryption Change Cost Benefit Analysis CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring CSA_v4.0.12 CEK_06 CSA_v4.0.12_CEK_06 CSA Cloud Controls Matrix v4.0.12 CEK 06 Encryption Change Cost Benefit Analysis CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring CSA_v4.0.12 CEK_06 CSA_v4.0.12_CEK_06 CSA Cloud Controls Matrix v4.0.12 CEK 06 Encryption Change Cost Benefit Analysis CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center CSA_v4.0.12 CEK_06 CSA_v4.0.12_CEK_06 CSA Cloud Controls Matrix v4.0.12 CEK 06 Encryption Change Cost Benefit Analysis CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CSA_v4.0.12 CEK_06 CSA_v4.0.12_CEK_06 CSA Cloud Controls Matrix v4.0.12 CEK 06 Encryption Change Cost Benefit Analysis CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CSA_v4.0.12 CEK_07 CSA_v4.0.12_CEK_07 CSA Cloud Controls Matrix v4.0.12 CEK 07 Encryption Risk Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute CSA_v4.0.12 CEK_07 CSA_v4.0.12_CEK_07 CSA Cloud Controls Matrix v4.0.12 CEK 07 Encryption Risk Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CSA_v4.0.12 CEK_07 CSA_v4.0.12_CEK_07 CSA Cloud Controls Matrix v4.0.12 CEK 07 Encryption Risk Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network CSA_v4.0.12 CEK_07 CSA_v4.0.12_CEK_07 CSA Cloud Controls Matrix v4.0.12 CEK 07 Encryption Risk Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring CSA_v4.0.12 CEK_07 CSA_v4.0.12_CEK_07 CSA Cloud Controls Matrix v4.0.12 CEK 07 Encryption Risk Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring CSA_v4.0.12 CEK_07 CSA_v4.0.12_CEK_07 CSA Cloud Controls Matrix v4.0.12 CEK 07 Encryption Risk Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center CSA_v4.0.12 CEK_07 CSA_v4.0.12_CEK_07 CSA Cloud Controls Matrix v4.0.12 CEK 07 Encryption Risk Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CSA_v4.0.12 CEK_08 CSA_v4.0.12_CEK_08 CSA Cloud Controls Matrix v4.0.12 CEK 08 CSC Key Management Capability CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault CSA_v4.0.12 CEK_08 CSA_v4.0.12_CEK_08 CSA Cloud Controls Matrix v4.0.12 CEK 08 CSC Key Management Capability CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup CSA_v4.0.12 CEK_08 CSA_v4.0.12_CEK_08 CSA Cloud Controls Matrix v4.0.12 CEK 08 CSC Key Management Capability CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL CSA_v4.0.12 CEK_08 CSA_v4.0.12_CEK_08 CSA Cloud Controls Matrix v4.0.12 CEK 08 CSC Key Management Capability CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things CSA_v4.0.12 CEK_08 CSA_v4.0.12_CEK_08 CSA Cloud Controls Matrix v4.0.12 CEK 08 CSC Key Management Capability CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL CSA_v4.0.12 CEK_08 CSA_v4.0.12_CEK_08 CSA Cloud Controls Matrix v4.0.12 CEK 08 CSC Key Management Capability CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute CSA_v4.0.12 CEK_10 CSA_v4.0.12_CEK_10 CSA Cloud Controls Matrix v4.0.12 CEK 10 Key Generation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation CSA_v4.0.12 CEK_10 CSA_v4.0.12_CEK_10 CSA Cloud Controls Matrix v4.0.12 CEK 10 Key Generation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_10 CSA_v4.0.12_CEK_10 CSA Cloud Controls Matrix v4.0.12 CEK 10 Key Generation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance CSA_v4.0.12 CEK_10 CSA_v4.0.12_CEK_10 CSA Cloud Controls Matrix v4.0.12 CEK 10 Key Generation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer CSA_v4.0.12 CEK_10 CSA_v4.0.12_CEK_10 CSA Cloud Controls Matrix v4.0.12 CEK 10 Key Generation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CSA_v4.0.12 CEK_10 CSA_v4.0.12_CEK_10 CSA Cloud Controls Matrix v4.0.12 CEK 10 Key Generation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute CSA_v4.0.12 CEK_10 CSA_v4.0.12_CEK_10 CSA Cloud Controls Matrix v4.0.12 CEK 10 Key Generation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CSA_v4.0.12 CEK_10 CSA_v4.0.12_CEK_10 CSA Cloud Controls Matrix v4.0.12 CEK 10 Key Generation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration CSA_v4.0.12 CEK_10 CSA_v4.0.12_CEK_10 CSA Cloud Controls Matrix v4.0.12 CEK 10 Key Generation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things CSA_v4.0.12 CEK_10 CSA_v4.0.12_CEK_10 CSA Cloud Controls Matrix v4.0.12 CEK 10 Key Generation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer CSA_v4.0.12 CEK_10 CSA_v4.0.12_CEK_10 CSA Cloud Controls Matrix v4.0.12 CEK 10 Key Generation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault CSA_v4.0.12 CEK_10 CSA_v4.0.12_CEK_10 CSA Cloud Controls Matrix v4.0.12 CEK 10 Key Generation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics CSA_v4.0.12 CEK_10 CSA_v4.0.12_CEK_10 CSA Cloud Controls Matrix v4.0.12 CEK 10 Key Generation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration CSA_v4.0.12 CEK_10 CSA_v4.0.12_CEK_10 CSA Cloud Controls Matrix v4.0.12 CEK 10 Key Generation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL CSA_v4.0.12 CEK_10 CSA_v4.0.12_CEK_10 CSA Cloud Controls Matrix v4.0.12 CEK 10 Key Generation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_10 CSA_v4.0.12_CEK_10 CSA Cloud Controls Matrix v4.0.12 CEK 10 Key Generation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration CSA_v4.0.12 CEK_10 CSA_v4.0.12_CEK_10 CSA Cloud Controls Matrix v4.0.12 CEK 10 Key Generation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault CSA_v4.0.12 CEK_10 CSA_v4.0.12_CEK_10 CSA Cloud Controls Matrix v4.0.12 CEK 10 Key Generation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CSA_v4.0.12 CEK_10 CSA_v4.0.12_CEK_10 CSA Cloud Controls Matrix v4.0.12 CEK 10 Key Generation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center CSA_v4.0.12 CEK_10 CSA_v4.0.12_CEK_10 CSA Cloud Controls Matrix v4.0.12 CEK 10 Key Generation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL CSA_v4.0.12 CEK_10 CSA_v4.0.12_CEK_10 CSA Cloud Controls Matrix v4.0.12 CEK 10 Key Generation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_10 CSA_v4.0.12_CEK_10 CSA Cloud Controls Matrix v4.0.12 CEK 10 Key Generation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage CSA_v4.0.12 CEK_10 CSA_v4.0.12_CEK_10 CSA Cloud Controls Matrix v4.0.12 CEK 10 Key Generation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault CSA_v4.0.12 CEK_10 CSA_v4.0.12_CEK_10 CSA Cloud Controls Matrix v4.0.12 CEK 10 Key Generation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute CSA_v4.0.12 CEK_11 CSA_v4.0.12_CEK_11 CSA Cloud Controls Matrix v4.0.12 CEK 11 Key Purpose CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_11 CSA_v4.0.12_CEK_11 CSA Cloud Controls Matrix v4.0.12 CEK 11 Key Purpose CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute CSA_v4.0.12 CEK_11 CSA_v4.0.12_CEK_11 CSA Cloud Controls Matrix v4.0.12 CEK 11 Key Purpose CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault CSA_v4.0.12 CEK_11 CSA_v4.0.12_CEK_11 CSA Cloud Controls Matrix v4.0.12 CEK 11 Key Purpose CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage CSA_v4.0.12 CEK_11 CSA_v4.0.12_CEK_11 CSA Cloud Controls Matrix v4.0.12 CEK 11 Key Purpose CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer CSA_v4.0.12 CEK_11 CSA_v4.0.12_CEK_11 CSA Cloud Controls Matrix v4.0.12 CEK 11 Key Purpose CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration CSA_v4.0.12 CEK_11 CSA_v4.0.12_CEK_11 CSA Cloud Controls Matrix v4.0.12 CEK 11 Key Purpose CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics CSA_v4.0.12 CEK_11 CSA_v4.0.12_CEK_11 CSA Cloud Controls Matrix v4.0.12 CEK 11 Key Purpose CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL CSA_v4.0.12 CEK_11 CSA_v4.0.12_CEK_11 CSA Cloud Controls Matrix v4.0.12 CEK 11 Key Purpose CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration CSA_v4.0.12 CEK_11 CSA_v4.0.12_CEK_11 CSA Cloud Controls Matrix v4.0.12 CEK 11 Key Purpose CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things CSA_v4.0.12 CEK_11 CSA_v4.0.12_CEK_11 CSA Cloud Controls Matrix v4.0.12 CEK 11 Key Purpose CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL CSA_v4.0.12 CEK_11 CSA_v4.0.12_CEK_11 CSA Cloud Controls Matrix v4.0.12 CEK 11 Key Purpose CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center CSA_v4.0.12 CEK_11 CSA_v4.0.12_CEK_11 CSA Cloud Controls Matrix v4.0.12 CEK 11 Key Purpose CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CSA_v4.0.12 CEK_11 CSA_v4.0.12_CEK_11 CSA Cloud Controls Matrix v4.0.12 CEK 11 Key Purpose CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation CSA_v4.0.12 CEK_11 CSA_v4.0.12_CEK_11 CSA Cloud Controls Matrix v4.0.12 CEK 11 Key Purpose CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault CSA_v4.0.12 CEK_11 CSA_v4.0.12_CEK_11 CSA Cloud Controls Matrix v4.0.12 CEK 11 Key Purpose CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_11 CSA_v4.0.12_CEK_11 CSA Cloud Controls Matrix v4.0.12 CEK 11 Key Purpose CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance CSA_v4.0.12 CEK_11 CSA_v4.0.12_CEK_11 CSA Cloud Controls Matrix v4.0.12 CEK 11 Key Purpose CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CSA_v4.0.12 CEK_11 CSA_v4.0.12_CEK_11 CSA Cloud Controls Matrix v4.0.12 CEK 11 Key Purpose CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration CSA_v4.0.12 CEK_11 CSA_v4.0.12_CEK_11 CSA Cloud Controls Matrix v4.0.12 CEK 11 Key Purpose CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_11 CSA_v4.0.12_CEK_11 CSA Cloud Controls Matrix v4.0.12 CEK 11 Key Purpose CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CSA_v4.0.12 CEK_11 CSA_v4.0.12_CEK_11 CSA Cloud Controls Matrix v4.0.12 CEK 11 Key Purpose CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault CSA_v4.0.12 CEK_11 CSA_v4.0.12_CEK_11 CSA Cloud Controls Matrix v4.0.12 CEK 11 Key Purpose CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer CSA_v4.0.12 CEK_11 CSA_v4.0.12_CEK_11 CSA Cloud Controls Matrix v4.0.12 CEK 11 Key Purpose CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration CSA_v4.0.12 CEK_12 CSA_v4.0.12_CEK_12 CSA Cloud Controls Matrix v4.0.12 CEK 12 Key Rotation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault CSA_v4.0.12 CEK_12 CSA_v4.0.12_CEK_12 CSA Cloud Controls Matrix v4.0.12 CEK 12 Key Rotation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center CSA_v4.0.12 CEK_12 CSA_v4.0.12_CEK_12 CSA Cloud Controls Matrix v4.0.12 CEK 12 Key Rotation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL CSA_v4.0.12 CEK_12 CSA_v4.0.12_CEK_12 CSA Cloud Controls Matrix v4.0.12 CEK 12 Key Rotation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault CSA_v4.0.12 CEK_12 CSA_v4.0.12_CEK_12 CSA Cloud Controls Matrix v4.0.12 CEK 12 Key Rotation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL CSA_v4.0.12 CEK_12 CSA_v4.0.12_CEK_12 CSA Cloud Controls Matrix v4.0.12 CEK 12 Key Rotation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_12 CSA_v4.0.12_CEK_12 CSA Cloud Controls Matrix v4.0.12 CEK 12 Key Rotation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault CSA_v4.0.12 CEK_12 CSA_v4.0.12_CEK_12 CSA Cloud Controls Matrix v4.0.12 CEK 12 Key Rotation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics CSA_v4.0.12 CEK_12 CSA_v4.0.12_CEK_12 CSA Cloud Controls Matrix v4.0.12 CEK 12 Key Rotation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_12 CSA_v4.0.12_CEK_12 CSA Cloud Controls Matrix v4.0.12 CEK 12 Key Rotation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute CSA_v4.0.12 CEK_12 CSA_v4.0.12_CEK_12 CSA Cloud Controls Matrix v4.0.12 CEK 12 Key Rotation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage CSA_v4.0.12 CEK_12 CSA_v4.0.12_CEK_12 CSA Cloud Controls Matrix v4.0.12 CEK 12 Key Rotation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation CSA_v4.0.12 CEK_12 CSA_v4.0.12_CEK_12 CSA Cloud Controls Matrix v4.0.12 CEK 12 Key Rotation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance CSA_v4.0.12 CEK_12 CSA_v4.0.12_CEK_12 CSA Cloud Controls Matrix v4.0.12 CEK 12 Key Rotation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute CSA_v4.0.12 CEK_12 CSA_v4.0.12_CEK_12 CSA Cloud Controls Matrix v4.0.12 CEK 12 Key Rotation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer CSA_v4.0.12 CEK_12 CSA_v4.0.12_CEK_12 CSA Cloud Controls Matrix v4.0.12 CEK 12 Key Rotation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer CSA_v4.0.12 CEK_12 CSA_v4.0.12_CEK_12 CSA Cloud Controls Matrix v4.0.12 CEK 12 Key Rotation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration CSA_v4.0.12 CEK_12 CSA_v4.0.12_CEK_12 CSA Cloud Controls Matrix v4.0.12 CEK 12 Key Rotation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CSA_v4.0.12 CEK_12 CSA_v4.0.12_CEK_12 CSA Cloud Controls Matrix v4.0.12 CEK 12 Key Rotation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_12 CSA_v4.0.12_CEK_12 CSA Cloud Controls Matrix v4.0.12 CEK 12 Key Rotation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration CSA_v4.0.12 CEK_12 CSA_v4.0.12_CEK_12 CSA Cloud Controls Matrix v4.0.12 CEK 12 Key Rotation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CSA_v4.0.12 CEK_12 CSA_v4.0.12_CEK_12 CSA Cloud Controls Matrix v4.0.12 CEK 12 Key Rotation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CSA_v4.0.12 CEK_13 CSA_v4.0.12_CEK_13 CSA Cloud Controls Matrix v4.0.12 CEK 13 Key Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage CSA_v4.0.12 CEK_13 CSA_v4.0.12_CEK_13 CSA Cloud Controls Matrix v4.0.12 CEK 13 Key Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CSA_v4.0.12 CEK_13 CSA_v4.0.12_CEK_13 CSA Cloud Controls Matrix v4.0.12 CEK 13 Key Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_13 CSA_v4.0.12_CEK_13 CSA Cloud Controls Matrix v4.0.12 CEK 13 Key Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_13 CSA_v4.0.12_CEK_13 CSA Cloud Controls Matrix v4.0.12 CEK 13 Key Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration CSA_v4.0.12 CEK_13 CSA_v4.0.12_CEK_13 CSA Cloud Controls Matrix v4.0.12 CEK 13 Key Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics CSA_v4.0.12 CEK_13 CSA_v4.0.12_CEK_13 CSA Cloud Controls Matrix v4.0.12 CEK 13 Key Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute CSA_v4.0.12 CEK_13 CSA_v4.0.12_CEK_13 CSA Cloud Controls Matrix v4.0.12 CEK 13 Key Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute CSA_v4.0.12 CEK_13 CSA_v4.0.12_CEK_13 CSA Cloud Controls Matrix v4.0.12 CEK 13 Key Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation CSA_v4.0.12 CEK_13 CSA_v4.0.12_CEK_13 CSA Cloud Controls Matrix v4.0.12 CEK 13 Key Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance CSA_v4.0.12 CEK_13 CSA_v4.0.12_CEK_13 CSA Cloud Controls Matrix v4.0.12 CEK 13 Key Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault CSA_v4.0.12 CEK_13 CSA_v4.0.12_CEK_13 CSA Cloud Controls Matrix v4.0.12 CEK 13 Key Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation CSA_v4.0.12 CEK_14 CSA_v4.0.12_CEK_14 CSA Cloud Controls Matrix v4.0.12 CEK 14 Key Destruction CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance CSA_v4.0.12 CEK_14 CSA_v4.0.12_CEK_14 CSA Cloud Controls Matrix v4.0.12 CEK 14 Key Destruction CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CSA_v4.0.12 CEK_14 CSA_v4.0.12_CEK_14 CSA Cloud Controls Matrix v4.0.12 CEK 14 Key Destruction CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute CSA_v4.0.12 CEK_14 CSA_v4.0.12_CEK_14 CSA Cloud Controls Matrix v4.0.12 CEK 14 Key Destruction CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CSA_v4.0.12 CEK_14 CSA_v4.0.12_CEK_14 CSA Cloud Controls Matrix v4.0.12 CEK 14 Key Destruction CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics CSA_v4.0.12 CEK_14 CSA_v4.0.12_CEK_14 CSA Cloud Controls Matrix v4.0.12 CEK 14 Key Destruction CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute CSA_v4.0.12 CEK_14 CSA_v4.0.12_CEK_14 CSA Cloud Controls Matrix v4.0.12 CEK 14 Key Destruction CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage CSA_v4.0.12 CEK_14 CSA_v4.0.12_CEK_14 CSA Cloud Controls Matrix v4.0.12 CEK 14 Key Destruction CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault CSA_v4.0.12 CEK_14 CSA_v4.0.12_CEK_14 CSA Cloud Controls Matrix v4.0.12 CEK 14 Key Destruction CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_14 CSA_v4.0.12_CEK_14 CSA Cloud Controls Matrix v4.0.12 CEK 14 Key Destruction CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_14 CSA_v4.0.12_CEK_14 CSA Cloud Controls Matrix v4.0.12 CEK 14 Key Destruction CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration CSA_v4.0.12 CEK_14 CSA_v4.0.12_CEK_14 CSA Cloud Controls Matrix v4.0.12 CEK 14 Key Destruction CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_15 CSA_v4.0.12_CEK_15 CSA Cloud Controls Matrix v4.0.12 CEK 15 Key Activation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration CSA_v4.0.12 CEK_15 CSA_v4.0.12_CEK_15 CSA Cloud Controls Matrix v4.0.12 CEK 15 Key Activation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault CSA_v4.0.12 CEK_15 CSA_v4.0.12_CEK_15 CSA Cloud Controls Matrix v4.0.12 CEK 15 Key Activation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage CSA_v4.0.12 CEK_15 CSA_v4.0.12_CEK_15 CSA Cloud Controls Matrix v4.0.12 CEK 15 Key Activation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL CSA_v4.0.12 CEK_15 CSA_v4.0.12_CEK_15 CSA Cloud Controls Matrix v4.0.12 CEK 15 Key Activation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_15 CSA_v4.0.12_CEK_15 CSA Cloud Controls Matrix v4.0.12 CEK 15 Key Activation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL CSA_v4.0.12 CEK_15 CSA_v4.0.12_CEK_15 CSA Cloud Controls Matrix v4.0.12 CEK 15 Key Activation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_15 CSA_v4.0.12_CEK_15 CSA Cloud Controls Matrix v4.0.12 CEK 15 Key Activation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault CSA_v4.0.12 CEK_15 CSA_v4.0.12_CEK_15 CSA Cloud Controls Matrix v4.0.12 CEK 15 Key Activation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration CSA_v4.0.12 CEK_15 CSA_v4.0.12_CEK_15 CSA Cloud Controls Matrix v4.0.12 CEK 15 Key Activation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics CSA_v4.0.12 CEK_15 CSA_v4.0.12_CEK_15 CSA Cloud Controls Matrix v4.0.12 CEK 15 Key Activation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute CSA_v4.0.12 CEK_15 CSA_v4.0.12_CEK_15 CSA Cloud Controls Matrix v4.0.12 CEK 15 Key Activation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute CSA_v4.0.12 CEK_15 CSA_v4.0.12_CEK_15 CSA Cloud Controls Matrix v4.0.12 CEK 15 Key Activation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation CSA_v4.0.12 CEK_15 CSA_v4.0.12_CEK_15 CSA Cloud Controls Matrix v4.0.12 CEK 15 Key Activation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault CSA_v4.0.12 CEK_15 CSA_v4.0.12_CEK_15 CSA Cloud Controls Matrix v4.0.12 CEK 15 Key Activation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer CSA_v4.0.12 CEK_15 CSA_v4.0.12_CEK_15 CSA Cloud Controls Matrix v4.0.12 CEK 15 Key Activation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration CSA_v4.0.12 CEK_15 CSA_v4.0.12_CEK_15 CSA Cloud Controls Matrix v4.0.12 CEK 15 Key Activation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center CSA_v4.0.12 CEK_15 CSA_v4.0.12_CEK_15 CSA Cloud Controls Matrix v4.0.12 CEK 15 Key Activation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CSA_v4.0.12 CEK_15 CSA_v4.0.12_CEK_15 CSA Cloud Controls Matrix v4.0.12 CEK 15 Key Activation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer CSA_v4.0.12 CEK_15 CSA_v4.0.12_CEK_15 CSA Cloud Controls Matrix v4.0.12 CEK 15 Key Activation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance CSA_v4.0.12 CEK_15 CSA_v4.0.12_CEK_15 CSA Cloud Controls Matrix v4.0.12 CEK 15 Key Activation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer CSA_v4.0.12 CEK_16 CSA_v4.0.12_CEK_16 CSA Cloud Controls Matrix v4.0.12 CEK 16 Key Suspension CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CSA_v4.0.12 CEK_16 CSA_v4.0.12_CEK_16 CSA Cloud Controls Matrix v4.0.12 CEK 16 Key Suspension CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault CSA_v4.0.12 CEK_16 CSA_v4.0.12_CEK_16 CSA Cloud Controls Matrix v4.0.12 CEK 16 Key Suspension CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration CSA_v4.0.12 CEK_16 CSA_v4.0.12_CEK_16 CSA Cloud Controls Matrix v4.0.12 CEK 16 Key Suspension CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer CSA_v4.0.12 CEK_16 CSA_v4.0.12_CEK_16 CSA Cloud Controls Matrix v4.0.12 CEK 16 Key Suspension CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things CSA_v4.0.12 CEK_16 CSA_v4.0.12_CEK_16 CSA Cloud Controls Matrix v4.0.12 CEK 16 Key Suspension CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration CSA_v4.0.12 CEK_16 CSA_v4.0.12_CEK_16 CSA Cloud Controls Matrix v4.0.12 CEK 16 Key Suspension CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_16 CSA_v4.0.12_CEK_16 CSA Cloud Controls Matrix v4.0.12 CEK 16 Key Suspension CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration CSA_v4.0.12 CEK_16 CSA_v4.0.12_CEK_16 CSA Cloud Controls Matrix v4.0.12 CEK 16 Key Suspension CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CSA_v4.0.12 CEK_16 CSA_v4.0.12_CEK_16 CSA Cloud Controls Matrix v4.0.12 CEK 16 Key Suspension CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute CSA_v4.0.12 CEK_16 CSA_v4.0.12_CEK_16 CSA Cloud Controls Matrix v4.0.12 CEK 16 Key Suspension CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center CSA_v4.0.12 CEK_16 CSA_v4.0.12_CEK_16 CSA Cloud Controls Matrix v4.0.12 CEK 16 Key Suspension CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation CSA_v4.0.12 CEK_16 CSA_v4.0.12_CEK_16 CSA Cloud Controls Matrix v4.0.12 CEK 16 Key Suspension CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault CSA_v4.0.12 CEK_16 CSA_v4.0.12_CEK_16 CSA Cloud Controls Matrix v4.0.12 CEK 16 Key Suspension CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance CSA_v4.0.12 CEK_16 CSA_v4.0.12_CEK_16 CSA Cloud Controls Matrix v4.0.12 CEK 16 Key Suspension CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics CSA_v4.0.12 CEK_16 CSA_v4.0.12_CEK_16 CSA Cloud Controls Matrix v4.0.12 CEK 16 Key Suspension CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute CSA_v4.0.12 CEK_16 CSA_v4.0.12_CEK_16 CSA Cloud Controls Matrix v4.0.12 CEK 16 Key Suspension CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage CSA_v4.0.12 CEK_16 CSA_v4.0.12_CEK_16 CSA Cloud Controls Matrix v4.0.12 CEK 16 Key Suspension CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault CSA_v4.0.12 CEK_16 CSA_v4.0.12_CEK_16 CSA Cloud Controls Matrix v4.0.12 CEK 16 Key Suspension CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_16 CSA_v4.0.12_CEK_16 CSA Cloud Controls Matrix v4.0.12 CEK 16 Key Suspension CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL CSA_v4.0.12 CEK_16 CSA_v4.0.12_CEK_16 CSA Cloud Controls Matrix v4.0.12 CEK 16 Key Suspension CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_16 CSA_v4.0.12_CEK_16 CSA Cloud Controls Matrix v4.0.12 CEK 16 Key Suspension CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL CSA_v4.0.12 CEK_16 CSA_v4.0.12_CEK_16 CSA Cloud Controls Matrix v4.0.12 CEK 16 Key Suspension CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_17 CSA_v4.0.12_CEK_17 CSA Cloud Controls Matrix v4.0.12 CEK 17 Key Deactivation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation CSA_v4.0.12 CEK_17 CSA_v4.0.12_CEK_17 CSA Cloud Controls Matrix v4.0.12 CEK 17 Key Deactivation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration CSA_v4.0.12 CEK_17 CSA_v4.0.12_CEK_17 CSA Cloud Controls Matrix v4.0.12 CEK 17 Key Deactivation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_17 CSA_v4.0.12_CEK_17 CSA Cloud Controls Matrix v4.0.12 CEK 17 Key Deactivation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault CSA_v4.0.12 CEK_17 CSA_v4.0.12_CEK_17 CSA Cloud Controls Matrix v4.0.12 CEK 17 Key Deactivation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute CSA_v4.0.12 CEK_17 CSA_v4.0.12_CEK_17 CSA Cloud Controls Matrix v4.0.12 CEK 17 Key Deactivation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute CSA_v4.0.12 CEK_17 CSA_v4.0.12_CEK_17 CSA Cloud Controls Matrix v4.0.12 CEK 17 Key Deactivation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CSA_v4.0.12 CEK_17 CSA_v4.0.12_CEK_17 CSA Cloud Controls Matrix v4.0.12 CEK 17 Key Deactivation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics CSA_v4.0.12 CEK_17 CSA_v4.0.12_CEK_17 CSA Cloud Controls Matrix v4.0.12 CEK 17 Key Deactivation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage CSA_v4.0.12 CEK_17 CSA_v4.0.12_CEK_17 CSA Cloud Controls Matrix v4.0.12 CEK 17 Key Deactivation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance CSA_v4.0.12 CEK_17 CSA_v4.0.12_CEK_17 CSA Cloud Controls Matrix v4.0.12 CEK 17 Key Deactivation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CSA_v4.0.12 CEK_18 CSA_v4.0.12_CEK_18 CSA Cloud Controls Matrix v4.0.12 CEK 18 Key Archival CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration CSA_v4.0.12 CEK_18 CSA_v4.0.12_CEK_18 CSA Cloud Controls Matrix v4.0.12 CEK 18 Key Archival CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics CSA_v4.0.12 CEK_18 CSA_v4.0.12_CEK_18 CSA Cloud Controls Matrix v4.0.12 CEK 18 Key Archival CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute CSA_v4.0.12 CEK_18 CSA_v4.0.12_CEK_18 CSA Cloud Controls Matrix v4.0.12 CEK 18 Key Archival CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute CSA_v4.0.12 CEK_18 CSA_v4.0.12_CEK_18 CSA Cloud Controls Matrix v4.0.12 CEK 18 Key Archival CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_18 CSA_v4.0.12_CEK_18 CSA Cloud Controls Matrix v4.0.12 CEK 18 Key Archival CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_18 CSA_v4.0.12_CEK_18 CSA Cloud Controls Matrix v4.0.12 CEK 18 Key Archival CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance CSA_v4.0.12 CEK_18 CSA_v4.0.12_CEK_18 CSA Cloud Controls Matrix v4.0.12 CEK 18 Key Archival CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage CSA_v4.0.12 CEK_18 CSA_v4.0.12_CEK_18 CSA Cloud Controls Matrix v4.0.12 CEK 18 Key Archival CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation CSA_v4.0.12 CEK_18 CSA_v4.0.12_CEK_18 CSA Cloud Controls Matrix v4.0.12 CEK 18 Key Archival CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault CSA_v4.0.12 CEK_18 CSA_v4.0.12_CEK_18 CSA Cloud Controls Matrix v4.0.12 CEK 18 Key Archival CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage CSA_v4.0.12 CEK_19 CSA_v4.0.12_CEK_19 CSA Cloud Controls Matrix v4.0.12 CEK 19 Key Compromise CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics CSA_v4.0.12 CEK_19 CSA_v4.0.12_CEK_19 CSA Cloud Controls Matrix v4.0.12 CEK 19 Key Compromise CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation CSA_v4.0.12 CEK_19 CSA_v4.0.12_CEK_19 CSA Cloud Controls Matrix v4.0.12 CEK 19 Key Compromise CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance CSA_v4.0.12 CEK_19 CSA_v4.0.12_CEK_19 CSA Cloud Controls Matrix v4.0.12 CEK 19 Key Compromise CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CSA_v4.0.12 CEK_19 CSA_v4.0.12_CEK_19 CSA Cloud Controls Matrix v4.0.12 CEK 19 Key Compromise CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute CSA_v4.0.12 CEK_19 CSA_v4.0.12_CEK_19 CSA Cloud Controls Matrix v4.0.12 CEK 19 Key Compromise CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_19 CSA_v4.0.12_CEK_19 CSA Cloud Controls Matrix v4.0.12 CEK 19 Key Compromise CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_19 CSA_v4.0.12_CEK_19 CSA Cloud Controls Matrix v4.0.12 CEK 19 Key Compromise CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration CSA_v4.0.12 CEK_19 CSA_v4.0.12_CEK_19 CSA Cloud Controls Matrix v4.0.12 CEK 19 Key Compromise CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute CSA_v4.0.12 CEK_19 CSA_v4.0.12_CEK_19 CSA Cloud Controls Matrix v4.0.12 CEK 19 Key Compromise CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CSA_v4.0.12 CEK_19 CSA_v4.0.12_CEK_19 CSA Cloud Controls Matrix v4.0.12 CEK 19 Key Compromise CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_20 CSA_v4.0.12_CEK_20 CSA Cloud Controls Matrix v4.0.12 CEK 20 Key Recovery CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL CSA_v4.0.12 CEK_20 CSA_v4.0.12_CEK_20 CSA Cloud Controls Matrix v4.0.12 CEK 20 Key Recovery CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL CSA_v4.0.12 CEK_20 CSA_v4.0.12_CEK_20 CSA Cloud Controls Matrix v4.0.12 CEK 20 Key Recovery CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault CSA_v4.0.12 CEK_20 CSA_v4.0.12_CEK_20 CSA Cloud Controls Matrix v4.0.12 CEK 20 Key Recovery CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network CSA_v4.0.12 CEK_20 CSA_v4.0.12_CEK_20 CSA Cloud Controls Matrix v4.0.12 CEK 20 Key Recovery CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics CSA_v4.0.12 CEK_20 CSA_v4.0.12_CEK_20 CSA Cloud Controls Matrix v4.0.12 CEK 20 Key Recovery CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage CSA_v4.0.12 CEK_20 CSA_v4.0.12_CEK_20 CSA Cloud Controls Matrix v4.0.12 CEK 20 Key Recovery CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault CSA_v4.0.12 CEK_20 CSA_v4.0.12_CEK_20 CSA Cloud Controls Matrix v4.0.12 CEK 20 Key Recovery CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup CSA_v4.0.12 CEK_20 CSA_v4.0.12_CEK_20 CSA Cloud Controls Matrix v4.0.12 CEK 20 Key Recovery CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CSA_v4.0.12 CEK_20 CSA_v4.0.12_CEK_20 CSA Cloud Controls Matrix v4.0.12 CEK 20 Key Recovery CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center CSA_v4.0.12 CEK_20 CSA_v4.0.12_CEK_20 CSA Cloud Controls Matrix v4.0.12 CEK 20 Key Recovery CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring CSA_v4.0.12 CEK_20 CSA_v4.0.12_CEK_20 CSA Cloud Controls Matrix v4.0.12 CEK 20 Key Recovery CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration CSA_v4.0.12 CEK_20 CSA_v4.0.12_CEK_20 CSA Cloud Controls Matrix v4.0.12 CEK 20 Key Recovery CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring CSA_v4.0.12 CEK_20 CSA_v4.0.12_CEK_20 CSA Cloud Controls Matrix v4.0.12 CEK 20 Key Recovery CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance CSA_v4.0.12 CEK_20 CSA_v4.0.12_CEK_20 CSA Cloud Controls Matrix v4.0.12 CEK 20 Key Recovery CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute CSA_v4.0.12 CEK_20 CSA_v4.0.12_CEK_20 CSA Cloud Controls Matrix v4.0.12 CEK 20 Key Recovery CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CSA_v4.0.12 CEK_20 CSA_v4.0.12_CEK_20 CSA Cloud Controls Matrix v4.0.12 CEK 20 Key Recovery CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CSA_v4.0.12 CEK_20 CSA_v4.0.12_CEK_20 CSA Cloud Controls Matrix v4.0.12 CEK 20 Key Recovery CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute CSA_v4.0.12 CEK_20 CSA_v4.0.12_CEK_20 CSA Cloud Controls Matrix v4.0.12 CEK 20 Key Recovery CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute CSA_v4.0.12 CEK_20 CSA_v4.0.12_CEK_20 CSA Cloud Controls Matrix v4.0.12 CEK 20 Key Recovery CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation CSA_v4.0.12 CEK_20 CSA_v4.0.12_CEK_20 CSA Cloud Controls Matrix v4.0.12 CEK 20 Key Recovery CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CSA_v4.0.12 CEK_20 CSA_v4.0.12_CEK_20 CSA Cloud Controls Matrix v4.0.12 CEK 20 Key Recovery CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CSA_v4.0.12 CEK_20 CSA_v4.0.12_CEK_20 CSA Cloud Controls Matrix v4.0.12 CEK 20 Key Recovery CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_20 CSA_v4.0.12_CEK_20 CSA Cloud Controls Matrix v4.0.12 CEK 20 Key Recovery CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics CSA_v4.0.12 CEK_21 CSA_v4.0.12_CEK_21 CSA Cloud Controls Matrix v4.0.12 CEK 21 Key Inventory Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute CSA_v4.0.12 CEK_21 CSA_v4.0.12_CEK_21 CSA Cloud Controls Matrix v4.0.12 CEK 21 Key Inventory Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_21 CSA_v4.0.12_CEK_21 CSA Cloud Controls Matrix v4.0.12 CEK 21 Key Inventory Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage CSA_v4.0.12 CEK_21 CSA_v4.0.12_CEK_21 CSA Cloud Controls Matrix v4.0.12 CEK 21 Key Inventory Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things CSA_v4.0.12 CEK_21 CSA_v4.0.12_CEK_21 CSA Cloud Controls Matrix v4.0.12 CEK 21 Key Inventory Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CSA_v4.0.12 CEK_21 CSA_v4.0.12_CEK_21 CSA Cloud Controls Matrix v4.0.12 CEK 21 Key Inventory Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance CSA_v4.0.12 CEK_21 CSA_v4.0.12_CEK_21 CSA Cloud Controls Matrix v4.0.12 CEK 21 Key Inventory Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation CSA_v4.0.12 CEK_21 CSA_v4.0.12_CEK_21 CSA Cloud Controls Matrix v4.0.12 CEK 21 Key Inventory Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 CEK_21 CSA_v4.0.12_CEK_21 CSA Cloud Controls Matrix v4.0.12 CEK 21 Key Inventory Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CSA_v4.0.12 CEK_21 CSA_v4.0.12_CEK_21 CSA Cloud Controls Matrix v4.0.12 CEK 21 Key Inventory Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute CSA_v4.0.12 CEK_21 CSA_v4.0.12_CEK_21 CSA Cloud Controls Matrix v4.0.12 CEK 21 Key Inventory Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration CSA_v4.0.12 CEK_21 CSA_v4.0.12_CEK_21 CSA Cloud Controls Matrix v4.0.12 CEK 21 Key Inventory Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
56fd377d-098c-4f02-8406-81eb055902b8 IP firewall rules on Azure Synapse workspaces should be removed Synapse CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d46c275d-1680-448d-b2ec-e495a3b6cc89 Kubernetes cluster services should only use allowed external IPs Kubernetes CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities Kubernetes CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault CSA_v4.0.12 DCS_02 CSA_v4.0.12_DCS_02 CSA Cloud Controls Matrix v4.0.12 DCS 02 Off-Site Transfer Authorization Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring CSA_v4.0.12 DCS_05 CSA_v4.0.12_DCS_05 CSA Cloud Controls Matrix v4.0.12 DCS 05 Assets Classification CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute CSA_v4.0.12 DCS_05 CSA_v4.0.12_DCS_05 CSA Cloud Controls Matrix v4.0.12 DCS 05 Assets Classification CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CSA_v4.0.12 DCS_05 CSA_v4.0.12_DCS_05 CSA Cloud Controls Matrix v4.0.12 DCS 05 Assets Classification CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center CSA_v4.0.12 DCS_05 CSA_v4.0.12_DCS_05 CSA Cloud Controls Matrix v4.0.12 DCS 05 Assets Classification CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring CSA_v4.0.12 DCS_05 CSA_v4.0.12_DCS_05 CSA Cloud Controls Matrix v4.0.12 DCS 05 Assets Classification CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute CSA_v4.0.12 DCS_06 CSA_v4.0.12_DCS_06 CSA Cloud Controls Matrix v4.0.12 DCS 06 Assets Cataloguing and Tracking CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring CSA_v4.0.12 DCS_06 CSA_v4.0.12_DCS_06 CSA Cloud Controls Matrix v4.0.12 DCS 06 Assets Cataloguing and Tracking CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CSA_v4.0.12 DCS_06 CSA_v4.0.12_DCS_06 CSA Cloud Controls Matrix v4.0.12 DCS 06 Assets Cataloguing and Tracking CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ebb67efd-3c46-49b0-adfe-5599eb944998 Audit Windows machines that don't have the specified applications installed Guest Configuration CSA_v4.0.12 DCS_06 CSA_v4.0.12_DCS_06 CSA Cloud Controls Matrix v4.0.12 DCS 06 Assets Cataloguing and Tracking CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center CSA_v4.0.12 DCS_06 CSA_v4.0.12_DCS_06 CSA Cloud Controls Matrix v4.0.12 DCS 06 Assets Cataloguing and Tracking CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring CSA_v4.0.12 DCS_06 CSA_v4.0.12_DCS_06 CSA Cloud Controls Matrix v4.0.12 DCS 06 Assets Cataloguing and Tracking CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CSA_v4.0.12 DCS_08 CSA_v4.0.12_DCS_08 CSA Cloud Controls Matrix v4.0.12 DCS 08 Equipment Identification CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CSA_v4.0.12 DSP_03 CSA_v4.0.12_DSP_03 CSA Cloud Controls Matrix v4.0.12 DSP 03 Data Inventory CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network CSA_v4.0.12 DSP_04 CSA_v4.0.12_DSP_04 CSA Cloud Controls Matrix v4.0.12 DSP 04 Data Classification CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CSA_v4.0.12 DSP_04 CSA_v4.0.12_DSP_04 CSA Cloud Controls Matrix v4.0.12 DSP 04 Data Classification CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL CSA_v4.0.12 DSP_04 CSA_v4.0.12_DSP_04 CSA Cloud Controls Matrix v4.0.12 DSP 04 Data Classification CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL CSA_v4.0.12 DSP_04 CSA_v4.0.12_DSP_04 CSA Cloud Controls Matrix v4.0.12 DSP 04 Data Classification CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CSA_v4.0.12 DSP_04 CSA_v4.0.12_DSP_04 CSA Cloud Controls Matrix v4.0.12 DSP 04 Data Classification CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL CSA_v4.0.12 DSP_04 CSA_v4.0.12_DSP_04 CSA Cloud Controls Matrix v4.0.12 DSP 04 Data Classification CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities Kubernetes CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d46c275d-1680-448d-b2ec-e495a3b6cc89 Kubernetes cluster services should only use allowed external IPs Kubernetes CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
56fd377d-098c-4f02-8406-81eb055902b8 IP firewall rules on Azure Synapse workspaces should be removed Synapse CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services CSA_v4.0.12 DSP_05 CSA_v4.0.12_DSP_05 CSA Cloud Controls Matrix v4.0.12 DSP 05 Data Flow Documentation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage CSA_v4.0.12 DSP_07 CSA_v4.0.12_DSP_07 CSA Cloud Controls Matrix v4.0.12 DSP 07 Data Protection by Design and Default CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR CSA_v4.0.12 DSP_07 CSA_v4.0.12_DSP_07 CSA Cloud Controls Matrix v4.0.12 DSP 07 Data Protection by Design and Default CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CSA_v4.0.12 DSP_07 CSA_v4.0.12_DSP_07 CSA Cloud Controls Matrix v4.0.12 DSP 07 Data Protection by Design and Default CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage CSA_v4.0.12 DSP_07 CSA_v4.0.12_DSP_07 CSA Cloud Controls Matrix v4.0.12 DSP 07 Data Protection by Design and Default CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CSA_v4.0.12 DSP_07 CSA_v4.0.12_DSP_07 CSA Cloud Controls Matrix v4.0.12 DSP 07 Data Protection by Design and Default CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CSA_v4.0.12 DSP_07 CSA_v4.0.12_DSP_07 CSA Cloud Controls Matrix v4.0.12 DSP 07 Data Protection by Design and Default CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network CSA_v4.0.12 DSP_07 CSA_v4.0.12_DSP_07 CSA Cloud Controls Matrix v4.0.12 DSP 07 Data Protection by Design and Default CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ca88aadc-6e2b-416c-9de2-5a0f01d1693f Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration CSA_v4.0.12 DSP_07 CSA_v4.0.12_DSP_07 CSA Cloud Controls Matrix v4.0.12 DSP 07 Data Protection by Design and Default CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL CSA_v4.0.12 DSP_07 CSA_v4.0.12_DSP_07 CSA Cloud Controls Matrix v4.0.12 DSP 07 Data Protection by Design and Default CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL CSA_v4.0.12 DSP_07 CSA_v4.0.12_DSP_07 CSA Cloud Controls Matrix v4.0.12 DSP 07 Data Protection by Design and Default CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer CSA_v4.0.12 DSP_07 CSA_v4.0.12_DSP_07 CSA Cloud Controls Matrix v4.0.12 DSP 07 Data Protection by Design and Default CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center CSA_v4.0.12 DSP_07 CSA_v4.0.12_DSP_07 CSA Cloud Controls Matrix v4.0.12 DSP 07 Data Protection by Design and Default CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration CSA_v4.0.12 DSP_07 CSA_v4.0.12_DSP_07 CSA Cloud Controls Matrix v4.0.12 DSP 07 Data Protection by Design and Default CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 DSP_07 CSA_v4.0.12_DSP_07 CSA Cloud Controls Matrix v4.0.12 DSP 07 Data Protection by Design and Default CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer CSA_v4.0.12 DSP_07 CSA_v4.0.12_DSP_07 CSA Cloud Controls Matrix v4.0.12 DSP 07 Data Protection by Design and Default CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL CSA_v4.0.12 DSP_07 CSA_v4.0.12_DSP_07 CSA Cloud Controls Matrix v4.0.12 DSP 07 Data Protection by Design and Default CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CSA_v4.0.12 DSP_08 CSA_v4.0.12_DSP_08 CSA Cloud Controls Matrix v4.0.12 DSP 08 Data Privacy by Design and Default CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry CSA_v4.0.12 DSP_10 CSA_v4.0.12_DSP_10 CSA Cloud Controls Matrix v4.0.12 DSP 10 Sensitive Data Transfer CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center CSA_v4.0.12 DSP_12 CSA_v4.0.12_DSP_12 CSA Cloud Controls Matrix v4.0.12 DSP 12 Limitation of Purpose in Personal Data Processing CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring CSA_v4.0.12 DSP_16 CSA_v4.0.12_DSP_16 CSA Cloud Controls Matrix v4.0.12 DSP 16 Data Retention and Deletion CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL CSA_v4.0.12 DSP_17 CSA_v4.0.12_DSP_17 CSA Cloud Controls Matrix v4.0.12 DSP 17 Sensitive Data Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CSA_v4.0.12 DSP_17 CSA_v4.0.12_DSP_17 CSA Cloud Controls Matrix v4.0.12 DSP 17 Sensitive Data Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CSA_v4.0.12 DSP_17 CSA_v4.0.12_DSP_17 CSA Cloud Controls Matrix v4.0.12 DSP 17 Sensitive Data Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage CSA_v4.0.12 DSP_17 CSA_v4.0.12_DSP_17 CSA Cloud Controls Matrix v4.0.12 DSP 17 Sensitive Data Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR CSA_v4.0.12 DSP_17 CSA_v4.0.12_DSP_17 CSA Cloud Controls Matrix v4.0.12 DSP 17 Sensitive Data Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL CSA_v4.0.12 DSP_17 CSA_v4.0.12_DSP_17 CSA Cloud Controls Matrix v4.0.12 DSP 17 Sensitive Data Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 DSP_17 CSA_v4.0.12_DSP_17 CSA Cloud Controls Matrix v4.0.12 DSP 17 Sensitive Data Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center CSA_v4.0.12 DSP_17 CSA_v4.0.12_DSP_17 CSA Cloud Controls Matrix v4.0.12 DSP 17 Sensitive Data Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer CSA_v4.0.12 DSP_17 CSA_v4.0.12_DSP_17 CSA Cloud Controls Matrix v4.0.12 DSP 17 Sensitive Data Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage CSA_v4.0.12 DSP_17 CSA_v4.0.12_DSP_17 CSA Cloud Controls Matrix v4.0.12 DSP 17 Sensitive Data Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network CSA_v4.0.12 DSP_17 CSA_v4.0.12_DSP_17 CSA Cloud Controls Matrix v4.0.12 DSP 17 Sensitive Data Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration CSA_v4.0.12 DSP_17 CSA_v4.0.12_DSP_17 CSA Cloud Controls Matrix v4.0.12 DSP 17 Sensitive Data Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer CSA_v4.0.12 DSP_17 CSA_v4.0.12_DSP_17 CSA Cloud Controls Matrix v4.0.12 DSP 17 Sensitive Data Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL CSA_v4.0.12 DSP_17 CSA_v4.0.12_DSP_17 CSA Cloud Controls Matrix v4.0.12 DSP 17 Sensitive Data Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ca88aadc-6e2b-416c-9de2-5a0f01d1693f Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration CSA_v4.0.12 DSP_17 CSA_v4.0.12_DSP_17 CSA Cloud Controls Matrix v4.0.12 DSP 17 Sensitive Data Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes CSA_v4.0.12 GRC_04 CSA_v4.0.12_GRC_04 CSA Cloud Controls Matrix v4.0.12 GRC 04 Policy Exception Process CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f1776c76-f58c-4245-a8d0-2b207198dc8b Virtual networks should use specified virtual network gateway Network CSA_v4.0.12 HRS_04 CSA_v4.0.12_HRS_04 CSA Cloud Controls Matrix v4.0.12 HRS 04 Remote and Home Working Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services CSA_v4.0.12 HRS_04 CSA_v4.0.12_HRS_04 CSA Cloud Controls Matrix v4.0.12 HRS 04 Remote and Home Working Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup CSA_v4.0.12 HRS_04 CSA_v4.0.12_HRS_04 CSA Cloud Controls Matrix v4.0.12 HRS 04 Remote and Home Working Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
35f9c03a-cc27-418e-9c0c-539ff999d010 Gateway subnets should not be configured with a network security group Network CSA_v4.0.12 HRS_04 CSA_v4.0.12_HRS_04 CSA Cloud Controls Matrix v4.0.12 HRS 04 Remote and Home Working Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network CSA_v4.0.12 HRS_04 CSA_v4.0.12_HRS_04 CSA Cloud Controls Matrix v4.0.12 HRS 04 Remote and Home Working Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery CSA_v4.0.12 HRS_04 CSA_v4.0.12_HRS_04 CSA Cloud Controls Matrix v4.0.12 HRS 04 Remote and Home Working Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network CSA_v4.0.12 HRS_04 CSA_v4.0.12_HRS_04 CSA Cloud Controls Matrix v4.0.12 HRS 04 Remote and Home Working Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CSA_v4.0.12 HRS_06 CSA_v4.0.12_HRS_06 CSA Cloud Controls Matrix v4.0.12 HRS 06 Employment Termination CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CSA_v4.0.12 HRS_06 CSA_v4.0.12_HRS_06 CSA Cloud Controls Matrix v4.0.12 HRS 06 Employment Termination CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CSA_v4.0.12 HRS_06 CSA_v4.0.12_HRS_06 CSA Cloud Controls Matrix v4.0.12 HRS 06 Employment Termination CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CSA_v4.0.12 HRS_06 CSA_v4.0.12_HRS_06 CSA Cloud Controls Matrix v4.0.12 HRS 06 Employment Termination CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CSA_v4.0.12 HRS_06 CSA_v4.0.12_HRS_06 CSA Cloud Controls Matrix v4.0.12 HRS 06 Employment Termination CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CSA_v4.0.12 HRS_06 CSA_v4.0.12_HRS_06 CSA Cloud Controls Matrix v4.0.12 HRS 06 Employment Termination CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CSA_v4.0.12 HRS_06 CSA_v4.0.12_HRS_06 CSA Cloud Controls Matrix v4.0.12 HRS 06 Employment Termination CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CSA_v4.0.12 HRS_06 CSA_v4.0.12_HRS_06 CSA Cloud Controls Matrix v4.0.12 HRS 06 Employment Termination CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes CSA_v4.0.12 HRS_06 CSA_v4.0.12_HRS_06 CSA Cloud Controls Matrix v4.0.12 HRS 06 Employment Termination CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CSA_v4.0.12 HRS_06 CSA_v4.0.12_HRS_06 CSA Cloud Controls Matrix v4.0.12 HRS 06 Employment Termination CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CSA_v4.0.12 HRS_06 CSA_v4.0.12_HRS_06 CSA Cloud Controls Matrix v4.0.12 HRS 06 Employment Termination CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CSA_v4.0.12 HRS_06 CSA_v4.0.12_HRS_06 CSA Cloud Controls Matrix v4.0.12 HRS 06 Employment Termination CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CSA_v4.0.12 HRS_06 CSA_v4.0.12_HRS_06 CSA Cloud Controls Matrix v4.0.12 HRS 06 Employment Termination CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CSA_v4.0.12 HRS_06 CSA_v4.0.12_HRS_06 CSA Cloud Controls Matrix v4.0.12 HRS 06 Employment Termination CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center CSA_v4.0.12 HRS_06 CSA_v4.0.12_HRS_06 CSA Cloud Controls Matrix v4.0.12 HRS 06 Employment Termination CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CSA_v4.0.12 HRS_06 CSA_v4.0.12_HRS_06 CSA Cloud Controls Matrix v4.0.12 HRS 06 Employment Termination CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CSA_v4.0.12 HRS_06 CSA_v4.0.12_HRS_06 CSA Cloud Controls Matrix v4.0.12 HRS 06 Employment Termination CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration CSA_v4.0.12 IAM_01 CSA_v4.0.12_IAM_01 CSA Cloud Controls Matrix v4.0.12 IAM 01 Identity and Access Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CSA_v4.0.12 IAM_01 CSA_v4.0.12_IAM_01 CSA Cloud Controls Matrix v4.0.12 IAM 01 Identity and Access Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CSA_v4.0.12 IAM_01 CSA_v4.0.12_IAM_01 CSA Cloud Controls Matrix v4.0.12 IAM 01 Identity and Access Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CSA_v4.0.12 IAM_01 CSA_v4.0.12_IAM_01 CSA Cloud Controls Matrix v4.0.12 IAM 01 Identity and Access Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault CSA_v4.0.12 IAM_01 CSA_v4.0.12_IAM_01 CSA Cloud Controls Matrix v4.0.12 IAM 01 Identity and Access Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CSA_v4.0.12 IAM_01 CSA_v4.0.12_IAM_01 CSA Cloud Controls Matrix v4.0.12 IAM 01 Identity and Access Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub CSA_v4.0.12 IAM_01 CSA_v4.0.12_IAM_01 CSA Cloud Controls Matrix v4.0.12 IAM 01 Identity and Access Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CSA_v4.0.12 IAM_01 CSA_v4.0.12_IAM_01 CSA Cloud Controls Matrix v4.0.12 IAM 01 Identity and Access Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CSA_v4.0.12 IAM_01 CSA_v4.0.12_IAM_01 CSA Cloud Controls Matrix v4.0.12 IAM 01 Identity and Access Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL CSA_v4.0.12 IAM_01 CSA_v4.0.12_IAM_01 CSA Cloud Controls Matrix v4.0.12 IAM 01 Identity and Access Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL CSA_v4.0.12 IAM_01 CSA_v4.0.12_IAM_01 CSA Cloud Controls Matrix v4.0.12 IAM 01 Identity and Access Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration CSA_v4.0.12 IAM_01 CSA_v4.0.12_IAM_01 CSA Cloud Controls Matrix v4.0.12 IAM 01 Identity and Access Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center CSA_v4.0.12 IAM_01 CSA_v4.0.12_IAM_01 CSA Cloud Controls Matrix v4.0.12 IAM 01 Identity and Access Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CSA_v4.0.12 IAM_01 CSA_v4.0.12_IAM_01 CSA Cloud Controls Matrix v4.0.12 IAM 01 Identity and Access Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CSA_v4.0.12 IAM_01 CSA_v4.0.12_IAM_01 CSA Cloud Controls Matrix v4.0.12 IAM 01 Identity and Access Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration CSA_v4.0.12 IAM_01 CSA_v4.0.12_IAM_01 CSA Cloud Controls Matrix v4.0.12 IAM 01 Identity and Access Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning CSA_v4.0.12 IAM_01 CSA_v4.0.12_IAM_01 CSA Cloud Controls Matrix v4.0.12 IAM 01 Identity and Access Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CSA_v4.0.12 IAM_01 CSA_v4.0.12_IAM_01 CSA Cloud Controls Matrix v4.0.12 IAM 01 Identity and Access Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration CSA_v4.0.12 IAM_01 CSA_v4.0.12_IAM_01 CSA Cloud Controls Matrix v4.0.12 IAM 01 Identity and Access Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CSA_v4.0.12 IAM_01 CSA_v4.0.12_IAM_01 CSA Cloud Controls Matrix v4.0.12 IAM 01 Identity and Access Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CSA_v4.0.12 IAM_01 CSA_v4.0.12_IAM_01 CSA Cloud Controls Matrix v4.0.12 IAM 01 Identity and Access Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CSA_v4.0.12 IAM_01 CSA_v4.0.12_IAM_01 CSA Cloud Controls Matrix v4.0.12 IAM 01 Identity and Access Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CSA_v4.0.12 IAM_01 CSA_v4.0.12_IAM_01 CSA Cloud Controls Matrix v4.0.12 IAM 01 Identity and Access Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage CSA_v4.0.12 IAM_01 CSA_v4.0.12_IAM_01 CSA Cloud Controls Matrix v4.0.12 IAM 01 Identity and Access Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CSA_v4.0.12 IAM_02 CSA_v4.0.12_IAM_02 CSA Cloud Controls Matrix v4.0.12 IAM 02 Strong Password Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CSA_v4.0.12 IAM_03 CSA_v4.0.12_IAM_03 CSA Cloud Controls Matrix v4.0.12 IAM 03 Identity Inventory CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service CSA_v4.0.12 IAM_03 CSA_v4.0.12_IAM_03 CSA Cloud Controls Matrix v4.0.12 IAM 03 Identity Inventory CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL CSA_v4.0.12 IAM_03 CSA_v4.0.12_IAM_03 CSA Cloud Controls Matrix v4.0.12 IAM 03 Identity Inventory CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration CSA_v4.0.12 IAM_03 CSA_v4.0.12_IAM_03 CSA Cloud Controls Matrix v4.0.12 IAM 03 Identity Inventory CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CSA_v4.0.12 IAM_03 CSA_v4.0.12_IAM_03 CSA Cloud Controls Matrix v4.0.12 IAM 03 Identity Inventory CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CSA_v4.0.12 IAM_03 CSA_v4.0.12_IAM_03 CSA Cloud Controls Matrix v4.0.12 IAM 03 Identity Inventory CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration CSA_v4.0.12 IAM_03 CSA_v4.0.12_IAM_03 CSA Cloud Controls Matrix v4.0.12 IAM 03 Identity Inventory CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration CSA_v4.0.12 IAM_04 CSA_v4.0.12_IAM_04 CSA Cloud Controls Matrix v4.0.12 IAM 04 Separation of Duties CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CSA_v4.0.12 IAM_05 CSA_v4.0.12_IAM_05 CSA Cloud Controls Matrix v4.0.12 IAM 05 Least Privilege CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning CSA_v4.0.12 IAM_05 CSA_v4.0.12_IAM_05 CSA Cloud Controls Matrix v4.0.12 IAM 05 Least Privilege CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring CSA_v4.0.12 IAM_05 CSA_v4.0.12_IAM_05 CSA Cloud Controls Matrix v4.0.12 IAM 05 Least Privilege CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes CSA_v4.0.12 IAM_05 CSA_v4.0.12_IAM_05 CSA Cloud Controls Matrix v4.0.12 IAM 05 Least Privilege CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CSA_v4.0.12 IAM_05 CSA_v4.0.12_IAM_05 CSA Cloud Controls Matrix v4.0.12 IAM 05 Least Privilege CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CSA_v4.0.12 IAM_05 CSA_v4.0.12_IAM_05 CSA Cloud Controls Matrix v4.0.12 IAM 05 Least Privilege CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center CSA_v4.0.12 IAM_05 CSA_v4.0.12_IAM_05 CSA Cloud Controls Matrix v4.0.12 IAM 05 Least Privilege CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CSA_v4.0.12 IAM_05 CSA_v4.0.12_IAM_05 CSA Cloud Controls Matrix v4.0.12 IAM 05 Least Privilege CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus CSA_v4.0.12 IAM_05 CSA_v4.0.12_IAM_05 CSA Cloud Controls Matrix v4.0.12 IAM 05 Least Privilege CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CSA_v4.0.12 IAM_05 CSA_v4.0.12_IAM_05 CSA Cloud Controls Matrix v4.0.12 IAM 05 Least Privilege CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CSA_v4.0.12 IAM_05 CSA_v4.0.12_IAM_05 CSA Cloud Controls Matrix v4.0.12 IAM 05 Least Privilege CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch CSA_v4.0.12 IAM_05 CSA_v4.0.12_IAM_05 CSA Cloud Controls Matrix v4.0.12 IAM 05 Least Privilege CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration CSA_v4.0.12 IAM_05 CSA_v4.0.12_IAM_05 CSA Cloud Controls Matrix v4.0.12 IAM 05 Least Privilege CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CSA_v4.0.12 IAM_05 CSA_v4.0.12_IAM_05 CSA Cloud Controls Matrix v4.0.12 IAM 05 Least Privilege CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CSA_v4.0.12 IAM_05 CSA_v4.0.12_IAM_05 CSA Cloud Controls Matrix v4.0.12 IAM 05 Least Privilege CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub CSA_v4.0.12 IAM_05 CSA_v4.0.12_IAM_05 CSA Cloud Controls Matrix v4.0.12 IAM 05 Least Privilege CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CSA_v4.0.12 IAM_05 CSA_v4.0.12_IAM_05 CSA Cloud Controls Matrix v4.0.12 IAM 05 Least Privilege CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL CSA_v4.0.12 IAM_05 CSA_v4.0.12_IAM_05 CSA Cloud Controls Matrix v4.0.12 IAM 05 Least Privilege CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB CSA_v4.0.12 IAM_05 CSA_v4.0.12_IAM_05 CSA Cloud Controls Matrix v4.0.12 IAM 05 Least Privilege CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring CSA_v4.0.12 IAM_05 CSA_v4.0.12_IAM_05 CSA Cloud Controls Matrix v4.0.12 IAM 05 Least Privilege CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL CSA_v4.0.12 IAM_05 CSA_v4.0.12_IAM_05 CSA Cloud Controls Matrix v4.0.12 IAM 05 Least Privilege CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management CSA_v4.0.12 IAM_05 CSA_v4.0.12_IAM_05 CSA Cloud Controls Matrix v4.0.12 IAM 05 Least Privilege CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring CSA_v4.0.12 IAM_05 CSA_v4.0.12_IAM_05 CSA Cloud Controls Matrix v4.0.12 IAM 05 Least Privilege CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute CSA_v4.0.12 IAM_05 CSA_v4.0.12_IAM_05 CSA Cloud Controls Matrix v4.0.12 IAM 05 Least Privilege CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes CSA_v4.0.12 IAM_05 CSA_v4.0.12_IAM_05 CSA Cloud Controls Matrix v4.0.12 IAM 05 Least Privilege CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CSA_v4.0.12 IAM_05 CSA_v4.0.12_IAM_05 CSA Cloud Controls Matrix v4.0.12 IAM 05 Least Privilege CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CSA_v4.0.12 IAM_05 CSA_v4.0.12_IAM_05 CSA Cloud Controls Matrix v4.0.12 IAM 05 Least Privilege CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration CSA_v4.0.12 IAM_06 CSA_v4.0.12_IAM_06 CSA Cloud Controls Matrix v4.0.12 IAM 06 User Access Provisioning CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub CSA_v4.0.12 IAM_06 CSA_v4.0.12_IAM_06 CSA Cloud Controls Matrix v4.0.12 IAM 06 User Access Provisioning CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch CSA_v4.0.12 IAM_06 CSA_v4.0.12_IAM_06 CSA Cloud Controls Matrix v4.0.12 IAM 06 User Access Provisioning CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes CSA_v4.0.12 IAM_06 CSA_v4.0.12_IAM_06 CSA Cloud Controls Matrix v4.0.12 IAM 06 User Access Provisioning CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CSA_v4.0.12 IAM_06 CSA_v4.0.12_IAM_06 CSA Cloud Controls Matrix v4.0.12 IAM 06 User Access Provisioning CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus CSA_v4.0.12 IAM_06 CSA_v4.0.12_IAM_06 CSA Cloud Controls Matrix v4.0.12 IAM 06 User Access Provisioning CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CSA_v4.0.12 IAM_06 CSA_v4.0.12_IAM_06 CSA Cloud Controls Matrix v4.0.12 IAM 06 User Access Provisioning CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CSA_v4.0.12 IAM_06 CSA_v4.0.12_IAM_06 CSA Cloud Controls Matrix v4.0.12 IAM 06 User Access Provisioning CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CSA_v4.0.12 IAM_06 CSA_v4.0.12_IAM_06 CSA Cloud Controls Matrix v4.0.12 IAM 06 User Access Provisioning CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CSA_v4.0.12 IAM_06 CSA_v4.0.12_IAM_06 CSA Cloud Controls Matrix v4.0.12 IAM 06 User Access Provisioning CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute CSA_v4.0.12 IAM_06 CSA_v4.0.12_IAM_06 CSA Cloud Controls Matrix v4.0.12 IAM 06 User Access Provisioning CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CSA_v4.0.12 IAM_06 CSA_v4.0.12_IAM_06 CSA Cloud Controls Matrix v4.0.12 IAM 06 User Access Provisioning CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CSA_v4.0.12 IAM_06 CSA_v4.0.12_IAM_06 CSA Cloud Controls Matrix v4.0.12 IAM 06 User Access Provisioning CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration CSA_v4.0.12 IAM_06 CSA_v4.0.12_IAM_06 CSA Cloud Controls Matrix v4.0.12 IAM 06 User Access Provisioning CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR CSA_v4.0.12 IAM_06 CSA_v4.0.12_IAM_06 CSA Cloud Controls Matrix v4.0.12 IAM 06 User Access Provisioning CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CSA_v4.0.12 IAM_06 CSA_v4.0.12_IAM_06 CSA Cloud Controls Matrix v4.0.12 IAM 06 User Access Provisioning CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration CSA_v4.0.12 IAM_06 CSA_v4.0.12_IAM_06 CSA Cloud Controls Matrix v4.0.12 IAM 06 User Access Provisioning CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB CSA_v4.0.12 IAM_06 CSA_v4.0.12_IAM_06 CSA Cloud Controls Matrix v4.0.12 IAM 06 User Access Provisioning CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CSA_v4.0.12 IAM_06 CSA_v4.0.12_IAM_06 CSA Cloud Controls Matrix v4.0.12 IAM 06 User Access Provisioning CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault CSA_v4.0.12 IAM_06 CSA_v4.0.12_IAM_06 CSA Cloud Controls Matrix v4.0.12 IAM 06 User Access Provisioning CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management CSA_v4.0.12 IAM_06 CSA_v4.0.12_IAM_06 CSA Cloud Controls Matrix v4.0.12 IAM 06 User Access Provisioning CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning CSA_v4.0.12 IAM_06 CSA_v4.0.12_IAM_06 CSA Cloud Controls Matrix v4.0.12 IAM 06 User Access Provisioning CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CSA_v4.0.12 IAM_06 CSA_v4.0.12_IAM_06 CSA Cloud Controls Matrix v4.0.12 IAM 06 User Access Provisioning CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CSA_v4.0.12 IAM_06 CSA_v4.0.12_IAM_06 CSA Cloud Controls Matrix v4.0.12 IAM 06 User Access Provisioning CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration CSA_v4.0.12 IAM_07 CSA_v4.0.12_IAM_07 CSA Cloud Controls Matrix v4.0.12 IAM 07 User Access Changes and Revocation CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration CSA_v4.0.12 IAM_08 CSA_v4.0.12_IAM_08 CSA Cloud Controls Matrix v4.0.12 IAM 08 User Access Review CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CSA_v4.0.12 IAM_09 CSA_v4.0.12_IAM_09 CSA Cloud Controls Matrix v4.0.12 IAM 09 Segregation of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CSA_v4.0.12 IAM_10 CSA_v4.0.12_IAM_10 CSA Cloud Controls Matrix v4.0.12 IAM 10 Management of Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage CSA_v4.0.12 IAM_11 CSA_v4.0.12_IAM_11 CSA Cloud Controls Matrix v4.0.12 IAM 11 CSCs Approval for Agreed Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CSA_v4.0.12 IAM_11 CSA_v4.0.12_IAM_11 CSA Cloud Controls Matrix v4.0.12 IAM 11 CSCs Approval for Agreed Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CSA_v4.0.12 IAM_11 CSA_v4.0.12_IAM_11 CSA Cloud Controls Matrix v4.0.12 IAM 11 CSCs Approval for Agreed Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CSA_v4.0.12 IAM_11 CSA_v4.0.12_IAM_11 CSA Cloud Controls Matrix v4.0.12 IAM 11 CSCs Approval for Agreed Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse CSA_v4.0.12 IAM_11 CSA_v4.0.12_IAM_11 CSA Cloud Controls Matrix v4.0.12 IAM 11 CSCs Approval for Agreed Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL CSA_v4.0.12 IAM_11 CSA_v4.0.12_IAM_11 CSA Cloud Controls Matrix v4.0.12 IAM 11 CSCs Approval for Agreed Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL CSA_v4.0.12 IAM_11 CSA_v4.0.12_IAM_11 CSA Cloud Controls Matrix v4.0.12 IAM 11 CSCs Approval for Agreed Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network CSA_v4.0.12 IAM_11 CSA_v4.0.12_IAM_11 CSA Cloud Controls Matrix v4.0.12 IAM 11 CSCs Approval for Agreed Privileged Access Roles CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Safeguard Logs Integrity CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration CSA_v4.0.12 IAM_13 CSA_v4.0.12_IAM_13 CSA Cloud Controls Matrix v4.0.12 IAM 13 Uniquely Identifiable Users CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CSA_v4.0.12 IAM_14 CSA_v4.0.12_IAM_14 CSA Cloud Controls Matrix v4.0.12 IAM 14 Strong Authentication CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute CSA_v4.0.12 IAM_14 CSA_v4.0.12_IAM_14 CSA Cloud Controls Matrix v4.0.12 IAM 14 Strong Authentication CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center CSA_v4.0.12 IAM_14 CSA_v4.0.12_IAM_14 CSA Cloud Controls Matrix v4.0.12 IAM 14 Strong Authentication CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration CSA_v4.0.12 IAM_14 CSA_v4.0.12_IAM_14 CSA Cloud Controls Matrix v4.0.12 IAM 14 Strong Authentication CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CSA_v4.0.12 IAM_14 CSA_v4.0.12_IAM_14 CSA Cloud Controls Matrix v4.0.12 IAM 14 Strong Authentication CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL CSA_v4.0.12 IAM_14 CSA_v4.0.12_IAM_14 CSA Cloud Controls Matrix v4.0.12 IAM 14 Strong Authentication CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL CSA_v4.0.12 IAM_14 CSA_v4.0.12_IAM_14 CSA Cloud Controls Matrix v4.0.12 IAM 14 Strong Authentication CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CSA_v4.0.12 IAM_14 CSA_v4.0.12_IAM_14 CSA Cloud Controls Matrix v4.0.12 IAM 14 Strong Authentication CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL CSA_v4.0.12 IAM_14 CSA_v4.0.12_IAM_14 CSA Cloud Controls Matrix v4.0.12 IAM 14 Strong Authentication CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CSA_v4.0.12 IAM_14 CSA_v4.0.12_IAM_14 CSA Cloud Controls Matrix v4.0.12 IAM 14 Strong Authentication CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service CSA_v4.0.12 IAM_14 CSA_v4.0.12_IAM_14 CSA Cloud Controls Matrix v4.0.12 IAM 14 Strong Authentication CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration CSA_v4.0.12 IAM_14 CSA_v4.0.12_IAM_14 CSA Cloud Controls Matrix v4.0.12 IAM 14 Strong Authentication CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL CSA_v4.0.12 IAM_14 CSA_v4.0.12_IAM_14 CSA Cloud Controls Matrix v4.0.12 IAM 14 Strong Authentication CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CSA_v4.0.12 IAM_14 CSA_v4.0.12_IAM_14 CSA Cloud Controls Matrix v4.0.12 IAM 14 Strong Authentication CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration CSA_v4.0.12 IAM_14 CSA_v4.0.12_IAM_14 CSA Cloud Controls Matrix v4.0.12 IAM 14 Strong Authentication CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub CSA_v4.0.12 IAM_14 CSA_v4.0.12_IAM_14 CSA Cloud Controls Matrix v4.0.12 IAM 14 Strong Authentication CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network CSA_v4.0.12 IAM_14 CSA_v4.0.12_IAM_14 CSA Cloud Controls Matrix v4.0.12 IAM 14 Strong Authentication CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault CSA_v4.0.12 IAM_14 CSA_v4.0.12_IAM_14 CSA Cloud Controls Matrix v4.0.12 IAM 14 Strong Authentication CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CSA_v4.0.12 IAM_14 CSA_v4.0.12_IAM_14 CSA Cloud Controls Matrix v4.0.12 IAM 14 Strong Authentication CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning CSA_v4.0.12 IAM_14 CSA_v4.0.12_IAM_14 CSA Cloud Controls Matrix v4.0.12 IAM 14 Strong Authentication CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration CSA_v4.0.12 IAM_14 CSA_v4.0.12_IAM_14 CSA Cloud Controls Matrix v4.0.12 IAM 14 Strong Authentication CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration CSA_v4.0.12 IAM_14 CSA_v4.0.12_IAM_14 CSA Cloud Controls Matrix v4.0.12 IAM 14 Strong Authentication CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CSA_v4.0.12 IAM_14 CSA_v4.0.12_IAM_14 CSA Cloud Controls Matrix v4.0.12 IAM 14 Strong Authentication CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CSA_v4.0.12 IAM_14 CSA_v4.0.12_IAM_14 CSA Cloud Controls Matrix v4.0.12 IAM 14 Strong Authentication CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CSA_v4.0.12 IAM_14 CSA_v4.0.12_IAM_14 CSA Cloud Controls Matrix v4.0.12 IAM 14 Strong Authentication CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CSA_v4.0.12 IAM_14 CSA_v4.0.12_IAM_14 CSA Cloud Controls Matrix v4.0.12 IAM 14 Strong Authentication CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CSA_v4.0.12 IAM_14 CSA_v4.0.12_IAM_14 CSA Cloud Controls Matrix v4.0.12 IAM 14 Strong Authentication CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CSA_v4.0.12 IAM_14 CSA_v4.0.12_IAM_14 CSA Cloud Controls Matrix v4.0.12 IAM 14 Strong Authentication CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CSA_v4.0.12 IAM_14 CSA_v4.0.12_IAM_14 CSA Cloud Controls Matrix v4.0.12 IAM 14 Strong Authentication CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse CSA_v4.0.12 IAM_14 CSA_v4.0.12_IAM_14 CSA Cloud Controls Matrix v4.0.12 IAM 14 Strong Authentication CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage CSA_v4.0.12 IAM_14 CSA_v4.0.12_IAM_14 CSA Cloud Controls Matrix v4.0.12 IAM 14 Strong Authentication CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CSA_v4.0.12 IAM_14 CSA_v4.0.12_IAM_14 CSA Cloud Controls Matrix v4.0.12 IAM 14 Strong Authentication CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration CSA_v4.0.12 IAM_15 CSA_v4.0.12_IAM_15 CSA Cloud Controls Matrix v4.0.12 IAM 15 Passwords Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service CSA_v4.0.12 IAM_15 CSA_v4.0.12_IAM_15 CSA Cloud Controls Matrix v4.0.12 IAM 15 Passwords Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration CSA_v4.0.12 IAM_15 CSA_v4.0.12_IAM_15 CSA Cloud Controls Matrix v4.0.12 IAM 15 Passwords Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CSA_v4.0.12 IAM_15 CSA_v4.0.12_IAM_15 CSA Cloud Controls Matrix v4.0.12 IAM 15 Passwords Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CSA_v4.0.12 IAM_15 CSA_v4.0.12_IAM_15 CSA Cloud Controls Matrix v4.0.12 IAM 15 Passwords Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL CSA_v4.0.12 IAM_15 CSA_v4.0.12_IAM_15 CSA Cloud Controls Matrix v4.0.12 IAM 15 Passwords Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CSA_v4.0.12 IAM_15 CSA_v4.0.12_IAM_15 CSA Cloud Controls Matrix v4.0.12 IAM 15 Passwords Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CSA_v4.0.12 IAM_15 CSA_v4.0.12_IAM_15 CSA Cloud Controls Matrix v4.0.12 IAM 15 Passwords Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center CSA_v4.0.12 IAM_15 CSA_v4.0.12_IAM_15 CSA Cloud Controls Matrix v4.0.12 IAM 15 Passwords Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration CSA_v4.0.12 IAM_15 CSA_v4.0.12_IAM_15 CSA Cloud Controls Matrix v4.0.12 IAM 15 Passwords Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage CSA_v4.0.12 IAM_15 CSA_v4.0.12_IAM_15 CSA Cloud Controls Matrix v4.0.12 IAM 15 Passwords Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CSA_v4.0.12 IAM_15 CSA_v4.0.12_IAM_15 CSA Cloud Controls Matrix v4.0.12 IAM 15 Passwords Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration CSA_v4.0.12 IAM_15 CSA_v4.0.12_IAM_15 CSA Cloud Controls Matrix v4.0.12 IAM 15 Passwords Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration CSA_v4.0.12 IAM_15 CSA_v4.0.12_IAM_15 CSA Cloud Controls Matrix v4.0.12 IAM 15 Passwords Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CSA_v4.0.12 IAM_15 CSA_v4.0.12_IAM_15 CSA Cloud Controls Matrix v4.0.12 IAM 15 Passwords Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL CSA_v4.0.12 IAM_15 CSA_v4.0.12_IAM_15 CSA Cloud Controls Matrix v4.0.12 IAM 15 Passwords Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CSA_v4.0.12 IAM_15 CSA_v4.0.12_IAM_15 CSA Cloud Controls Matrix v4.0.12 IAM 15 Passwords Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault CSA_v4.0.12 IAM_15 CSA_v4.0.12_IAM_15 CSA Cloud Controls Matrix v4.0.12 IAM 15 Passwords Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub CSA_v4.0.12 IAM_15 CSA_v4.0.12_IAM_15 CSA Cloud Controls Matrix v4.0.12 IAM 15 Passwords Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CSA_v4.0.12 IAM_15 CSA_v4.0.12_IAM_15 CSA Cloud Controls Matrix v4.0.12 IAM 15 Passwords Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CSA_v4.0.12 IAM_15 CSA_v4.0.12_IAM_15 CSA Cloud Controls Matrix v4.0.12 IAM 15 Passwords Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CSA_v4.0.12 IAM_15 CSA_v4.0.12_IAM_15 CSA Cloud Controls Matrix v4.0.12 IAM 15 Passwords Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CSA_v4.0.12 IAM_15 CSA_v4.0.12_IAM_15 CSA Cloud Controls Matrix v4.0.12 IAM 15 Passwords Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CSA_v4.0.12 IAM_15 CSA_v4.0.12_IAM_15 CSA Cloud Controls Matrix v4.0.12 IAM 15 Passwords Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CSA_v4.0.12 IAM_15 CSA_v4.0.12_IAM_15 CSA Cloud Controls Matrix v4.0.12 IAM 15 Passwords Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning CSA_v4.0.12 IAM_15 CSA_v4.0.12_IAM_15 CSA Cloud Controls Matrix v4.0.12 IAM 15 Passwords Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB CSA_v4.0.12 IAM_16 CSA_v4.0.12_IAM_16 CSA Cloud Controls Matrix v4.0.12 IAM 16 Authorization Mechanisms CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network CSA_v4.0.12 IVS_03 CSA_v4.0.12_IVS_03 CSA Cloud Controls Matrix v4.0.12 IVS 03 Network Security CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute CSA_v4.0.12 IVS_04 CSA_v4.0.12_IVS_04 CSA Cloud Controls Matrix v4.0.12 IVS 04 OS Hardening and Base Controls CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration CSA_v4.0.12 IVS_04 CSA_v4.0.12_IVS_04 CSA Cloud Controls Matrix v4.0.12 IVS 04 OS Hardening and Base Controls CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center CSA_v4.0.12 IVS_04 CSA_v4.0.12_IVS_04 CSA Cloud Controls Matrix v4.0.12 IVS 04 OS Hardening and Base Controls CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CSA_v4.0.12 IVS_07 CSA_v4.0.12_IVS_07 CSA Cloud Controls Matrix v4.0.12 IVS 07 Migration to Cloud Environments CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center CSA_v4.0.12 IVS_07 CSA_v4.0.12_IVS_07 CSA Cloud Controls Matrix v4.0.12 IVS 07 Migration to Cloud Environments CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center CSA_v4.0.12 IVS_07 CSA_v4.0.12_IVS_07 CSA Cloud Controls Matrix v4.0.12 IVS 07 Migration to Cloud Environments CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CSA_v4.0.12 IVS_07 CSA_v4.0.12_IVS_07 CSA Cloud Controls Matrix v4.0.12 IVS 07 Migration to Cloud Environments CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes CSA_v4.0.12 IVS_07 CSA_v4.0.12_IVS_07 CSA Cloud Controls Matrix v4.0.12 IVS 07 Migration to Cloud Environments CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center CSA_v4.0.12 IVS_07 CSA_v4.0.12_IVS_07 CSA Cloud Controls Matrix v4.0.12 IVS 07 Migration to Cloud Environments CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring CSA_v4.0.12 IVS_07 CSA_v4.0.12_IVS_07 CSA Cloud Controls Matrix v4.0.12 IVS 07 Migration to Cloud Environments CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center CSA_v4.0.12 IVS_07 CSA_v4.0.12_IVS_07 CSA Cloud Controls Matrix v4.0.12 IVS 07 Migration to Cloud Environments CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring CSA_v4.0.12 LOG_02 CSA_v4.0.12_LOG_02 CSA Cloud Controls Matrix v4.0.12 LOG 02 Audit Logs Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration CSA_v4.0.12 LOG_03 CSA_v4.0.12_LOG_03 CSA Cloud Controls Matrix v4.0.12 LOG 03 Security Monitoring and Alerting CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration CSA_v4.0.12 LOG_03 CSA_v4.0.12_LOG_03 CSA Cloud Controls Matrix v4.0.12 LOG 03 Security Monitoring and Alerting CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring CSA_v4.0.12 LOG_04 CSA_v4.0.12_LOG_04 CSA Cloud Controls Matrix v4.0.12 LOG 04 Audit Logs Access and Accountability CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring CSA_v4.0.12 LOG_04 CSA_v4.0.12_LOG_04 CSA Cloud Controls Matrix v4.0.12 LOG 04 Audit Logs Access and Accountability CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CSA_v4.0.12 LOG_05 CSA_v4.0.12_LOG_05 CSA Cloud Controls Matrix v4.0.12 LOG 05 Audit Logs Monitoring and Response CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CSA_v4.0.12 LOG_05 CSA_v4.0.12_LOG_05 CSA Cloud Controls Matrix v4.0.12 LOG 05 Audit Logs Monitoring and Response CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault CSA_v4.0.12 LOG_05 CSA_v4.0.12_LOG_05 CSA Cloud Controls Matrix v4.0.12 LOG 05 Audit Logs Monitoring and Response CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CSA_v4.0.12 LOG_05 CSA_v4.0.12_LOG_05 CSA Cloud Controls Matrix v4.0.12 LOG 05 Audit Logs Monitoring and Response CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration CSA_v4.0.12 LOG_05 CSA_v4.0.12_LOG_05 CSA Cloud Controls Matrix v4.0.12 LOG 05 Audit Logs Monitoring and Response CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CSA_v4.0.12 LOG_05 CSA_v4.0.12_LOG_05 CSA Cloud Controls Matrix v4.0.12 LOG 05 Audit Logs Monitoring and Response CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CSA_v4.0.12 LOG_05 CSA_v4.0.12_LOG_05 CSA Cloud Controls Matrix v4.0.12 LOG 05 Audit Logs Monitoring and Response CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CSA_v4.0.12 LOG_05 CSA_v4.0.12_LOG_05 CSA Cloud Controls Matrix v4.0.12 LOG 05 Audit Logs Monitoring and Response CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CSA_v4.0.12 LOG_05 CSA_v4.0.12_LOG_05 CSA Cloud Controls Matrix v4.0.12 LOG 05 Audit Logs Monitoring and Response CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network CSA_v4.0.12 LOG_07 CSA_v4.0.12_LOG_07 CSA Cloud Controls Matrix v4.0.12 LOG 07 Logging Scope CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CSA_v4.0.12 LOG_08 CSA_v4.0.12_LOG_08 CSA Cloud Controls Matrix v4.0.12 LOG 08 Log Records CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring CSA_v4.0.12 LOG_08 CSA_v4.0.12_LOG_08 CSA Cloud Controls Matrix v4.0.12 LOG 08 Log Records CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus CSA_v4.0.12 LOG_08 CSA_v4.0.12_LOG_08 CSA Cloud Controls Matrix v4.0.12 LOG 08 Log Records CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General CSA_v4.0.12 LOG_08 CSA_v4.0.12_LOG_08 CSA Cloud Controls Matrix v4.0.12 LOG 08 Log Records CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics CSA_v4.0.12 LOG_08 CSA_v4.0.12_LOG_08 CSA Cloud Controls Matrix v4.0.12 LOG 08 Log Records CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CSA_v4.0.12 LOG_08 CSA_v4.0.12_LOG_08 CSA Cloud Controls Matrix v4.0.12 LOG 08 Log Records CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CSA_v4.0.12 LOG_08 CSA_v4.0.12_LOG_08 CSA Cloud Controls Matrix v4.0.12 LOG 08 Log Records CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CSA_v4.0.12 LOG_08 CSA_v4.0.12_LOG_08 CSA Cloud Controls Matrix v4.0.12 LOG 08 Log Records CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps CSA_v4.0.12 LOG_08 CSA_v4.0.12_LOG_08 CSA Cloud Controls Matrix v4.0.12 LOG 08 Log Records CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning CSA_v4.0.12 LOG_08 CSA_v4.0.12_LOG_08 CSA Cloud Controls Matrix v4.0.12 LOG 08 Log Records CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CSA_v4.0.12 LOG_08 CSA_v4.0.12_LOG_08 CSA Cloud Controls Matrix v4.0.12 LOG 08 Log Records CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CSA_v4.0.12 LOG_08 CSA_v4.0.12_LOG_08 CSA Cloud Controls Matrix v4.0.12 LOG 08 Log Records CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache CSA_v4.0.12 LOG_08 CSA_v4.0.12_LOG_08 CSA Cloud Controls Matrix v4.0.12 LOG 08 Log Records CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CSA_v4.0.12 LOG_08 CSA_v4.0.12_LOG_08 CSA Cloud Controls Matrix v4.0.12 LOG 08 Log Records CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CSA_v4.0.12 LOG_08 CSA_v4.0.12_LOG_08 CSA Cloud Controls Matrix v4.0.12 LOG 08 Log Records CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CSA_v4.0.12 LOG_08 CSA_v4.0.12_LOG_08 CSA Cloud Controls Matrix v4.0.12 LOG 08 Log Records CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CSA_v4.0.12 LOG_08 CSA_v4.0.12_LOG_08 CSA Cloud Controls Matrix v4.0.12 LOG 08 Log Records CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake CSA_v4.0.12 LOG_08 CSA_v4.0.12_LOG_08 CSA Cloud Controls Matrix v4.0.12 LOG 08 Log Records CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration CSA_v4.0.12 LOG_08 CSA_v4.0.12_LOG_08 CSA Cloud Controls Matrix v4.0.12 LOG 08 Log Records CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things CSA_v4.0.12 LOG_08 CSA_v4.0.12_LOG_08 CSA Cloud Controls Matrix v4.0.12 LOG 08 Log Records CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake CSA_v4.0.12 LOG_08 CSA_v4.0.12_LOG_08 CSA Cloud Controls Matrix v4.0.12 LOG 08 Log Records CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes CSA_v4.0.12 LOG_08 CSA_v4.0.12_LOG_08 CSA Cloud Controls Matrix v4.0.12 LOG 08 Log Records CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CSA_v4.0.12 LOG_08 CSA_v4.0.12_LOG_08 CSA Cloud Controls Matrix v4.0.12 LOG 08 Log Records CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CSA_v4.0.12 LOG_08 CSA_v4.0.12_LOG_08 CSA Cloud Controls Matrix v4.0.12 LOG 08 Log Records CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring CSA_v4.0.12 LOG_09 CSA_v4.0.12_LOG_09 CSA Cloud Controls Matrix v4.0.12 LOG 09 Log Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring CSA_v4.0.12 LOG_09 CSA_v4.0.12_LOG_09 CSA Cloud Controls Matrix v4.0.12 LOG 09 Log Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CSA_v4.0.12 LOG_09 CSA_v4.0.12_LOG_09 CSA Cloud Controls Matrix v4.0.12 LOG 09 Log Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring CSA_v4.0.12 LOG_09 CSA_v4.0.12_LOG_09 CSA Cloud Controls Matrix v4.0.12 LOG 09 Log Protection CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning CSA_v4.0.12 LOG_10 CSA_v4.0.12_LOG_10 CSA Cloud Controls Matrix v4.0.12 LOG 10 Encryption Monitoring and Reporting CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CSA_v4.0.12 LOG_10 CSA_v4.0.12_LOG_10 CSA Cloud Controls Matrix v4.0.12 LOG 10 Encryption Monitoring and Reporting CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CSA_v4.0.12 LOG_10 CSA_v4.0.12_LOG_10 CSA Cloud Controls Matrix v4.0.12 LOG 10 Encryption Monitoring and Reporting CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General CSA_v4.0.12 LOG_10 CSA_v4.0.12_LOG_10 CSA Cloud Controls Matrix v4.0.12 LOG 10 Encryption Monitoring and Reporting CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache CSA_v4.0.12 LOG_10 CSA_v4.0.12_LOG_10 CSA Cloud Controls Matrix v4.0.12 LOG 10 Encryption Monitoring and Reporting CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things CSA_v4.0.12 LOG_10 CSA_v4.0.12_LOG_10 CSA Cloud Controls Matrix v4.0.12 LOG 10 Encryption Monitoring and Reporting CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CSA_v4.0.12 LOG_10 CSA_v4.0.12_LOG_10 CSA Cloud Controls Matrix v4.0.12 LOG 10 Encryption Monitoring and Reporting CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CSA_v4.0.12 LOG_10 CSA_v4.0.12_LOG_10 CSA Cloud Controls Matrix v4.0.12 LOG 10 Encryption Monitoring and Reporting CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CSA_v4.0.12 LOG_10 CSA_v4.0.12_LOG_10 CSA Cloud Controls Matrix v4.0.12 LOG 10 Encryption Monitoring and Reporting CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CSA_v4.0.12 LOG_10 CSA_v4.0.12_LOG_10 CSA Cloud Controls Matrix v4.0.12 LOG 10 Encryption Monitoring and Reporting CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps CSA_v4.0.12 LOG_10 CSA_v4.0.12_LOG_10 CSA Cloud Controls Matrix v4.0.12 LOG 10 Encryption Monitoring and Reporting CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CSA_v4.0.12 LOG_10 CSA_v4.0.12_LOG_10 CSA Cloud Controls Matrix v4.0.12 LOG 10 Encryption Monitoring and Reporting CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CSA_v4.0.12 LOG_10 CSA_v4.0.12_LOG_10 CSA Cloud Controls Matrix v4.0.12 LOG 10 Encryption Monitoring and Reporting CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CSA_v4.0.12 LOG_10 CSA_v4.0.12_LOG_10 CSA Cloud Controls Matrix v4.0.12 LOG 10 Encryption Monitoring and Reporting CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CSA_v4.0.12 LOG_10 CSA_v4.0.12_LOG_10 CSA Cloud Controls Matrix v4.0.12 LOG 10 Encryption Monitoring and Reporting CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CSA_v4.0.12 LOG_10 CSA_v4.0.12_LOG_10 CSA Cloud Controls Matrix v4.0.12 LOG 10 Encryption Monitoring and Reporting CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CSA_v4.0.12 LOG_10 CSA_v4.0.12_LOG_10 CSA Cloud Controls Matrix v4.0.12 LOG 10 Encryption Monitoring and Reporting CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring CSA_v4.0.12 LOG_10 CSA_v4.0.12_LOG_10 CSA Cloud Controls Matrix v4.0.12 LOG 10 Encryption Monitoring and Reporting CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration CSA_v4.0.12 LOG_10 CSA_v4.0.12_LOG_10 CSA Cloud Controls Matrix v4.0.12 LOG 10 Encryption Monitoring and Reporting CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake CSA_v4.0.12 LOG_10 CSA_v4.0.12_LOG_10 CSA Cloud Controls Matrix v4.0.12 LOG 10 Encryption Monitoring and Reporting CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes CSA_v4.0.12 LOG_10 CSA_v4.0.12_LOG_10 CSA Cloud Controls Matrix v4.0.12 LOG 10 Encryption Monitoring and Reporting CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake CSA_v4.0.12 LOG_10 CSA_v4.0.12_LOG_10 CSA Cloud Controls Matrix v4.0.12 LOG 10 Encryption Monitoring and Reporting CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus CSA_v4.0.12 LOG_10 CSA_v4.0.12_LOG_10 CSA Cloud Controls Matrix v4.0.12 LOG 10 Encryption Monitoring and Reporting CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics CSA_v4.0.12 LOG_10 CSA_v4.0.12_LOG_10 CSA Cloud Controls Matrix v4.0.12 LOG 10 Encryption Monitoring and Reporting CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake CSA_v4.0.12 LOG_11 CSA_v4.0.12_LOG_11 CSA Cloud Controls Matrix v4.0.12 LOG 11 Transaction/Activity Logging CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus CSA_v4.0.12 LOG_11 CSA_v4.0.12_LOG_11 CSA Cloud Controls Matrix v4.0.12 LOG 11 Transaction/Activity Logging CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CSA_v4.0.12 LOG_11 CSA_v4.0.12_LOG_11 CSA Cloud Controls Matrix v4.0.12 LOG 11 Transaction/Activity Logging CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics CSA_v4.0.12 LOG_11 CSA_v4.0.12_LOG_11 CSA Cloud Controls Matrix v4.0.12 LOG 11 Transaction/Activity Logging CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake CSA_v4.0.12 LOG_11 CSA_v4.0.12_LOG_11 CSA Cloud Controls Matrix v4.0.12 LOG 11 Transaction/Activity Logging CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CSA_v4.0.12 LOG_11 CSA_v4.0.12_LOG_11 CSA Cloud Controls Matrix v4.0.12 LOG 11 Transaction/Activity Logging CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes CSA_v4.0.12 LOG_11 CSA_v4.0.12_LOG_11 CSA Cloud Controls Matrix v4.0.12 LOG 11 Transaction/Activity Logging CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CSA_v4.0.12 LOG_11 CSA_v4.0.12_LOG_11 CSA Cloud Controls Matrix v4.0.12 LOG 11 Transaction/Activity Logging CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache CSA_v4.0.12 LOG_11 CSA_v4.0.12_LOG_11 CSA Cloud Controls Matrix v4.0.12 LOG 11 Transaction/Activity Logging CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CSA_v4.0.12 LOG_11 CSA_v4.0.12_LOG_11 CSA Cloud Controls Matrix v4.0.12 LOG 11 Transaction/Activity Logging CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CSA_v4.0.12 LOG_11 CSA_v4.0.12_LOG_11 CSA Cloud Controls Matrix v4.0.12 LOG 11 Transaction/Activity Logging CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General CSA_v4.0.12 LOG_11 CSA_v4.0.12_LOG_11 CSA Cloud Controls Matrix v4.0.12 LOG 11 Transaction/Activity Logging CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CSA_v4.0.12 LOG_11 CSA_v4.0.12_LOG_11 CSA Cloud Controls Matrix v4.0.12 LOG 11 Transaction/Activity Logging CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning CSA_v4.0.12 LOG_11 CSA_v4.0.12_LOG_11 CSA Cloud Controls Matrix v4.0.12 LOG 11 Transaction/Activity Logging CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps CSA_v4.0.12 LOG_11 CSA_v4.0.12_LOG_11 CSA Cloud Controls Matrix v4.0.12 LOG 11 Transaction/Activity Logging CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CSA_v4.0.12 LOG_11 CSA_v4.0.12_LOG_11 CSA Cloud Controls Matrix v4.0.12 LOG 11 Transaction/Activity Logging CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring CSA_v4.0.12 LOG_11 CSA_v4.0.12_LOG_11 CSA Cloud Controls Matrix v4.0.12 LOG 11 Transaction/Activity Logging CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CSA_v4.0.12 LOG_11 CSA_v4.0.12_LOG_11 CSA Cloud Controls Matrix v4.0.12 LOG 11 Transaction/Activity Logging CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CSA_v4.0.12 LOG_11 CSA_v4.0.12_LOG_11 CSA Cloud Controls Matrix v4.0.12 LOG 11 Transaction/Activity Logging CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things CSA_v4.0.12 LOG_11 CSA_v4.0.12_LOG_11 CSA Cloud Controls Matrix v4.0.12 LOG 11 Transaction/Activity Logging CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CSA_v4.0.12 LOG_11 CSA_v4.0.12_LOG_11 CSA Cloud Controls Matrix v4.0.12 LOG 11 Transaction/Activity Logging CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CSA_v4.0.12 LOG_11 CSA_v4.0.12_LOG_11 CSA Cloud Controls Matrix v4.0.12 LOG 11 Transaction/Activity Logging CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration CSA_v4.0.12 LOG_11 CSA_v4.0.12_LOG_11 CSA Cloud Controls Matrix v4.0.12 LOG 11 Transaction/Activity Logging CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CSA_v4.0.12 LOG_11 CSA_v4.0.12_LOG_11 CSA Cloud Controls Matrix v4.0.12 LOG 11 Transaction/Activity Logging CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CSA_v4.0.12 LOG_13 CSA_v4.0.12_LOG_13 CSA Cloud Controls Matrix v4.0.12 LOG 13 Failures and Anomalies Reporting CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CSA_v4.0.12 LOG_13 CSA_v4.0.12_LOG_13 CSA Cloud Controls Matrix v4.0.12 LOG 13 Failures and Anomalies Reporting CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CSA_v4.0.12 STA_12 CSA_v4.0.12_STA_12 CSA Cloud Controls Matrix v4.0.12 STA 12 Supply Chain Service Agreement Compliance CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute CSA_v4.0.12 STA_12 CSA_v4.0.12_STA_12 CSA Cloud Controls Matrix v4.0.12 STA 12 Supply Chain Service Agreement Compliance CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CSA_v4.0.12 TVM_01 CSA_v4.0.12_TVM_01 CSA Cloud Controls Matrix v4.0.12 TVM 01 Threat and Vulnerability Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes CSA_v4.0.12 TVM_01 CSA_v4.0.12_TVM_01 CSA Cloud Controls Matrix v4.0.12 TVM 01 Threat and Vulnerability Management Policy and Procedures CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring CSA_v4.0.12 TVM_04 CSA_v4.0.12_TVM_04 CSA Cloud Controls Matrix v4.0.12 TVM 04 Detection Updates CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center CSA_v4.0.12 TVM_07 CSA_v4.0.12_TVM_07 CSA Cloud Controls Matrix v4.0.12 TVM 07 Vulnerability Identification CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center CSA_v4.0.12 TVM_07 CSA_v4.0.12_TVM_07 CSA Cloud Controls Matrix v4.0.12 TVM 07 Vulnerability Identification CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes CSA_v4.0.12 TVM_07 CSA_v4.0.12_TVM_07 CSA Cloud Controls Matrix v4.0.12 TVM 07 Vulnerability Identification CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring CSA_v4.0.12 TVM_07 CSA_v4.0.12_TVM_07 CSA Cloud Controls Matrix v4.0.12 TVM 07 Vulnerability Identification CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CSA_v4.0.12 TVM_07 CSA_v4.0.12_TVM_07 CSA Cloud Controls Matrix v4.0.12 TVM 07 Vulnerability Identification CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CSA_v4.0.12 TVM_07 CSA_v4.0.12_TVM_07 CSA Cloud Controls Matrix v4.0.12 TVM 07 Vulnerability Identification CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center CSA_v4.0.12 TVM_07 CSA_v4.0.12_TVM_07 CSA Cloud Controls Matrix v4.0.12 TVM 07 Vulnerability Identification CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center CSA_v4.0.12 TVM_07 CSA_v4.0.12_TVM_07 CSA Cloud Controls Matrix v4.0.12 TVM 07 Vulnerability Identification CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CSA_v4.0.12 TVM_08 CSA_v4.0.12_TVM_08 CSA Cloud Controls Matrix v4.0.12 TVM 08 Vulnerability Prioritization CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center CSA_v4.0.12 TVM_08 CSA_v4.0.12_TVM_08 CSA Cloud Controls Matrix v4.0.12 TVM 08 Vulnerability Prioritization CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CSA_v4.0.12 TVM_08 CSA_v4.0.12_TVM_08 CSA Cloud Controls Matrix v4.0.12 TVM 08 Vulnerability Prioritization CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center CSA_v4.0.12 TVM_08 CSA_v4.0.12_TVM_08 CSA Cloud Controls Matrix v4.0.12 TVM 08 Vulnerability Prioritization CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse CSA_v4.0.12 TVM_08 CSA_v4.0.12_TVM_08 CSA Cloud Controls Matrix v4.0.12 TVM 08 Vulnerability Prioritization CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CSA_v4.0.12 TVM_08 CSA_v4.0.12_TVM_08 CSA Cloud Controls Matrix v4.0.12 TVM 08 Vulnerability Prioritization CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CSA_v4.0.12 TVM_08 CSA_v4.0.12_TVM_08 CSA Cloud Controls Matrix v4.0.12 TVM 08 Vulnerability Prioritization CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center CSA_v4.0.12 TVM_08 CSA_v4.0.12_TVM_08 CSA Cloud Controls Matrix v4.0.12 TVM 08 Vulnerability Prioritization CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning CSA_v4.0.12 TVM_08 CSA_v4.0.12_TVM_08 CSA Cloud Controls Matrix v4.0.12 TVM 08 Vulnerability Prioritization CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CSA_v4.0.12 TVM_08 CSA_v4.0.12_TVM_08 CSA Cloud Controls Matrix v4.0.12 TVM 08 Vulnerability Prioritization CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CSA_v4.0.12 TVM_08 CSA_v4.0.12_TVM_08 CSA Cloud Controls Matrix v4.0.12 TVM 08 Vulnerability Prioritization CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute CSA_v4.0.12 TVM_08 CSA_v4.0.12_TVM_08 CSA Cloud Controls Matrix v4.0.12 TVM 08 Vulnerability Prioritization CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CSA_v4.0.12 TVM_08 CSA_v4.0.12_TVM_08 CSA Cloud Controls Matrix v4.0.12 TVM 08 Vulnerability Prioritization CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CSA_v4.0.12 TVM_08 CSA_v4.0.12_TVM_08 CSA Cloud Controls Matrix v4.0.12 TVM 08 Vulnerability Prioritization CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CSA_v4.0.12 TVM_08 CSA_v4.0.12_TVM_08 CSA Cloud Controls Matrix v4.0.12 TVM 08 Vulnerability Prioritization CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center CSA_v4.0.12 TVM_08 CSA_v4.0.12_TVM_08 CSA Cloud Controls Matrix v4.0.12 TVM 08 Vulnerability Prioritization CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center CSA_v4.0.12 TVM_08 CSA_v4.0.12_TVM_08 CSA Cloud Controls Matrix v4.0.12 TVM 08 Vulnerability Prioritization CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager CSA_v4.0.12 TVM_08 CSA_v4.0.12_TVM_08 CSA Cloud Controls Matrix v4.0.12 TVM 08 Vulnerability Prioritization CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center CSA_v4.0.12 TVM_08 CSA_v4.0.12_TVM_08 CSA Cloud Controls Matrix v4.0.12 TVM 08 Vulnerability Prioritization CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CSA_v4.0.12 TVM_08 CSA_v4.0.12_TVM_08 CSA Cloud Controls Matrix v4.0.12 TVM 08 Vulnerability Prioritization CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CSA_v4.0.12 TVM_08 CSA_v4.0.12_TVM_08 CSA Cloud Controls Matrix v4.0.12 TVM 08 Vulnerability Prioritization CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center CSA_v4.0.12 TVM_08 CSA_v4.0.12_TVM_08 CSA Cloud Controls Matrix v4.0.12 TVM 08 Vulnerability Prioritization CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CSA_v4.0.12 TVM_09 CSA_v4.0.12_TVM_09 CSA Cloud Controls Matrix v4.0.12 TVM 09 Vulnerability Management Reporting CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes CSA_v4.0.12 TVM_09 CSA_v4.0.12_TVM_09 CSA Cloud Controls Matrix v4.0.12 TVM 09 Vulnerability Management Reporting CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute CSA_v4.0.12 UEM_02 CSA_v4.0.12_UEM_02 CSA Cloud Controls Matrix v4.0.12 UEM 02 Application and Service Approval CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute CSA_v4.0.12 UEM_03 CSA_v4.0.12_UEM_03 CSA Cloud Controls Matrix v4.0.12 UEM 03 Compatibility CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration CSA_v4.0.12 UEM_03 CSA_v4.0.12_UEM_03 CSA Cloud Controls Matrix v4.0.12 UEM 03 Compatibility CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1dc2fc00-2245-4143-99f4-874c937f13ef Azure API Management platform version should be stv2 API Management CSA_v4.0.12 UEM_03 CSA_v4.0.12_UEM_03 CSA Cloud Controls Matrix v4.0.12 UEM 03 Compatibility CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration CSA_v4.0.12 UEM_03 CSA_v4.0.12_UEM_03 CSA Cloud Controls Matrix v4.0.12 UEM 03 Compatibility CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration CSA_v4.0.12 UEM_03 CSA_v4.0.12_UEM_03 CSA Cloud Controls Matrix v4.0.12 UEM 03 Compatibility CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network CSA_v4.0.12 UEM_03 CSA_v4.0.12_UEM_03 CSA Cloud Controls Matrix v4.0.12 UEM 03 Compatibility CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes CSA_v4.0.12 UEM_03 CSA_v4.0.12_UEM_03 CSA Cloud Controls Matrix v4.0.12 UEM 03 Compatibility CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network CSA_v4.0.12 UEM_03 CSA_v4.0.12_UEM_03 CSA Cloud Controls Matrix v4.0.12 UEM 03 Compatibility CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CSA_v4.0.12 UEM_03 CSA_v4.0.12_UEM_03 CSA Cloud Controls Matrix v4.0.12 UEM 03 Compatibility CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CSA_v4.0.12 UEM_03 CSA_v4.0.12_UEM_03 CSA Cloud Controls Matrix v4.0.12 UEM 03 Compatibility CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CSA_v4.0.12 UEM_04 CSA_v4.0.12_UEM_04 CSA Cloud Controls Matrix v4.0.12 UEM 04 Endpoint Inventory CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute CSA_v4.0.12 UEM_04 CSA_v4.0.12_UEM_04 CSA Cloud Controls Matrix v4.0.12 UEM 04 Endpoint Inventory CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center CSA_v4.0.12 UEM_04 CSA_v4.0.12_UEM_04 CSA Cloud Controls Matrix v4.0.12 UEM 04 Endpoint Inventory CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring CSA_v4.0.12 UEM_04 CSA_v4.0.12_UEM_04 CSA Cloud Controls Matrix v4.0.12 UEM 04 Endpoint Inventory CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring CSA_v4.0.12 UEM_04 CSA_v4.0.12_UEM_04 CSA Cloud Controls Matrix v4.0.12 UEM 04 Endpoint Inventory CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration CSA_v4.0.12 UEM_05 CSA_v4.0.12_UEM_05 CSA Cloud Controls Matrix v4.0.12 UEM 05 Endpoint Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CSA_v4.0.12 UEM_05 CSA_v4.0.12_UEM_05 CSA Cloud Controls Matrix v4.0.12 UEM 05 Endpoint Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute CSA_v4.0.12 UEM_05 CSA_v4.0.12_UEM_05 CSA Cloud Controls Matrix v4.0.12 UEM 05 Endpoint Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network CSA_v4.0.12 UEM_05 CSA_v4.0.12_UEM_05 CSA Cloud Controls Matrix v4.0.12 UEM 05 Endpoint Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1dc2fc00-2245-4143-99f4-874c937f13ef Azure API Management platform version should be stv2 API Management CSA_v4.0.12 UEM_05 CSA_v4.0.12_UEM_05 CSA Cloud Controls Matrix v4.0.12 UEM 05 Endpoint Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CSA_v4.0.12 UEM_05 CSA_v4.0.12_UEM_05 CSA Cloud Controls Matrix v4.0.12 UEM 05 Endpoint Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration CSA_v4.0.12 UEM_05 CSA_v4.0.12_UEM_05 CSA Cloud Controls Matrix v4.0.12 UEM 05 Endpoint Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes CSA_v4.0.12 UEM_05 CSA_v4.0.12_UEM_05 CSA Cloud Controls Matrix v4.0.12 UEM 05 Endpoint Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes CSA_v4.0.12 UEM_05 CSA_v4.0.12_UEM_05 CSA Cloud Controls Matrix v4.0.12 UEM 05 Endpoint Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network CSA_v4.0.12 UEM_05 CSA_v4.0.12_UEM_05 CSA Cloud Controls Matrix v4.0.12 UEM 05 Endpoint Management CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring CSA_v4.0.12 UEM_07 CSA_v4.0.12_UEM_07 CSA Cloud Controls Matrix v4.0.12 UEM 07 Operating Systems CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring CSA_v4.0.12 UEM_07 CSA_v4.0.12_UEM_07 CSA Cloud Controls Matrix v4.0.12 UEM 07 Operating Systems CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute CSA_v4.0.12 UEM_07 CSA_v4.0.12_UEM_07 CSA Cloud Controls Matrix v4.0.12 UEM 07 Operating Systems CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center CSA_v4.0.12 UEM_07 CSA_v4.0.12_UEM_07 CSA Cloud Controls Matrix v4.0.12 UEM 07 Operating Systems CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CSA_v4.0.12 UEM_07 CSA_v4.0.12_UEM_07 CSA Cloud Controls Matrix v4.0.12 UEM 07 Operating Systems CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services CSA_v4.0.12 UEM_08 CSA_v4.0.12_UEM_08 CSA Cloud Controls Matrix v4.0.12 UEM 08 Storage Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage CSA_v4.0.12 UEM_08 CSA_v4.0.12_UEM_08 CSA Cloud Controls Matrix v4.0.12 UEM 08 Storage Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer CSA_v4.0.12 UEM_08 CSA_v4.0.12_UEM_08 CSA Cloud Controls Matrix v4.0.12 UEM 08 Storage Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL CSA_v4.0.12 UEM_08 CSA_v4.0.12_UEM_08 CSA Cloud Controls Matrix v4.0.12 UEM 08 Storage Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration CSA_v4.0.12 UEM_08 CSA_v4.0.12_UEM_08 CSA Cloud Controls Matrix v4.0.12 UEM 08 Storage Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CSA_v4.0.12 UEM_08 CSA_v4.0.12_UEM_08 CSA Cloud Controls Matrix v4.0.12 UEM 08 Storage Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ca88aadc-6e2b-416c-9de2-5a0f01d1693f Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration CSA_v4.0.12 UEM_08 CSA_v4.0.12_UEM_08 CSA Cloud Controls Matrix v4.0.12 UEM 08 Storage Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center CSA_v4.0.12 UEM_08 CSA_v4.0.12_UEM_08 CSA Cloud Controls Matrix v4.0.12 UEM 08 Storage Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR CSA_v4.0.12 UEM_08 CSA_v4.0.12_UEM_08 CSA Cloud Controls Matrix v4.0.12 UEM 08 Storage Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage CSA_v4.0.12 UEM_08 CSA_v4.0.12_UEM_08 CSA Cloud Controls Matrix v4.0.12 UEM 08 Storage Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer CSA_v4.0.12 UEM_08 CSA_v4.0.12_UEM_08 CSA Cloud Controls Matrix v4.0.12 UEM 08 Storage Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring CSA_v4.0.12 UEM_08 CSA_v4.0.12_UEM_08 CSA Cloud Controls Matrix v4.0.12 UEM 08 Storage Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things CSA_v4.0.12 UEM_08 CSA_v4.0.12_UEM_08 CSA Cloud Controls Matrix v4.0.12 UEM 08 Storage Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration CSA_v4.0.12 UEM_08 CSA_v4.0.12_UEM_08 CSA Cloud Controls Matrix v4.0.12 UEM 08 Storage Encryption CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center CSA_v4.0.12 UEM_12 CSA_v4.0.12_UEM_12 CSA Cloud Controls Matrix v4.0.12 UEM 12 Remote Locate CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CSA_v4.0.12 UEM_12 CSA_v4.0.12_UEM_12 CSA Cloud Controls Matrix v4.0.12 UEM 12 Remote Locate CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring CSA_v4.0.12 UEM_12 CSA_v4.0.12_UEM_12 CSA Cloud Controls Matrix v4.0.12 UEM 12 Remote Locate CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring CSA_v4.0.12 UEM_12 CSA_v4.0.12_UEM_12 CSA Cloud Controls Matrix v4.0.12 UEM 12 Remote Locate CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute CSA_v4.0.12 UEM_12 CSA_v4.0.12_UEM_12 CSA Cloud Controls Matrix v4.0.12 UEM 12 Remote Locate CSA CSA Cloud Controls Matrix v4.0.12 (8791506a-dec4-497a-a83f-3abfde37c400)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration Cyber_Essentials_v3.1 Cyber_Essentials_v3.1_ 404 not found Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration Cyber_Essentials_v3.1 1 Cyber_Essentials_v3.1_1 Cyber Essentials v3.1 1 Firewalls Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Cyber_Essentials_v3.1 2 Cyber_Essentials_v3.1_2 Cyber Essentials v3.1 2 Secure Configuration Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Cyber_Essentials_v3.1 3 Cyber_Essentials_v3.1_3 Cyber Essentials v3.1 3 Security Update Management Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault Cyber_Essentials_v3.1 4 Cyber_Essentials_v3.1_4 Cyber Essentials v3.1 4 User Access Control Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Cyber_Essentials_v3.1 5 Cyber_Essentials_v3.1_5 Cyber Essentials v3.1 5 Malware protection Cyber Essentials v3.1 (b2f588d7-1ed5-47c7-977d-b93dff520c4c)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_10 EU_2555_(NIS2)_2022_10 EU 2022/2555 (NIS2) 2022 10 Computer security incident response teams (CSIRTs) EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_10 EU_2555_(NIS2)_2022_10 EU 2022/2555 (NIS2) 2022 10 Computer security incident response teams (CSIRTs) EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_10 EU_2555_(NIS2)_2022_10 EU 2022/2555 (NIS2) 2022 10 Computer security incident response teams (CSIRTs) EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_11 EU_2555_(NIS2)_2022_11 EU 2022/2555 (NIS2) 2022 11 Requirements, technical capabilities and tasks of CSIRTs EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_12 EU_2555_(NIS2)_2022_12 EU 2022/2555 (NIS2) 2022 12 Coordinated vulnerability disclosure and a European vulnerability database EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_13 EU_2555_(NIS2)_2022_13 EU 2022/2555 (NIS2) 2022 13 Cooperation at national level EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_13 EU_2555_(NIS2)_2022_13 EU 2022/2555 (NIS2) 2022 13 Cooperation at national level EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_13 EU_2555_(NIS2)_2022_13 EU 2022/2555 (NIS2) 2022 13 Cooperation at national level EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
6b2122c1-8120-4ff5-801b-17625a355590 Azure Arc enabled Kubernetes clusters should have the Azure Policy extension installed Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
ab6a902f-9493-453b-928d-62c30b11b5a6 Function apps should have Client Certificates (Incoming client certificates) enabled App Service EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
1dc2fc00-2245-4143-99f4-874c937f13ef Azure API Management platform version should be stv2 API Management EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
ca88aadc-6e2b-416c-9de2-5a0f01d1693f Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
35f9c03a-cc27-418e-9c0c-539ff999d010 Gateway subnets should not be configured with a network security group Network EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
ebb67efd-3c46-49b0-adfe-5599eb944998 Audit Windows machines that don't have the specified applications installed Guest Configuration EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
f1776c76-f58c-4245-a8d0-2b207198dc8b Virtual networks should use specified virtual network gateway Network EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_23 EU_2555_(NIS2)_2022_23 EU 2022/2555 (NIS2) 2022 23 Reporting obligations EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_23 EU_2555_(NIS2)_2022_23 EU 2022/2555 (NIS2) 2022 23 Reporting obligations EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_23 EU_2555_(NIS2)_2022_23 EU 2022/2555 (NIS2) 2022 23 Reporting obligations EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_29 EU_2555_(NIS2)_2022_29 EU 2022/2555 (NIS2) 2022 29 Cybersecurity information-sharing arrangements EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_7 EU_2555_(NIS2)_2022_7 EU 2022/2555 (NIS2) 2022 7 National cybersecurity strategy EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_7 EU_2555_(NIS2)_2022_7 EU 2022/2555 (NIS2) 2022 7 National cybersecurity strategy EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_7 EU_2555_(NIS2)_2022_7 EU 2022/2555 (NIS2) 2022 7 National cybersecurity strategy EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_7 EU_2555_(NIS2)_2022_7 EU 2022/2555 (NIS2) 2022 7 National cybersecurity strategy EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_7 EU_2555_(NIS2)_2022_7 EU 2022/2555 (NIS2) 2022 7 National cybersecurity strategy EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_7 EU_2555_(NIS2)_2022_7 EU 2022/2555 (NIS2) 2022 7 National cybersecurity strategy EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_7 EU_2555_(NIS2)_2022_7 EU 2022/2555 (NIS2) 2022 7 National cybersecurity strategy EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_7 EU_2555_(NIS2)_2022_7 EU 2022/2555 (NIS2) 2022 7 National cybersecurity strategy EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_7 EU_2555_(NIS2)_2022_7 EU 2022/2555 (NIS2) 2022 7 National cybersecurity strategy EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_7 EU_2555_(NIS2)_2022_7 EU 2022/2555 (NIS2) 2022 7 National cybersecurity strategy EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_7 EU_2555_(NIS2)_2022_7 EU 2022/2555 (NIS2) 2022 7 National cybersecurity strategy EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_7 EU_2555_(NIS2)_2022_7 EU 2022/2555 (NIS2) 2022 7 National cybersecurity strategy EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_7 EU_2555_(NIS2)_2022_7 EU 2022/2555 (NIS2) 2022 7 National cybersecurity strategy EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_7 EU_2555_(NIS2)_2022_7 EU 2022/2555 (NIS2) 2022 7 National cybersecurity strategy EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_7 EU_2555_(NIS2)_2022_7 EU 2022/2555 (NIS2) 2022 7 National cybersecurity strategy EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_7 EU_2555_(NIS2)_2022_7 EU 2022/2555 (NIS2) 2022 7 National cybersecurity strategy EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_9 EU_2555_(NIS2)_2022_9 EU 2022/2555 (NIS2) 2022 9 National cyber crisis management frameworks EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_9 EU_2555_(NIS2)_2022_9 EU 2022/2555 (NIS2) 2022 9 National cyber crisis management frameworks EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_9 EU_2555_(NIS2)_2022_9 EU 2022/2555 (NIS2) 2022 9 National cyber crisis management frameworks EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_9 EU_2555_(NIS2)_2022_9 EU 2022/2555 (NIS2) 2022 9 National cyber crisis management frameworks EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_9 EU_2555_(NIS2)_2022_9 EU 2022/2555 (NIS2) 2022 9 National cyber crisis management frameworks EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_9 EU_2555_(NIS2)_2022_9 EU 2022/2555 (NIS2) 2022 9 National cyber crisis management frameworks EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_9 EU_2555_(NIS2)_2022_9 EU 2022/2555 (NIS2) 2022 9 National cyber crisis management frameworks EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_9 EU_2555_(NIS2)_2022_9 EU 2022/2555 (NIS2) 2022 9 National cyber crisis management frameworks EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_9 EU_2555_(NIS2)_2022_9 EU 2022/2555 (NIS2) 2022 9 National cyber crisis management frameworks EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_9 EU_2555_(NIS2)_2022_9 EU 2022/2555 (NIS2) 2022 9 National cyber crisis management frameworks EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_9 EU_2555_(NIS2)_2022_9 EU 2022/2555 (NIS2) 2022 9 National cyber crisis management frameworks EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_9 EU_2555_(NIS2)_2022_9 EU 2022/2555 (NIS2) 2022 9 National cyber crisis management frameworks EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_9 EU_2555_(NIS2)_2022_9 EU 2022/2555 (NIS2) 2022 9 National cyber crisis management frameworks EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_9 EU_2555_(NIS2)_2022_9 EU 2022/2555 (NIS2) 2022 9 National cyber crisis management frameworks EU 2022/2555 (NIS2) 2022 (42346945-b531-41d8-9e46-f95057672e88)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6265018c-d7e2-432f-a75d-094d5f6f4465 Audit Windows machines on which the Log Analytics agent is not connected as expected Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fa298e57-9444-42ba-bf04-86e8470e32c7 Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption Monitoring EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6b2122c1-8120-4ff5-801b-17625a355590 Azure Arc enabled Kubernetes clusters should have the Azure Policy extension installed Kubernetes EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
bf045164-79ba-4215-8f95-f8048dc1780b Geo-redundant storage should be enabled for Storage Accounts Storage EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1dc2fc00-2245-4143-99f4-874c937f13ef Azure API Management platform version should be stv2 API Management EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
970f84d8-71b6-4091-9979-ace7e3fb6dbb HPC Cache accounts should use customer-managed key for encryption Storage EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
56fd377d-098c-4f02-8406-81eb055902b8 IP firewall rules on Azure Synapse workspaces should be removed Synapse EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fb74e86f-d351-4b8d-b034-93da7391c01f App Service Environment should have internal encryption enabled App Service EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fe83a0eb-a853-422d-aac2-1bffd182c5d0 Storage accounts should have the specified minimum TLS version Storage EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ab6a902f-9493-453b-928d-62c30b11b5a6 Function apps should have Client Certificates (Incoming client certificates) enabled App Service EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
99e9ccd8-3db9-4592-b0d1-14b1715a4d8a Azure Batch account should use customer-managed keys to encrypt data Batch EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
41425d9f-d1a5-499a-9932-f8ed8453932c Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host Kubernetes EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c9c29499-c1d1-4195-99bd-2ec9e3a9dc89 Deploy Diagnostic Settings for Network Security Groups Monitoring EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f1776c76-f58c-4245-a8d0-2b207198dc8b Virtual networks should use specified virtual network gateway Network EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
702dd420-7fcc-42c5-afe8-4026edd20fe0 OS and data disks should be encrypted with a customer-managed key Compute EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ebb67efd-3c46-49b0-adfe-5599eb944998 Audit Windows machines that don't have the specified applications installed Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a1ad735a-e96f-45d2-a7b2-9a4932cab7ec Event Hub namespaces should use a customer-managed key for encryption Event Hub EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
237b38db-ca4d-4259-9e47-7882441ca2c0 Audit Windows machines that do not have the minimum password age set to specified number of days Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Double encryption should be enabled on Azure Data Explorer Azure Data Explorer EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ca88aadc-6e2b-416c-9de2-5a0f01d1693f Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys Kubernetes EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f7d52b2d-e161-4dfa-a82b-55e564167385 Azure Synapse workspaces should use customer-managed keys to encrypt data at rest Synapse EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
b4ac1030-89c5-4697-8e00-28b5ba6a8811 Azure Stack Edge devices should use double-encryption Azure Stack Edge EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Azure AI Services resources should encrypt data at rest with a customer-managed key (CMK) Cognitive Services EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
35f9c03a-cc27-418e-9c0c-539ff999d010 Gateway subnets should not be configured with a network security group Network EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
295fc8b1-dc9f-4f53-9c61-3f313ceab40a Service Bus Premium namespaces should use a customer-managed key for encryption Service Bus EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Responsibility of the controller EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
35f9c03a-cc27-418e-9c0c-539ff999d010 Gateway subnets should not be configured with a network security group Network EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Azure AI Services resources should encrypt data at rest with a customer-managed key (CMK) Cognitive Services EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
295fc8b1-dc9f-4f53-9c61-3f313ceab40a Service Bus Premium namespaces should use a customer-managed key for encryption Service Bus EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys Kubernetes EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f7d52b2d-e161-4dfa-a82b-55e564167385 Azure Synapse workspaces should use customer-managed keys to encrypt data at rest Synapse EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6b2122c1-8120-4ff5-801b-17625a355590 Azure Arc enabled Kubernetes clusters should have the Azure Policy extension installed Kubernetes EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fa298e57-9444-42ba-bf04-86e8470e32c7 Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption Monitoring EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
99e9ccd8-3db9-4592-b0d1-14b1715a4d8a Azure Batch account should use customer-managed keys to encrypt data Batch EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
41425d9f-d1a5-499a-9932-f8ed8453932c Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host Kubernetes EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ebb67efd-3c46-49b0-adfe-5599eb944998 Audit Windows machines that don't have the specified applications installed Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
702dd420-7fcc-42c5-afe8-4026edd20fe0 OS and data disks should be encrypted with a customer-managed key Compute EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f1776c76-f58c-4245-a8d0-2b207198dc8b Virtual networks should use specified virtual network gateway Network EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fb74e86f-d351-4b8d-b034-93da7391c01f App Service Environment should have internal encryption enabled App Service EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
970f84d8-71b6-4091-9979-ace7e3fb6dbb HPC Cache accounts should use customer-managed key for encryption Storage EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c9c29499-c1d1-4195-99bd-2ec9e3a9dc89 Deploy Diagnostic Settings for Network Security Groups Monitoring EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6265018c-d7e2-432f-a75d-094d5f6f4465 Audit Windows machines on which the Log Analytics agent is not connected as expected Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a1ad735a-e96f-45d2-a7b2-9a4932cab7ec Event Hub namespaces should use a customer-managed key for encryption Event Hub EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1dc2fc00-2245-4143-99f4-874c937f13ef Azure API Management platform version should be stv2 API Management EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Double encryption should be enabled on Azure Data Explorer Azure Data Explorer EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
b4ac1030-89c5-4697-8e00-28b5ba6a8811 Azure Stack Edge devices should use double-encryption Azure Stack Edge EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ab6a902f-9493-453b-928d-62c30b11b5a6 Function apps should have Client Certificates (Incoming client certificates) enabled App Service EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ca88aadc-6e2b-416c-9de2-5a0f01d1693f Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
56fd377d-098c-4f02-8406-81eb055902b8 IP firewall rules on Azure Synapse workspaces should be removed Synapse EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
bf045164-79ba-4215-8f95-f8048dc1780b Geo-redundant storage should be enabled for Storage Accounts Storage EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
237b38db-ca4d-4259-9e47-7882441ca2c0 Audit Windows machines that do not have the minimum password age set to specified number of days Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fe83a0eb-a853-422d-aac2-1bffd182c5d0 Storage accounts should have the specified minimum TLS version Storage EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Data protection by design and by default EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys Kubernetes EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f7d52b2d-e161-4dfa-a82b-55e564167385 Azure Synapse workspaces should use customer-managed keys to encrypt data at rest Synapse EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
295fc8b1-dc9f-4f53-9c61-3f313ceab40a Service Bus Premium namespaces should use a customer-managed key for encryption Service Bus EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ab6a902f-9493-453b-928d-62c30b11b5a6 Function apps should have Client Certificates (Incoming client certificates) enabled App Service EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ca88aadc-6e2b-416c-9de2-5a0f01d1693f Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fe83a0eb-a853-422d-aac2-1bffd182c5d0 Storage accounts should have the specified minimum TLS version Storage EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
b4ac1030-89c5-4697-8e00-28b5ba6a8811 Azure Stack Edge devices should use double-encryption Azure Stack Edge EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
35f9c03a-cc27-418e-9c0c-539ff999d010 Gateway subnets should not be configured with a network security group Network EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fb74e86f-d351-4b8d-b034-93da7391c01f App Service Environment should have internal encryption enabled App Service EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1dc2fc00-2245-4143-99f4-874c937f13ef Azure API Management platform version should be stv2 API Management EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
970f84d8-71b6-4091-9979-ace7e3fb6dbb HPC Cache accounts should use customer-managed key for encryption Storage EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
41425d9f-d1a5-499a-9932-f8ed8453932c Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host Kubernetes EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a1ad735a-e96f-45d2-a7b2-9a4932cab7ec Event Hub namespaces should use a customer-managed key for encryption Event Hub EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c9c29499-c1d1-4195-99bd-2ec9e3a9dc89 Deploy Diagnostic Settings for Network Security Groups Monitoring EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Azure AI Services resources should encrypt data at rest with a customer-managed key (CMK) Cognitive Services EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
99e9ccd8-3db9-4592-b0d1-14b1715a4d8a Azure Batch account should use customer-managed keys to encrypt data Batch EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6b2122c1-8120-4ff5-801b-17625a355590 Azure Arc enabled Kubernetes clusters should have the Azure Policy extension installed Kubernetes EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Double encryption should be enabled on Azure Data Explorer Azure Data Explorer EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fa298e57-9444-42ba-bf04-86e8470e32c7 Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption Monitoring EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
237b38db-ca4d-4259-9e47-7882441ca2c0 Audit Windows machines that do not have the minimum password age set to specified number of days Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
56fd377d-098c-4f02-8406-81eb055902b8 IP firewall rules on Azure Synapse workspaces should be removed Synapse EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
bf045164-79ba-4215-8f95-f8048dc1780b Geo-redundant storage should be enabled for Storage Accounts Storage EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
702dd420-7fcc-42c5-afe8-4026edd20fe0 OS and data disks should be encrypted with a customer-managed key Compute EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ebb67efd-3c46-49b0-adfe-5599eb944998 Audit Windows machines that don't have the specified applications installed Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6265018c-d7e2-432f-a75d-094d5f6f4465 Audit Windows machines on which the Log Analytics agent is not connected as expected Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f1776c76-f58c-4245-a8d0-2b207198dc8b Virtual networks should use specified virtual network gateway Network EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Processor EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fa298e57-9444-42ba-bf04-86e8470e32c7 Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption Monitoring EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys Kubernetes EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f7d52b2d-e161-4dfa-a82b-55e564167385 Azure Synapse workspaces should use customer-managed keys to encrypt data at rest Synapse EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
295fc8b1-dc9f-4f53-9c61-3f313ceab40a Service Bus Premium namespaces should use a customer-managed key for encryption Service Bus EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
970f84d8-71b6-4091-9979-ace7e3fb6dbb HPC Cache accounts should use customer-managed key for encryption Storage EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c9c29499-c1d1-4195-99bd-2ec9e3a9dc89 Deploy Diagnostic Settings for Network Security Groups Monitoring EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Azure AI Services resources should encrypt data at rest with a customer-managed key (CMK) Cognitive Services EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6b2122c1-8120-4ff5-801b-17625a355590 Azure Arc enabled Kubernetes clusters should have the Azure Policy extension installed Kubernetes EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ebb67efd-3c46-49b0-adfe-5599eb944998 Audit Windows machines that don't have the specified applications installed Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fe83a0eb-a853-422d-aac2-1bffd182c5d0 Storage accounts should have the specified minimum TLS version Storage EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fb74e86f-d351-4b8d-b034-93da7391c01f App Service Environment should have internal encryption enabled App Service EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f1776c76-f58c-4245-a8d0-2b207198dc8b Virtual networks should use specified virtual network gateway Network EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Double encryption should be enabled on Azure Data Explorer Azure Data Explorer EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ab6a902f-9493-453b-928d-62c30b11b5a6 Function apps should have Client Certificates (Incoming client certificates) enabled App Service EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
35f9c03a-cc27-418e-9c0c-539ff999d010 Gateway subnets should not be configured with a network security group Network EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
702dd420-7fcc-42c5-afe8-4026edd20fe0 OS and data disks should be encrypted with a customer-managed key Compute EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
237b38db-ca4d-4259-9e47-7882441ca2c0 Audit Windows machines that do not have the minimum password age set to specified number of days Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
56fd377d-098c-4f02-8406-81eb055902b8 IP firewall rules on Azure Synapse workspaces should be removed Synapse EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
99e9ccd8-3db9-4592-b0d1-14b1715a4d8a Azure Batch account should use customer-managed keys to encrypt data Batch EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
41425d9f-d1a5-499a-9932-f8ed8453932c Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host Kubernetes EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a1ad735a-e96f-45d2-a7b2-9a4932cab7ec Event Hub namespaces should use a customer-managed key for encryption Event Hub EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1dc2fc00-2245-4143-99f4-874c937f13ef Azure API Management platform version should be stv2 API Management EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ca88aadc-6e2b-416c-9de2-5a0f01d1693f Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
b4ac1030-89c5-4697-8e00-28b5ba6a8811 Azure Stack Edge devices should use double-encryption Azure Stack Edge EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6265018c-d7e2-432f-a75d-094d5f6f4465 Audit Windows machines on which the Log Analytics agent is not connected as expected Guest Configuration EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
bf045164-79ba-4215-8f95-f8048dc1780b Geo-redundant storage should be enabled for Storage Accounts Storage EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Security of processing EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center EU_GDPR_2016_679_Art. 33 EU_GDPR_2016_679_Art._33 EU General Data Protection Regulation (GDPR) 2016/679 Art. 33 Notification of a personal data breach to the supervisory authority EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center EU_GDPR_2016_679_Art. 33 EU_GDPR_2016_679_Art._33 EU General Data Protection Regulation (GDPR) 2016/679 Art. 33 Notification of a personal data breach to the supervisory authority EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center EU_GDPR_2016_679_Art. 34 EU_GDPR_2016_679_Art._34 EU General Data Protection Regulation (GDPR) 2016/679 Art. 34 Communication of a personal data breach to the data subject EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center EU_GDPR_2016_679_Art. 34 EU_GDPR_2016_679_Art._34 EU General Data Protection Regulation (GDPR) 2016/679 Art. 34 Communication of a personal data breach to the data subject EU General Data Protection Regulation (GDPR) 2016/679 (7326812a-86a4-40c8-af7c-8945de9c4913)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
ab6a902f-9493-453b-928d-62c30b11b5a6 Function apps should have Client Certificates (Incoming client certificates) enabled App Service FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
ca88aadc-6e2b-416c-9de2-5a0f01d1693f Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
35f9c03a-cc27-418e-9c0c-539ff999d010 Gateway subnets should not be configured with a network security group Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
f1776c76-f58c-4245-a8d0-2b207198dc8b Virtual networks should use specified virtual network gateway Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Systems And Communications Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .11 FBI_Criminal_Justice_Information_Services_v5.9.5_5.11 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11 Policy Area 11: Formal Audits FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB FBI_Criminal_Justice_Information_Services_v5.9.5_5 .3 FBI_Criminal_Justice_Information_Services_v5.9.5_5.3 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .3 FBI_Criminal_Justice_Information_Services_v5.9.5_5.3 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .3 FBI_Criminal_Justice_Information_Services_v5.9.5_5.3 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
56fd377d-098c-4f02-8406-81eb055902b8 IP firewall rules on Azure Synapse workspaces should be removed Synapse FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities Kubernetes FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .5 FBI_Criminal_Justice_Information_Services_v5.9.5_5.5 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.5 Access Control FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service FBI_Criminal_Justice_Information_Services_v5.9.5_5 .6 FBI_Criminal_Justice_Information_Services_v5.9.5_5.6 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.6 Identification And Authentication FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute FBI_Criminal_Justice_Information_Services_v5.9.5_5 .6 FBI_Criminal_Justice_Information_Services_v5.9.5_5.6 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.6 Identification And Authentication FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .6 FBI_Criminal_Justice_Information_Services_v5.9.5_5.6 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.6 Identification And Authentication FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .6 FBI_Criminal_Justice_Information_Services_v5.9.5_5.6 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.6 Identification And Authentication FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault FBI_Criminal_Justice_Information_Services_v5.9.5_5 .6 FBI_Criminal_Justice_Information_Services_v5.9.5_5.6 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.6 Identification And Authentication FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .6 FBI_Criminal_Justice_Information_Services_v5.9.5_5.6 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.6 Identification And Authentication FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .6 FBI_Criminal_Justice_Information_Services_v5.9.5_5.6 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.6 Identification And Authentication FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .6 FBI_Criminal_Justice_Information_Services_v5.9.5_5.6 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.6 Identification And Authentication FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage FBI_Criminal_Justice_Information_Services_v5.9.5_5 .6 FBI_Criminal_Justice_Information_Services_v5.9.5_5.6 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.6 Identification And Authentication FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service FBI_Criminal_Justice_Information_Services_v5.9.5_5 .6 FBI_Criminal_Justice_Information_Services_v5.9.5_5.6 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.6 Identification And Authentication FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .6 FBI_Criminal_Justice_Information_Services_v5.9.5_5.6 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.6 Identification And Authentication FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault FBI_Criminal_Justice_Information_Services_v5.9.5_5 .6 FBI_Criminal_Justice_Information_Services_v5.9.5_5.6 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.6 Identification And Authentication FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse FBI_Criminal_Justice_Information_Services_v5.9.5_5 .6 FBI_Criminal_Justice_Information_Services_v5.9.5_5.6 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.6 Identification And Authentication FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB FBI_Criminal_Justice_Information_Services_v5.9.5_5 .6 FBI_Criminal_Justice_Information_Services_v5.9.5_5.6 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.6 Identification And Authentication FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .6 FBI_Criminal_Justice_Information_Services_v5.9.5_5.6 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.6 Identification And Authentication FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault FBI_Criminal_Justice_Information_Services_v5.9.5_5 .6 FBI_Criminal_Justice_Information_Services_v5.9.5_5.6 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.6 Identification And Authentication FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .6 FBI_Criminal_Justice_Information_Services_v5.9.5_5.6 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.6 Identification And Authentication FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .6 FBI_Criminal_Justice_Information_Services_v5.9.5_5.6 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.6 Identification And Authentication FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service FBI_Criminal_Justice_Information_Services_v5.9.5_5 .6 FBI_Criminal_Justice_Information_Services_v5.9.5_5.6 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.6 Identification And Authentication FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
6b2122c1-8120-4ff5-801b-17625a355590 Azure Arc enabled Kubernetes clusters should have the Azure Policy extension installed Kubernetes FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
1dc2fc00-2245-4143-99f4-874c937f13ef Azure API Management platform version should be stv2 API Management FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
ebb67efd-3c46-49b0-adfe-5599eb944998 Audit Windows machines that don't have the specified applications installed Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration FBI_Criminal_Justice_Information_Services_v5.9.5_5 .7 FBI_Criminal_Justice_Information_Services_v5.9.5_5.7 404 not found FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault FBI_Criminal_Justice_Information_Services_v5.9.5_5 .8 FBI_Criminal_Justice_Information_Services_v5.9.5_5.8 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.8 Media Protection FBI Criminal Justice Information Services (CJIS) v5.9.5 (4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance FedRAMP_High_R4 AC-1 FedRAMP_High_R4_AC-1 FedRAMP High AC-1 Access Control Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance FedRAMP_High_R4 AC-1 FedRAMP_High_R4_AC-1 FedRAMP High AC-1 Access Control Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance FedRAMP_High_R4 AC-1 FedRAMP_High_R4_AC-1 FedRAMP High AC-1 Access Control Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance FedRAMP_High_R4 AC-1 FedRAMP_High_R4_AC-1 FedRAMP High AC-1 Access Control Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d8350d4c-9314-400b-288f-20ddfce04fbd Define and enforce the limit of concurrent sessions Regulatory Compliance FedRAMP_High_R4 AC-10 FedRAMP_High_R4_AC-10 FedRAMP High AC-10 Concurrent Session Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance FedRAMP_High_R4 AC-12 FedRAMP_High_R4_AC-12 FedRAMP High AC-12 Session Termination FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
db580551-0b3c-4ea1-8a4c-4cdb5feb340f Provide the logout capability Regulatory Compliance FedRAMP_High_R4 AC-12(1) FedRAMP_High_R4_AC-12(1) FedRAMP High AC-12 (1) User-Initiated Logouts / Message Displays FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0471c6b7-1588-701c-2713-1fade73b75f6 Display an explicit logout message Regulatory Compliance FedRAMP_High_R4 AC-12(1) FedRAMP_High_R4_AC-12(1) FedRAMP High AC-12 (1) User-Initiated Logouts / Message Displays FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication Regulatory Compliance FedRAMP_High_R4 AC-14 FedRAMP_High_R4_AC-14 FedRAMP High AC-14 Permitted Actions Without Identification Or Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance FedRAMP_High_R4 AC-17(2) FedRAMP_High_R4_AC-17(2) FedRAMP High AC-17 (2) Protection Of Confidentiality / Integrity Using Encryption FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance FedRAMP_High_R4 AC-17(2) FedRAMP_High_R4_AC-17(2) FedRAMP High AC-17 (2) Protection Of Confidentiality / Integrity Using Encryption FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance FedRAMP_High_R4 AC-17(3) FedRAMP_High_R4_AC-17(3) FedRAMP High AC-17 (3) Managed Access Control Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance FedRAMP_High_R4 AC-17(4) FedRAMP_High_R4_AC-17(4) FedRAMP High AC-17 (4) Privileged Commands / Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance FedRAMP_High_R4 AC-17(4) FedRAMP_High_R4_AC-17(4) FedRAMP High AC-17 (4) Privileged Commands / Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance FedRAMP_High_R4 AC-17(4) FedRAMP_High_R4_AC-17(4) FedRAMP High AC-17 (4) Privileged Commands / Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance FedRAMP_High_R4 AC-17(4) FedRAMP_High_R4_AC-17(4) FedRAMP High AC-17 (4) Privileged Commands / Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
01c387ea-383d-4ca9-295a-977fab516b03 Authorize remote access to privileged commands Regulatory Compliance FedRAMP_High_R4 AC-17(4) FedRAMP_High_R4_AC-17(4) FedRAMP High AC-17 (4) Privileged Commands / Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4edaca8c-0912-1ac5-9eaa-6a1057740fae Provide capability to disconnect or disable remote access Regulatory Compliance FedRAMP_High_R4 AC-17(9) FedRAMP_High_R4_AC-17(9) FedRAMP High AC-17 (9) Disconnect / Disable Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance FedRAMP_High_R4 AC-18 FedRAMP_High_R4_AC-18 FedRAMP High AC-18 Wireless Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance FedRAMP_High_R4 AC-18 FedRAMP_High_R4_AC-18 FedRAMP High AC-18 Wireless Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance FedRAMP_High_R4 AC-18(1) FedRAMP_High_R4_AC-18(1) FedRAMP High AC-18 (1) Authentication And Encryption FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance FedRAMP_High_R4 AC-18(1) FedRAMP_High_R4_AC-18(1) FedRAMP High AC-18 (1) Authentication And Encryption FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance FedRAMP_High_R4 AC-18(1) FedRAMP_High_R4_AC-18(1) FedRAMP High AC-18 (1) Authentication And Encryption FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance FedRAMP_High_R4 AC-19 FedRAMP_High_R4_AC-19 FedRAMP High AC-19 Access Control For Mobile Devices FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance FedRAMP_High_R4 AC-19(5) FedRAMP_High_R4_AC-19(5) FedRAMP High AC-19 (5) Full Device / Container-Based Encryption FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance FedRAMP_High_R4 AC-19(5) FedRAMP_High_R4_AC-19(5) FedRAMP High AC-19 (5) Full Device / Container-Based Encryption FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts Regulatory Compliance FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL FedRAMP_High_R4 AC-2(1) FedRAMP_High_R4_AC-2(1) FedRAMP High AC-2 (1) Automated System Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services FedRAMP_High_R4 AC-2(1) FedRAMP_High_R4_AC-2(1) FedRAMP High AC-2 (1) Automated System Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric FedRAMP_High_R4 AC-2(1) FedRAMP_High_R4_AC-2(1) FedRAMP High AC-2 (1) Automated System Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance FedRAMP_High_R4 AC-2(1) FedRAMP_High_R4_AC-2(1) FedRAMP High AC-2 (1) Automated System Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance FedRAMP_High_R4 AC-2(1) FedRAMP_High_R4_AC-2(1) FedRAMP High AC-2 (1) Automated System Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance FedRAMP_High_R4 AC-2(1) FedRAMP_High_R4_AC-2(1) FedRAMP High AC-2 (1) Automated System Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance FedRAMP_High_R4 AC-2(1) FedRAMP_High_R4_AC-2(1) FedRAMP High AC-2 (1) Automated System Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
76d66b5c-85e4-93f5-96a5-ebb2fad61dc6 Terminate customer controlled account credentials Regulatory Compliance FedRAMP_High_R4 AC-2(10) FedRAMP_High_R4_AC-2(10) FedRAMP High AC-2 (10) Shared / Group Account Credential Termination FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fd81a1b3-2d7a-107c-507e-29b87d040c19 Enforce appropriate usage of all accounts Regulatory Compliance FedRAMP_High_R4 AC-2(11) FedRAMP_High_R4_AC-2(11) FedRAMP High AC-2 (11) Usage Conditions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes FedRAMP_High_R4 AC-2(12) FedRAMP_High_R4_AC-2(12) FedRAMP High AC-2 (12) Account Monitoring / Atypical Usage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_High_R4 AC-2(12) FedRAMP_High_R4_AC-2(12) FedRAMP High AC-2 (12) Account Monitoring / Atypical Usage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance FedRAMP_High_R4 AC-2(12) FedRAMP_High_R4_AC-2(12) FedRAMP High AC-2 (12) Account Monitoring / Atypical Usage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_High_R4 AC-2(12) FedRAMP_High_R4_AC-2(12) FedRAMP High AC-2 (12) Account Monitoring / Atypical Usage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_High_R4 AC-2(12) FedRAMP_High_R4_AC-2(12) FedRAMP High AC-2 (12) Account Monitoring / Atypical Usage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e4054c0e-1184-09e6-4c5e-701e0bc90f81 Report atypical behavior of user accounts Regulatory Compliance FedRAMP_High_R4 AC-2(12) FedRAMP_High_R4_AC-2(12) FedRAMP High AC-2 (12) Account Monitoring / Atypical Usage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_High_R4 AC-2(12) FedRAMP_High_R4_AC-2(12) FedRAMP High AC-2 (12) Account Monitoring / Atypical Usage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_High_R4 AC-2(12) FedRAMP_High_R4_AC-2(12) FedRAMP High AC-2 (12) Account Monitoring / Atypical Usage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_High_R4 AC-2(12) FedRAMP_High_R4_AC-2(12) FedRAMP High AC-2 (12) Account Monitoring / Atypical Usage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center FedRAMP_High_R4 AC-2(12) FedRAMP_High_R4_AC-2(12) FedRAMP High AC-2 (12) Account Monitoring / Atypical Usage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_High_R4 AC-2(12) FedRAMP_High_R4_AC-2(12) FedRAMP High AC-2 (12) Account Monitoring / Atypical Usage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_High_R4 AC-2(12) FedRAMP_High_R4_AC-2(12) FedRAMP High AC-2 (12) Account Monitoring / Atypical Usage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_High_R4 AC-2(12) FedRAMP_High_R4_AC-2(12) FedRAMP High AC-2 (12) Account Monitoring / Atypical Usage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
22c16ae4-19d0-29cb-422f-cb44061180ee Disable user accounts posing a significant risk Regulatory Compliance FedRAMP_High_R4 AC-2(13) FedRAMP_High_R4_AC-2(13) FedRAMP High AC-2 (13) Disable Accounts For High-Risk Individuals FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance FedRAMP_High_R4 AC-2(3) FedRAMP_High_R4_AC-2(3) FedRAMP High AC-2 (3) Disable Inactive Accounts FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance FedRAMP_High_R4 AC-2(3) FedRAMP_High_R4_AC-2(3) FedRAMP High AC-2 (3) Disable Inactive Accounts FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance FedRAMP_High_R4 AC-2(4) FedRAMP_High_R4_AC-2(4) FedRAMP High AC-2 (4) Automated Audit Actions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance FedRAMP_High_R4 AC-2(4) FedRAMP_High_R4_AC-2(4) FedRAMP High AC-2 (4) Automated Audit Actions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance FedRAMP_High_R4 AC-2(4) FedRAMP_High_R4_AC-2(4) FedRAMP High AC-2 (4) Automated Audit Actions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance FedRAMP_High_R4 AC-2(4) FedRAMP_High_R4_AC-2(4) FedRAMP High AC-2 (4) Automated Audit Actions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance FedRAMP_High_R4 AC-2(4) FedRAMP_High_R4_AC-2(4) FedRAMP High AC-2 (4) Automated Audit Actions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2af4640d-11a6-a64b-5ceb-a468f4341c0c Define and enforce inactivity log policy Regulatory Compliance FedRAMP_High_R4 AC-2(5) FedRAMP_High_R4_AC-2(5) FedRAMP High AC-2 (5) Inactivity Logout FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General FedRAMP_High_R4 AC-2(7) FedRAMP_High_R4_AC-2(7) FedRAMP High AC-2 (7) Role-Based Schemes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance FedRAMP_High_R4 AC-2(7) FedRAMP_High_R4_AC-2(7) FedRAMP High AC-2 (7) Role-Based Schemes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance FedRAMP_High_R4 AC-2(7) FedRAMP_High_R4_AC-2(7) FedRAMP High AC-2 (7) Role-Based Schemes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL FedRAMP_High_R4 AC-2(7) FedRAMP_High_R4_AC-2(7) FedRAMP High AC-2 (7) Role-Based Schemes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance FedRAMP_High_R4 AC-2(7) FedRAMP_High_R4_AC-2(7) FedRAMP High AC-2 (7) Role-Based Schemes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance FedRAMP_High_R4 AC-2(7) FedRAMP_High_R4_AC-2(7) FedRAMP High AC-2 (7) Role-Based Schemes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance FedRAMP_High_R4 AC-2(7) FedRAMP_High_R4_AC-2(7) FedRAMP High AC-2 (7) Role-Based Schemes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric FedRAMP_High_R4 AC-2(7) FedRAMP_High_R4_AC-2(7) FedRAMP High AC-2 (7) Role-Based Schemes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services FedRAMP_High_R4 AC-2(7) FedRAMP_High_R4_AC-2(7) FedRAMP High AC-2 (7) Role-Based Schemes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance FedRAMP_High_R4 AC-2(7) FedRAMP_High_R4_AC-2(7) FedRAMP High AC-2 (7) Role-Based Schemes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts Regulatory Compliance FedRAMP_High_R4 AC-2(9) FedRAMP_High_R4_AC-2(9) FedRAMP High AC-2 (9) Restrictions On Use Of Shared Groups / Accounts FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance FedRAMP_High_R4 AC-20 FedRAMP_High_R4_AC-20 FedRAMP High AC-20 Use Of External Information Systems FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance FedRAMP_High_R4 AC-20 FedRAMP_High_R4_AC-20 FedRAMP High AC-20 Use Of External Information Systems FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance FedRAMP_High_R4 AC-20(1) FedRAMP_High_R4_AC-20(1) FedRAMP High AC-20 (1) Limits On Authorized Use FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance FedRAMP_High_R4 AC-20(2) FedRAMP_High_R4_AC-20(2) FedRAMP High AC-20 (2) Portable Storage Devices FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_High_R4 AC-20(2) FedRAMP_High_R4_AC-20(2) FedRAMP High AC-20 (2) Portable Storage Devices FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance FedRAMP_High_R4 AC-20(2) FedRAMP_High_R4_AC-20(2) FedRAMP High AC-20 (2) Portable Storage Devices FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e54901fe-42c2-7f3b-3c5f-327aa5320a69 Automate information sharing decisions Regulatory Compliance FedRAMP_High_R4 AC-21 FedRAMP_High_R4_AC-21 FedRAMP High AC-21 Information Sharing FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a44c9fba-43f8-4b7b-7ee6-db52c96b4366 Facilitate information sharing Regulatory Compliance FedRAMP_High_R4 AC-21 FedRAMP_High_R4_AC-21 FedRAMP High AC-21 Information Sharing FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9e3c505e-7aeb-2096-3417-b132242731fc Review content prior to posting publicly accessible information Regulatory Compliance FedRAMP_High_R4 AC-22 FedRAMP_High_R4_AC-22 FedRAMP High AC-22 Publicly Accessible Content FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b5244f81-6cab-3188-2412-179162294996 Review publicly accessible content for nonpublic information Regulatory Compliance FedRAMP_High_R4 AC-22 FedRAMP_High_R4_AC-22 FedRAMP High AC-22 Publicly Accessible Content FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b4512986-80f5-1656-0c58-08866bd2673a Designate authorized personnel to post publicly accessible information Regulatory Compliance FedRAMP_High_R4 AC-22 FedRAMP_High_R4_AC-22 FedRAMP High AC-22 Publicly Accessible Content FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information Regulatory Compliance FedRAMP_High_R4 AC-22 FedRAMP_High_R4_AC-22 FedRAMP High AC-22 Publicly Accessible Content FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure AI Search services should disable public network access Search FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance FedRAMP_High_R4 AC-4(21) FedRAMP_High_R4_AC-4(21) FedRAMP High AC-4 (21) Physical / Logical Separation Of Information Flows FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance FedRAMP_High_R4 AC-4(21) FedRAMP_High_R4_AC-4(21) FedRAMP High AC-4 (21) Physical / Logical Separation Of Information Flows FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance FedRAMP_High_R4 AC-4(21) FedRAMP_High_R4_AC-4(21) FedRAMP High AC-4 (21) Physical / Logical Separation Of Information Flows FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance FedRAMP_High_R4 AC-4(21) FedRAMP_High_R4_AC-4(21) FedRAMP High AC-4 (21) Physical / Logical Separation Of Information Flows FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance FedRAMP_High_R4 AC-4(8) FedRAMP_High_R4_AC-4(8) FedRAMP High AC-4 (8) Security Policy Filters FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance FedRAMP_High_R4 AC-5 FedRAMP_High_R4_AC-5 FedRAMP High AC-5 Separation Of Duties FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance FedRAMP_High_R4 AC-5 FedRAMP_High_R4_AC-5 FedRAMP High AC-5 Separation Of Duties FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance FedRAMP_High_R4 AC-5 FedRAMP_High_R4_AC-5 FedRAMP High AC-5 Separation Of Duties FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center FedRAMP_High_R4 AC-5 FedRAMP_High_R4_AC-5 FedRAMP High AC-5 Separation Of Duties FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center FedRAMP_High_R4 AC-6 FedRAMP_High_R4_AC-6 FedRAMP High AC-6 Least Privilege FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance FedRAMP_High_R4 AC-6 FedRAMP_High_R4_AC-6 FedRAMP High AC-6 Least Privilege FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance FedRAMP_High_R4 AC-6 FedRAMP_High_R4_AC-6 FedRAMP High AC-6 Least Privilege FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General FedRAMP_High_R4 AC-6 FedRAMP_High_R4_AC-6 FedRAMP High AC-6 Least Privilege FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance FedRAMP_High_R4 AC-6(1) FedRAMP_High_R4_AC-6(1) FedRAMP High AC-6 (1) Authorize Access To Security Functions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance FedRAMP_High_R4 AC-6(1) FedRAMP_High_R4_AC-6(1) FedRAMP High AC-6 (1) Authorize Access To Security Functions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance FedRAMP_High_R4 AC-6(1) FedRAMP_High_R4_AC-6(1) FedRAMP High AC-6 (1) Authorize Access To Security Functions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance FedRAMP_High_R4 AC-6(5) FedRAMP_High_R4_AC-6(5) FedRAMP High AC-6 (5) Privileged Accounts FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance FedRAMP_High_R4 AC-6(7) FedRAMP_High_R4_AC-6(7) FedRAMP High AC-6 (7) Review Of User Privileges FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance FedRAMP_High_R4 AC-6(7) FedRAMP_High_R4_AC-6(7) FedRAMP High AC-6 (7) Review Of User Privileges FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General FedRAMP_High_R4 AC-6(7) FedRAMP_High_R4_AC-6(7) FedRAMP High AC-6 (7) Review Of User Privileges FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center FedRAMP_High_R4 AC-6(7) FedRAMP_High_R4_AC-6(7) FedRAMP High AC-6 (7) Review Of User Privileges FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
68d2e478-3b19-23eb-1357-31b296547457 Enforce software execution privileges Regulatory Compliance FedRAMP_High_R4 AC-6(8) FedRAMP_High_R4_AC-6(8) FedRAMP High AC-6 (8) Privilege Levels For Code Execution FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance FedRAMP_High_R4 AC-6(9) FedRAMP_High_R4_AC-6(9) FedRAMP High AC-6 (9) Auditing Use Of Privileged Functions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance FedRAMP_High_R4 AC-6(9) FedRAMP_High_R4_AC-6(9) FedRAMP High AC-6 (9) Auditing Use Of Privileged Functions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance FedRAMP_High_R4 AC-6(9) FedRAMP_High_R4_AC-6(9) FedRAMP High AC-6 (9) Auditing Use Of Privileged Functions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance FedRAMP_High_R4 AC-6(9) FedRAMP_High_R4_AC-6(9) FedRAMP High AC-6 (9) Auditing Use Of Privileged Functions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance FedRAMP_High_R4 AC-6(9) FedRAMP_High_R4_AC-6(9) FedRAMP High AC-6 (9) Auditing Use Of Privileged Functions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance FedRAMP_High_R4 AC-6(9) FedRAMP_High_R4_AC-6(9) FedRAMP High AC-6 (9) Auditing Use Of Privileged Functions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b4409bff-2287-8407-05fd-c73175a68302 Enforce a limit of consecutive failed login attempts Regulatory Compliance FedRAMP_High_R4 AC-7 FedRAMP_High_R4_AC-7 FedRAMP High AC-7 Unsuccessful Logon Attempts FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance FedRAMP_High_R4 AT-1 FedRAMP_High_R4_AT-1 FedRAMP High AT-1 Security Awareness And Training Policy Andprocedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance FedRAMP_High_R4 AT-1 FedRAMP_High_R4_AT-1 FedRAMP High AT-1 Security Awareness And Training Policy Andprocedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance FedRAMP_High_R4 AT-2 FedRAMP_High_R4_AT-2 FedRAMP High AT-2 Security Awareness Training FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance FedRAMP_High_R4 AT-2 FedRAMP_High_R4_AT-2 FedRAMP High AT-2 Security Awareness Training FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance FedRAMP_High_R4 AT-2 FedRAMP_High_R4_AT-2 FedRAMP High AT-2 Security Awareness Training FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats Regulatory Compliance FedRAMP_High_R4 AT-2(2) FedRAMP_High_R4_AT-2(2) FedRAMP High AT-2 (2) Insider Threat FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance FedRAMP_High_R4 AT-3 FedRAMP_High_R4_AT-3 FedRAMP High AT-3 Role-Based Security Training FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance FedRAMP_High_R4 AT-3 FedRAMP_High_R4_AT-3 FedRAMP High AT-3 Role-Based Security Training FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance FedRAMP_High_R4 AT-3 FedRAMP_High_R4_AT-3 FedRAMP High AT-3 Role-Based Security Training FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d041726f-00e0-41ca-368c-b1a122066482 Provide role-based practical exercises Regulatory Compliance FedRAMP_High_R4 AT-3(3) FedRAMP_High_R4_AT-3(3) FedRAMP High AT-3 (3) Practical Exercises FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f6794ab8-9a7d-3b24-76ab-265d3646232b Provide role-based training on suspicious activities Regulatory Compliance FedRAMP_High_R4 AT-3(4) FedRAMP_High_R4_AT-3(4) FedRAMP High AT-3 (4) Suspicious Communications And Anomalous System Behavior FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3153d9c0-2584-14d3-362d-578b01358aeb Retain training records Regulatory Compliance FedRAMP_High_R4 AT-4 FedRAMP_High_R4_AT-4 FedRAMP High AT-4 Security Training Records FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance FedRAMP_High_R4 AT-4 FedRAMP_High_R4_AT-4 FedRAMP High AT-4 Security Training Records FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance FedRAMP_High_R4 AT-4 FedRAMP_High_R4_AT-4 FedRAMP High AT-4 Security Training Records FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance FedRAMP_High_R4 AU-1 FedRAMP_High_R4_AU-1 FedRAMP High AU-1 Audit And Accountability Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance FedRAMP_High_R4 AU-1 FedRAMP_High_R4_AU-1 FedRAMP High AU-1 Audit And Accountability Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance FedRAMP_High_R4 AU-1 FedRAMP_High_R4_AU-1 FedRAMP High AU-1 Audit And Accountability Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance FedRAMP_High_R4 AU-1 FedRAMP_High_R4_AU-1 FedRAMP High AU-1 Audit And Accountability Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance FedRAMP_High_R4 AU-10 FedRAMP_High_R4_AU-10 FedRAMP High AU-10 Non-Repudiation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance FedRAMP_High_R4 AU-11 FedRAMP_High_R4_AU-11 FedRAMP High AU-11 Audit Record Retention FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL FedRAMP_High_R4 AU-11 FedRAMP_High_R4_AU-11 FedRAMP High AU-11 Audit Record Retention FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance FedRAMP_High_R4 AU-11 FedRAMP_High_R4_AU-11 FedRAMP High AU-11 Audit Record Retention FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance FedRAMP_High_R4 AU-11 FedRAMP_High_R4_AU-11 FedRAMP High AU-11 Audit Record Retention FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
214ea241-010d-8926-44cc-b90a96d52adc Compile Audit records into system wide audit Regulatory Compliance FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d200f199-69f4-95a6-90b0-37ff0cf1040c Provide the capability to extend or limit auditing on customer-deployed resources Regulatory Compliance FedRAMP_High_R4 AU-12(3) FedRAMP_High_R4_AU-12(3) FedRAMP High AU-12 (3) Changes By Authorized Individuals FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance FedRAMP_High_R4 AU-2 FedRAMP_High_R4_AU-2 FedRAMP High AU-2 Audit Events FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a930f477-9dcb-2113-8aa7-45bb6fc90861 Review and update the events defined in AU-02 Regulatory Compliance FedRAMP_High_R4 AU-2(3) FedRAMP_High_R4_AU-2(3) FedRAMP High AU-2 (3) Reviews And Updates FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance FedRAMP_High_R4 AU-3 FedRAMP_High_R4_AU-3 FedRAMP High AU-3 Content Of Audit Records FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance FedRAMP_High_R4 AU-3(1) FedRAMP_High_R4_AU-3(1) FedRAMP High AU-3 (1) Additional Audit Information FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance FedRAMP_High_R4 AU-4 FedRAMP_High_R4_AU-4 FedRAMP High AU-4 Audit Storage Capacity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance FedRAMP_High_R4 AU-5 FedRAMP_High_R4_AU-5 FedRAMP High AU-5 Response To Audit Processing Failures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0f4fa857-079d-9d3d-5c49-21f616189e03 Provide real-time alerts for audit event failures Regulatory Compliance FedRAMP_High_R4 AU-5(2) FedRAMP_High_R4_AU-5(2) FedRAMP High AU-5 (2) Real-Time Alerts FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance FedRAMP_High_R4 AU-6(1) FedRAMP_High_R4_AU-6(1) FedRAMP High AU-6 (1) Process Integration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance FedRAMP_High_R4 AU-6(1) FedRAMP_High_R4_AU-6(1) FedRAMP High AU-6 (1) Process Integration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance FedRAMP_High_R4 AU-6(1) FedRAMP_High_R4_AU-6(1) FedRAMP High AU-6 (1) Process Integration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance FedRAMP_High_R4 AU-6(1) FedRAMP_High_R4_AU-6(1) FedRAMP High AU-6 (1) Process Integration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance FedRAMP_High_R4 AU-6(1) FedRAMP_High_R4_AU-6(1) FedRAMP High AU-6 (1) Process Integration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance FedRAMP_High_R4 AU-6(1) FedRAMP_High_R4_AU-6(1) FedRAMP High AU-6 (1) Process Integration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance FedRAMP_High_R4 AU-6(1) FedRAMP_High_R4_AU-6(1) FedRAMP High AU-6 (1) Process Integration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance FedRAMP_High_R4 AU-6(1) FedRAMP_High_R4_AU-6(1) FedRAMP High AU-6 (1) Process Integration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance FedRAMP_High_R4 AU-6(1) FedRAMP_High_R4_AU-6(1) FedRAMP High AU-6 (1) Process Integration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance FedRAMP_High_R4 AU-6(1) FedRAMP_High_R4_AU-6(1) FedRAMP High AU-6 (1) Process Integration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance FedRAMP_High_R4 AU-6(1) FedRAMP_High_R4_AU-6(1) FedRAMP High AU-6 (1) Process Integration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
de251b09-4a5e-1204-4bef-62ac58d47999 Adjust level of audit review, analysis, and reporting Regulatory Compliance FedRAMP_High_R4 AU-6(10) FedRAMP_High_R4_AU-6(10) FedRAMP High AU-6 (10) Audit Level Adjustment FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance FedRAMP_High_R4 AU-6(3) FedRAMP_High_R4_AU-6(3) FedRAMP High AU-6 (3) Correlate Audit Repositories FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance FedRAMP_High_R4 AU-6(3) FedRAMP_High_R4_AU-6(3) FedRAMP High AU-6 (3) Correlate Audit Repositories FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
85335602-93f5-7730-830b-d43426fd51fa Integrate Audit record analysis Regulatory Compliance FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3eecf628-a1c8-1b48-1b5c-7ca781e97970 Specify permitted actions associated with customer audit information Regulatory Compliance FedRAMP_High_R4 AU-6(7) FedRAMP_High_R4_AU-6(7) FedRAMP High AU-6 (7) Permitted Actions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
27ce30dd-3d56-8b54-6144-e26d9a37a541 Ensure audit records are not altered Regulatory Compliance FedRAMP_High_R4 AU-7 FedRAMP_High_R4_AU-7 FedRAMP High AU-7 Audit Reduction And Report Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
44f8a42d-739f-8030-89a8-4c2d5b3f6af3 Provide audit review, analysis, and reporting capability Regulatory Compliance FedRAMP_High_R4 AU-7 FedRAMP_High_R4_AU-7 FedRAMP High AU-7 Audit Reduction And Report Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
21633c09-804e-7fcd-78e3-635c6bfe2be7 Provide capability to process customer-controlled audit records Regulatory Compliance FedRAMP_High_R4 AU-7(1) FedRAMP_High_R4_AU-7(1) FedRAMP High AU-7 (1) Automatic Processing FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1ee4c7eb-480a-0007-77ff-4ba370776266 Use system clocks for audit records Regulatory Compliance FedRAMP_High_R4 AU-8 FedRAMP_High_R4_AU-8 FedRAMP High AU-8 Time Stamps FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1ee4c7eb-480a-0007-77ff-4ba370776266 Use system clocks for audit records Regulatory Compliance FedRAMP_High_R4 AU-8(1) FedRAMP_High_R4_AU-8(1) FedRAMP High AU-8 (1) Synchronization With Authoritative Time Source FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance FedRAMP_High_R4 AU-9 FedRAMP_High_R4_AU-9 FedRAMP High AU-9 Protection Of Audit Information FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance FedRAMP_High_R4 AU-9 FedRAMP_High_R4_AU-9 FedRAMP High AU-9 Protection Of Audit Information FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance FedRAMP_High_R4 AU-9(2) FedRAMP_High_R4_AU-9(2) FedRAMP High AU-9 (2) Audit Backup On Separate Physical Systems / Components FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c0559109-6a27-a217-6821-5a6d44f92897 Maintain integrity of audit system Regulatory Compliance FedRAMP_High_R4 AU-9(3) FedRAMP_High_R4_AU-9(3) FedRAMP High AU-9 (3) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance FedRAMP_High_R4 AU-9(4) FedRAMP_High_R4_AU-9(4) FedRAMP High AU-9 (4) Access By Subset Of Privileged Users FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance FedRAMP_High_R4 CA-1 FedRAMP_High_R4_CA-1 FedRAMP High CA-1 Security Assessment And Authorization Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance FedRAMP_High_R4 CA-2 FedRAMP_High_R4_CA-2 FedRAMP High CA-2 Security Assessments FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance FedRAMP_High_R4 CA-2 FedRAMP_High_R4_CA-2 FedRAMP High CA-2 Security Assessments FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance FedRAMP_High_R4 CA-2 FedRAMP_High_R4_CA-2 FedRAMP High CA-2 Security Assessments FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance FedRAMP_High_R4 CA-2 FedRAMP_High_R4_CA-2 FedRAMP High CA-2 Security Assessments FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b65c5d8e-9043-9612-2c17-65f231d763bb Employ independent assessors to conduct security control assessments Regulatory Compliance FedRAMP_High_R4 CA-2(1) FedRAMP_High_R4_CA-2(1) FedRAMP High CA-2 (1) Independent Assessors FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f78fc35e-1268-0bca-a798-afcba9d2330a Select additional testing for security control assessments Regulatory Compliance FedRAMP_High_R4 CA-2(2) FedRAMP_High_R4_CA-2(2) FedRAMP High CA-2 (2) Specialized Assessments FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3054c74b-9b45-2581-56cf-053a1a716c39 Accept assessment results Regulatory Compliance FedRAMP_High_R4 CA-2(3) FedRAMP_High_R4_CA-2(3) FedRAMP High CA-2 (3) External Organizations FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance FedRAMP_High_R4 CA-3 FedRAMP_High_R4_CA-3 FedRAMP High CA-3 System Interconnections FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance FedRAMP_High_R4 CA-3 FedRAMP_High_R4_CA-3 FedRAMP High CA-3 System Interconnections FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance FedRAMP_High_R4 CA-3(3) FedRAMP_High_R4_CA-3(3) FedRAMP High CA-3 (3) Unclassified Non-National Security System Connections FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
80029bc5-834f-3a9c-a2d8-acbc1aab4e9f Employ restrictions on external system interconnections Regulatory Compliance FedRAMP_High_R4 CA-3(5) FedRAMP_High_R4_CA-3(5) FedRAMP High CA-3 (5) Restrictions On External System Connections FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance FedRAMP_High_R4 CA-5 FedRAMP_High_R4_CA-5 FedRAMP High CA-5 Plan Of Action And Milestones FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance FedRAMP_High_R4 CA-5 FedRAMP_High_R4_CA-5 FedRAMP High CA-5 Plan Of Action And Milestones FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
449ebb52-945b-36e5-3446-af6f33770f8f Update the security authorization Regulatory Compliance FedRAMP_High_R4 CA-6 FedRAMP_High_R4_CA-6 FedRAMP High CA-6 Security Authorization FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0716f0f5-4955-2ccb-8d5e-c6be14d57c0f Ensure resources are authorized Regulatory Compliance FedRAMP_High_R4 CA-6 FedRAMP_High_R4_CA-6 FedRAMP High CA-6 Security Authorization FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e29a8f1b-149b-2fa3-969d-ebee1baa9472 Assign an authorizing official (AO) Regulatory Compliance FedRAMP_High_R4 CA-6 FedRAMP_High_R4_CA-6 FedRAMP High CA-6 Security Authorization FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance FedRAMP_High_R4 CA-7 FedRAMP_High_R4_CA-7 FedRAMP High CA-7 Continuous Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance FedRAMP_High_R4 CA-7 FedRAMP_High_R4_CA-7 FedRAMP High CA-7 Continuous Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance FedRAMP_High_R4 CA-7 FedRAMP_High_R4_CA-7 FedRAMP High CA-7 Continuous Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3baee3fd-30f5-882c-018c-cc78703a0106 Employ independent assessors for continuous monitoring Regulatory Compliance FedRAMP_High_R4 CA-7(1) FedRAMP_High_R4_CA-7(1) FedRAMP High CA-7 (1) Independent Assessment FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6a379d74-903b-244a-4c44-838728bea6b0 Analyse data obtained from continuous monitoring Regulatory Compliance FedRAMP_High_R4 CA-7(3) FedRAMP_High_R4_CA-7(3) FedRAMP High CA-7 (3) Trend Analyses FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
611ebc63-8600-50b6-a0e3-fef272457132 Employ independent team for penetration testing Regulatory Compliance FedRAMP_High_R4 CA-8(1) FedRAMP_High_R4_CA-8(1) FedRAMP High CA-8 (1) Independent Penetration Agent Or Team FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance FedRAMP_High_R4 CA-9 FedRAMP_High_R4_CA-9 FedRAMP High CA-9 Internal System Connections FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance FedRAMP_High_R4 CM-1 FedRAMP_High_R4_CM-1 FedRAMP High CM-1 Configuration Management Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
77cc89bb-774f-48d7-8a84-fb8c322c3000 Track software license usage Regulatory Compliance FedRAMP_High_R4 CM-10 FedRAMP_High_R4_CM-10 FedRAMP High CM-10 Software Usage Restrictions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
725164e5-3b21-1ec2-7e42-14f077862841 Require compliance with intellectual property rights Regulatory Compliance FedRAMP_High_R4 CM-10 FedRAMP_High_R4_CM-10 FedRAMP High CM-10 Software Usage Restrictions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
08c11b48-8745-034d-1c1b-a144feec73b9 Restrict use of open source software Regulatory Compliance FedRAMP_High_R4 CM-10(1) FedRAMP_High_R4_CM-10(1) FedRAMP High CM-10 (1) Open Source Software FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance FedRAMP_High_R4 CM-2 FedRAMP_High_R4_CM-2 FedRAMP High CM-2 Baseline Configuration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance FedRAMP_High_R4 CM-2 FedRAMP_High_R4_CM-2 FedRAMP High CM-2 Baseline Configuration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance FedRAMP_High_R4 CM-2 FedRAMP_High_R4_CM-2 FedRAMP High CM-2 Baseline Configuration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance FedRAMP_High_R4 CM-2 FedRAMP_High_R4_CM-2 FedRAMP High CM-2 Baseline Configuration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance FedRAMP_High_R4 CM-2 FedRAMP_High_R4_CM-2 FedRAMP High CM-2 Baseline Configuration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance FedRAMP_High_R4 CM-2 FedRAMP_High_R4_CM-2 FedRAMP High CM-2 Baseline Configuration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance FedRAMP_High_R4 CM-2(2) FedRAMP_High_R4_CM-2(2) FedRAMP High CM-2 (2) Automation Support For Accuracy / Currency FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance FedRAMP_High_R4 CM-2(2) FedRAMP_High_R4_CM-2(2) FedRAMP High CM-2 (2) Automation Support For Accuracy / Currency FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance FedRAMP_High_R4 CM-2(2) FedRAMP_High_R4_CM-2(2) FedRAMP High CM-2 (2) Automation Support For Accuracy / Currency FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance FedRAMP_High_R4 CM-2(2) FedRAMP_High_R4_CM-2(2) FedRAMP High CM-2 (2) Automation Support For Accuracy / Currency FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance FedRAMP_High_R4 CM-2(2) FedRAMP_High_R4_CM-2(2) FedRAMP High CM-2 (2) Automation Support For Accuracy / Currency FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance FedRAMP_High_R4 CM-2(2) FedRAMP_High_R4_CM-2(2) FedRAMP High CM-2 (2) Automation Support For Accuracy / Currency FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5e4e9685-3818-5934-0071-2620c4fa2ca5 Retain previous versions of baseline configs Regulatory Compliance FedRAMP_High_R4 CM-2(3) FedRAMP_High_R4_CM-2(3) FedRAMP High CM-2 (3) Retention Of Previous Configurations FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals Regulatory Compliance FedRAMP_High_R4 CM-2(7) FedRAMP_High_R4_CM-2(7) FedRAMP High CM-2 (7) Configure Systems, Components, Or Devices For High-Risk Areas FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return Regulatory Compliance FedRAMP_High_R4 CM-2(7) FedRAMP_High_R4_CM-2(7) FedRAMP High CM-2 (7) Configure Systems, Components, Or Devices For High-Risk Areas FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance FedRAMP_High_R4 CM-3 FedRAMP_High_R4_CM-3 FedRAMP High CM-3 Configuration Change Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance FedRAMP_High_R4 CM-3 FedRAMP_High_R4_CM-3 FedRAMP High CM-3 Configuration Change Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance FedRAMP_High_R4 CM-3 FedRAMP_High_R4_CM-3 FedRAMP High CM-3 Configuration Change Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance FedRAMP_High_R4 CM-3 FedRAMP_High_R4_CM-3 FedRAMP High CM-3 Configuration Change Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance FedRAMP_High_R4 CM-3 FedRAMP_High_R4_CM-3 FedRAMP High CM-3 Configuration Change Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance FedRAMP_High_R4 CM-3 FedRAMP_High_R4_CM-3 FedRAMP High CM-3 Configuration Change Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance FedRAMP_High_R4 CM-3 FedRAMP_High_R4_CM-3 FedRAMP High CM-3 Configuration Change Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance FedRAMP_High_R4 CM-3 FedRAMP_High_R4_CM-3 FedRAMP High CM-3 Configuration Change Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance FedRAMP_High_R4 CM-3(1) FedRAMP_High_R4_CM-3(1) FedRAMP High CM-3 (1) Automated Document / Notification / Prohibition Of Changes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance FedRAMP_High_R4 CM-3(1) FedRAMP_High_R4_CM-3(1) FedRAMP High CM-3 (1) Automated Document / Notification / Prohibition Of Changes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance FedRAMP_High_R4 CM-3(1) FedRAMP_High_R4_CM-3(1) FedRAMP High CM-3 (1) Automated Document / Notification / Prohibition Of Changes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance FedRAMP_High_R4 CM-3(1) FedRAMP_High_R4_CM-3(1) FedRAMP High CM-3 (1) Automated Document / Notification / Prohibition Of Changes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance FedRAMP_High_R4 CM-3(1) FedRAMP_High_R4_CM-3(1) FedRAMP High CM-3 (1) Automated Document / Notification / Prohibition Of Changes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance FedRAMP_High_R4 CM-3(1) FedRAMP_High_R4_CM-3(1) FedRAMP High CM-3 (1) Automated Document / Notification / Prohibition Of Changes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance FedRAMP_High_R4 CM-3(2) FedRAMP_High_R4_CM-3(2) FedRAMP High CM-3 (2) Test / Validate / Document Changes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance FedRAMP_High_R4 CM-3(2) FedRAMP_High_R4_CM-3(2) FedRAMP High CM-3 (2) Test / Validate / Document Changes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance FedRAMP_High_R4 CM-3(2) FedRAMP_High_R4_CM-3(2) FedRAMP High CM-3 (2) Test / Validate / Document Changes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6abdf7c7-362b-3f35-099e-533ed50988f9 Assign information security representative to change control Regulatory Compliance FedRAMP_High_R4 CM-3(4) FedRAMP_High_R4_CM-3(4) FedRAMP High CM-3 (4) Security Representative FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b8dad106-6444-5f55-307e-1e1cc9723e39 Ensure cryptographic mechanisms are under configuration management Regulatory Compliance FedRAMP_High_R4 CM-3(6) FedRAMP_High_R4_CM-3(6) FedRAMP High CM-3 (6) Cryptography Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance FedRAMP_High_R4 CM-4 FedRAMP_High_R4_CM-4 FedRAMP High CM-4 Security Impact Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance FedRAMP_High_R4 CM-4 FedRAMP_High_R4_CM-4 FedRAMP High CM-4 Security Impact Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance FedRAMP_High_R4 CM-4 FedRAMP_High_R4_CM-4 FedRAMP High CM-4 Security Impact Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance FedRAMP_High_R4 CM-4 FedRAMP_High_R4_CM-4 FedRAMP High CM-4 Security Impact Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance FedRAMP_High_R4 CM-4 FedRAMP_High_R4_CM-4 FedRAMP High CM-4 Security Impact Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance FedRAMP_High_R4 CM-4 FedRAMP_High_R4_CM-4 FedRAMP High CM-4 Security Impact Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance FedRAMP_High_R4 CM-4 FedRAMP_High_R4_CM-4 FedRAMP High CM-4 Security Impact Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance FedRAMP_High_R4 CM-4 FedRAMP_High_R4_CM-4 FedRAMP High CM-4 Security Impact Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance FedRAMP_High_R4 CM-4(1) FedRAMP_High_R4_CM-4(1) FedRAMP High CM-4 (1) Separate Test Environments FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance FedRAMP_High_R4 CM-4(1) FedRAMP_High_R4_CM-4(1) FedRAMP High CM-4 (1) Separate Test Environments FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance FedRAMP_High_R4 CM-4(1) FedRAMP_High_R4_CM-4(1) FedRAMP High CM-4 (1) Separate Test Environments FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance FedRAMP_High_R4 CM-4(1) FedRAMP_High_R4_CM-4(1) FedRAMP High CM-4 (1) Separate Test Environments FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance FedRAMP_High_R4 CM-4(1) FedRAMP_High_R4_CM-4(1) FedRAMP High CM-4 (1) Separate Test Environments FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance FedRAMP_High_R4 CM-5 FedRAMP_High_R4_CM-5 FedRAMP High CM-5 Access Restrictions For Change FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8cd815bf-97e1-5144-0735-11f6ddb50a59 Enforce and audit access restrictions Regulatory Compliance FedRAMP_High_R4 CM-5(1) FedRAMP_High_R4_CM-5(1) FedRAMP High CM-5 (1) Automated Access Enforcement / Auditing FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c246d146-82b0-301f-32e7-1065dcd248b7 Review changes for any unauthorized changes Regulatory Compliance FedRAMP_High_R4 CM-5(2) FedRAMP_High_R4_CM-5(2) FedRAMP High CM-5 (2) Review System Changes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4ee5975d-2507-5530-a20a-83a725889c6f Restrict unauthorized software and firmware installation Regulatory Compliance FedRAMP_High_R4 CM-5(3) FedRAMP_High_R4_CM-5(3) FedRAMP High CM-5 (3) Signed Components FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges Regulatory Compliance FedRAMP_High_R4 CM-5(5) FedRAMP_High_R4_CM-5(5) FedRAMP High CM-5 (5) Limit Production / Operational Privileges FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance FedRAMP_High_R4 CM-5(5) FedRAMP_High_R4_CM-5(5) FedRAMP High CM-5 (5) Limit Production / Operational Privileges FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Kubernetes FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Kubernetes FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Kubernetes FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ab6a902f-9493-453b-928d-62c30b11b5a6 Function apps should have Client Certificates (Incoming client certificates) enabled App Service FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance FedRAMP_High_R4 CM-6(1) FedRAMP_High_R4_CM-6(1) FedRAMP High CM-6 (1) Automated Central Management / Application / Verification FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers Regulatory Compliance FedRAMP_High_R4 CM-6(1) FedRAMP_High_R4_CM-6(1) FedRAMP High CM-6 (1) Automated Central Management / Application / Verification FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance FedRAMP_High_R4 CM-6(1) FedRAMP_High_R4_CM-6(1) FedRAMP High CM-6 (1) Automated Central Management / Application / Verification FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_High_R4 CM-7 FedRAMP_High_R4_CM-7 FedRAMP High CM-7 Least Functionality FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance FedRAMP_High_R4 CM-8 FedRAMP_High_R4_CM-8 FedRAMP High CM-8 Information System Component Inventory FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance FedRAMP_High_R4 CM-8 FedRAMP_High_R4_CM-8 FedRAMP High CM-8 Information System Component Inventory FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance FedRAMP_High_R4 CM-8(1) FedRAMP_High_R4_CM-8(1) FedRAMP High CM-8 (1) Updates During Installations / Removals FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance FedRAMP_High_R4 CM-8(1) FedRAMP_High_R4_CM-8(1) FedRAMP High CM-8 (1) Updates During Installations / Removals FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance FedRAMP_High_R4 CM-8(3) FedRAMP_High_R4_CM-8(3) FedRAMP High CM-8 (3) Automated Unauthorized Component Detection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices Regulatory Compliance FedRAMP_High_R4 CM-8(3) FedRAMP_High_R4_CM-8(3) FedRAMP High CM-8 (3) Automated Unauthorized Component Detection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance FedRAMP_High_R4 CM-8(4) FedRAMP_High_R4_CM-8(4) FedRAMP High CM-8 (4) Accountability Information FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance FedRAMP_High_R4 CM-8(4) FedRAMP_High_R4_CM-8(4) FedRAMP High CM-8 (4) Accountability Information FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
874a6f2e-2098-53bc-3a16-20dcdc425a7e Create configuration plan protection Regulatory Compliance FedRAMP_High_R4 CM-9 FedRAMP_High_R4_CM-9 FedRAMP High CM-9 Configuration Management Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
836f8406-3b8a-11bb-12cb-6c7fa0765668 Develop configuration item identification plan Regulatory Compliance FedRAMP_High_R4 CM-9 FedRAMP_High_R4_CM-9 FedRAMP High CM-9 Configuration Management Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance FedRAMP_High_R4 CM-9 FedRAMP_High_R4_CM-9 FedRAMP High CM-9 Configuration Management Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance FedRAMP_High_R4 CM-9 FedRAMP_High_R4_CM-9 FedRAMP High CM-9 Configuration Management Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance FedRAMP_High_R4 CM-9 FedRAMP_High_R4_CM-9 FedRAMP High CM-9 Configuration Management Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance FedRAMP_High_R4 CM-9 FedRAMP_High_R4_CM-9 FedRAMP High CM-9 Configuration Management Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance FedRAMP_High_R4 CP-1 FedRAMP_High_R4_CP-1 FedRAMP High CP-1 Contingency Planning Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f33c3238-11d2-508c-877c-4262ec1132e1 Recover and reconstitute resources after any disruption Regulatory Compliance FedRAMP_High_R4 CP-10 FedRAMP_High_R4_CP-10 FedRAMP High CP-10 Information System Recovery And Reconstitution FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ba02d0a0-566a-25dc-73f1-101c726a19c5 Implement transaction based recovery Regulatory Compliance FedRAMP_High_R4 CP-10(2) FedRAMP_High_R4_CP-10(2) FedRAMP High CP-10 (2) Transaction Recovery FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f801d58e-5659-9a4a-6e8d-02c9334732e5 Restore resources to operational state Regulatory Compliance FedRAMP_High_R4 CP-10(4) FedRAMP_High_R4_CP-10(4) FedRAMP High CP-10 (4) Restore Within Time Period FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan Regulatory Compliance FedRAMP_High_R4 CP-2 FedRAMP_High_R4_CP-2 FedRAMP High CP-2 Contingency Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance FedRAMP_High_R4 CP-2 FedRAMP_High_R4_CP-2 FedRAMP High CP-2 Contingency Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance FedRAMP_High_R4 CP-2 FedRAMP_High_R4_CP-2 FedRAMP High CP-2 Contingency Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures Regulatory Compliance FedRAMP_High_R4 CP-2 FedRAMP_High_R4_CP-2 FedRAMP High CP-2 Contingency Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance FedRAMP_High_R4 CP-2 FedRAMP_High_R4_CP-2 FedRAMP High CP-2 Contingency Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance FedRAMP_High_R4 CP-2 FedRAMP_High_R4_CP-2 FedRAMP High CP-2 Contingency Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance FedRAMP_High_R4 CP-2 FedRAMP_High_R4_CP-2 FedRAMP High CP-2 Contingency Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance FedRAMP_High_R4 CP-2 FedRAMP_High_R4_CP-2 FedRAMP High CP-2 Contingency Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance FedRAMP_High_R4 CP-2(1) FedRAMP_High_R4_CP-2(1) FedRAMP High CP-2 (1) Coordinate With Related Plans FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
33602e78-35e3-4f06-17fb-13dd887448e4 Conduct capacity planning Regulatory Compliance FedRAMP_High_R4 CP-2(2) FedRAMP_High_R4_CP-2(2) FedRAMP High CP-2 (2) Capacity Planning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance FedRAMP_High_R4 CP-2(3) FedRAMP_High_R4_CP-2(3) FedRAMP High CP-2 (3) Resume Essential Missions / Business Functions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
91a54089-2d69-0f56-62dc-b6371a1671c0 Resume all mission and business functions Regulatory Compliance FedRAMP_High_R4 CP-2(4) FedRAMP_High_R4_CP-2(4) FedRAMP High CP-2 (4) Resume All Missions / Business Functions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance FedRAMP_High_R4 CP-2(5) FedRAMP_High_R4_CP-2(5) FedRAMP High CP-2 (5) Continue Essential Missions / Business Functions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cb8841d4-9d13-7292-1d06-ba4d68384681 Perform a business impact assessment and application criticality assessment Regulatory Compliance FedRAMP_High_R4 CP-2(8) FedRAMP_High_R4_CP-2(8) FedRAMP High CP-2 (8) Identify Critical Assets FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance FedRAMP_High_R4 CP-3 FedRAMP_High_R4_CP-3 FedRAMP High CP-3 Contingency Training FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9c954fcf-6dd8-81f1-41b5-832ae5c62caf Incorporate simulated contingency training Regulatory Compliance FedRAMP_High_R4 CP-3(1) FedRAMP_High_R4_CP-3(1) FedRAMP High CP-3 (1) Simulated Events FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
58a51cde-008b-1a5d-61b5-d95849770677 Test the business continuity and disaster recovery plan Regulatory Compliance FedRAMP_High_R4 CP-4 FedRAMP_High_R4_CP-4 FedRAMP High CP-4 Contingency Plan Testing FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5d3abfea-a130-1208-29c0-e57de80aa6b0 Review the results of contingency plan testing Regulatory Compliance FedRAMP_High_R4 CP-4 FedRAMP_High_R4_CP-4 FedRAMP High CP-4 Contingency Plan Testing FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8bfdbaa6-6824-3fec-9b06-7961bf7389a6 Initiate contingency plan testing corrective actions Regulatory Compliance FedRAMP_High_R4 CP-4 FedRAMP_High_R4_CP-4 FedRAMP High CP-4 Contingency Plan Testing FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance FedRAMP_High_R4 CP-4(1) FedRAMP_High_R4_CP-4(1) FedRAMP High CP-4 (1) Coordinate With Related Plans FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ba99d512-3baa-1c38-8b0b-ae16bbd34274 Test contingency plan at an alternate processing location Regulatory Compliance FedRAMP_High_R4 CP-4(2) FedRAMP_High_R4_CP-4(2) FedRAMP High CP-4 (2) Alternate Processing Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
60442979-6333-85f0-84c5-b887bac67448 Evaluate alternate processing site capabilities Regulatory Compliance FedRAMP_High_R4 CP-4(2) FedRAMP_High_R4_CP-4(2) FedRAMP High CP-4 (2) Alternate Processing Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL FedRAMP_High_R4 CP-6 FedRAMP_High_R4_CP-6 FedRAMP High CP-6 Alternate Storage Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bf045164-79ba-4215-8f95-f8048dc1780b Geo-redundant storage should be enabled for Storage Accounts Storage FedRAMP_High_R4 CP-6 FedRAMP_High_R4_CP-6 FedRAMP High CP-6 Alternate Storage Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL FedRAMP_High_R4 CP-6 FedRAMP_High_R4_CP-6 FedRAMP High CP-6 Alternate Storage Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance FedRAMP_High_R4 CP-6 FedRAMP_High_R4_CP-6 FedRAMP High CP-6 Alternate Storage Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL FedRAMP_High_R4 CP-6 FedRAMP_High_R4_CP-6 FedRAMP High CP-6 Alternate Storage Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance FedRAMP_High_R4 CP-6 FedRAMP_High_R4_CP-6 FedRAMP High CP-6 Alternate Storage Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL FedRAMP_High_R4 CP-6 FedRAMP_High_R4_CP-6 FedRAMP High CP-6 Alternate Storage Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bf045164-79ba-4215-8f95-f8048dc1780b Geo-redundant storage should be enabled for Storage Accounts Storage FedRAMP_High_R4 CP-6(1) FedRAMP_High_R4_CP-6(1) FedRAMP High CP-6 (1) Separation From Primary Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL FedRAMP_High_R4 CP-6(1) FedRAMP_High_R4_CP-6(1) FedRAMP High CP-6 (1) Separation From Primary Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL FedRAMP_High_R4 CP-6(1) FedRAMP_High_R4_CP-6(1) FedRAMP High CP-6 (1) Separation From Primary Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance FedRAMP_High_R4 CP-6(1) FedRAMP_High_R4_CP-6(1) FedRAMP High CP-6 (1) Separation From Primary Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL FedRAMP_High_R4 CP-6(1) FedRAMP_High_R4_CP-6(1) FedRAMP High CP-6 (1) Separation From Primary Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL FedRAMP_High_R4 CP-6(1) FedRAMP_High_R4_CP-6(1) FedRAMP High CP-6 (1) Separation From Primary Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
245fe58b-96f8-9f1e-48c5-7f49903f66fd Establish alternate storage site that facilitates recovery operations Regulatory Compliance FedRAMP_High_R4 CP-6(2) FedRAMP_High_R4_CP-6(2) FedRAMP High CP-6 (2) Recovery Time / Point Objectives FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site Regulatory Compliance FedRAMP_High_R4 CP-6(3) FedRAMP_High_R4_CP-6(3) FedRAMP High CP-6 (3) Accessibility FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute FedRAMP_High_R4 CP-7 FedRAMP_High_R4_CP-7 FedRAMP High CP-7 Alternate Processing Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance FedRAMP_High_R4 CP-7 FedRAMP_High_R4_CP-7 FedRAMP High CP-7 Alternate Processing Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance FedRAMP_High_R4 CP-7(1) FedRAMP_High_R4_CP-7(1) FedRAMP High CP-7 (1) Separation From Primary Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance FedRAMP_High_R4 CP-7(2) FedRAMP_High_R4_CP-7(2) FedRAMP High CP-7 (2) Accessibility FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance FedRAMP_High_R4 CP-7(3) FedRAMP_High_R4_CP-7(3) FedRAMP High CP-7 (3) Priority Of Service FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers Regulatory Compliance FedRAMP_High_R4 CP-7(3) FedRAMP_High_R4_CP-7(3) FedRAMP High CP-7 (3) Priority Of Service FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0f31d98d-5ce2-705b-4aa5-b4f6705110dd Prepare alternate processing site for use as operational site Regulatory Compliance FedRAMP_High_R4 CP-7(4) FedRAMP_High_R4_CP-7(4) FedRAMP High CP-7 (4) Preparation For Use FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers Regulatory Compliance FedRAMP_High_R4 CP-8(1) FedRAMP_High_R4_CP-8(1) FedRAMP High CP-8 (1) Priority Of Service Provisions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup FedRAMP_High_R4 CP-9 FedRAMP_High_R4_CP-9 FedRAMP High CP-9 Information System Backup FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL FedRAMP_High_R4 CP-9 FedRAMP_High_R4_CP-9 FedRAMP High CP-9 Information System Backup FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL FedRAMP_High_R4 CP-9 FedRAMP_High_R4_CP-9 FedRAMP High CP-9 Information System Backup FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_High_R4 CP-9 FedRAMP_High_R4_CP-9 FedRAMP High CP-9 Information System Backup FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL FedRAMP_High_R4 CP-9 FedRAMP_High_R4_CP-9 FedRAMP High CP-9 Information System Backup FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault FedRAMP_High_R4 CP-9 FedRAMP_High_R4_CP-9 FedRAMP High CP-9 Information System Backup FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault FedRAMP_High_R4 CP-9 FedRAMP_High_R4_CP-9 FedRAMP High CP-9 Information System Backup FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance FedRAMP_High_R4 CP-9 FedRAMP_High_R4_CP-9 FedRAMP High CP-9 Information System Backup FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance FedRAMP_High_R4 CP-9 FedRAMP_High_R4_CP-9 FedRAMP High CP-9 Information System Backup FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance FedRAMP_High_R4 CP-9(3) FedRAMP_High_R4_CP-9(3) FedRAMP High CP-9 (3) Separate Storage For Critical Information FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance FedRAMP_High_R4 CP-9(5) FedRAMP_High_R4_CP-9(5) FedRAMP High CP-9 (5) Transfer To Alternate Storage Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures Regulatory Compliance FedRAMP_High_R4 IA-1 FedRAMP_High_R4_IA-1 FedRAMP High IA-1 Identification And Authentication Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service FedRAMP_High_R4 IA-2 FedRAMP_High_R4_IA-2 FedRAMP High IA-2 Identification And Authentication (Organizational Users) FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service FedRAMP_High_R4 IA-2 FedRAMP_High_R4_IA-2 FedRAMP High IA-2 Identification And Authentication (Organizational Users) FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services FedRAMP_High_R4 IA-2 FedRAMP_High_R4_IA-2 FedRAMP High IA-2 Identification And Authentication (Organizational Users) FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric FedRAMP_High_R4 IA-2 FedRAMP_High_R4_IA-2 FedRAMP High IA-2 Identification And Authentication (Organizational Users) FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance FedRAMP_High_R4 IA-2 FedRAMP_High_R4_IA-2 FedRAMP High IA-2 Identification And Authentication (Organizational Users) FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance FedRAMP_High_R4 IA-2 FedRAMP_High_R4_IA-2 FedRAMP High IA-2 Identification And Authentication (Organizational Users) FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL FedRAMP_High_R4 IA-2 FedRAMP_High_R4_IA-2 FedRAMP High IA-2 Identification And Authentication (Organizational Users) FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance FedRAMP_High_R4 IA-2(1) FedRAMP_High_R4_IA-2(1) FedRAMP High IA-2 (1) Network Access To Privileged Accounts FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance FedRAMP_High_R4 IA-2(11) FedRAMP_High_R4_IA-2(11) FedRAMP High IA-2 (11) Remote Access - Separate Device FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance FedRAMP_High_R4 IA-2(11) FedRAMP_High_R4_IA-2(11) FedRAMP High IA-2 (11) Remote Access - Separate Device FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance FedRAMP_High_R4 IA-2(12) FedRAMP_High_R4_IA-2(12) FedRAMP High IA-2 (12) Acceptance Of Piv Credentials FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance FedRAMP_High_R4 IA-2(2) FedRAMP_High_R4_IA-2(2) FedRAMP High IA-2 (2) Network Access To Non-Privileged Accounts FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance FedRAMP_High_R4 IA-2(3) FedRAMP_High_R4_IA-2(3) FedRAMP High IA-2 (3) Local Access To Privileged Accounts FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
08ad71d0-52be-6503-4908-e015460a16ae Require use of individual authenticators Regulatory Compliance FedRAMP_High_R4 IA-2(5) FedRAMP_High_R4_IA-2(5) FedRAMP High IA-2 (5) Group Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric FedRAMP_High_R4 IA-4 FedRAMP_High_R4_IA-4 FedRAMP High IA-4 Identifier Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services FedRAMP_High_R4 IA-4 FedRAMP_High_R4_IA-4 FedRAMP High IA-4 Identifier Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4781e5fd-76b8-7d34-6df3-a0a7fca47665 Prevent identifier reuse for the defined time period Regulatory Compliance FedRAMP_High_R4 IA-4 FedRAMP_High_R4_IA-4 FedRAMP High IA-4 Identifier Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f29b17a4-0df2-8a50-058a-8570f9979d28 Assign system identifiers Regulatory Compliance FedRAMP_High_R4 IA-4 FedRAMP_High_R4_IA-4 FedRAMP High IA-4 Identifier Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service FedRAMP_High_R4 IA-4 FedRAMP_High_R4_IA-4 FedRAMP High IA-4 Identifier Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service FedRAMP_High_R4 IA-4 FedRAMP_High_R4_IA-4 FedRAMP High IA-4 Identifier Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL FedRAMP_High_R4 IA-4 FedRAMP_High_R4_IA-4 FedRAMP High IA-4 Identifier Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ca748dfe-3e28-1d18-4221-89aea30aa0a5 Identify status of individual users Regulatory Compliance FedRAMP_High_R4 IA-4(4) FedRAMP_High_R4_IA-4(4) FedRAMP High IA-4 (4) Identify User Status FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance FedRAMP_High_R4 IA-5(1) FedRAMP_High_R4_IA-5(1) FedRAMP High IA-5 (1) Password-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance FedRAMP_High_R4 IA-5(1) FedRAMP_High_R4_IA-5(1) FedRAMP High IA-5 (1) Password-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance FedRAMP_High_R4 IA-5(1) FedRAMP_High_R4_IA-5(1) FedRAMP High IA-5 (1) Password-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance FedRAMP_High_R4 IA-5(1) FedRAMP_High_R4_IA-5(1) FedRAMP High IA-5 (1) Password-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration FedRAMP_High_R4 IA-5(1) FedRAMP_High_R4_IA-5(1) FedRAMP High IA-5 (1) Password-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration FedRAMP_High_R4 IA-5(1) FedRAMP_High_R4_IA-5(1) FedRAMP High IA-5 (1) Password-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration FedRAMP_High_R4 IA-5(1) FedRAMP_High_R4_IA-5(1) FedRAMP High IA-5 (1) Password-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration FedRAMP_High_R4 IA-5(1) FedRAMP_High_R4_IA-5(1) FedRAMP High IA-5 (1) Password-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration FedRAMP_High_R4 IA-5(1) FedRAMP_High_R4_IA-5(1) FedRAMP High IA-5 (1) Password-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration FedRAMP_High_R4 IA-5(1) FedRAMP_High_R4_IA-5(1) FedRAMP High IA-5 (1) Password-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
237b38db-ca4d-4259-9e47-7882441ca2c0 Audit Windows machines that do not have the minimum password age set to specified number of days Guest Configuration FedRAMP_High_R4 IA-5(1) FedRAMP_High_R4_IA-5(1) FedRAMP High IA-5 (1) Password-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration FedRAMP_High_R4 IA-5(1) FedRAMP_High_R4_IA-5(1) FedRAMP High IA-5 (1) Password-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration FedRAMP_High_R4 IA-5(1) FedRAMP_High_R4_IA-5(1) FedRAMP High IA-5 (1) Password-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration FedRAMP_High_R4 IA-5(1) FedRAMP_High_R4_IA-5(1) FedRAMP High IA-5 (1) Password-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration FedRAMP_High_R4 IA-5(1) FedRAMP_High_R4_IA-5(1) FedRAMP High IA-5 (1) Password-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance FedRAMP_High_R4 IA-5(11) FedRAMP_High_R4_IA-5(11) FedRAMP High IA-5 (11) Hardware Token-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c7e8ddc1-14aa-1814-7fe1-aad1742b27da Enforce expiration of cached authenticators Regulatory Compliance FedRAMP_High_R4 IA-5(13) FedRAMP_High_R4_IA-5(13) FedRAMP High IA-5 (13) Expiration Of Cached Authenticators FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance FedRAMP_High_R4 IA-5(2) FedRAMP_High_R4_IA-5(2) FedRAMP High IA-5 (2) Pki-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance FedRAMP_High_R4 IA-5(2) FedRAMP_High_R4_IA-5(2) FedRAMP High IA-5 (2) Pki-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance FedRAMP_High_R4 IA-5(2) FedRAMP_High_R4_IA-5(2) FedRAMP High IA-5 (2) Pki-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6f311b49-9b0d-8c67-3d6e-db80ae528173 Bind authenticators and identities dynamically Regulatory Compliance FedRAMP_High_R4 IA-5(2) FedRAMP_High_R4_IA-5(2) FedRAMP High IA-5 (2) Pki-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0065241c-72e9-3b2c-556f-75de66332a94 Establish parameters for searching secret authenticators and verifiers Regulatory Compliance FedRAMP_High_R4 IA-5(2) FedRAMP_High_R4_IA-5(2) FedRAMP High IA-5 (2) Pki-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4012c2b7-4e0e-a7ab-1688-4aab43f14420 Map authenticated identities to individuals Regulatory Compliance FedRAMP_High_R4 IA-5(2) FedRAMP_High_R4_IA-5(2) FedRAMP High IA-5 (2) Pki-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance FedRAMP_High_R4 IA-5(2) FedRAMP_High_R4_IA-5(2) FedRAMP High IA-5 (2) Pki-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
098dcde7-016a-06c3-0985-0daaf3301d3a Distribute authenticators Regulatory Compliance FedRAMP_High_R4 IA-5(3) FedRAMP_High_R4_IA-5(3) FedRAMP High IA-5 (3) In-Person Or Trusted Third-Party Registration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance FedRAMP_High_R4 IA-5(4) FedRAMP_High_R4_IA-5(4) FedRAMP High IA-5 (4) Automated Support For Password Strength Determination FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance FedRAMP_High_R4 IA-5(4) FedRAMP_High_R4_IA-5(4) FedRAMP High IA-5 (4) Automated Support For Password Strength Determination FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance FedRAMP_High_R4 IA-5(4) FedRAMP_High_R4_IA-5(4) FedRAMP High IA-5 (4) Automated Support For Password Strength Determination FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
37dbe3dc-0e9c-24fa-36f2-11197cbfa207 Ensure authorized users protect provided authenticators Regulatory Compliance FedRAMP_High_R4 IA-5(6) FedRAMP_High_R4_IA-5(6) FedRAMP High IA-5 (6) Protection Of Authenticators FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eda0cbb7-6043-05bf-645b-67411f1a59b3 Ensure there are no unencrypted static authenticators Regulatory Compliance FedRAMP_High_R4 IA-5(7) FedRAMP_High_R4_IA-5(7) FedRAMP High IA-5 (7) No Embedded Unencrypted Static Authenticators FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1ff03f2a-974b-3272-34f2-f6cd51420b30 Obscure feedback information during authentication process Regulatory Compliance FedRAMP_High_R4 IA-6 FedRAMP_High_R4_IA-6 FedRAMP High IA-6 Authenticator Feedback FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance FedRAMP_High_R4 IA-7 FedRAMP_High_R4_IA-7 FedRAMP High IA-7 Cryptographic Module Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance FedRAMP_High_R4 IA-8 FedRAMP_High_R4_IA-8 FedRAMP High IA-8 Identification And Authentication (Non- Organizational Users) FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
55be3260-a7a2-3c06-7fe6-072d07525ab7 Accept PIV credentials Regulatory Compliance FedRAMP_High_R4 IA-8(1) FedRAMP_High_R4_IA-8(1) FedRAMP High IA-8 (1) Acceptance Of Piv Credentials From Other Agencies FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2d2ca910-7957-23ee-2945-33f401606efc Accept only FICAM-approved third-party credentials Regulatory Compliance FedRAMP_High_R4 IA-8(2) FedRAMP_High_R4_IA-8(2) FedRAMP High IA-8 (2) Acceptance Of Third-Party Credentials FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
db8b35d6-8adb-3f51-44ff-c648ab5b1530 Employ FICAM-approved resources to accept third-party credentials Regulatory Compliance FedRAMP_High_R4 IA-8(3) FedRAMP_High_R4_IA-8(3) FedRAMP High IA-8 (3) Use Of Ficam-Approved Products FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a8df9c78-4044-98be-2c05-31a315ac8957 Conform to FICAM-issued profiles Regulatory Compliance FedRAMP_High_R4 IA-8(4) FedRAMP_High_R4_IA-8(4) FedRAMP High IA-8 (4) Use Of Ficam-Issued Profiles FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance FedRAMP_High_R4 IR-1 FedRAMP_High_R4_IR-1 FedRAMP High IR-1 Incident Response Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance FedRAMP_High_R4 IR-2 FedRAMP_High_R4_IR-2 FedRAMP High IR-2 Incident Response Training FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1fdeb7c4-4c93-8271-a135-17ebe85f1cc7 Incorporate simulated events into incident response training Regulatory Compliance FedRAMP_High_R4 IR-2(1) FedRAMP_High_R4_IR-2(1) FedRAMP High IR-2 (1) Simulated Events FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c8aa992d-76b7-7ca0-07b3-31a58d773fa9 Employ automated training environment Regulatory Compliance FedRAMP_High_R4 IR-2(2) FedRAMP_High_R4_IR-2(2) FedRAMP High IR-2 (2) Automated Training Environments FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance FedRAMP_High_R4 IR-3 FedRAMP_High_R4_IR-3 FedRAMP High IR-3 Incident Response Testing FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance FedRAMP_High_R4 IR-3 FedRAMP_High_R4_IR-3 FedRAMP High IR-3 Incident Response Testing FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance FedRAMP_High_R4 IR-3 FedRAMP_High_R4_IR-3 FedRAMP High IR-3 Incident Response Testing FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance FedRAMP_High_R4 IR-3(2) FedRAMP_High_R4_IR-3(2) FedRAMP High IR-3 (2) Coordination With Related Plans FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance FedRAMP_High_R4 IR-3(2) FedRAMP_High_R4_IR-3(2) FedRAMP High IR-3 (2) Coordination With Related Plans FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance FedRAMP_High_R4 IR-3(2) FedRAMP_High_R4_IR-3(2) FedRAMP High IR-3 (2) Coordination With Related Plans FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance FedRAMP_High_R4 IR-4(1) FedRAMP_High_R4_IR-4(1) FedRAMP High IR-4 (1) Automated Incident Handling Processes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance FedRAMP_High_R4 IR-4(1) FedRAMP_High_R4_IR-4(1) FedRAMP High IR-4 (1) Automated Incident Handling Processes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance FedRAMP_High_R4 IR-4(1) FedRAMP_High_R4_IR-4(1) FedRAMP High IR-4 (1) Automated Incident Handling Processes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1e0d5ba8-a433-01aa-829c-86b06c9631ec Include dynamic reconfig of customer deployed resources Regulatory Compliance FedRAMP_High_R4 IR-4(2) FedRAMP_High_R4_IR-4(2) FedRAMP High IR-4 (2) Dynamic Reconfiguration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
23d1a569-2d1e-7f43-9e22-1f94115b7dd5 Identify classes of Incidents and Actions taken Regulatory Compliance FedRAMP_High_R4 IR-4(3) FedRAMP_High_R4_IR-4(3) FedRAMP High IR-4 (3) Continuity Of Operations FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance FedRAMP_High_R4 IR-4(4) FedRAMP_High_R4_IR-4(4) FedRAMP High IR-4 (4) Information Correlation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
98e33927-8d7f-6d5f-44f5-2469b40b7215 Implement Incident handling capability Regulatory Compliance FedRAMP_High_R4 IR-4(6) FedRAMP_High_R4_IR-4(6) FedRAMP High IR-4 (6) Insider Threats - Specific Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d4e6a629-28eb-79a9-000b-88030e4823ca Coordinate with external organizations to achieve cross org perspective Regulatory Compliance FedRAMP_High_R4 IR-4(8) FedRAMP_High_R4_IR-4(8) FedRAMP High IR-4 (8) Correlation With External Organizations FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center FedRAMP_High_R4 IR-5 FedRAMP_High_R4_IR-5 FedRAMP High IR-5 Incident Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_High_R4 IR-5 FedRAMP_High_R4_IR-5 FedRAMP High IR-5 Incident Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_High_R4 IR-5 FedRAMP_High_R4_IR-5 FedRAMP High IR-5 Incident Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_High_R4 IR-5 FedRAMP_High_R4_IR-5 FedRAMP High IR-5 Incident Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_High_R4 IR-5 FedRAMP_High_R4_IR-5 FedRAMP High IR-5 Incident Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center FedRAMP_High_R4 IR-5 FedRAMP_High_R4_IR-5 FedRAMP High IR-5 Incident Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_High_R4 IR-5 FedRAMP_High_R4_IR-5 FedRAMP High IR-5 Incident Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_High_R4 IR-5 FedRAMP_High_R4_IR-5 FedRAMP High IR-5 Incident Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FedRAMP_High_R4 IR-5 FedRAMP_High_R4_IR-5 FedRAMP High IR-5 Incident Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_High_R4 IR-5 FedRAMP_High_R4_IR-5 FedRAMP High IR-5 Incident Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_High_R4 IR-5 FedRAMP_High_R4_IR-5 FedRAMP High IR-5 Incident Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_High_R4 IR-5 FedRAMP_High_R4_IR-5 FedRAMP High IR-5 Incident Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center FedRAMP_High_R4 IR-5 FedRAMP_High_R4_IR-5 FedRAMP High IR-5 Incident Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance FedRAMP_High_R4 IR-6(1) FedRAMP_High_R4_IR-6(1) FedRAMP High IR-6 (1) Automated Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance FedRAMP_High_R4 IR-7 FedRAMP_High_R4_IR-7 FedRAMP High IR-7 Incident Response Assistance FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance FedRAMP_High_R4 IR-7(1) FedRAMP_High_R4_IR-7(1) FedRAMP High IR-7 (1) Automation Support For Availability Of Information / Support FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance FedRAMP_High_R4 IR-7(1) FedRAMP_High_R4_IR-7(1) FedRAMP High IR-7 (1) Automation Support For Availability Of Information / Support FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance FedRAMP_High_R4 IR-7(1) FedRAMP_High_R4_IR-7(1) FedRAMP High IR-7 (1) Automation Support For Availability Of Information / Support FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance FedRAMP_High_R4 IR-7(1) FedRAMP_High_R4_IR-7(1) FedRAMP High IR-7 (1) Automation Support For Availability Of Information / Support FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance FedRAMP_High_R4 IR-7(1) FedRAMP_High_R4_IR-7(1) FedRAMP High IR-7 (1) Automation Support For Availability Of Information / Support FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance FedRAMP_High_R4 IR-7(1) FedRAMP_High_R4_IR-7(1) FedRAMP High IR-7 (1) Automation Support For Availability Of Information / Support FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance FedRAMP_High_R4 IR-7(1) FedRAMP_High_R4_IR-7(1) FedRAMP High IR-7 (1) Automation Support For Availability Of Information / Support FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b470a37a-7a47-3792-34dd-7a793140702e Establish relationship between incident response capability and external providers Regulatory Compliance FedRAMP_High_R4 IR-7(2) FedRAMP_High_R4_IR-7(2) FedRAMP High IR-7 (2) Coordination With External Providers FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
037c0089-6606-2dab-49ad-437005b5035f Identify incident response personnel Regulatory Compliance FedRAMP_High_R4 IR-7(2) FedRAMP_High_R4_IR-7(2) FedRAMP High IR-7 (2) Coordination With External Providers FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records Regulatory Compliance FedRAMP_High_R4 IR-8 FedRAMP_High_R4_IR-8 FedRAMP High IR-8 Incident Response Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance FedRAMP_High_R4 IR-8 FedRAMP_High_R4_IR-8 FedRAMP High IR-8 Incident Response Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance FedRAMP_High_R4 IR-8 FedRAMP_High_R4_IR-8 FedRAMP High IR-8 Incident Response Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance FedRAMP_High_R4 IR-8 FedRAMP_High_R4_IR-8 FedRAMP High IR-8 Incident Response Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance FedRAMP_High_R4 IR-8 FedRAMP_High_R4_IR-8 FedRAMP High IR-8 Incident Response Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance FedRAMP_High_R4 IR-8 FedRAMP_High_R4_IR-8 FedRAMP High IR-8 Incident Response Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance FedRAMP_High_R4 IR-9 FedRAMP_High_R4_IR-9 FedRAMP High IR-9 Information Spillage Response FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
279052a0-8238-694d-9661-bf649f951747 Identify contaminated systems and components Regulatory Compliance FedRAMP_High_R4 IR-9 FedRAMP_High_R4_IR-9 FedRAMP High IR-9 Information Spillage Response FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
22457e81-3ec6-5271-a786-c3ca284601dd Isolate information spills Regulatory Compliance FedRAMP_High_R4 IR-9 FedRAMP_High_R4_IR-9 FedRAMP High IR-9 Information Spillage Response FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance FedRAMP_High_R4 IR-9 FedRAMP_High_R4_IR-9 FedRAMP High IR-9 Information Spillage Response FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
69d90ee6-9f9f-262a-2038-d909fb4e5723 Identify spilled information Regulatory Compliance FedRAMP_High_R4 IR-9 FedRAMP_High_R4_IR-9 FedRAMP High IR-9 Information Spillage Response FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance FedRAMP_High_R4 IR-9 FedRAMP_High_R4_IR-9 FedRAMP High IR-9 Information Spillage Response FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance FedRAMP_High_R4 IR-9 FedRAMP_High_R4_IR-9 FedRAMP High IR-9 Information Spillage Response FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
037c0089-6606-2dab-49ad-437005b5035f Identify incident response personnel Regulatory Compliance FedRAMP_High_R4 IR-9(1) FedRAMP_High_R4_IR-9(1) FedRAMP High IR-9 (1) Responsible Personnel FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance FedRAMP_High_R4 IR-9(2) FedRAMP_High_R4_IR-9(2) FedRAMP High IR-9 (2) Training FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bb048641-6017-7272-7772-a008f285a520 Develop spillage response procedures Regulatory Compliance FedRAMP_High_R4 IR-9(3) FedRAMP_High_R4_IR-9(3) FedRAMP High IR-9 (3) Post-Spill Operations FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance FedRAMP_High_R4 IR-9(4) FedRAMP_High_R4_IR-9(4) FedRAMP High IR-9 (4) Exposure To Unauthorized Personnel FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance FedRAMP_High_R4 MA-1 FedRAMP_High_R4_MA-1 FedRAMP High MA-1 System Maintenance Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance FedRAMP_High_R4 MA-2 FedRAMP_High_R4_MA-2 FedRAMP High MA-2 Controlled Maintenance FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_High_R4 MA-2 FedRAMP_High_R4_MA-2 FedRAMP High MA-2 Controlled Maintenance FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance FedRAMP_High_R4 MA-2 FedRAMP_High_R4_MA-2 FedRAMP High MA-2 Controlled Maintenance FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance FedRAMP_High_R4 MA-2 FedRAMP_High_R4_MA-2 FedRAMP High MA-2 Controlled Maintenance FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
74041cfe-3f87-1d17-79ec-34ca5f895542 Produce complete records of remote maintenance activities Regulatory Compliance FedRAMP_High_R4 MA-2(2) FedRAMP_High_R4_MA-2(2) FedRAMP High MA-2 (2) Automated Maintenance Activities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b8587fce-138f-86e8-33a3-c60768bf1da6 Automate remote maintenance activities Regulatory Compliance FedRAMP_High_R4 MA-2(2) FedRAMP_High_R4_MA-2(2) FedRAMP High MA-2 (2) Automated Maintenance Activities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance FedRAMP_High_R4 MA-3 FedRAMP_High_R4_MA-3 FedRAMP High MA-3 Maintenance Tools FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance FedRAMP_High_R4 MA-3 FedRAMP_High_R4_MA-3 FedRAMP High MA-3 Maintenance Tools FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance FedRAMP_High_R4 MA-3(1) FedRAMP_High_R4_MA-3(1) FedRAMP High MA-3 (1) Inspect Tools FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance FedRAMP_High_R4 MA-3(1) FedRAMP_High_R4_MA-3(1) FedRAMP High MA-3 (1) Inspect Tools FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance FedRAMP_High_R4 MA-3(2) FedRAMP_High_R4_MA-3(2) FedRAMP High MA-3 (2) Inspect Media FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance FedRAMP_High_R4 MA-3(2) FedRAMP_High_R4_MA-3(2) FedRAMP High MA-3 (2) Inspect Media FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance FedRAMP_High_R4 MA-3(3) FedRAMP_High_R4_MA-3(3) FedRAMP High MA-3 (3) Prevent Unauthorized Removal FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance FedRAMP_High_R4 MA-3(3) FedRAMP_High_R4_MA-3(3) FedRAMP High MA-3 (3) Prevent Unauthorized Removal FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance FedRAMP_High_R4 MA-3(3) FedRAMP_High_R4_MA-3(3) FedRAMP High MA-3 (3) Prevent Unauthorized Removal FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_High_R4 MA-3(3) FedRAMP_High_R4_MA-3(3) FedRAMP High MA-3 (3) Prevent Unauthorized Removal FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance FedRAMP_High_R4 MA-4 FedRAMP_High_R4_MA-4 FedRAMP High MA-4 Nonlocal Maintenance FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance FedRAMP_High_R4 MA-4(2) FedRAMP_High_R4_MA-4(2) FedRAMP High MA-4 (2) Document Nonlocal Maintenance FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5bac5fb7-7735-357b-767d-02264bfe5c3b Perform all non-local maintenance Regulatory Compliance FedRAMP_High_R4 MA-4(3) FedRAMP_High_R4_MA-4(3) FedRAMP High MA-4 (3) Comparable Security / Sanitization FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
10c3a1b1-29b0-a2d5-8f4c-a284b0f07830 Implement cryptographic mechanisms Regulatory Compliance FedRAMP_High_R4 MA-4(6) FedRAMP_High_R4_MA-4(6) FedRAMP High MA-4 (6) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7a489c62-242c-5db9-74df-c073056d6fa3 Designate personnel to supervise unauthorized maintenance activities Regulatory Compliance FedRAMP_High_R4 MA-5 FedRAMP_High_R4_MA-5 FedRAMP High MA-5 Maintenance Personnel FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4ce91e4e-6dab-3c46-011a-aa14ae1561bf Maintain list of authorized remote maintenance personnel Regulatory Compliance FedRAMP_High_R4 MA-5 FedRAMP_High_R4_MA-5 FedRAMP High MA-5 Maintenance Personnel FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d Manage maintenance personnel Regulatory Compliance FedRAMP_High_R4 MA-5 FedRAMP_High_R4_MA-5 FedRAMP High MA-5 Maintenance Personnel FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance FedRAMP_High_R4 MA-5(1) FedRAMP_High_R4_MA-5(1) FedRAMP High MA-5 (1) Individuals Without Appropriate Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_High_R4 MA-5(1) FedRAMP_High_R4_MA-5(1) FedRAMP High MA-5 (1) Individuals Without Appropriate Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eb598832-4bcc-658d-4381-3ecbe17b9866 Provide timely maintenance support Regulatory Compliance FedRAMP_High_R4 MA-6 FedRAMP_High_R4_MA-6 FedRAMP High MA-6 Timely Maintenance FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance FedRAMP_High_R4 MP-1 FedRAMP_High_R4_MP-1 FedRAMP High MP-1 Media Protection Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_High_R4 MP-2 FedRAMP_High_R4_MP-2 FedRAMP High MP-2 Media Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_High_R4 MP-3 FedRAMP_High_R4_MP-3 FedRAMP High MP-3 Media Marking FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance FedRAMP_High_R4 MP-4 FedRAMP_High_R4_MP-4 FedRAMP High MP-4 Media Storage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_High_R4 MP-4 FedRAMP_High_R4_MP-4 FedRAMP High MP-4 Media Storage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance FedRAMP_High_R4 MP-5 FedRAMP_High_R4_MP-5 FedRAMP High MP-5 Media Transport FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_High_R4 MP-5 FedRAMP_High_R4_MP-5 FedRAMP High MP-5 Media Transport FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance FedRAMP_High_R4 MP-5(4) FedRAMP_High_R4_MP-5(4) FedRAMP High MP-5 (4) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_High_R4 MP-5(4) FedRAMP_High_R4_MP-5(4) FedRAMP High MP-5 (4) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_High_R4 MP-6 FedRAMP_High_R4_MP-6 FedRAMP High MP-6 Media Sanitization FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance FedRAMP_High_R4 MP-6 FedRAMP_High_R4_MP-6 FedRAMP High MP-6 Media Sanitization FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_High_R4 MP-6(1) FedRAMP_High_R4_MP-6(1) FedRAMP High MP-6 (1) Review / Approve / Track / Document / Verify FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance FedRAMP_High_R4 MP-6(1) FedRAMP_High_R4_MP-6(1) FedRAMP High MP-6 (1) Review / Approve / Track / Document / Verify FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_High_R4 MP-6(2) FedRAMP_High_R4_MP-6(2) FedRAMP High MP-6 (2) Equipment Testing FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance FedRAMP_High_R4 MP-6(2) FedRAMP_High_R4_MP-6(2) FedRAMP High MP-6 (2) Equipment Testing FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_High_R4 MP-7 FedRAMP_High_R4_MP-7 FedRAMP High MP-7 Media Use FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance FedRAMP_High_R4 MP-7 FedRAMP_High_R4_MP-7 FedRAMP High MP-7 Media Use FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance FedRAMP_High_R4 MP-7 FedRAMP_High_R4_MP-7 FedRAMP High MP-7 Media Use FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance FedRAMP_High_R4 MP-7 FedRAMP_High_R4_MP-7 FedRAMP High MP-7 Media Use FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance FedRAMP_High_R4 MP-7(1) FedRAMP_High_R4_MP-7(1) FedRAMP High MP-7 (1) Prohibit Use Without Owner FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance FedRAMP_High_R4 MP-7(1) FedRAMP_High_R4_MP-7(1) FedRAMP High MP-7 (1) Prohibit Use Without Owner FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_High_R4 MP-7(1) FedRAMP_High_R4_MP-7(1) FedRAMP High MP-7 (1) Prohibit Use Without Owner FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance FedRAMP_High_R4 MP-7(1) FedRAMP_High_R4_MP-7(1) FedRAMP High MP-7 (1) Prohibit Use Without Owner FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance FedRAMP_High_R4 PE-1 FedRAMP_High_R4_PE-1 FedRAMP High PE-1 Physical And Environmental Protection Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
aa892c0d-2c40-200c-0dd8-eac8c4748ede Employ automatic emergency lighting Regulatory Compliance FedRAMP_High_R4 PE-12 FedRAMP_High_R4_PE-12 FedRAMP High PE-12 Emergency Lighting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_High_R4 PE-13 FedRAMP_High_R4_PE-13 FedRAMP High PE-13 Fire Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_High_R4 PE-13(1) FedRAMP_High_R4_PE-13(1) FedRAMP High PE-13 (1) Detection Devices / Systems FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance FedRAMP_High_R4 PE-13(1) FedRAMP_High_R4_PE-13(1) FedRAMP High PE-13 (1) Detection Devices / Systems FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c2eabc28-1e5c-78a2-a712-7cc176c44c07 Implement a penetration testing methodology Regulatory Compliance FedRAMP_High_R4 PE-13(1) FedRAMP_High_R4_PE-13(1) FedRAMP High PE-13 (1) Detection Devices / Systems FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_High_R4 PE-13(2) FedRAMP_High_R4_PE-13(2) FedRAMP High PE-13 (2) Suppression Devices / Systems FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_High_R4 PE-13(3) FedRAMP_High_R4_PE-13(3) FedRAMP High PE-13 (3) Automatic Fire Suppression FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_High_R4 PE-14 FedRAMP_High_R4_PE-14 FedRAMP High PE-14 Temperature And Humidity Controls FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_High_R4 PE-14(2) FedRAMP_High_R4_PE-14(2) FedRAMP High PE-14 (2) Monitoring With Alarms / Notifications FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance FedRAMP_High_R4 PE-14(2) FedRAMP_High_R4_PE-14(2) FedRAMP High PE-14 (2) Monitoring With Alarms / Notifications FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_High_R4 PE-15 FedRAMP_High_R4_PE-15 FedRAMP High PE-15 Water Damage Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance FedRAMP_High_R4 PE-16 FedRAMP_High_R4_PE-16 FedRAMP High PE-16 Delivery And Removal FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
25a1f840-65d0-900a-43e4-bee253de04de Define requirements for managing assets Regulatory Compliance FedRAMP_High_R4 PE-16 FedRAMP_High_R4_PE-16 FedRAMP High PE-16 Delivery And Removal FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance FedRAMP_High_R4 PE-17 FedRAMP_High_R4_PE-17 FedRAMP High PE-17 Alternate Work Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_High_R4 PE-18 FedRAMP_High_R4_PE-18 FedRAMP High PE-18 Location Of Information System Components FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance FedRAMP_High_R4 PE-2 FedRAMP_High_R4_PE-2 FedRAMP High PE-2 Physical Access Authorizations FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance FedRAMP_High_R4 PE-3 FedRAMP_High_R4_PE-3 FedRAMP High PE-3 Physical Access Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance FedRAMP_High_R4 PE-3 FedRAMP_High_R4_PE-3 FedRAMP High PE-3 Physical Access Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance FedRAMP_High_R4 PE-3 FedRAMP_High_R4_PE-3 FedRAMP High PE-3 Physical Access Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_High_R4 PE-3 FedRAMP_High_R4_PE-3 FedRAMP High PE-3 Physical Access Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance FedRAMP_High_R4 PE-4 FedRAMP_High_R4_PE-4 FedRAMP High PE-4 Access Control For Transmission Medium FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_High_R4 PE-4 FedRAMP_High_R4_PE-4 FedRAMP High PE-4 Access Control For Transmission Medium FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance FedRAMP_High_R4 PE-5 FedRAMP_High_R4_PE-5 FedRAMP High PE-5 Access Control For Output Devices FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance FedRAMP_High_R4 PE-5 FedRAMP_High_R4_PE-5 FedRAMP High PE-5 Access Control For Output Devices FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_High_R4 PE-5 FedRAMP_High_R4_PE-5 FedRAMP High PE-5 Access Control For Output Devices FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance FedRAMP_High_R4 PE-6(1) FedRAMP_High_R4_PE-6(1) FedRAMP High PE-6 (1) Intrusion Alarms / Surveillance Equipment FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance FedRAMP_High_R4 PE-6(1) FedRAMP_High_R4_PE-6(1) FedRAMP High PE-6 (1) Intrusion Alarms / Surveillance Equipment FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_High_R4 PE-8 FedRAMP_High_R4_PE-8 FedRAMP High PE-8 Visitor Access Records FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance FedRAMP_High_R4 PE-8 FedRAMP_High_R4_PE-8 FedRAMP High PE-8 Visitor Access Records FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance FedRAMP_High_R4 PL-1 FedRAMP_High_R4_PL-1 FedRAMP High PL-1 Security Planning Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance FedRAMP_High_R4 PL-2 FedRAMP_High_R4_PL-2 FedRAMP High PL-2 System Security Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance FedRAMP_High_R4 PL-2 FedRAMP_High_R4_PL-2 FedRAMP High PL-2 System Security Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance FedRAMP_High_R4 PL-2 FedRAMP_High_R4_PL-2 FedRAMP High PL-2 System Security Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance FedRAMP_High_R4 PL-2 FedRAMP_High_R4_PL-2 FedRAMP High PL-2 System Security Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance FedRAMP_High_R4 PL-2 FedRAMP_High_R4_PL-2 FedRAMP High PL-2 System Security Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance FedRAMP_High_R4 PL-2 FedRAMP_High_R4_PL-2 FedRAMP High PL-2 System Security Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance FedRAMP_High_R4 PL-2(3) FedRAMP_High_R4_PL-2(3) FedRAMP High PL-2 (3) Plan / Coordinate With Other Organizational Entities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance FedRAMP_High_R4 PL-2(3) FedRAMP_High_R4_PL-2(3) FedRAMP High PL-2 (3) Plan / Coordinate With Other Organizational Entities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance FedRAMP_High_R4 PL-2(3) FedRAMP_High_R4_PL-2(3) FedRAMP High PL-2 (3) Plan / Coordinate With Other Organizational Entities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance FedRAMP_High_R4 PL-4 FedRAMP_High_R4_PL-4 FedRAMP High PL-4 Rules Of Behavior FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance FedRAMP_High_R4 PL-4 FedRAMP_High_R4_PL-4 FedRAMP High PL-4 Rules Of Behavior FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance FedRAMP_High_R4 PL-4 FedRAMP_High_R4_PL-4 FedRAMP High PL-4 Rules Of Behavior FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance FedRAMP_High_R4 PL-4 FedRAMP_High_R4_PL-4 FedRAMP High PL-4 Rules Of Behavior FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance FedRAMP_High_R4 PL-4 FedRAMP_High_R4_PL-4 FedRAMP High PL-4 Rules Of Behavior FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance FedRAMP_High_R4 PL-4 FedRAMP_High_R4_PL-4 FedRAMP High PL-4 Rules Of Behavior FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance FedRAMP_High_R4 PL-4 FedRAMP_High_R4_PL-4 FedRAMP High PL-4 Rules Of Behavior FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance FedRAMP_High_R4 PL-4 FedRAMP_High_R4_PL-4 FedRAMP High PL-4 Rules Of Behavior FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance FedRAMP_High_R4 PL-4 FedRAMP_High_R4_PL-4 FedRAMP High PL-4 Rules Of Behavior FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance FedRAMP_High_R4 PL-4(1) FedRAMP_High_R4_PL-4(1) FedRAMP High PL-4 (1) Social Media And Networking Restrictions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ced291b8-1d3d-7e27-40cf-829e9dd523c8 Review and update the information security architecture Regulatory Compliance FedRAMP_High_R4 PL-8 FedRAMP_High_R4_PL-8 FedRAMP High PL-8 Information Security Architecture FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e7422f08-65b4-50e4-3779-d793156e0079 Develop a concept of operations (CONOPS) Regulatory Compliance FedRAMP_High_R4 PL-8 FedRAMP_High_R4_PL-8 FedRAMP High PL-8 Information Security Architecture FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance FedRAMP_High_R4 PS-1 FedRAMP_High_R4_PS-1 FedRAMP High PS-1 Personnel Security Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b7897ddc-9716-2460-96f7-7757ad038cc4 Assign risk designations Regulatory Compliance FedRAMP_High_R4 PS-2 FedRAMP_High_R4_PS-2 FedRAMP High PS-2 Position Risk Designation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e0c480bf-0d68-a42d-4cbb-b60f851f8716 Implement personnel screening Regulatory Compliance FedRAMP_High_R4 PS-3 FedRAMP_High_R4_PS-3 FedRAMP High PS-3 Personnel Screening FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c6aeb800-0b19-944d-92dc-59b893722329 Rescreen individuals at a defined frequency Regulatory Compliance FedRAMP_High_R4 PS-3 FedRAMP_High_R4_PS-3 FedRAMP High PS-3 Personnel Screening FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c42f19c9-5d88-92da-0742-371a0ea03126 Clear personnel with access to classified information Regulatory Compliance FedRAMP_High_R4 PS-3 FedRAMP_High_R4_PS-3 FedRAMP High PS-3 Personnel Screening FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance FedRAMP_High_R4 PS-3(3) FedRAMP_High_R4_PS-3(3) FedRAMP High PS-3 (3) Information With Special Protection Measures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance FedRAMP_High_R4 PS-4 FedRAMP_High_R4_PS-4 FedRAMP High PS-4 Personnel Termination FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance FedRAMP_High_R4 PS-4 FedRAMP_High_R4_PS-4 FedRAMP High PS-4 Personnel Termination FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance FedRAMP_High_R4 PS-4 FedRAMP_High_R4_PS-4 FedRAMP High PS-4 Personnel Termination FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance FedRAMP_High_R4 PS-4 FedRAMP_High_R4_PS-4 FedRAMP High PS-4 Personnel Termination FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance FedRAMP_High_R4 PS-4 FedRAMP_High_R4_PS-4 FedRAMP High PS-4 Personnel Termination FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
729c8708-2bec-093c-8427-2e87d2cd426d Automate notification of employee termination Regulatory Compliance FedRAMP_High_R4 PS-4(2) FedRAMP_High_R4_PS-4(2) FedRAMP High PS-4 (2) Automated Notification FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance FedRAMP_High_R4 PS-5 FedRAMP_High_R4_PS-5 FedRAMP High PS-5 Personnel Transfer FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance FedRAMP_High_R4 PS-5 FedRAMP_High_R4_PS-5 FedRAMP High PS-5 Personnel Transfer FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance FedRAMP_High_R4 PS-5 FedRAMP_High_R4_PS-5 FedRAMP High PS-5 Personnel Transfer FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance FedRAMP_High_R4 PS-5 FedRAMP_High_R4_PS-5 FedRAMP High PS-5 Personnel Transfer FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c981fa70-2e58-8141-1457-e7f62ebc2ade Document organizational access agreements Regulatory Compliance FedRAMP_High_R4 PS-6 FedRAMP_High_R4_PS-6 FedRAMP High PS-6 Access Agreements FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e21f91d1-2803-0282-5f2d-26ebc4b170ef Update organizational access agreements Regulatory Compliance FedRAMP_High_R4 PS-6 FedRAMP_High_R4_PS-6 FedRAMP High PS-6 Access Agreements FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3af53f59-979f-24a8-540f-d7cdbc366607 Require users to sign access agreement Regulatory Compliance FedRAMP_High_R4 PS-6 FedRAMP_High_R4_PS-6 FedRAMP High PS-6 Access Agreements FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance FedRAMP_High_R4 PS-6 FedRAMP_High_R4_PS-6 FedRAMP High PS-6 Access Agreements FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e7589f4e-1e8b-72c2-3692-1e14d7f3699f Ensure access agreements are signed or resigned timely Regulatory Compliance FedRAMP_High_R4 PS-6 FedRAMP_High_R4_PS-6 FedRAMP High PS-6 Access Agreements FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance FedRAMP_High_R4 PS-7 FedRAMP_High_R4_PS-7 FedRAMP High PS-7 Third-Party Personnel Security FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance FedRAMP_High_R4 PS-7 FedRAMP_High_R4_PS-7 FedRAMP High PS-7 Third-Party Personnel Security FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance FedRAMP_High_R4 PS-7 FedRAMP_High_R4_PS-7 FedRAMP High PS-7 Third-Party Personnel Security FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance FedRAMP_High_R4 PS-7 FedRAMP_High_R4_PS-7 FedRAMP High PS-7 Third-Party Personnel Security FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
afd5d60a-48d2-8073-1ec2-6687e22f2ddd Require notification of third-party personnel transfer or termination Regulatory Compliance FedRAMP_High_R4 PS-7 FedRAMP_High_R4_PS-7 FedRAMP High PS-7 Third-Party Personnel Security FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process Regulatory Compliance FedRAMP_High_R4 PS-8 FedRAMP_High_R4_PS-8 FedRAMP High PS-8 Personnel Sanctions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions Regulatory Compliance FedRAMP_High_R4 PS-8 FedRAMP_High_R4_PS-8 FedRAMP High PS-8 Personnel Sanctions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance FedRAMP_High_R4 RA-1 FedRAMP_High_R4_RA-1 FedRAMP High RA-1 Risk Assessment Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6c79c3e5-5f7b-a48a-5c7b-8c158bc01115 Ensure security categorization is approved Regulatory Compliance FedRAMP_High_R4 RA-2 FedRAMP_High_R4_RA-2 FedRAMP High RA-2 Security Categorization FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
11ba0508-58a8-44de-5f3a-9e05d80571da Develop business classification schemes Regulatory Compliance FedRAMP_High_R4 RA-2 FedRAMP_High_R4_RA-2 FedRAMP High RA-2 Security Categorization FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
93fa357f-2e38-22a9-5138-8cc5124e1923 Categorize information Regulatory Compliance FedRAMP_High_R4 RA-2 FedRAMP_High_R4_RA-2 FedRAMP High RA-2 Security Categorization FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance FedRAMP_High_R4 RA-2 FedRAMP_High_R4_RA-2 FedRAMP High RA-2 Security Categorization FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance FedRAMP_High_R4 RA-3 FedRAMP_High_R4_RA-3 FedRAMP High RA-3 Risk Assessment FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance FedRAMP_High_R4 RA-3 FedRAMP_High_R4_RA-3 FedRAMP High RA-3 Risk Assessment FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance FedRAMP_High_R4 RA-3 FedRAMP_High_R4_RA-3 FedRAMP High RA-3 Risk Assessment FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance FedRAMP_High_R4 RA-3 FedRAMP_High_R4_RA-3 FedRAMP High RA-3 Risk Assessment FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_High_R4 RA-5(1) FedRAMP_High_R4_RA-5(1) FedRAMP High RA-5 (1) Update Tool Capability FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_High_R4 RA-5(1) FedRAMP_High_R4_RA-5(1) FedRAMP High RA-5 (1) Update Tool Capability FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance FedRAMP_High_R4 RA-5(10) FedRAMP_High_R4_RA-5(10) FedRAMP High RA-5 (10) Correlate Scanning Information FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_High_R4 RA-5(2) FedRAMP_High_R4_RA-5(2) FedRAMP High RA-5 (2) Update By Frequency / Prior To New Scan / When Identified FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_High_R4 RA-5(2) FedRAMP_High_R4_RA-5(2) FedRAMP High RA-5 (2) Update By Frequency / Prior To New Scan / When Identified FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_High_R4 RA-5(3) FedRAMP_High_R4_RA-5(3) FedRAMP High RA-5 (3) Breadth / Depth Of Coverage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_High_R4 RA-5(3) FedRAMP_High_R4_RA-5(3) FedRAMP High RA-5 (3) Breadth / Depth Of Coverage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d25cbded-121e-0ed6-1857-dc698c9095b1 Take action in response to customer information Regulatory Compliance FedRAMP_High_R4 RA-5(4) FedRAMP_High_R4_RA-5(4) FedRAMP High RA-5 (4) Discoverable Information FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5b802722-71dd-a13d-2e7e-231e09589efb Implement privileged access for executing vulnerability scanning activities Regulatory Compliance FedRAMP_High_R4 RA-5(5) FedRAMP_High_R4_RA-5(5) FedRAMP High RA-5 (5) Privileged Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_High_R4 RA-5(6) FedRAMP_High_R4_RA-5(6) FedRAMP High RA-5 (6) Automated Trend Analyses FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bf883b14-9c19-0f37-8825-5e39a8b66d5b Perform threat modeling Regulatory Compliance FedRAMP_High_R4 RA-5(6) FedRAMP_High_R4_RA-5(6) FedRAMP High RA-5 (6) Automated Trend Analyses FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ff136354-1c92-76dc-2dab-80fb7c6a9f1a Observe and report security weaknesses Regulatory Compliance FedRAMP_High_R4 RA-5(6) FedRAMP_High_R4_RA-5(6) FedRAMP High RA-5 (6) Automated Trend Analyses FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_High_R4 RA-5(6) FedRAMP_High_R4_RA-5(6) FedRAMP High RA-5 (6) Automated Trend Analyses FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance FedRAMP_High_R4 RA-5(6) FedRAMP_High_R4_RA-5(6) FedRAMP High RA-5 (6) Automated Trend Analyses FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance FedRAMP_High_R4 RA-5(8) FedRAMP_High_R4_RA-5(8) FedRAMP High RA-5 (8) Review Historic Audit Logs FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance FedRAMP_High_R4 RA-5(8) FedRAMP_High_R4_RA-5(8) FedRAMP High RA-5 (8) Review Historic Audit Logs FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance FedRAMP_High_R4 RA-5(8) FedRAMP_High_R4_RA-5(8) FedRAMP High RA-5 (8) Review Historic Audit Logs FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance FedRAMP_High_R4 RA-5(8) FedRAMP_High_R4_RA-5(8) FedRAMP High RA-5 (8) Review Historic Audit Logs FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance FedRAMP_High_R4 RA-5(8) FedRAMP_High_R4_RA-5(8) FedRAMP High RA-5 (8) Review Historic Audit Logs FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance FedRAMP_High_R4 RA-5(8) FedRAMP_High_R4_RA-5(8) FedRAMP High RA-5 (8) Review Historic Audit Logs FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance FedRAMP_High_R4 RA-5(8) FedRAMP_High_R4_RA-5(8) FedRAMP High RA-5 (8) Review Historic Audit Logs FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance FedRAMP_High_R4 RA-5(8) FedRAMP_High_R4_RA-5(8) FedRAMP High RA-5 (8) Review Historic Audit Logs FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance FedRAMP_High_R4 RA-5(8) FedRAMP_High_R4_RA-5(8) FedRAMP High RA-5 (8) Review Historic Audit Logs FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance FedRAMP_High_R4 RA-5(8) FedRAMP_High_R4_RA-5(8) FedRAMP High RA-5 (8) Review Historic Audit Logs FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance FedRAMP_High_R4 RA-5(8) FedRAMP_High_R4_RA-5(8) FedRAMP High RA-5 (8) Review Historic Audit Logs FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance FedRAMP_High_R4 RA-5(8) FedRAMP_High_R4_RA-5(8) FedRAMP High RA-5 (8) Review Historic Audit Logs FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance FedRAMP_High_R4 RA-5(8) FedRAMP_High_R4_RA-5(8) FedRAMP High RA-5 (8) Review Historic Audit Logs FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a30bd8e9-7064-312a-0e1f-e1b485d59f6e Review exploit protection events Regulatory Compliance FedRAMP_High_R4 RA-5(8) FedRAMP_High_R4_RA-5(8) FedRAMP High RA-5 (8) Review Historic Audit Logs FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance FedRAMP_High_R4 RA-5(8) FedRAMP_High_R4_RA-5(8) FedRAMP High RA-5 (8) Review Historic Audit Logs FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance FedRAMP_High_R4 SA-1 FedRAMP_High_R4_SA-1 FedRAMP High SA-1 System And Services Acquisition Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance FedRAMP_High_R4 SA-10 FedRAMP_High_R4_SA-10 FedRAMP High SA-10 Developer Configuration Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance FedRAMP_High_R4 SA-10 FedRAMP_High_R4_SA-10 FedRAMP High SA-10 Developer Configuration Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance FedRAMP_High_R4 SA-10 FedRAMP_High_R4_SA-10 FedRAMP High SA-10 Developer Configuration Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance FedRAMP_High_R4 SA-10 FedRAMP_High_R4_SA-10 FedRAMP High SA-10 Developer Configuration Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_High_R4 SA-10 FedRAMP_High_R4_SA-10 FedRAMP High SA-10 Developer Configuration Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_High_R4 SA-10 FedRAMP_High_R4_SA-10 FedRAMP High SA-10 Developer Configuration Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance FedRAMP_High_R4 SA-10 FedRAMP_High_R4_SA-10 FedRAMP High SA-10 Developer Configuration Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance FedRAMP_High_R4 SA-10 FedRAMP_High_R4_SA-10 FedRAMP High SA-10 Developer Configuration Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance FedRAMP_High_R4 SA-10 FedRAMP_High_R4_SA-10 FedRAMP High SA-10 Developer Configuration Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance FedRAMP_High_R4 SA-10(1) FedRAMP_High_R4_SA-10(1) FedRAMP High SA-10 (1) Software / Firmware Integrity Verification FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_High_R4 SA-11 FedRAMP_High_R4_SA-11 FedRAMP High SA-11 Developer Security Testing And Evaluation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f8a63511-66f1-503f-196d-d6217ee0823a Require developers to produce evidence of security assessment plan execution Regulatory Compliance FedRAMP_High_R4 SA-11 FedRAMP_High_R4_SA-11 FedRAMP High SA-11 Developer Security Testing And Evaluation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_High_R4 SA-11 FedRAMP_High_R4_SA-11 FedRAMP High SA-11 Developer Security Testing And Evaluation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance FedRAMP_High_R4 SA-12 FedRAMP_High_R4_SA-12 FedRAMP High SA-12 Supply Chain Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance FedRAMP_High_R4 SA-12 FedRAMP_High_R4_SA-12 FedRAMP High SA-12 Supply Chain Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance FedRAMP_High_R4 SA-12 FedRAMP_High_R4_SA-12 FedRAMP High SA-12 Supply Chain Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance FedRAMP_High_R4 SA-12 FedRAMP_High_R4_SA-12 FedRAMP High SA-12 Supply Chain Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 Review development process, standards and tools Regulatory Compliance FedRAMP_High_R4 SA-15 FedRAMP_High_R4_SA-15 FedRAMP High SA-15 Development Process, Standards, And Tools FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
676c3c35-3c36-612c-9523-36d266a65000 Require developers to provide training Regulatory Compliance FedRAMP_High_R4 SA-16 FedRAMP_High_R4_SA-16 FedRAMP High SA-16 Developer-Provided Training FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3e37c891-840c-3eb4-78d2-e2e0bb5063e0 Require developers to describe accurate security functionality Regulatory Compliance FedRAMP_High_R4 SA-17 FedRAMP_High_R4_SA-17 FedRAMP High SA-17 Developer Security Architecture And Design FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f131c8c5-a54a-4888-1efc-158928924bc1 Require developers to build security architecture Regulatory Compliance FedRAMP_High_R4 SA-17 FedRAMP_High_R4_SA-17 FedRAMP High SA-17 Developer Security Architecture And Design FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7a114735-a420-057d-a651-9a73cd0416ef Require developers to provide unified security protection approach Regulatory Compliance FedRAMP_High_R4 SA-17 FedRAMP_High_R4_SA-17 FedRAMP High SA-17 Developer Security Architecture And Design FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
06af77de-02ca-0f3e-838a-a9420fe466f5 Establish a discrete line item in budgeting documentation Regulatory Compliance FedRAMP_High_R4 SA-2 FedRAMP_High_R4_SA-2 FedRAMP High SA-2 Allocation Of Resources FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
90a156a6-49ed-18d1-1052-69aac27c05cd Allocate resources in determining information system requirements Regulatory Compliance FedRAMP_High_R4 SA-2 FedRAMP_High_R4_SA-2 FedRAMP High SA-2 Allocation Of Resources FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ab02bb73-4ce1-89dd-3905-d93042809ba0 Align business objectives and IT goals Regulatory Compliance FedRAMP_High_R4 SA-2 FedRAMP_High_R4_SA-2 FedRAMP High SA-2 Allocation Of Resources FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources Regulatory Compliance FedRAMP_High_R4 SA-2 FedRAMP_High_R4_SA-2 FedRAMP High SA-2 Allocation Of Resources FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership Regulatory Compliance FedRAMP_High_R4 SA-2 FedRAMP_High_R4_SA-2 FedRAMP High SA-2 Allocation Of Resources FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance FedRAMP_High_R4 SA-2 FedRAMP_High_R4_SA-2 FedRAMP High SA-2 Allocation Of Resources FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance FedRAMP_High_R4 SA-3 FedRAMP_High_R4_SA-3 FedRAMP High SA-3 System Development Life Cycle FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance FedRAMP_High_R4 SA-3 FedRAMP_High_R4_SA-3 FedRAMP High SA-3 System Development Life Cycle FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance FedRAMP_High_R4 SA-3 FedRAMP_High_R4_SA-3 FedRAMP High SA-3 System Development Life Cycle FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance FedRAMP_High_R4 SA-4 FedRAMP_High_R4_SA-4 FedRAMP High SA-4 Acquisition Process FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance FedRAMP_High_R4 SA-4 FedRAMP_High_R4_SA-4 FedRAMP High SA-4 Acquisition Process FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance FedRAMP_High_R4 SA-4 FedRAMP_High_R4_SA-4 FedRAMP High SA-4 Acquisition Process FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance FedRAMP_High_R4 SA-4 FedRAMP_High_R4_SA-4 FedRAMP High SA-4 Acquisition Process FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance FedRAMP_High_R4 SA-4 FedRAMP_High_R4_SA-4 FedRAMP High SA-4 Acquisition Process FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance FedRAMP_High_R4 SA-4 FedRAMP_High_R4_SA-4 FedRAMP High SA-4 Acquisition Process FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance FedRAMP_High_R4 SA-4 FedRAMP_High_R4_SA-4 FedRAMP High SA-4 Acquisition Process FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance FedRAMP_High_R4 SA-4 FedRAMP_High_R4_SA-4 FedRAMP High SA-4 Acquisition Process FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance FedRAMP_High_R4 SA-4 FedRAMP_High_R4_SA-4 FedRAMP High SA-4 Acquisition Process FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance FedRAMP_High_R4 SA-4 FedRAMP_High_R4_SA-4 FedRAMP High SA-4 Acquisition Process FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance FedRAMP_High_R4 SA-4 FedRAMP_High_R4_SA-4 FedRAMP High SA-4 Acquisition Process FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
44b71aa8-099d-8b97-1557-0e853ec38e0d Obtain functional properties of security controls Regulatory Compliance FedRAMP_High_R4 SA-4(1) FedRAMP_High_R4_SA-4(1) FedRAMP High SA-4 (1) Functional Properties Of Security Controls FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8b333332-6efd-7c0d-5a9f-d1eb95105214 Employ FIPS 201-approved technology for PIV Regulatory Compliance FedRAMP_High_R4 SA-4(10) FedRAMP_High_R4_SA-4(10) FedRAMP High SA-4 (10) Use Of Approved Piv Products FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
22a02c9a-49e4-5dc9-0d14-eb35ad717154 Obtain design and implementation information for the security controls Regulatory Compliance FedRAMP_High_R4 SA-4(2) FedRAMP_High_R4_SA-4(2) FedRAMP High SA-4 (2) Design / Implementation Information For Security Controls FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ca6d7878-3189-1833-4620-6c7254ed1607 Obtain continuous monitoring plan for security controls Regulatory Compliance FedRAMP_High_R4 SA-4(8) FedRAMP_High_R4_SA-4(8) FedRAMP High SA-4 (8) Continuous Monitoring Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f6da5cca-5795-60ff-49e1-4972567815fe Require developer to identify SDLC ports, protocols, and services Regulatory Compliance FedRAMP_High_R4 SA-4(9) FedRAMP_High_R4_SA-4(9) FedRAMP High SA-4 (9) Functions / Ports / Protocols / Services In Use FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
84a01872-5318-049e-061e-d56734183e84 Distribute information system documentation Regulatory Compliance FedRAMP_High_R4 SA-5 FedRAMP_High_R4_SA-5 FedRAMP High SA-5 Information System Documentation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
09960521-759e-5d12-086f-4192a72a5e92 Protect administrator and user documentation Regulatory Compliance FedRAMP_High_R4 SA-5 FedRAMP_High_R4_SA-5 FedRAMP High SA-5 Information System Documentation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8c44a0ea-9b09-4d9c-0e91-f9bee3d05bfb Document customer-defined actions Regulatory Compliance FedRAMP_High_R4 SA-5 FedRAMP_High_R4_SA-5 FedRAMP High SA-5 Information System Documentation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3f1216b0-30ee-1ac9-3899-63eb744e85f5 Obtain Admin documentation Regulatory Compliance FedRAMP_High_R4 SA-5 FedRAMP_High_R4_SA-5 FedRAMP High SA-5 Information System Documentation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
be1c34ab-295a-07a6-785c-36f63c1d223e Obtain user security function documentation Regulatory Compliance FedRAMP_High_R4 SA-5 FedRAMP_High_R4_SA-5 FedRAMP High SA-5 Information System Documentation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance FedRAMP_High_R4 SA-9 FedRAMP_High_R4_SA-9 FedRAMP High SA-9 External Information System Services FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance FedRAMP_High_R4 SA-9 FedRAMP_High_R4_SA-9 FedRAMP High SA-9 External Information System Services FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance FedRAMP_High_R4 SA-9 FedRAMP_High_R4_SA-9 FedRAMP High SA-9 External Information System Services FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance FedRAMP_High_R4 SA-9 FedRAMP_High_R4_SA-9 FedRAMP High SA-9 External Information System Services FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance FedRAMP_High_R4 SA-9(1) FedRAMP_High_R4_SA-9(1) FedRAMP High SA-9 (1) Risk Assessments / Organizational Approvals FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
92b94485-1c49-3350-9ada-dffe94f08e87 Obtain approvals for acquisitions and outsourcing Regulatory Compliance FedRAMP_High_R4 SA-9(1) FedRAMP_High_R4_SA-9(1) FedRAMP High SA-9 (1) Risk Assessments / Organizational Approvals FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance FedRAMP_High_R4 SA-9(2) FedRAMP_High_R4_SA-9(2) FedRAMP High SA-9 (2) Identification Of Functions / Ports / Protocols / Services FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3eabed6d-1912-2d3c-858b-f438d08d0412 Ensure external providers consistently meet interests of the customers Regulatory Compliance FedRAMP_High_R4 SA-9(4) FedRAMP_High_R4_SA-9(4) FedRAMP High SA-9 (4) Consistent Interests Of Consumers And Providers FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0040d2e5-2779-170d-6a2c-1f5fca353335 Restrict location of information processing, storage and services Regulatory Compliance FedRAMP_High_R4 SA-9(5) FedRAMP_High_R4_SA-9(5) FedRAMP High SA-9 (5) Processing, Storage, And Service Location FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance FedRAMP_High_R4 SC-1 FedRAMP_High_R4_SC-1 FedRAMP High SC-1 System And Communications Protection Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance FedRAMP_High_R4 SC-10 FedRAMP_High_R4_SC-10 FedRAMP High SC-10 Network Disconnect FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
970f84d8-71b6-4091-9979-ace7e3fb6dbb HPC Cache accounts should use customer-managed key for encryption Storage FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
51522a96-0869-4791-82f3-981000c2c67f Bot Service should be encrypted with a customer-managed key Bot Service FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5 Logic Apps Integration Service Environment should be encrypted with customer-managed keys Logic Apps FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
99e9ccd8-3db9-4592-b0d1-14b1715a4d8a Azure Batch account should use customer-managed keys to encrypt data Batch FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1f68a601-6e6d-4e42-babf-3f643a047ea2 Azure Monitor Logs clusters should be encrypted with customer-managed key Monitoring FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f7d52b2d-e161-4dfa-a82b-55e564167385 Azure Synapse workspaces should use customer-managed keys to encrypt data at rest Synapse FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys Kubernetes FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
702dd420-7fcc-42c5-afe8-4026edd20fe0 OS and data disks should be encrypted with a customer-managed key Compute FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a1ad735a-e96f-45d2-a7b2-9a4932cab7ec Event Hub namespaces should use a customer-managed key for encryption Event Hub FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4ec52d6d-beb7-40c4-9a9e-fe753254690e Azure data factories should be encrypted with a customer-managed key Data Factory FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
86efb160-8de7-451d-bc08-5d475b0aadae Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password Data Box FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Azure AI Services resources should encrypt data at rest with a customer-managed key (CMK) Cognitive Services FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fa298e57-9444-42ba-bf04-86e8470e32c7 Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption Monitoring FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6 Azure HDInsight clusters should use encryption at host to encrypt data at rest HDInsight FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
64d314f6-6062-4780-a861-c23e8951bee5 Azure HDInsight clusters should use customer-managed keys to encrypt data at rest HDInsight FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
295fc8b1-dc9f-4f53-9c61-3f313ceab40a Service Bus Premium namespaces should use a customer-managed key for encryption Service Bus FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3ad7f0bc-3d03-0585-4d24-529779bb02c2 Maintain availability of information Regulatory Compliance FedRAMP_High_R4 SC-12(1) FedRAMP_High_R4_SC-12(1) FedRAMP High SC-12 (1) Availability FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
16c54e01-9e65-7524-7c33-beda48a75779 Produce, control and distribute symmetric cryptographic keys Regulatory Compliance FedRAMP_High_R4 SC-12(2) FedRAMP_High_R4_SC-12(2) FedRAMP High SC-12 (2) Symmetric Keys FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance FedRAMP_High_R4 SC-12(3) FedRAMP_High_R4_SC-12(3) FedRAMP High SC-12 (3) Asymmetric Keys FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance FedRAMP_High_R4 SC-13 FedRAMP_High_R4_SC-13 FedRAMP High SC-13 Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
62fa14f0-4cbe-762d-5469-0899a99b98aa Explicitly notify use of collaborative computing devices Regulatory Compliance FedRAMP_High_R4 SC-15 FedRAMP_High_R4_SC-15 FedRAMP High SC-15 Collaborative Computing Devices FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
678ca228-042d-6d8e-a598-c58d5670437d Prohibit remote activation of collaborative computing devices Regulatory Compliance FedRAMP_High_R4 SC-15 FedRAMP_High_R4_SC-15 FedRAMP High SC-15 Collaborative Computing Devices FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance FedRAMP_High_R4 SC-17 FedRAMP_High_R4_SC-17 FedRAMP High SC-17 Public Key Infrastructure Certificates FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ffdaa742-0d6f-726f-3eac-6e6c34e36c93 Establish usage restrictions for mobile code technologies Regulatory Compliance FedRAMP_High_R4 SC-18 FedRAMP_High_R4_SC-18 FedRAMP High SC-18 Mobile Code FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance FedRAMP_High_R4 SC-18 FedRAMP_High_R4_SC-18 FedRAMP High SC-18 Mobile Code FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
291f20d4-8d93-1d73-89f3-6ce28b825563 Authorize, monitor, and control usage of mobile code technologies Regulatory Compliance FedRAMP_High_R4 SC-18 FedRAMP_High_R4_SC-18 FedRAMP High SC-18 Mobile Code FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance FedRAMP_High_R4 SC-19 FedRAMP_High_R4_SC-19 FedRAMP High SC-19 Voice Over Internet Protocol FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
68a39c2b-0f17-69ee-37a3-aa10f9853a08 Establish voip usage restrictions Regulatory Compliance FedRAMP_High_R4 SC-19 FedRAMP_High_R4_SC-19 FedRAMP High SC-19 Voice Over Internet Protocol FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance FedRAMP_High_R4 SC-2 FedRAMP_High_R4_SC-2 FedRAMP High SC-2 Application Partitioning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance FedRAMP_High_R4 SC-2 FedRAMP_High_R4_SC-2 FedRAMP High SC-2 Application Partitioning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance FedRAMP_High_R4 SC-2 FedRAMP_High_R4_SC-2 FedRAMP High SC-2 Application Partitioning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance FedRAMP_High_R4 SC-20 FedRAMP_High_R4_SC-20 FedRAMP High SC-20 Secure Name / Address Resolution Service (Authoritative Source) FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance FedRAMP_High_R4 SC-20 FedRAMP_High_R4_SC-20 FedRAMP High SC-20 Secure Name / Address Resolution Service (Authoritative Source) FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance FedRAMP_High_R4 SC-21 FedRAMP_High_R4_SC-21 FedRAMP High SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver) FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance FedRAMP_High_R4 SC-21 FedRAMP_High_R4_SC-21 FedRAMP High SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver) FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance FedRAMP_High_R4 SC-22 FedRAMP_High_R4_SC-22 FedRAMP High SC-22 Architecture And Provisioning For Name / Address Resolution Service FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance FedRAMP_High_R4 SC-23 FedRAMP_High_R4_SC-23 FedRAMP High SC-23 Session Authenticity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c7d57a6a-7cc2-66c0-299f-83bf90558f5d Enforce random unique session identifiers Regulatory Compliance FedRAMP_High_R4 SC-23 FedRAMP_High_R4_SC-23 FedRAMP High SC-23 Session Authenticity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
396f465d-375e-57de-58ba-021adb008191 Invalidate session identifiers at logout Regulatory Compliance FedRAMP_High_R4 SC-23(1) FedRAMP_High_R4_SC-23(1) FedRAMP High SC-23 (1) Invalidate Session Identifiers At Logout FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance FedRAMP_High_R4 SC-24 FedRAMP_High_R4_SC-24 FedRAMP High SC-24 Fail In Known State FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute FedRAMP_High_R4 SC-28 FedRAMP_High_R4_SC-28 FedRAMP High SC-28 Protection Of Information At Rest FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL FedRAMP_High_R4 SC-28 FedRAMP_High_R4_SC-28 FedRAMP High SC-28 Protection Of Information At Rest FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance FedRAMP_High_R4 SC-28 FedRAMP_High_R4_SC-28 FedRAMP High SC-28 Protection Of Information At Rest FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fb74e86f-d351-4b8d-b034-93da7391c01f App Service Environment should have internal encryption enabled App Service FedRAMP_High_R4 SC-28 FedRAMP_High_R4_SC-28 FedRAMP High SC-28 Protection Of Information At Rest FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
41425d9f-d1a5-499a-9932-f8ed8453932c Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host Kubernetes FedRAMP_High_R4 SC-28 FedRAMP_High_R4_SC-28 FedRAMP High SC-28 Protection Of Information At Rest FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance FedRAMP_High_R4 SC-28 FedRAMP_High_R4_SC-28 FedRAMP High SC-28 Protection Of Information At Rest FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric FedRAMP_High_R4 SC-28 FedRAMP_High_R4_SC-28 FedRAMP High SC-28 Protection Of Information At Rest FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Double encryption should be enabled on Azure Data Explorer Azure Data Explorer FedRAMP_High_R4 SC-28 FedRAMP_High_R4_SC-28 FedRAMP High SC-28 Protection Of Information At Rest FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c349d81b-9985-44ae-a8da-ff98d108ede8 Azure Data Box jobs should enable double encryption for data at rest on the device Data Box FedRAMP_High_R4 SC-28 FedRAMP_High_R4_SC-28 FedRAMP High SC-28 Protection Of Information At Rest FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation FedRAMP_High_R4 SC-28 FedRAMP_High_R4_SC-28 FedRAMP High SC-28 Protection Of Information At Rest FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b4ac1030-89c5-4697-8e00-28b5ba6a8811 Azure Stack Edge devices should use double-encryption Azure Stack Edge FedRAMP_High_R4 SC-28 FedRAMP_High_R4_SC-28 FedRAMP High SC-28 Protection Of Information At Rest FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ea0dfaed-95fb-448c-934e-d6e713ce393d Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) Monitoring FedRAMP_High_R4 SC-28 FedRAMP_High_R4_SC-28 FedRAMP High SC-28 Protection Of Information At Rest FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3a58212a-c829-4f13-9872-6371df2fd0b4 Infrastructure encryption should be enabled for Azure Database for MySQL servers SQL FedRAMP_High_R4 SC-28 FedRAMP_High_R4_SC-28 FedRAMP High SC-28 Protection Of Information At Rest FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL FedRAMP_High_R4 SC-28 FedRAMP_High_R4_SC-28 FedRAMP High SC-28 Protection Of Information At Rest FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage FedRAMP_High_R4 SC-28 FedRAMP_High_R4_SC-28 FedRAMP High SC-28 Protection Of Information At Rest FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer FedRAMP_High_R4 SC-28 FedRAMP_High_R4_SC-28 FedRAMP High SC-28 Protection Of Information At Rest FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_High_R4 SC-28(1) FedRAMP_High_R4_SC-28(1) FedRAMP High SC-28 (1) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric FedRAMP_High_R4 SC-28(1) FedRAMP_High_R4_SC-28(1) FedRAMP High SC-28 (1) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Double encryption should be enabled on Azure Data Explorer Azure Data Explorer FedRAMP_High_R4 SC-28(1) FedRAMP_High_R4_SC-28(1) FedRAMP High SC-28 (1) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c349d81b-9985-44ae-a8da-ff98d108ede8 Azure Data Box jobs should enable double encryption for data at rest on the device Data Box FedRAMP_High_R4 SC-28(1) FedRAMP_High_R4_SC-28(1) FedRAMP High SC-28 (1) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3a58212a-c829-4f13-9872-6371df2fd0b4 Infrastructure encryption should be enabled for Azure Database for MySQL servers SQL FedRAMP_High_R4 SC-28(1) FedRAMP_High_R4_SC-28(1) FedRAMP High SC-28 (1) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b4ac1030-89c5-4697-8e00-28b5ba6a8811 Azure Stack Edge devices should use double-encryption Azure Stack Edge FedRAMP_High_R4 SC-28(1) FedRAMP_High_R4_SC-28(1) FedRAMP High SC-28 (1) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance FedRAMP_High_R4 SC-28(1) FedRAMP_High_R4_SC-28(1) FedRAMP High SC-28 (1) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fb74e86f-d351-4b8d-b034-93da7391c01f App Service Environment should have internal encryption enabled App Service FedRAMP_High_R4 SC-28(1) FedRAMP_High_R4_SC-28(1) FedRAMP High SC-28 (1) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL FedRAMP_High_R4 SC-28(1) FedRAMP_High_R4_SC-28(1) FedRAMP High SC-28 (1) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute FedRAMP_High_R4 SC-28(1) FedRAMP_High_R4_SC-28(1) FedRAMP High SC-28 (1) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
41425d9f-d1a5-499a-9932-f8ed8453932c Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host Kubernetes FedRAMP_High_R4 SC-28(1) FedRAMP_High_R4_SC-28(1) FedRAMP High SC-28 (1) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer FedRAMP_High_R4 SC-28(1) FedRAMP_High_R4_SC-28(1) FedRAMP High SC-28 (1) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage FedRAMP_High_R4 SC-28(1) FedRAMP_High_R4_SC-28(1) FedRAMP High SC-28 (1) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation FedRAMP_High_R4 SC-28(1) FedRAMP_High_R4_SC-28(1) FedRAMP High SC-28 (1) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL FedRAMP_High_R4 SC-28(1) FedRAMP_High_R4_SC-28(1) FedRAMP High SC-28 (1) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ea0dfaed-95fb-448c-934e-d6e713ce393d Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) Monitoring FedRAMP_High_R4 SC-28(1) FedRAMP_High_R4_SC-28(1) FedRAMP High SC-28 (1) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration FedRAMP_High_R4 SC-3 FedRAMP_High_R4_SC-3 FedRAMP High SC-3 Security Function Isolation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_High_R4 SC-3 FedRAMP_High_R4_SC-3 FedRAMP High SC-3 Security Function Isolation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bfc540fe-376c-2eef-4355-121312fa4437 Maintain separate execution domains for running processes Regulatory Compliance FedRAMP_High_R4 SC-39 FedRAMP_High_R4_SC-39 FedRAMP High SC-39 Process Isolation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network FedRAMP_High_R4 SC-5 FedRAMP_High_R4_SC-5 FedRAMP High SC-5 Denial Of Service Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center FedRAMP_High_R4 SC-5 FedRAMP_High_R4_SC-5 FedRAMP High SC-5 Denial Of Service Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center FedRAMP_High_R4 SC-5 FedRAMP_High_R4_SC-5 FedRAMP High SC-5 Denial Of Service Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b7306e73-0494-83a2-31f5-280e934a8f70 Develop and document a DDoS response plan Regulatory Compliance FedRAMP_High_R4 SC-5 FedRAMP_High_R4_SC-5 FedRAMP High SC-5 Denial Of Service Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network FedRAMP_High_R4 SC-5 FedRAMP_High_R4_SC-5 FedRAMP High SC-5 Denial Of Service Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources Regulatory Compliance FedRAMP_High_R4 SC-6 FedRAMP_High_R4_SC-6 FedRAMP High SC-6 Resource Availability FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership Regulatory Compliance FedRAMP_High_R4 SC-6 FedRAMP_High_R4_SC-6 FedRAMP High SC-6 Resource Availability FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
edcc36f1-511b-81e0-7125-abee29752fe7 Manage availability and capacity Regulatory Compliance FedRAMP_High_R4 SC-6 FedRAMP_High_R4_SC-6 FedRAMP High SC-6 Resource Availability FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure AI Search services should disable public network access Search FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance FedRAMP_High_R4 SC-7(12) FedRAMP_High_R4_SC-7(12) FedRAMP High SC-7 (12) Host-Based Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
dd6d00a8-701a-5935-a22b-c7b9c0c698b2 Isolate SecurID systems, Security Incident Management systems Regulatory Compliance FedRAMP_High_R4 SC-7(13) FedRAMP_High_R4_SC-7(13) FedRAMP High SC-7 (13) Isolation Of Security Tools / Mechanisms / Support Components FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance FedRAMP_High_R4 SC-7(18) FedRAMP_High_R4_SC-7(18) FedRAMP High SC-7 (18) Fail Secure FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
df54d34f-65f3-39f1-103c-a0464b8615df Manage transfers between standby and active system components Regulatory Compliance FedRAMP_High_R4 SC-7(18) FedRAMP_High_R4_SC-7(18) FedRAMP High SC-7 (18) Fail Secure FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
83eea3d3-0d2c-9ccd-1021-2111b29b2a62 Ensure system capable of dynamic isolation of resources Regulatory Compliance FedRAMP_High_R4 SC-7(20) FedRAMP_High_R4_SC-7(20) FedRAMP High SC-7 (20) Dynamic Isolation / Segregation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance FedRAMP_High_R4 SC-7(21) FedRAMP_High_R4_SC-7(21) FedRAMP High SC-7 (21) Isolation Of Information System Components FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure AI Search services should disable public network access Search FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance FedRAMP_High_R4 SC-7(4) FedRAMP_High_R4_SC-7(4) FedRAMP High SC-7 (4) External Telecommunications Services FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance FedRAMP_High_R4 SC-7(4) FedRAMP_High_R4_SC-7(4) FedRAMP High SC-7 (4) External Telecommunications Services FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance FedRAMP_High_R4 SC-7(4) FedRAMP_High_R4_SC-7(4) FedRAMP High SC-7 (4) External Telecommunications Services FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance FedRAMP_High_R4 SC-7(7) FedRAMP_High_R4_SC-7(7) FedRAMP High SC-7 (7) Prevent Split Tunneling For Remote Devices FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d91558ce-5a5c-551b-8fbb-83f793255e09 Route traffic through authenticated proxy network Regulatory Compliance FedRAMP_High_R4 SC-7(8) FedRAMP_High_R4_SC-7(8) FedRAMP High SC-7 (8) Route Traffic To Authenticated Proxy Servers FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache FedRAMP_High_R4 SC-8 FedRAMP_High_R4_SC-8 FedRAMP High SC-8 Transmission Confidentiality And Integrity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance FedRAMP_High_R4 SC-8 FedRAMP_High_R4_SC-8 FedRAMP High SC-8 Transmission Confidentiality And Integrity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service FedRAMP_High_R4 SC-8 FedRAMP_High_R4_SC-8 FedRAMP High SC-8 Transmission Confidentiality And Integrity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage FedRAMP_High_R4 SC-8 FedRAMP_High_R4_SC-8 FedRAMP High SC-8 Transmission Confidentiality And Integrity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d9da03a1-f3c3-412a-9709-947156872263 Azure HDInsight clusters should use encryption in transit to encrypt communication between Azure HDInsight cluster nodes HDInsight FedRAMP_High_R4 SC-8 FedRAMP_High_R4_SC-8 FedRAMP High SC-8 Transmission Confidentiality And Integrity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration FedRAMP_High_R4 SC-8 FedRAMP_High_R4_SC-8 FedRAMP High SC-8 Transmission Confidentiality And Integrity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance FedRAMP_High_R4 SC-8 FedRAMP_High_R4_SC-8 FedRAMP High SC-8 Transmission Confidentiality And Integrity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service FedRAMP_High_R4 SC-8 FedRAMP_High_R4_SC-8 FedRAMP High SC-8 Transmission Confidentiality And Integrity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL FedRAMP_High_R4 SC-8 FedRAMP_High_R4_SC-8 FedRAMP High SC-8 Transmission Confidentiality And Integrity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service FedRAMP_High_R4 SC-8 FedRAMP_High_R4_SC-8 FedRAMP High SC-8 Transmission Confidentiality And Integrity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL FedRAMP_High_R4 SC-8 FedRAMP_High_R4_SC-8 FedRAMP High SC-8 Transmission Confidentiality And Integrity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service FedRAMP_High_R4 SC-8 FedRAMP_High_R4_SC-8 FedRAMP High SC-8 Transmission Confidentiality And Integrity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service FedRAMP_High_R4 SC-8 FedRAMP_High_R4_SC-8 FedRAMP High SC-8 Transmission Confidentiality And Integrity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service FedRAMP_High_R4 SC-8 FedRAMP_High_R4_SC-8 FedRAMP High SC-8 Transmission Confidentiality And Integrity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes FedRAMP_High_R4 SC-8 FedRAMP_High_R4_SC-8 FedRAMP High SC-8 Transmission Confidentiality And Integrity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL FedRAMP_High_R4 SC-8(1) FedRAMP_High_R4_SC-8(1) FedRAMP High SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL FedRAMP_High_R4 SC-8(1) FedRAMP_High_R4_SC-8(1) FedRAMP High SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service FedRAMP_High_R4 SC-8(1) FedRAMP_High_R4_SC-8(1) FedRAMP High SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service FedRAMP_High_R4 SC-8(1) FedRAMP_High_R4_SC-8(1) FedRAMP High SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance FedRAMP_High_R4 SC-8(1) FedRAMP_High_R4_SC-8(1) FedRAMP High SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service FedRAMP_High_R4 SC-8(1) FedRAMP_High_R4_SC-8(1) FedRAMP High SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service FedRAMP_High_R4 SC-8(1) FedRAMP_High_R4_SC-8(1) FedRAMP High SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration FedRAMP_High_R4 SC-8(1) FedRAMP_High_R4_SC-8(1) FedRAMP High SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes FedRAMP_High_R4 SC-8(1) FedRAMP_High_R4_SC-8(1) FedRAMP High SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d9da03a1-f3c3-412a-9709-947156872263 Azure HDInsight clusters should use encryption in transit to encrypt communication between Azure HDInsight cluster nodes HDInsight FedRAMP_High_R4 SC-8(1) FedRAMP_High_R4_SC-8(1) FedRAMP High SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service FedRAMP_High_R4 SC-8(1) FedRAMP_High_R4_SC-8(1) FedRAMP High SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache FedRAMP_High_R4 SC-8(1) FedRAMP_High_R4_SC-8(1) FedRAMP High SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage FedRAMP_High_R4 SC-8(1) FedRAMP_High_R4_SC-8(1) FedRAMP High SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service FedRAMP_High_R4 SC-8(1) FedRAMP_High_R4_SC-8(1) FedRAMP High SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance FedRAMP_High_R4 SI-1 FedRAMP_High_R4_SI-1 FedRAMP High SI-1 System And Information Integrity Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8b1f29eb-1b22-4217-5337-9207cb55231e Perform information input validation Regulatory Compliance FedRAMP_High_R4 SI-10 FedRAMP_High_R4_SI-10 FedRAMP High SI-10 Information Input Validation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
20762f1e-85fb-31b0-a600-e833633f10fe Reveal error messages Regulatory Compliance FedRAMP_High_R4 SI-11 FedRAMP_High_R4_SI-11 FedRAMP High SI-11 Error Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c2cb4658-44dc-9d11-3dad-7c6802dd5ba3 Generate error messages Regulatory Compliance FedRAMP_High_R4 SI-11 FedRAMP_High_R4_SI-11 FedRAMP High SI-11 Error Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance FedRAMP_High_R4 SI-12 FedRAMP_High_R4_SI-12 FedRAMP High SI-12 Information Handling And Retention FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance FedRAMP_High_R4 SI-12 FedRAMP_High_R4_SI-12 FedRAMP High SI-12 Information Handling And Retention FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance FedRAMP_High_R4 SI-12 FedRAMP_High_R4_SI-12 FedRAMP High SI-12 Information Handling And Retention FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_High_R4 SI-16 FedRAMP_High_R4_SI-16 FedRAMP High SI-16 Memory Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration FedRAMP_High_R4 SI-16 FedRAMP_High_R4_SI-16 FedRAMP High SI-16 Memory Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a90c4d44-7fac-8e02-6d5b-0d92046b20e6 Automate flaw remediation Regulatory Compliance FedRAMP_High_R4 SI-2(2) FedRAMP_High_R4_SI-2(2) FedRAMP High SI-2 (2) Automated Flaw Remediation Status FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_High_R4 SI-2(2) FedRAMP_High_R4_SI-2(2) FedRAMP High SI-2 (2) Automated Flaw Remediation Status FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
dd2523d5-2db3-642b-a1cf-83ac973b32c2 Establish benchmarks for flaw remediation Regulatory Compliance FedRAMP_High_R4 SI-2(3) FedRAMP_High_R4_SI-2(3) FedRAMP High SI-2 (3) Time To Remediate Flaws / Benchmarks For Corrective Actions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
dad1887d-161b-7b61-2e4d-5124a7b5724e Measure the time between flaw identification and flaw remediation Regulatory Compliance FedRAMP_High_R4 SI-2(3) FedRAMP_High_R4_SI-2(3) FedRAMP High SI-2 (3) Time To Remediate Flaws / Benchmarks For Corrective Actions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance FedRAMP_High_R4 SI-3 FedRAMP_High_R4_SI-3 FedRAMP High SI-3 Malicious Code Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance FedRAMP_High_R4 SI-3 FedRAMP_High_R4_SI-3 FedRAMP High SI-3 Malicious Code Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance FedRAMP_High_R4 SI-3 FedRAMP_High_R4_SI-3 FedRAMP High SI-3 Malicious Code Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_High_R4 SI-3 FedRAMP_High_R4_SI-3 FedRAMP High SI-3 Malicious Code Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance FedRAMP_High_R4 SI-3 FedRAMP_High_R4_SI-3 FedRAMP High SI-3 Malicious Code Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance FedRAMP_High_R4 SI-3 FedRAMP_High_R4_SI-3 FedRAMP High SI-3 Malicious Code Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration FedRAMP_High_R4 SI-3 FedRAMP_High_R4_SI-3 FedRAMP High SI-3 Malicious Code Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_High_R4 SI-3 FedRAMP_High_R4_SI-3 FedRAMP High SI-3 Malicious Code Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance FedRAMP_High_R4 SI-3 FedRAMP_High_R4_SI-3 FedRAMP High SI-3 Malicious Code Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance FedRAMP_High_R4 SI-3(1) FedRAMP_High_R4_SI-3(1) FedRAMP High SI-3 (1) Central Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_High_R4 SI-3(1) FedRAMP_High_R4_SI-3(1) FedRAMP High SI-3 (1) Central Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration FedRAMP_High_R4 SI-3(1) FedRAMP_High_R4_SI-3(1) FedRAMP High SI-3 (1) Central Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_High_R4 SI-3(1) FedRAMP_High_R4_SI-3(1) FedRAMP High SI-3 (1) Central Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance FedRAMP_High_R4 SI-3(1) FedRAMP_High_R4_SI-3(1) FedRAMP High SI-3 (1) Central Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance FedRAMP_High_R4 SI-3(1) FedRAMP_High_R4_SI-3(1) FedRAMP High SI-3 (1) Central Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance FedRAMP_High_R4 SI-3(1) FedRAMP_High_R4_SI-3(1) FedRAMP High SI-3 (1) Central Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance FedRAMP_High_R4 SI-3(1) FedRAMP_High_R4_SI-3(1) FedRAMP High SI-3 (1) Central Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance FedRAMP_High_R4 SI-3(2) FedRAMP_High_R4_SI-3(2) FedRAMP High SI-3 (2) Automatic Updates FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_High_R4 SI-3(2) FedRAMP_High_R4_SI-3(2) FedRAMP High SI-3 (2) Automatic Updates FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance FedRAMP_High_R4 SI-3(2) FedRAMP_High_R4_SI-3(2) FedRAMP High SI-3 (2) Automatic Updates FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance FedRAMP_High_R4 SI-3(2) FedRAMP_High_R4_SI-3(2) FedRAMP High SI-3 (2) Automatic Updates FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance FedRAMP_High_R4 SI-3(2) FedRAMP_High_R4_SI-3(2) FedRAMP High SI-3 (2) Automatic Updates FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance FedRAMP_High_R4 SI-3(2) FedRAMP_High_R4_SI-3(2) FedRAMP High SI-3 (2) Automatic Updates FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_High_R4 SI-3(7) FedRAMP_High_R4_SI-3(7) FedRAMP High SI-3 (7) Nonsignature-Based Detection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance FedRAMP_High_R4 SI-3(7) FedRAMP_High_R4_SI-3(7) FedRAMP High SI-3 (7) Nonsignature-Based Detection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance FedRAMP_High_R4 SI-3(7) FedRAMP_High_R4_SI-3(7) FedRAMP High SI-3 (7) Nonsignature-Based Detection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance FedRAMP_High_R4 SI-3(7) FedRAMP_High_R4_SI-3(7) FedRAMP High SI-3 (7) Nonsignature-Based Detection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance FedRAMP_High_R4 SI-3(7) FedRAMP_High_R4_SI-3(7) FedRAMP High SI-3 (7) Nonsignature-Based Detection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance FedRAMP_High_R4 SI-3(7) FedRAMP_High_R4_SI-3(7) FedRAMP High SI-3 (7) Nonsignature-Based Detection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d9af7f88-686a-5a8b-704b-eafdab278977 Obtain legal opinion for monitoring system activities Regulatory Compliance FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7fc1f0da-0050-19bb-3d75-81ae15940df6 Provide monitoring information as needed Regulatory Compliance FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls Regulatory Compliance FedRAMP_High_R4 SI-4(14) FedRAMP_High_R4_SI-4(14) FedRAMP High SI-4 (14) Wireless Intrusion Detection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance FedRAMP_High_R4 SI-4(2) FedRAMP_High_R4_SI-4(2) FedRAMP High SI-4 (2) Automated Tools For Real-Time Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance FedRAMP_High_R4 SI-4(2) FedRAMP_High_R4_SI-4(2) FedRAMP High SI-4 (2) Automated Tools For Real-Time Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance FedRAMP_High_R4 SI-4(22) FedRAMP_High_R4_SI-4(22) FedRAMP High SI-4 (22) Unauthorized Network Services FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
07b42fb5-027e-5a3c-4915-9d9ef3020ec7 Discover any indicators of compromise Regulatory Compliance FedRAMP_High_R4 SI-4(24) FedRAMP_High_R4_SI-4(24) FedRAMP High SI-4 (24) Indicators Of Compromise FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance FedRAMP_High_R4 SI-4(4) FedRAMP_High_R4_SI-4(4) FedRAMP High SI-4 (4) Inbound And Outbound Communications Traffic FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance FedRAMP_High_R4 SI-4(4) FedRAMP_High_R4_SI-4(4) FedRAMP High SI-4 (4) Inbound And Outbound Communications Traffic FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance FedRAMP_High_R4 SI-4(4) FedRAMP_High_R4_SI-4(4) FedRAMP High SI-4 (4) Inbound And Outbound Communications Traffic FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance FedRAMP_High_R4 SI-4(4) FedRAMP_High_R4_SI-4(4) FedRAMP High SI-4 (4) Inbound And Outbound Communications Traffic FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance FedRAMP_High_R4 SI-4(5) FedRAMP_High_R4_SI-4(5) FedRAMP High SI-4 (5) System-Generated Alerts FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance FedRAMP_High_R4 SI-4(5) FedRAMP_High_R4_SI-4(5) FedRAMP High SI-4 (5) System-Generated Alerts FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance FedRAMP_High_R4 SI-4(5) FedRAMP_High_R4_SI-4(5) FedRAMP High SI-4 (5) System-Generated Alerts FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b0e3035d-6366-2e37-796e-8bcab9c649e6 Establish a threat intelligence program Regulatory Compliance FedRAMP_High_R4 SI-5 FedRAMP_High_R4_SI-5 FedRAMP High SI-5 Security Alerts, Advisories, And Directives FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
26d178a4-9261-6f04-a100-47ed85314c6e Implement security directives Regulatory Compliance FedRAMP_High_R4 SI-5 FedRAMP_High_R4_SI-5 FedRAMP High SI-5 Security Alerts, Advisories, And Directives FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Disseminate security alerts to personnel Regulatory Compliance FedRAMP_High_R4 SI-5 FedRAMP_High_R4_SI-5 FedRAMP High SI-5 Security Alerts, Advisories, And Directives FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
171e377b-5224-4a97-1eaa-62a3b5231dac Generate internal security alerts Regulatory Compliance FedRAMP_High_R4 SI-5 FedRAMP_High_R4_SI-5 FedRAMP High SI-5 Security Alerts, Advisories, And Directives FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b8689b2e-4308-a58b-a0b4-6f3343a000df Use automated mechanisms for security alerts Regulatory Compliance FedRAMP_High_R4 SI-5(1) FedRAMP_High_R4_SI-5(1) FedRAMP High SI-5 (1) Automated Alerts And Advisories FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ece8bb17-4080-5127-915f-dc7267ee8549 Verify security functions Regulatory Compliance FedRAMP_High_R4 SI-6 FedRAMP_High_R4_SI-6 FedRAMP High SI-6 Security Function Verification FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f30edfad-4e1d-1eef-27ee-9292d6d89842 Perform security function verification at a defined frequency Regulatory Compliance FedRAMP_High_R4 SI-6 FedRAMP_High_R4_SI-6 FedRAMP High SI-6 Security Function Verification FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
18e9d748-73d4-0c96-55ab-b108bfbd5bc3 Notify personnel of any failed security verification tests Regulatory Compliance FedRAMP_High_R4 SI-6 FedRAMP_High_R4_SI-6 FedRAMP High SI-6 Security Function Verification FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2 Create alternative actions for identified anomalies Regulatory Compliance FedRAMP_High_R4 SI-6 FedRAMP_High_R4_SI-6 FedRAMP High SI-6 Security Function Verification FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance FedRAMP_High_R4 SI-7 FedRAMP_High_R4_SI-7 FedRAMP High SI-7 Software, Firmware, And Information Integrity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance FedRAMP_High_R4 SI-7(1) FedRAMP_High_R4_SI-7(1) FedRAMP High SI-7 (1) Integrity Checks FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance FedRAMP_High_R4 SI-7(1) FedRAMP_High_R4_SI-7(1) FedRAMP High SI-7 (1) Integrity Checks FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8e920169-739d-40b5-3f99-c4d855327bb2 Prohibit binary/machine-executable code Regulatory Compliance FedRAMP_High_R4 SI-7(14) FedRAMP_High_R4_SI-7(14) FedRAMP High SI-7 (14) Binary Or Machine Executable Code FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Employ automatic shutdown/restart when violations are detected Regulatory Compliance FedRAMP_High_R4 SI-7(5) FedRAMP_High_R4_SI-7(5) FedRAMP High SI-7 (5) Automated Response To Integrity Violations FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 AC-1 FedRAMP_Moderate_R4_AC-1 FedRAMP Moderate AC-1 Access Control Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance FedRAMP_Moderate_R4 AC-1 FedRAMP_Moderate_R4_AC-1 FedRAMP Moderate AC-1 Access Control Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 AC-1 FedRAMP_Moderate_R4_AC-1 FedRAMP Moderate AC-1 Access Control Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 AC-1 FedRAMP_Moderate_R4_AC-1 FedRAMP Moderate AC-1 Access Control Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d8350d4c-9314-400b-288f-20ddfce04fbd Define and enforce the limit of concurrent sessions Regulatory Compliance FedRAMP_Moderate_R4 AC-10 FedRAMP_Moderate_R4_AC-10 FedRAMP Moderate AC-10 Concurrent Session Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance FedRAMP_Moderate_R4 AC-12 FedRAMP_Moderate_R4_AC-12 FedRAMP Moderate AC-12 Session Termination FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication Regulatory Compliance FedRAMP_Moderate_R4 AC-14 FedRAMP_Moderate_R4_AC-14 FedRAMP Moderate AC-14 Permitted Actions Without Identification Or Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance FedRAMP_Moderate_R4 AC-17(2) FedRAMP_Moderate_R4_AC-17(2) FedRAMP Moderate AC-17 (2) Protection Of Confidentiality / Integrity Using Encryption FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance FedRAMP_Moderate_R4 AC-17(2) FedRAMP_Moderate_R4_AC-17(2) FedRAMP Moderate AC-17 (2) Protection Of Confidentiality / Integrity Using Encryption FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance FedRAMP_Moderate_R4 AC-17(3) FedRAMP_Moderate_R4_AC-17(3) FedRAMP Moderate AC-17 (3) Managed Access Control Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance FedRAMP_Moderate_R4 AC-17(4) FedRAMP_Moderate_R4_AC-17(4) FedRAMP Moderate AC-17 (4) Privileged Commands / Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
01c387ea-383d-4ca9-295a-977fab516b03 Authorize remote access to privileged commands Regulatory Compliance FedRAMP_Moderate_R4 AC-17(4) FedRAMP_Moderate_R4_AC-17(4) FedRAMP Moderate AC-17 (4) Privileged Commands / Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance FedRAMP_Moderate_R4 AC-17(4) FedRAMP_Moderate_R4_AC-17(4) FedRAMP Moderate AC-17 (4) Privileged Commands / Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance FedRAMP_Moderate_R4 AC-17(4) FedRAMP_Moderate_R4_AC-17(4) FedRAMP Moderate AC-17 (4) Privileged Commands / Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance FedRAMP_Moderate_R4 AC-17(4) FedRAMP_Moderate_R4_AC-17(4) FedRAMP Moderate AC-17 (4) Privileged Commands / Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4edaca8c-0912-1ac5-9eaa-6a1057740fae Provide capability to disconnect or disable remote access Regulatory Compliance FedRAMP_Moderate_R4 AC-17(9) FedRAMP_Moderate_R4_AC-17(9) FedRAMP Moderate AC-17 (9) Disconnect / Disable Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance FedRAMP_Moderate_R4 AC-18 FedRAMP_Moderate_R4_AC-18 FedRAMP Moderate AC-18 Wireless Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance FedRAMP_Moderate_R4 AC-18 FedRAMP_Moderate_R4_AC-18 FedRAMP Moderate AC-18 Wireless Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance FedRAMP_Moderate_R4 AC-18(1) FedRAMP_Moderate_R4_AC-18(1) FedRAMP Moderate AC-18 (1) Authentication And Encryption FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance FedRAMP_Moderate_R4 AC-18(1) FedRAMP_Moderate_R4_AC-18(1) FedRAMP Moderate AC-18 (1) Authentication And Encryption FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance FedRAMP_Moderate_R4 AC-18(1) FedRAMP_Moderate_R4_AC-18(1) FedRAMP Moderate AC-18 (1) Authentication And Encryption FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance FedRAMP_Moderate_R4 AC-19 FedRAMP_Moderate_R4_AC-19 FedRAMP Moderate AC-19 Access Control For Mobile Devices FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance FedRAMP_Moderate_R4 AC-19(5) FedRAMP_Moderate_R4_AC-19(5) FedRAMP Moderate AC-19 (5) Full Device / Container-Based Encryption FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance FedRAMP_Moderate_R4 AC-19(5) FedRAMP_Moderate_R4_AC-19(5) FedRAMP Moderate AC-19 (5) Full Device / Container-Based Encryption FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts Regulatory Compliance FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services FedRAMP_Moderate_R4 AC-2(1) FedRAMP_Moderate_R4_AC-2(1) FedRAMP Moderate AC-2 (1) Automated System Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL FedRAMP_Moderate_R4 AC-2(1) FedRAMP_Moderate_R4_AC-2(1) FedRAMP Moderate AC-2 (1) Automated System Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance FedRAMP_Moderate_R4 AC-2(1) FedRAMP_Moderate_R4_AC-2(1) FedRAMP Moderate AC-2 (1) Automated System Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance FedRAMP_Moderate_R4 AC-2(1) FedRAMP_Moderate_R4_AC-2(1) FedRAMP Moderate AC-2 (1) Automated System Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance FedRAMP_Moderate_R4 AC-2(1) FedRAMP_Moderate_R4_AC-2(1) FedRAMP Moderate AC-2 (1) Automated System Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric FedRAMP_Moderate_R4 AC-2(1) FedRAMP_Moderate_R4_AC-2(1) FedRAMP Moderate AC-2 (1) Automated System Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance FedRAMP_Moderate_R4 AC-2(1) FedRAMP_Moderate_R4_AC-2(1) FedRAMP Moderate AC-2 (1) Automated System Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
76d66b5c-85e4-93f5-96a5-ebb2fad61dc6 Terminate customer controlled account credentials Regulatory Compliance FedRAMP_Moderate_R4 AC-2(10) FedRAMP_Moderate_R4_AC-2(10) FedRAMP Moderate AC-2 (10) Shared / Group Account Credential Termination FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_Moderate_R4 AC-2(12) FedRAMP_Moderate_R4_AC-2(12) FedRAMP Moderate AC-2 (12) Account Monitoring / Atypical Usage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_Moderate_R4 AC-2(12) FedRAMP_Moderate_R4_AC-2(12) FedRAMP Moderate AC-2 (12) Account Monitoring / Atypical Usage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes FedRAMP_Moderate_R4 AC-2(12) FedRAMP_Moderate_R4_AC-2(12) FedRAMP Moderate AC-2 (12) Account Monitoring / Atypical Usage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_Moderate_R4 AC-2(12) FedRAMP_Moderate_R4_AC-2(12) FedRAMP Moderate AC-2 (12) Account Monitoring / Atypical Usage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_Moderate_R4 AC-2(12) FedRAMP_Moderate_R4_AC-2(12) FedRAMP Moderate AC-2 (12) Account Monitoring / Atypical Usage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e4054c0e-1184-09e6-4c5e-701e0bc90f81 Report atypical behavior of user accounts Regulatory Compliance FedRAMP_Moderate_R4 AC-2(12) FedRAMP_Moderate_R4_AC-2(12) FedRAMP Moderate AC-2 (12) Account Monitoring / Atypical Usage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_Moderate_R4 AC-2(12) FedRAMP_Moderate_R4_AC-2(12) FedRAMP Moderate AC-2 (12) Account Monitoring / Atypical Usage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_Moderate_R4 AC-2(12) FedRAMP_Moderate_R4_AC-2(12) FedRAMP Moderate AC-2 (12) Account Monitoring / Atypical Usage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_Moderate_R4 AC-2(12) FedRAMP_Moderate_R4_AC-2(12) FedRAMP Moderate AC-2 (12) Account Monitoring / Atypical Usage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center FedRAMP_Moderate_R4 AC-2(12) FedRAMP_Moderate_R4_AC-2(12) FedRAMP Moderate AC-2 (12) Account Monitoring / Atypical Usage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_Moderate_R4 AC-2(12) FedRAMP_Moderate_R4_AC-2(12) FedRAMP Moderate AC-2 (12) Account Monitoring / Atypical Usage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_Moderate_R4 AC-2(12) FedRAMP_Moderate_R4_AC-2(12) FedRAMP Moderate AC-2 (12) Account Monitoring / Atypical Usage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance FedRAMP_Moderate_R4 AC-2(12) FedRAMP_Moderate_R4_AC-2(12) FedRAMP Moderate AC-2 (12) Account Monitoring / Atypical Usage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance FedRAMP_Moderate_R4 AC-2(3) FedRAMP_Moderate_R4_AC-2(3) FedRAMP Moderate AC-2 (3) Disable Inactive Accounts FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance FedRAMP_Moderate_R4 AC-2(3) FedRAMP_Moderate_R4_AC-2(3) FedRAMP Moderate AC-2 (3) Disable Inactive Accounts FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance FedRAMP_Moderate_R4 AC-2(4) FedRAMP_Moderate_R4_AC-2(4) FedRAMP Moderate AC-2 (4) Automated Audit Actions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance FedRAMP_Moderate_R4 AC-2(4) FedRAMP_Moderate_R4_AC-2(4) FedRAMP Moderate AC-2 (4) Automated Audit Actions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance FedRAMP_Moderate_R4 AC-2(4) FedRAMP_Moderate_R4_AC-2(4) FedRAMP Moderate AC-2 (4) Automated Audit Actions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance FedRAMP_Moderate_R4 AC-2(4) FedRAMP_Moderate_R4_AC-2(4) FedRAMP Moderate AC-2 (4) Automated Audit Actions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance FedRAMP_Moderate_R4 AC-2(4) FedRAMP_Moderate_R4_AC-2(4) FedRAMP Moderate AC-2 (4) Automated Audit Actions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2af4640d-11a6-a64b-5ceb-a468f4341c0c Define and enforce inactivity log policy Regulatory Compliance FedRAMP_Moderate_R4 AC-2(5) FedRAMP_Moderate_R4_AC-2(5) FedRAMP Moderate AC-2 (5) Inactivity Logout FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance FedRAMP_Moderate_R4 AC-2(7) FedRAMP_Moderate_R4_AC-2(7) FedRAMP Moderate AC-2 (7) Role-Based Schemes FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance FedRAMP_Moderate_R4 AC-2(7) FedRAMP_Moderate_R4_AC-2(7) FedRAMP Moderate AC-2 (7) Role-Based Schemes FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance FedRAMP_Moderate_R4 AC-2(7) FedRAMP_Moderate_R4_AC-2(7) FedRAMP Moderate AC-2 (7) Role-Based Schemes FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance FedRAMP_Moderate_R4 AC-2(7) FedRAMP_Moderate_R4_AC-2(7) FedRAMP Moderate AC-2 (7) Role-Based Schemes FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General FedRAMP_Moderate_R4 AC-2(7) FedRAMP_Moderate_R4_AC-2(7) FedRAMP Moderate AC-2 (7) Role-Based Schemes FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL FedRAMP_Moderate_R4 AC-2(7) FedRAMP_Moderate_R4_AC-2(7) FedRAMP Moderate AC-2 (7) Role-Based Schemes FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services FedRAMP_Moderate_R4 AC-2(7) FedRAMP_Moderate_R4_AC-2(7) FedRAMP Moderate AC-2 (7) Role-Based Schemes FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric FedRAMP_Moderate_R4 AC-2(7) FedRAMP_Moderate_R4_AC-2(7) FedRAMP Moderate AC-2 (7) Role-Based Schemes FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance FedRAMP_Moderate_R4 AC-2(7) FedRAMP_Moderate_R4_AC-2(7) FedRAMP Moderate AC-2 (7) Role-Based Schemes FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance FedRAMP_Moderate_R4 AC-2(7) FedRAMP_Moderate_R4_AC-2(7) FedRAMP Moderate AC-2 (7) Role-Based Schemes FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts Regulatory Compliance FedRAMP_Moderate_R4 AC-2(9) FedRAMP_Moderate_R4_AC-2(9) FedRAMP Moderate AC-2 (9) Restrictions On Use Of Shared Groups / Accounts FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance FedRAMP_Moderate_R4 AC-20 FedRAMP_Moderate_R4_AC-20 FedRAMP Moderate AC-20 Use Of External Information Systems FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance FedRAMP_Moderate_R4 AC-20 FedRAMP_Moderate_R4_AC-20 FedRAMP Moderate AC-20 Use Of External Information Systems FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance FedRAMP_Moderate_R4 AC-20(1) FedRAMP_Moderate_R4_AC-20(1) FedRAMP Moderate AC-20 (1) Limits On Authorized Use FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_Moderate_R4 AC-20(2) FedRAMP_Moderate_R4_AC-20(2) FedRAMP Moderate AC-20 (2) Portable Storage Devices FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance FedRAMP_Moderate_R4 AC-20(2) FedRAMP_Moderate_R4_AC-20(2) FedRAMP Moderate AC-20 (2) Portable Storage Devices FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance FedRAMP_Moderate_R4 AC-20(2) FedRAMP_Moderate_R4_AC-20(2) FedRAMP Moderate AC-20 (2) Portable Storage Devices FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e54901fe-42c2-7f3b-3c5f-327aa5320a69 Automate information sharing decisions Regulatory Compliance FedRAMP_Moderate_R4 AC-21 FedRAMP_Moderate_R4_AC-21 FedRAMP Moderate AC-21 Information Sharing FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a44c9fba-43f8-4b7b-7ee6-db52c96b4366 Facilitate information sharing Regulatory Compliance FedRAMP_Moderate_R4 AC-21 FedRAMP_Moderate_R4_AC-21 FedRAMP Moderate AC-21 Information Sharing FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information Regulatory Compliance FedRAMP_Moderate_R4 AC-22 FedRAMP_Moderate_R4_AC-22 FedRAMP Moderate AC-22 Publicly Accessible Content FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b4512986-80f5-1656-0c58-08866bd2673a Designate authorized personnel to post publicly accessible information Regulatory Compliance FedRAMP_Moderate_R4 AC-22 FedRAMP_Moderate_R4_AC-22 FedRAMP Moderate AC-22 Publicly Accessible Content FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9e3c505e-7aeb-2096-3417-b132242731fc Review content prior to posting publicly accessible information Regulatory Compliance FedRAMP_Moderate_R4 AC-22 FedRAMP_Moderate_R4_AC-22 FedRAMP Moderate AC-22 Publicly Accessible Content FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b5244f81-6cab-3188-2412-179162294996 Review publicly accessible content for nonpublic information Regulatory Compliance FedRAMP_Moderate_R4 AC-22 FedRAMP_Moderate_R4_AC-22 FedRAMP Moderate AC-22 Publicly Accessible Content FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure AI Search services should disable public network access Search FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance FedRAMP_Moderate_R4 AC-4(21) FedRAMP_Moderate_R4_AC-4(21) FedRAMP Moderate AC-4 (21) Physical / Logical Separation Of Information Flows FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance FedRAMP_Moderate_R4 AC-4(21) FedRAMP_Moderate_R4_AC-4(21) FedRAMP Moderate AC-4 (21) Physical / Logical Separation Of Information Flows FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance FedRAMP_Moderate_R4 AC-4(21) FedRAMP_Moderate_R4_AC-4(21) FedRAMP Moderate AC-4 (21) Physical / Logical Separation Of Information Flows FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance FedRAMP_Moderate_R4 AC-4(21) FedRAMP_Moderate_R4_AC-4(21) FedRAMP Moderate AC-4 (21) Physical / Logical Separation Of Information Flows FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance FedRAMP_Moderate_R4 AC-5 FedRAMP_Moderate_R4_AC-5 FedRAMP Moderate AC-5 Separation Of Duties FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance FedRAMP_Moderate_R4 AC-5 FedRAMP_Moderate_R4_AC-5 FedRAMP Moderate AC-5 Separation Of Duties FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance FedRAMP_Moderate_R4 AC-5 FedRAMP_Moderate_R4_AC-5 FedRAMP Moderate AC-5 Separation Of Duties FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center FedRAMP_Moderate_R4 AC-5 FedRAMP_Moderate_R4_AC-5 FedRAMP Moderate AC-5 Separation Of Duties FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance FedRAMP_Moderate_R4 AC-6 FedRAMP_Moderate_R4_AC-6 FedRAMP Moderate AC-6 Least Privilege FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance FedRAMP_Moderate_R4 AC-6 FedRAMP_Moderate_R4_AC-6 FedRAMP Moderate AC-6 Least Privilege FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center FedRAMP_Moderate_R4 AC-6 FedRAMP_Moderate_R4_AC-6 FedRAMP Moderate AC-6 Least Privilege FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General FedRAMP_Moderate_R4 AC-6 FedRAMP_Moderate_R4_AC-6 FedRAMP Moderate AC-6 Least Privilege FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance FedRAMP_Moderate_R4 AC-6(1) FedRAMP_Moderate_R4_AC-6(1) FedRAMP Moderate AC-6 (1) Authorize Access To Security Functions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance FedRAMP_Moderate_R4 AC-6(1) FedRAMP_Moderate_R4_AC-6(1) FedRAMP Moderate AC-6 (1) Authorize Access To Security Functions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance FedRAMP_Moderate_R4 AC-6(1) FedRAMP_Moderate_R4_AC-6(1) FedRAMP Moderate AC-6 (1) Authorize Access To Security Functions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance FedRAMP_Moderate_R4 AC-6(5) FedRAMP_Moderate_R4_AC-6(5) FedRAMP Moderate AC-6 (5) Privileged Accounts FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance FedRAMP_Moderate_R4 AC-6(9) FedRAMP_Moderate_R4_AC-6(9) FedRAMP Moderate AC-6 (9) Auditing Use Of Privileged Functions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance FedRAMP_Moderate_R4 AC-6(9) FedRAMP_Moderate_R4_AC-6(9) FedRAMP Moderate AC-6 (9) Auditing Use Of Privileged Functions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance FedRAMP_Moderate_R4 AC-6(9) FedRAMP_Moderate_R4_AC-6(9) FedRAMP Moderate AC-6 (9) Auditing Use Of Privileged Functions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance FedRAMP_Moderate_R4 AC-6(9) FedRAMP_Moderate_R4_AC-6(9) FedRAMP Moderate AC-6 (9) Auditing Use Of Privileged Functions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance FedRAMP_Moderate_R4 AC-6(9) FedRAMP_Moderate_R4_AC-6(9) FedRAMP Moderate AC-6 (9) Auditing Use Of Privileged Functions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance FedRAMP_Moderate_R4 AC-6(9) FedRAMP_Moderate_R4_AC-6(9) FedRAMP Moderate AC-6 (9) Auditing Use Of Privileged Functions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b4409bff-2287-8407-05fd-c73175a68302 Enforce a limit of consecutive failed login attempts Regulatory Compliance FedRAMP_Moderate_R4 AC-7 FedRAMP_Moderate_R4_AC-7 FedRAMP Moderate AC-7 Unsuccessful Logon Attempts FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance FedRAMP_Moderate_R4 AT-1 FedRAMP_Moderate_R4_AT-1 FedRAMP Moderate AT-1 Security Awareness And Training Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance FedRAMP_Moderate_R4 AT-1 FedRAMP_Moderate_R4_AT-1 FedRAMP Moderate AT-1 Security Awareness And Training Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance FedRAMP_Moderate_R4 AT-2 FedRAMP_Moderate_R4_AT-2 FedRAMP Moderate AT-2 Security Awareness Training FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance FedRAMP_Moderate_R4 AT-2 FedRAMP_Moderate_R4_AT-2 FedRAMP Moderate AT-2 Security Awareness Training FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance FedRAMP_Moderate_R4 AT-2 FedRAMP_Moderate_R4_AT-2 FedRAMP Moderate AT-2 Security Awareness Training FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats Regulatory Compliance FedRAMP_Moderate_R4 AT-2(2) FedRAMP_Moderate_R4_AT-2(2) FedRAMP Moderate AT-2 (2) Insider Threat FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance FedRAMP_Moderate_R4 AT-3 FedRAMP_Moderate_R4_AT-3 FedRAMP Moderate AT-3 Role-Based Security Training FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance FedRAMP_Moderate_R4 AT-3 FedRAMP_Moderate_R4_AT-3 FedRAMP Moderate AT-3 Role-Based Security Training FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance FedRAMP_Moderate_R4 AT-3 FedRAMP_Moderate_R4_AT-3 FedRAMP Moderate AT-3 Role-Based Security Training FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3153d9c0-2584-14d3-362d-578b01358aeb Retain training records Regulatory Compliance FedRAMP_Moderate_R4 AT-4 FedRAMP_Moderate_R4_AT-4 FedRAMP Moderate AT-4 Security Training Records FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance FedRAMP_Moderate_R4 AT-4 FedRAMP_Moderate_R4_AT-4 FedRAMP Moderate AT-4 Security Training Records FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance FedRAMP_Moderate_R4 AT-4 FedRAMP_Moderate_R4_AT-4 FedRAMP Moderate AT-4 Security Training Records FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 AU-1 FedRAMP_Moderate_R4_AU-1 FedRAMP Moderate AU-1 Audit And Accountability Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance FedRAMP_Moderate_R4 AU-1 FedRAMP_Moderate_R4_AU-1 FedRAMP Moderate AU-1 Audit And Accountability Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 AU-1 FedRAMP_Moderate_R4_AU-1 FedRAMP Moderate AU-1 Audit And Accountability Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 AU-1 FedRAMP_Moderate_R4_AU-1 FedRAMP Moderate AU-1 Audit And Accountability Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL FedRAMP_Moderate_R4 AU-11 FedRAMP_Moderate_R4_AU-11 FedRAMP Moderate AU-11 Audit Record Retention FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance FedRAMP_Moderate_R4 AU-11 FedRAMP_Moderate_R4_AU-11 FedRAMP Moderate AU-11 Audit Record Retention FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 AU-11 FedRAMP_Moderate_R4_AU-11 FedRAMP Moderate AU-11 Audit Record Retention FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance FedRAMP_Moderate_R4 AU-11 FedRAMP_Moderate_R4_AU-11 FedRAMP Moderate AU-11 Audit Record Retention FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance FedRAMP_Moderate_R4 AU-2 FedRAMP_Moderate_R4_AU-2 FedRAMP Moderate AU-2 Audit Events FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a930f477-9dcb-2113-8aa7-45bb6fc90861 Review and update the events defined in AU-02 Regulatory Compliance FedRAMP_Moderate_R4 AU-2(3) FedRAMP_Moderate_R4_AU-2(3) FedRAMP Moderate AU-2 (3) Reviews And Updates FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance FedRAMP_Moderate_R4 AU-3 FedRAMP_Moderate_R4_AU-3 FedRAMP Moderate AU-3 Content Of Audit Records FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance FedRAMP_Moderate_R4 AU-3(1) FedRAMP_Moderate_R4_AU-3(1) FedRAMP Moderate AU-3 (1) Additional Audit Information FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance FedRAMP_Moderate_R4 AU-4 FedRAMP_Moderate_R4_AU-4 FedRAMP Moderate AU-4 Audit Storage Capacity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance FedRAMP_Moderate_R4 AU-5 FedRAMP_Moderate_R4_AU-5 FedRAMP Moderate AU-5 Response To Audit Processing Failures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance FedRAMP_Moderate_R4 AU-6(1) FedRAMP_Moderate_R4_AU-6(1) FedRAMP Moderate AU-6 (1) Process Integration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance FedRAMP_Moderate_R4 AU-6(1) FedRAMP_Moderate_R4_AU-6(1) FedRAMP Moderate AU-6 (1) Process Integration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance FedRAMP_Moderate_R4 AU-6(1) FedRAMP_Moderate_R4_AU-6(1) FedRAMP Moderate AU-6 (1) Process Integration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance FedRAMP_Moderate_R4 AU-6(1) FedRAMP_Moderate_R4_AU-6(1) FedRAMP Moderate AU-6 (1) Process Integration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance FedRAMP_Moderate_R4 AU-6(1) FedRAMP_Moderate_R4_AU-6(1) FedRAMP Moderate AU-6 (1) Process Integration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance FedRAMP_Moderate_R4 AU-6(1) FedRAMP_Moderate_R4_AU-6(1) FedRAMP Moderate AU-6 (1) Process Integration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance FedRAMP_Moderate_R4 AU-6(1) FedRAMP_Moderate_R4_AU-6(1) FedRAMP Moderate AU-6 (1) Process Integration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance FedRAMP_Moderate_R4 AU-6(1) FedRAMP_Moderate_R4_AU-6(1) FedRAMP Moderate AU-6 (1) Process Integration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance FedRAMP_Moderate_R4 AU-6(1) FedRAMP_Moderate_R4_AU-6(1) FedRAMP Moderate AU-6 (1) Process Integration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance FedRAMP_Moderate_R4 AU-6(1) FedRAMP_Moderate_R4_AU-6(1) FedRAMP Moderate AU-6 (1) Process Integration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance FedRAMP_Moderate_R4 AU-6(1) FedRAMP_Moderate_R4_AU-6(1) FedRAMP Moderate AU-6 (1) Process Integration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance FedRAMP_Moderate_R4 AU-6(3) FedRAMP_Moderate_R4_AU-6(3) FedRAMP Moderate AU-6 (3) Correlate Audit Repositories FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance FedRAMP_Moderate_R4 AU-6(3) FedRAMP_Moderate_R4_AU-6(3) FedRAMP Moderate AU-6 (3) Correlate Audit Repositories FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
44f8a42d-739f-8030-89a8-4c2d5b3f6af3 Provide audit review, analysis, and reporting capability Regulatory Compliance FedRAMP_Moderate_R4 AU-7 FedRAMP_Moderate_R4_AU-7 FedRAMP Moderate AU-7 Audit Reduction And Report Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
27ce30dd-3d56-8b54-6144-e26d9a37a541 Ensure audit records are not altered Regulatory Compliance FedRAMP_Moderate_R4 AU-7 FedRAMP_Moderate_R4_AU-7 FedRAMP Moderate AU-7 Audit Reduction And Report Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
21633c09-804e-7fcd-78e3-635c6bfe2be7 Provide capability to process customer-controlled audit records Regulatory Compliance FedRAMP_Moderate_R4 AU-7(1) FedRAMP_Moderate_R4_AU-7(1) FedRAMP Moderate AU-7 (1) Automatic Processing FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1ee4c7eb-480a-0007-77ff-4ba370776266 Use system clocks for audit records Regulatory Compliance FedRAMP_Moderate_R4 AU-8 FedRAMP_Moderate_R4_AU-8 FedRAMP Moderate AU-8 Time Stamps FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1ee4c7eb-480a-0007-77ff-4ba370776266 Use system clocks for audit records Regulatory Compliance FedRAMP_Moderate_R4 AU-8(1) FedRAMP_Moderate_R4_AU-8(1) FedRAMP Moderate AU-8 (1) Synchronization With Authoritative Time Source FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance FedRAMP_Moderate_R4 AU-9 FedRAMP_Moderate_R4_AU-9 FedRAMP Moderate AU-9 Protection Of Audit Information FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance FedRAMP_Moderate_R4 AU-9 FedRAMP_Moderate_R4_AU-9 FedRAMP Moderate AU-9 Protection Of Audit Information FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 AU-9(2) FedRAMP_Moderate_R4_AU-9(2) FedRAMP Moderate AU-9 (2) Audit Backup On Separate Physical Systems / Components FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance FedRAMP_Moderate_R4 AU-9(4) FedRAMP_Moderate_R4_AU-9(4) FedRAMP Moderate AU-9 (4) Access By Subset Of Privileged Users FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 CA-1 FedRAMP_Moderate_R4_CA-1 FedRAMP Moderate CA-1 Security Assessment And Authorization Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance FedRAMP_Moderate_R4 CA-2 FedRAMP_Moderate_R4_CA-2 FedRAMP Moderate CA-2 Security Assessments FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance FedRAMP_Moderate_R4 CA-2 FedRAMP_Moderate_R4_CA-2 FedRAMP Moderate CA-2 Security Assessments FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance FedRAMP_Moderate_R4 CA-2 FedRAMP_Moderate_R4_CA-2 FedRAMP Moderate CA-2 Security Assessments FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance FedRAMP_Moderate_R4 CA-2 FedRAMP_Moderate_R4_CA-2 FedRAMP Moderate CA-2 Security Assessments FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b65c5d8e-9043-9612-2c17-65f231d763bb Employ independent assessors to conduct security control assessments Regulatory Compliance FedRAMP_Moderate_R4 CA-2(1) FedRAMP_Moderate_R4_CA-2(1) FedRAMP Moderate CA-2 (1) Independent Assessors FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f78fc35e-1268-0bca-a798-afcba9d2330a Select additional testing for security control assessments Regulatory Compliance FedRAMP_Moderate_R4 CA-2(2) FedRAMP_Moderate_R4_CA-2(2) FedRAMP Moderate CA-2 (2) Specialized Assessments FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3054c74b-9b45-2581-56cf-053a1a716c39 Accept assessment results Regulatory Compliance FedRAMP_Moderate_R4 CA-2(3) FedRAMP_Moderate_R4_CA-2(3) FedRAMP Moderate CA-2 (3) External Organizations FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance FedRAMP_Moderate_R4 CA-3 FedRAMP_Moderate_R4_CA-3 FedRAMP Moderate CA-3 System Interconnections FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance FedRAMP_Moderate_R4 CA-3 FedRAMP_Moderate_R4_CA-3 FedRAMP Moderate CA-3 System Interconnections FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance FedRAMP_Moderate_R4 CA-3(3) FedRAMP_Moderate_R4_CA-3(3) FedRAMP Moderate CA-3 (3) Unclassified Non-National Security System Connections FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
80029bc5-834f-3a9c-a2d8-acbc1aab4e9f Employ restrictions on external system interconnections Regulatory Compliance FedRAMP_Moderate_R4 CA-3(5) FedRAMP_Moderate_R4_CA-3(5) FedRAMP Moderate CA-3 (5) Restrictions On External System Connections FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance FedRAMP_Moderate_R4 CA-5 FedRAMP_Moderate_R4_CA-5 FedRAMP Moderate CA-5 Plan Of Action And Milestones FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance FedRAMP_Moderate_R4 CA-5 FedRAMP_Moderate_R4_CA-5 FedRAMP Moderate CA-5 Plan Of Action And Milestones FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e29a8f1b-149b-2fa3-969d-ebee1baa9472 Assign an authorizing official (AO) Regulatory Compliance FedRAMP_Moderate_R4 CA-6 FedRAMP_Moderate_R4_CA-6 FedRAMP Moderate CA-6 Security Authorization FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0716f0f5-4955-2ccb-8d5e-c6be14d57c0f Ensure resources are authorized Regulatory Compliance FedRAMP_Moderate_R4 CA-6 FedRAMP_Moderate_R4_CA-6 FedRAMP Moderate CA-6 Security Authorization FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
449ebb52-945b-36e5-3446-af6f33770f8f Update the security authorization Regulatory Compliance FedRAMP_Moderate_R4 CA-6 FedRAMP_Moderate_R4_CA-6 FedRAMP Moderate CA-6 Security Authorization FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance FedRAMP_Moderate_R4 CA-7 FedRAMP_Moderate_R4_CA-7 FedRAMP Moderate CA-7 Continuous Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance FedRAMP_Moderate_R4 CA-7 FedRAMP_Moderate_R4_CA-7 FedRAMP Moderate CA-7 Continuous Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance FedRAMP_Moderate_R4 CA-7 FedRAMP_Moderate_R4_CA-7 FedRAMP Moderate CA-7 Continuous Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3baee3fd-30f5-882c-018c-cc78703a0106 Employ independent assessors for continuous monitoring Regulatory Compliance FedRAMP_Moderate_R4 CA-7(1) FedRAMP_Moderate_R4_CA-7(1) FedRAMP Moderate CA-7 (1) Independent Assessment FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
611ebc63-8600-50b6-a0e3-fef272457132 Employ independent team for penetration testing Regulatory Compliance FedRAMP_Moderate_R4 CA-8(1) FedRAMP_Moderate_R4_CA-8(1) FedRAMP Moderate CA-8 (1) Independent Penetration Agent Or Team FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance FedRAMP_Moderate_R4 CA-9 FedRAMP_Moderate_R4_CA-9 FedRAMP Moderate CA-9 Internal System Connections FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 CM-1 FedRAMP_Moderate_R4_CM-1 FedRAMP Moderate CM-1 Configuration Management Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
725164e5-3b21-1ec2-7e42-14f077862841 Require compliance with intellectual property rights Regulatory Compliance FedRAMP_Moderate_R4 CM-10 FedRAMP_Moderate_R4_CM-10 FedRAMP Moderate CM-10 Software Usage Restrictions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
77cc89bb-774f-48d7-8a84-fb8c322c3000 Track software license usage Regulatory Compliance FedRAMP_Moderate_R4 CM-10 FedRAMP_Moderate_R4_CM-10 FedRAMP Moderate CM-10 Software Usage Restrictions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
08c11b48-8745-034d-1c1b-a144feec73b9 Restrict use of open source software Regulatory Compliance FedRAMP_Moderate_R4 CM-10(1) FedRAMP_Moderate_R4_CM-10(1) FedRAMP Moderate CM-10 (1) Open Source Software FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance FedRAMP_Moderate_R4 CM-2 FedRAMP_Moderate_R4_CM-2 FedRAMP Moderate CM-2 Baseline Configuration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance FedRAMP_Moderate_R4 CM-2 FedRAMP_Moderate_R4_CM-2 FedRAMP Moderate CM-2 Baseline Configuration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance FedRAMP_Moderate_R4 CM-2 FedRAMP_Moderate_R4_CM-2 FedRAMP Moderate CM-2 Baseline Configuration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance FedRAMP_Moderate_R4 CM-2 FedRAMP_Moderate_R4_CM-2 FedRAMP Moderate CM-2 Baseline Configuration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance FedRAMP_Moderate_R4 CM-2 FedRAMP_Moderate_R4_CM-2 FedRAMP Moderate CM-2 Baseline Configuration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance FedRAMP_Moderate_R4 CM-2 FedRAMP_Moderate_R4_CM-2 FedRAMP Moderate CM-2 Baseline Configuration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance FedRAMP_Moderate_R4 CM-2(2) FedRAMP_Moderate_R4_CM-2(2) FedRAMP Moderate CM-2 (2) Automation Support For Accuracy / Currency FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance FedRAMP_Moderate_R4 CM-2(2) FedRAMP_Moderate_R4_CM-2(2) FedRAMP Moderate CM-2 (2) Automation Support For Accuracy / Currency FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance FedRAMP_Moderate_R4 CM-2(2) FedRAMP_Moderate_R4_CM-2(2) FedRAMP Moderate CM-2 (2) Automation Support For Accuracy / Currency FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance FedRAMP_Moderate_R4 CM-2(2) FedRAMP_Moderate_R4_CM-2(2) FedRAMP Moderate CM-2 (2) Automation Support For Accuracy / Currency FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance FedRAMP_Moderate_R4 CM-2(2) FedRAMP_Moderate_R4_CM-2(2) FedRAMP Moderate CM-2 (2) Automation Support For Accuracy / Currency FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance FedRAMP_Moderate_R4 CM-2(2) FedRAMP_Moderate_R4_CM-2(2) FedRAMP Moderate CM-2 (2) Automation Support For Accuracy / Currency FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5e4e9685-3818-5934-0071-2620c4fa2ca5 Retain previous versions of baseline configs Regulatory Compliance FedRAMP_Moderate_R4 CM-2(3) FedRAMP_Moderate_R4_CM-2(3) FedRAMP Moderate CM-2 (3) Retention Of Previous Configurations FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals Regulatory Compliance FedRAMP_Moderate_R4 CM-2(7) FedRAMP_Moderate_R4_CM-2(7) FedRAMP Moderate CM-2 (7) Configure Systems, Components, Or Devices For High-Risk Areas FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return Regulatory Compliance FedRAMP_Moderate_R4 CM-2(7) FedRAMP_Moderate_R4_CM-2(7) FedRAMP Moderate CM-2 (7) Configure Systems, Components, Or Devices For High-Risk Areas FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance FedRAMP_Moderate_R4 CM-3 FedRAMP_Moderate_R4_CM-3 FedRAMP Moderate CM-3 Configuration Change Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance FedRAMP_Moderate_R4 CM-3 FedRAMP_Moderate_R4_CM-3 FedRAMP Moderate CM-3 Configuration Change Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance FedRAMP_Moderate_R4 CM-3 FedRAMP_Moderate_R4_CM-3 FedRAMP Moderate CM-3 Configuration Change Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance FedRAMP_Moderate_R4 CM-3 FedRAMP_Moderate_R4_CM-3 FedRAMP Moderate CM-3 Configuration Change Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance FedRAMP_Moderate_R4 CM-3 FedRAMP_Moderate_R4_CM-3 FedRAMP Moderate CM-3 Configuration Change Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance FedRAMP_Moderate_R4 CM-3 FedRAMP_Moderate_R4_CM-3 FedRAMP Moderate CM-3 Configuration Change Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance FedRAMP_Moderate_R4 CM-3 FedRAMP_Moderate_R4_CM-3 FedRAMP Moderate CM-3 Configuration Change Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance FedRAMP_Moderate_R4 CM-3 FedRAMP_Moderate_R4_CM-3 FedRAMP Moderate CM-3 Configuration Change Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance FedRAMP_Moderate_R4 CM-4 FedRAMP_Moderate_R4_CM-4 FedRAMP Moderate CM-4 Security Impact Analysis FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance FedRAMP_Moderate_R4 CM-4 FedRAMP_Moderate_R4_CM-4 FedRAMP Moderate CM-4 Security Impact Analysis FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance FedRAMP_Moderate_R4 CM-4 FedRAMP_Moderate_R4_CM-4 FedRAMP Moderate CM-4 Security Impact Analysis FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance FedRAMP_Moderate_R4 CM-4 FedRAMP_Moderate_R4_CM-4 FedRAMP Moderate CM-4 Security Impact Analysis FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance FedRAMP_Moderate_R4 CM-4 FedRAMP_Moderate_R4_CM-4 FedRAMP Moderate CM-4 Security Impact Analysis FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance FedRAMP_Moderate_R4 CM-4 FedRAMP_Moderate_R4_CM-4 FedRAMP Moderate CM-4 Security Impact Analysis FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance FedRAMP_Moderate_R4 CM-4 FedRAMP_Moderate_R4_CM-4 FedRAMP Moderate CM-4 Security Impact Analysis FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance FedRAMP_Moderate_R4 CM-4 FedRAMP_Moderate_R4_CM-4 FedRAMP Moderate CM-4 Security Impact Analysis FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance FedRAMP_Moderate_R4 CM-5 FedRAMP_Moderate_R4_CM-5 FedRAMP Moderate CM-5 Access Restrictions For Change FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8cd815bf-97e1-5144-0735-11f6ddb50a59 Enforce and audit access restrictions Regulatory Compliance FedRAMP_Moderate_R4 CM-5(1) FedRAMP_Moderate_R4_CM-5(1) FedRAMP Moderate CM-5 (1) Automated Access Enforcement / Auditing FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4ee5975d-2507-5530-a20a-83a725889c6f Restrict unauthorized software and firmware installation Regulatory Compliance FedRAMP_Moderate_R4 CM-5(3) FedRAMP_Moderate_R4_CM-5(3) FedRAMP Moderate CM-5 (3) Signed Components FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges Regulatory Compliance FedRAMP_Moderate_R4 CM-5(5) FedRAMP_Moderate_R4_CM-5(5) FedRAMP Moderate CM-5 (5) Limit Production / Operational Privileges FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance FedRAMP_Moderate_R4 CM-5(5) FedRAMP_Moderate_R4_CM-5(5) FedRAMP Moderate CM-5 (5) Limit Production / Operational Privileges FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Kubernetes FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Kubernetes FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Kubernetes FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance FedRAMP_Moderate_R4 CM-6(1) FedRAMP_Moderate_R4_CM-6(1) FedRAMP Moderate CM-6 (1) Automated Central Management / Application / Verification FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance FedRAMP_Moderate_R4 CM-6(1) FedRAMP_Moderate_R4_CM-6(1) FedRAMP Moderate CM-6 (1) Automated Central Management / Application / Verification FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers Regulatory Compliance FedRAMP_Moderate_R4 CM-6(1) FedRAMP_Moderate_R4_CM-6(1) FedRAMP Moderate CM-6 (1) Automated Central Management / Application / Verification FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_Moderate_R4 CM-7 FedRAMP_Moderate_R4_CM-7 FedRAMP Moderate CM-7 Least Functionality FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance FedRAMP_Moderate_R4 CM-8 FedRAMP_Moderate_R4_CM-8 FedRAMP Moderate CM-8 Information System Component Inventory FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance FedRAMP_Moderate_R4 CM-8 FedRAMP_Moderate_R4_CM-8 FedRAMP Moderate CM-8 Information System Component Inventory FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance FedRAMP_Moderate_R4 CM-8(1) FedRAMP_Moderate_R4_CM-8(1) FedRAMP Moderate CM-8 (1) Updates During Installations / Removals FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance FedRAMP_Moderate_R4 CM-8(1) FedRAMP_Moderate_R4_CM-8(1) FedRAMP Moderate CM-8 (1) Updates During Installations / Removals FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance FedRAMP_Moderate_R4 CM-8(3) FedRAMP_Moderate_R4_CM-8(3) FedRAMP Moderate CM-8 (3) Automated Unauthorized Component Detection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices Regulatory Compliance FedRAMP_Moderate_R4 CM-8(3) FedRAMP_Moderate_R4_CM-8(3) FedRAMP Moderate CM-8 (3) Automated Unauthorized Component Detection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance FedRAMP_Moderate_R4 CM-9 FedRAMP_Moderate_R4_CM-9 FedRAMP Moderate CM-9 Configuration Management Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance FedRAMP_Moderate_R4 CM-9 FedRAMP_Moderate_R4_CM-9 FedRAMP Moderate CM-9 Configuration Management Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance FedRAMP_Moderate_R4 CM-9 FedRAMP_Moderate_R4_CM-9 FedRAMP Moderate CM-9 Configuration Management Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
874a6f2e-2098-53bc-3a16-20dcdc425a7e Create configuration plan protection Regulatory Compliance FedRAMP_Moderate_R4 CM-9 FedRAMP_Moderate_R4_CM-9 FedRAMP Moderate CM-9 Configuration Management Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
836f8406-3b8a-11bb-12cb-6c7fa0765668 Develop configuration item identification plan Regulatory Compliance FedRAMP_Moderate_R4 CM-9 FedRAMP_Moderate_R4_CM-9 FedRAMP Moderate CM-9 Configuration Management Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance FedRAMP_Moderate_R4 CM-9 FedRAMP_Moderate_R4_CM-9 FedRAMP Moderate CM-9 Configuration Management Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 CP-1 FedRAMP_Moderate_R4_CP-1 FedRAMP Moderate CP-1 Contingency Planning Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f33c3238-11d2-508c-877c-4262ec1132e1 Recover and reconstitute resources after any disruption Regulatory Compliance FedRAMP_Moderate_R4 CP-10 FedRAMP_Moderate_R4_CP-10 FedRAMP Moderate CP-10 Information System Recovery And Reconstitution FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ba02d0a0-566a-25dc-73f1-101c726a19c5 Implement transaction based recovery Regulatory Compliance FedRAMP_Moderate_R4 CP-10(2) FedRAMP_Moderate_R4_CP-10(2) FedRAMP Moderate CP-10 (2) Transaction Recovery FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 CP-2 FedRAMP_Moderate_R4_CP-2 FedRAMP Moderate CP-2 Contingency Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan Regulatory Compliance FedRAMP_Moderate_R4 CP-2 FedRAMP_Moderate_R4_CP-2 FedRAMP Moderate CP-2 Contingency Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance FedRAMP_Moderate_R4 CP-2 FedRAMP_Moderate_R4_CP-2 FedRAMP Moderate CP-2 Contingency Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance FedRAMP_Moderate_R4 CP-2 FedRAMP_Moderate_R4_CP-2 FedRAMP Moderate CP-2 Contingency Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance FedRAMP_Moderate_R4 CP-2 FedRAMP_Moderate_R4_CP-2 FedRAMP Moderate CP-2 Contingency Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance FedRAMP_Moderate_R4 CP-2 FedRAMP_Moderate_R4_CP-2 FedRAMP Moderate CP-2 Contingency Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance FedRAMP_Moderate_R4 CP-2 FedRAMP_Moderate_R4_CP-2 FedRAMP Moderate CP-2 Contingency Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 CP-2 FedRAMP_Moderate_R4_CP-2 FedRAMP Moderate CP-2 Contingency Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance FedRAMP_Moderate_R4 CP-2(1) FedRAMP_Moderate_R4_CP-2(1) FedRAMP Moderate CP-2 (1) Coordinate With Related Plans FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
33602e78-35e3-4f06-17fb-13dd887448e4 Conduct capacity planning Regulatory Compliance FedRAMP_Moderate_R4 CP-2(2) FedRAMP_Moderate_R4_CP-2(2) FedRAMP Moderate CP-2 (2) Capacity Planning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance FedRAMP_Moderate_R4 CP-2(3) FedRAMP_Moderate_R4_CP-2(3) FedRAMP Moderate CP-2 (3) Resume Essential Missions / Business Functions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
cb8841d4-9d13-7292-1d06-ba4d68384681 Perform a business impact assessment and application criticality assessment Regulatory Compliance FedRAMP_Moderate_R4 CP-2(8) FedRAMP_Moderate_R4_CP-2(8) FedRAMP Moderate CP-2 (8) Identify Critical Assets FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance FedRAMP_Moderate_R4 CP-3 FedRAMP_Moderate_R4_CP-3 FedRAMP Moderate CP-3 Contingency Training FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8bfdbaa6-6824-3fec-9b06-7961bf7389a6 Initiate contingency plan testing corrective actions Regulatory Compliance FedRAMP_Moderate_R4 CP-4 FedRAMP_Moderate_R4_CP-4 FedRAMP Moderate CP-4 Contingency Plan Testing FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5d3abfea-a130-1208-29c0-e57de80aa6b0 Review the results of contingency plan testing Regulatory Compliance FedRAMP_Moderate_R4 CP-4 FedRAMP_Moderate_R4_CP-4 FedRAMP Moderate CP-4 Contingency Plan Testing FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
58a51cde-008b-1a5d-61b5-d95849770677 Test the business continuity and disaster recovery plan Regulatory Compliance FedRAMP_Moderate_R4 CP-4 FedRAMP_Moderate_R4_CP-4 FedRAMP Moderate CP-4 Contingency Plan Testing FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance FedRAMP_Moderate_R4 CP-4(1) FedRAMP_Moderate_R4_CP-4(1) FedRAMP Moderate CP-4 (1) Coordinate With Related Plans FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL FedRAMP_Moderate_R4 CP-6 FedRAMP_Moderate_R4_CP-6 FedRAMP Moderate CP-6 Alternate Storage Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL FedRAMP_Moderate_R4 CP-6 FedRAMP_Moderate_R4_CP-6 FedRAMP Moderate CP-6 Alternate Storage Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance FedRAMP_Moderate_R4 CP-6 FedRAMP_Moderate_R4_CP-6 FedRAMP Moderate CP-6 Alternate Storage Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance FedRAMP_Moderate_R4 CP-6 FedRAMP_Moderate_R4_CP-6 FedRAMP Moderate CP-6 Alternate Storage Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL FedRAMP_Moderate_R4 CP-6 FedRAMP_Moderate_R4_CP-6 FedRAMP Moderate CP-6 Alternate Storage Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL FedRAMP_Moderate_R4 CP-6 FedRAMP_Moderate_R4_CP-6 FedRAMP Moderate CP-6 Alternate Storage Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bf045164-79ba-4215-8f95-f8048dc1780b Geo-redundant storage should be enabled for Storage Accounts Storage FedRAMP_Moderate_R4 CP-6 FedRAMP_Moderate_R4_CP-6 FedRAMP Moderate CP-6 Alternate Storage Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance FedRAMP_Moderate_R4 CP-6(1) FedRAMP_Moderate_R4_CP-6(1) FedRAMP Moderate CP-6 (1) Separation From Primary Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL FedRAMP_Moderate_R4 CP-6(1) FedRAMP_Moderate_R4_CP-6(1) FedRAMP Moderate CP-6 (1) Separation From Primary Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bf045164-79ba-4215-8f95-f8048dc1780b Geo-redundant storage should be enabled for Storage Accounts Storage FedRAMP_Moderate_R4 CP-6(1) FedRAMP_Moderate_R4_CP-6(1) FedRAMP Moderate CP-6 (1) Separation From Primary Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL FedRAMP_Moderate_R4 CP-6(1) FedRAMP_Moderate_R4_CP-6(1) FedRAMP Moderate CP-6 (1) Separation From Primary Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL FedRAMP_Moderate_R4 CP-6(1) FedRAMP_Moderate_R4_CP-6(1) FedRAMP Moderate CP-6 (1) Separation From Primary Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL FedRAMP_Moderate_R4 CP-6(1) FedRAMP_Moderate_R4_CP-6(1) FedRAMP Moderate CP-6 (1) Separation From Primary Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site Regulatory Compliance FedRAMP_Moderate_R4 CP-6(3) FedRAMP_Moderate_R4_CP-6(3) FedRAMP Moderate CP-6 (3) Accessibility FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute FedRAMP_Moderate_R4 CP-7 FedRAMP_Moderate_R4_CP-7 FedRAMP Moderate CP-7 Alternate Processing Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance FedRAMP_Moderate_R4 CP-7 FedRAMP_Moderate_R4_CP-7 FedRAMP Moderate CP-7 Alternate Processing Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance FedRAMP_Moderate_R4 CP-7(1) FedRAMP_Moderate_R4_CP-7(1) FedRAMP Moderate CP-7 (1) Separation From Primary Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance FedRAMP_Moderate_R4 CP-7(2) FedRAMP_Moderate_R4_CP-7(2) FedRAMP Moderate CP-7 (2) Accessibility FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers Regulatory Compliance FedRAMP_Moderate_R4 CP-7(3) FedRAMP_Moderate_R4_CP-7(3) FedRAMP Moderate CP-7 (3) Priority Of Service FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance FedRAMP_Moderate_R4 CP-7(3) FedRAMP_Moderate_R4_CP-7(3) FedRAMP Moderate CP-7 (3) Priority Of Service FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers Regulatory Compliance FedRAMP_Moderate_R4 CP-8(1) FedRAMP_Moderate_R4_CP-8(1) FedRAMP Moderate CP-8 (1) Priority Of Service Provisions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup FedRAMP_Moderate_R4 CP-9 FedRAMP_Moderate_R4_CP-9 FedRAMP Moderate CP-9 Information System Backup FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault FedRAMP_Moderate_R4 CP-9 FedRAMP_Moderate_R4_CP-9 FedRAMP Moderate CP-9 Information System Backup FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL FedRAMP_Moderate_R4 CP-9 FedRAMP_Moderate_R4_CP-9 FedRAMP Moderate CP-9 Information System Backup FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_Moderate_R4 CP-9 FedRAMP_Moderate_R4_CP-9 FedRAMP Moderate CP-9 Information System Backup FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 CP-9 FedRAMP_Moderate_R4_CP-9 FedRAMP Moderate CP-9 Information System Backup FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance FedRAMP_Moderate_R4 CP-9 FedRAMP_Moderate_R4_CP-9 FedRAMP Moderate CP-9 Information System Backup FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault FedRAMP_Moderate_R4 CP-9 FedRAMP_Moderate_R4_CP-9 FedRAMP Moderate CP-9 Information System Backup FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL FedRAMP_Moderate_R4 CP-9 FedRAMP_Moderate_R4_CP-9 FedRAMP Moderate CP-9 Information System Backup FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL FedRAMP_Moderate_R4 CP-9 FedRAMP_Moderate_R4_CP-9 FedRAMP Moderate CP-9 Information System Backup FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance FedRAMP_Moderate_R4 CP-9(3) FedRAMP_Moderate_R4_CP-9(3) FedRAMP Moderate CP-9 (3) Separate Storage For Critical Information FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 IA-1 FedRAMP_Moderate_R4_IA-1 FedRAMP Moderate IA-1 Identification And Authentication Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service FedRAMP_Moderate_R4 IA-2 FedRAMP_Moderate_R4_IA-2 FedRAMP Moderate IA-2 Identification And Authentication (Organizational Users) FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance FedRAMP_Moderate_R4 IA-2 FedRAMP_Moderate_R4_IA-2 FedRAMP Moderate IA-2 Identification And Authentication (Organizational Users) FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance FedRAMP_Moderate_R4 IA-2 FedRAMP_Moderate_R4_IA-2 FedRAMP Moderate IA-2 Identification And Authentication (Organizational Users) FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL FedRAMP_Moderate_R4 IA-2 FedRAMP_Moderate_R4_IA-2 FedRAMP Moderate IA-2 Identification And Authentication (Organizational Users) FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service FedRAMP_Moderate_R4 IA-2 FedRAMP_Moderate_R4_IA-2 FedRAMP Moderate IA-2 Identification And Authentication (Organizational Users) FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services FedRAMP_Moderate_R4 IA-2 FedRAMP_Moderate_R4_IA-2 FedRAMP Moderate IA-2 Identification And Authentication (Organizational Users) FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric FedRAMP_Moderate_R4 IA-2 FedRAMP_Moderate_R4_IA-2 FedRAMP Moderate IA-2 Identification And Authentication (Organizational Users) FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance FedRAMP_Moderate_R4 IA-2(1) FedRAMP_Moderate_R4_IA-2(1) FedRAMP Moderate IA-2 (1) Network Access To Privileged Accounts FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance FedRAMP_Moderate_R4 IA-2(11) FedRAMP_Moderate_R4_IA-2(11) FedRAMP Moderate IA-2 (11) Remote Access - Separate Device FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance FedRAMP_Moderate_R4 IA-2(11) FedRAMP_Moderate_R4_IA-2(11) FedRAMP Moderate IA-2 (11) Remote Access - Separate Device FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance FedRAMP_Moderate_R4 IA-2(12) FedRAMP_Moderate_R4_IA-2(12) FedRAMP Moderate IA-2 (12) Acceptance Of Piv Credentials FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance FedRAMP_Moderate_R4 IA-2(2) FedRAMP_Moderate_R4_IA-2(2) FedRAMP Moderate IA-2 (2) Network Access To Non-Privileged Accounts FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance FedRAMP_Moderate_R4 IA-2(3) FedRAMP_Moderate_R4_IA-2(3) FedRAMP Moderate IA-2 (3) Local Access To Privileged Accounts FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
08ad71d0-52be-6503-4908-e015460a16ae Require use of individual authenticators Regulatory Compliance FedRAMP_Moderate_R4 IA-2(5) FedRAMP_Moderate_R4_IA-2(5) FedRAMP Moderate IA-2 (5) Group Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f29b17a4-0df2-8a50-058a-8570f9979d28 Assign system identifiers Regulatory Compliance FedRAMP_Moderate_R4 IA-4 FedRAMP_Moderate_R4_IA-4 FedRAMP Moderate IA-4 Identifier Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service FedRAMP_Moderate_R4 IA-4 FedRAMP_Moderate_R4_IA-4 FedRAMP Moderate IA-4 Identifier Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service FedRAMP_Moderate_R4 IA-4 FedRAMP_Moderate_R4_IA-4 FedRAMP Moderate IA-4 Identifier Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services FedRAMP_Moderate_R4 IA-4 FedRAMP_Moderate_R4_IA-4 FedRAMP Moderate IA-4 Identifier Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4781e5fd-76b8-7d34-6df3-a0a7fca47665 Prevent identifier reuse for the defined time period Regulatory Compliance FedRAMP_Moderate_R4 IA-4 FedRAMP_Moderate_R4_IA-4 FedRAMP Moderate IA-4 Identifier Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric FedRAMP_Moderate_R4 IA-4 FedRAMP_Moderate_R4_IA-4 FedRAMP Moderate IA-4 Identifier Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL FedRAMP_Moderate_R4 IA-4 FedRAMP_Moderate_R4_IA-4 FedRAMP Moderate IA-4 Identifier Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ca748dfe-3e28-1d18-4221-89aea30aa0a5 Identify status of individual users Regulatory Compliance FedRAMP_Moderate_R4 IA-4(4) FedRAMP_Moderate_R4_IA-4(4) FedRAMP Moderate IA-4 (4) Identify User Status FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration FedRAMP_Moderate_R4 IA-5(1) FedRAMP_Moderate_R4_IA-5(1) FedRAMP Moderate IA-5 (1) Password-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration FedRAMP_Moderate_R4 IA-5(1) FedRAMP_Moderate_R4_IA-5(1) FedRAMP Moderate IA-5 (1) Password-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration FedRAMP_Moderate_R4 IA-5(1) FedRAMP_Moderate_R4_IA-5(1) FedRAMP Moderate IA-5 (1) Password-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration FedRAMP_Moderate_R4 IA-5(1) FedRAMP_Moderate_R4_IA-5(1) FedRAMP Moderate IA-5 (1) Password-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration FedRAMP_Moderate_R4 IA-5(1) FedRAMP_Moderate_R4_IA-5(1) FedRAMP Moderate IA-5 (1) Password-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
237b38db-ca4d-4259-9e47-7882441ca2c0 Audit Windows machines that do not have the minimum password age set to specified number of days Guest Configuration FedRAMP_Moderate_R4 IA-5(1) FedRAMP_Moderate_R4_IA-5(1) FedRAMP Moderate IA-5 (1) Password-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance FedRAMP_Moderate_R4 IA-5(1) FedRAMP_Moderate_R4_IA-5(1) FedRAMP Moderate IA-5 (1) Password-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance FedRAMP_Moderate_R4 IA-5(1) FedRAMP_Moderate_R4_IA-5(1) FedRAMP Moderate IA-5 (1) Password-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance FedRAMP_Moderate_R4 IA-5(1) FedRAMP_Moderate_R4_IA-5(1) FedRAMP Moderate IA-5 (1) Password-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration FedRAMP_Moderate_R4 IA-5(1) FedRAMP_Moderate_R4_IA-5(1) FedRAMP Moderate IA-5 (1) Password-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance FedRAMP_Moderate_R4 IA-5(1) FedRAMP_Moderate_R4_IA-5(1) FedRAMP Moderate IA-5 (1) Password-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration FedRAMP_Moderate_R4 IA-5(1) FedRAMP_Moderate_R4_IA-5(1) FedRAMP Moderate IA-5 (1) Password-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration FedRAMP_Moderate_R4 IA-5(1) FedRAMP_Moderate_R4_IA-5(1) FedRAMP Moderate IA-5 (1) Password-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration FedRAMP_Moderate_R4 IA-5(1) FedRAMP_Moderate_R4_IA-5(1) FedRAMP Moderate IA-5 (1) Password-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration FedRAMP_Moderate_R4 IA-5(1) FedRAMP_Moderate_R4_IA-5(1) FedRAMP Moderate IA-5 (1) Password-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance FedRAMP_Moderate_R4 IA-5(11) FedRAMP_Moderate_R4_IA-5(11) FedRAMP Moderate IA-5 (11) Hardware Token-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance FedRAMP_Moderate_R4 IA-5(2) FedRAMP_Moderate_R4_IA-5(2) FedRAMP Moderate IA-5 (2) Pki-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance FedRAMP_Moderate_R4 IA-5(2) FedRAMP_Moderate_R4_IA-5(2) FedRAMP Moderate IA-5 (2) Pki-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance FedRAMP_Moderate_R4 IA-5(2) FedRAMP_Moderate_R4_IA-5(2) FedRAMP Moderate IA-5 (2) Pki-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6f311b49-9b0d-8c67-3d6e-db80ae528173 Bind authenticators and identities dynamically Regulatory Compliance FedRAMP_Moderate_R4 IA-5(2) FedRAMP_Moderate_R4_IA-5(2) FedRAMP Moderate IA-5 (2) Pki-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0065241c-72e9-3b2c-556f-75de66332a94 Establish parameters for searching secret authenticators and verifiers Regulatory Compliance FedRAMP_Moderate_R4 IA-5(2) FedRAMP_Moderate_R4_IA-5(2) FedRAMP Moderate IA-5 (2) Pki-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4012c2b7-4e0e-a7ab-1688-4aab43f14420 Map authenticated identities to individuals Regulatory Compliance FedRAMP_Moderate_R4 IA-5(2) FedRAMP_Moderate_R4_IA-5(2) FedRAMP Moderate IA-5 (2) Pki-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance FedRAMP_Moderate_R4 IA-5(2) FedRAMP_Moderate_R4_IA-5(2) FedRAMP Moderate IA-5 (2) Pki-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
098dcde7-016a-06c3-0985-0daaf3301d3a Distribute authenticators Regulatory Compliance FedRAMP_Moderate_R4 IA-5(3) FedRAMP_Moderate_R4_IA-5(3) FedRAMP Moderate IA-5 (3) In-Person Or Trusted Third-Party Registration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance FedRAMP_Moderate_R4 IA-5(4) FedRAMP_Moderate_R4_IA-5(4) FedRAMP Moderate IA-5 (4) Automated Support For Password Strength Determination FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance FedRAMP_Moderate_R4 IA-5(4) FedRAMP_Moderate_R4_IA-5(4) FedRAMP Moderate IA-5 (4) Automated Support For Password Strength Determination FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance FedRAMP_Moderate_R4 IA-5(4) FedRAMP_Moderate_R4_IA-5(4) FedRAMP Moderate IA-5 (4) Automated Support For Password Strength Determination FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
37dbe3dc-0e9c-24fa-36f2-11197cbfa207 Ensure authorized users protect provided authenticators Regulatory Compliance FedRAMP_Moderate_R4 IA-5(6) FedRAMP_Moderate_R4_IA-5(6) FedRAMP Moderate IA-5 (6) Protection Of Authenticators FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eda0cbb7-6043-05bf-645b-67411f1a59b3 Ensure there are no unencrypted static authenticators Regulatory Compliance FedRAMP_Moderate_R4 IA-5(7) FedRAMP_Moderate_R4_IA-5(7) FedRAMP Moderate IA-5 (7) No Embedded Unencrypted Static Authenticators FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1ff03f2a-974b-3272-34f2-f6cd51420b30 Obscure feedback information during authentication process Regulatory Compliance FedRAMP_Moderate_R4 IA-6 FedRAMP_Moderate_R4_IA-6 FedRAMP Moderate IA-6 Authenticator Feedback FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance FedRAMP_Moderate_R4 IA-7 FedRAMP_Moderate_R4_IA-7 FedRAMP Moderate IA-7 Cryptographic Module Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance FedRAMP_Moderate_R4 IA-8 FedRAMP_Moderate_R4_IA-8 FedRAMP Moderate IA-8 Identification And Authentication (Non- Organizational Users) FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
55be3260-a7a2-3c06-7fe6-072d07525ab7 Accept PIV credentials Regulatory Compliance FedRAMP_Moderate_R4 IA-8(1) FedRAMP_Moderate_R4_IA-8(1) FedRAMP Moderate IA-8 (1) Acceptance Of Piv Credentials From Other Agencies FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2d2ca910-7957-23ee-2945-33f401606efc Accept only FICAM-approved third-party credentials Regulatory Compliance FedRAMP_Moderate_R4 IA-8(2) FedRAMP_Moderate_R4_IA-8(2) FedRAMP Moderate IA-8 (2) Acceptance Of Third-Party Credentials FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
db8b35d6-8adb-3f51-44ff-c648ab5b1530 Employ FICAM-approved resources to accept third-party credentials Regulatory Compliance FedRAMP_Moderate_R4 IA-8(3) FedRAMP_Moderate_R4_IA-8(3) FedRAMP Moderate IA-8 (3) Use Of Ficam-Approved Products FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a8df9c78-4044-98be-2c05-31a315ac8957 Conform to FICAM-issued profiles Regulatory Compliance FedRAMP_Moderate_R4 IA-8(4) FedRAMP_Moderate_R4_IA-8(4) FedRAMP Moderate IA-8 (4) Use Of Ficam-Issued Profiles FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 IR-1 FedRAMP_Moderate_R4_IR-1 FedRAMP Moderate IR-1 Incident Response Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance FedRAMP_Moderate_R4 IR-2 FedRAMP_Moderate_R4_IR-2 FedRAMP Moderate IR-2 Incident Response Training FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance FedRAMP_Moderate_R4 IR-3 FedRAMP_Moderate_R4_IR-3 FedRAMP Moderate IR-3 Incident Response Testing FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance FedRAMP_Moderate_R4 IR-3 FedRAMP_Moderate_R4_IR-3 FedRAMP Moderate IR-3 Incident Response Testing FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance FedRAMP_Moderate_R4 IR-3 FedRAMP_Moderate_R4_IR-3 FedRAMP Moderate IR-3 Incident Response Testing FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance FedRAMP_Moderate_R4 IR-3(2) FedRAMP_Moderate_R4_IR-3(2) FedRAMP Moderate IR-3 (2) Coordination With Related Plans FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance FedRAMP_Moderate_R4 IR-3(2) FedRAMP_Moderate_R4_IR-3(2) FedRAMP Moderate IR-3 (2) Coordination With Related Plans FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance FedRAMP_Moderate_R4 IR-3(2) FedRAMP_Moderate_R4_IR-3(2) FedRAMP Moderate IR-3 (2) Coordination With Related Plans FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance FedRAMP_Moderate_R4 IR-4(1) FedRAMP_Moderate_R4_IR-4(1) FedRAMP Moderate IR-4 (1) Automated Incident Handling Processes FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance FedRAMP_Moderate_R4 IR-4(1) FedRAMP_Moderate_R4_IR-4(1) FedRAMP Moderate IR-4 (1) Automated Incident Handling Processes FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance FedRAMP_Moderate_R4 IR-4(1) FedRAMP_Moderate_R4_IR-4(1) FedRAMP Moderate IR-4 (1) Automated Incident Handling Processes FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_Moderate_R4 IR-5 FedRAMP_Moderate_R4_IR-5 FedRAMP Moderate IR-5 Incident Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_Moderate_R4 IR-5 FedRAMP_Moderate_R4_IR-5 FedRAMP Moderate IR-5 Incident Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_Moderate_R4 IR-5 FedRAMP_Moderate_R4_IR-5 FedRAMP Moderate IR-5 Incident Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_Moderate_R4 IR-5 FedRAMP_Moderate_R4_IR-5 FedRAMP Moderate IR-5 Incident Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_Moderate_R4 IR-5 FedRAMP_Moderate_R4_IR-5 FedRAMP Moderate IR-5 Incident Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_Moderate_R4 IR-5 FedRAMP_Moderate_R4_IR-5 FedRAMP Moderate IR-5 Incident Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center FedRAMP_Moderate_R4 IR-5 FedRAMP_Moderate_R4_IR-5 FedRAMP Moderate IR-5 Incident Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_Moderate_R4 IR-5 FedRAMP_Moderate_R4_IR-5 FedRAMP Moderate IR-5 Incident Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center FedRAMP_Moderate_R4 IR-5 FedRAMP_Moderate_R4_IR-5 FedRAMP Moderate IR-5 Incident Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center FedRAMP_Moderate_R4 IR-5 FedRAMP_Moderate_R4_IR-5 FedRAMP Moderate IR-5 Incident Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_Moderate_R4 IR-5 FedRAMP_Moderate_R4_IR-5 FedRAMP Moderate IR-5 Incident Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FedRAMP_Moderate_R4 IR-5 FedRAMP_Moderate_R4_IR-5 FedRAMP Moderate IR-5 Incident Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_Moderate_R4 IR-5 FedRAMP_Moderate_R4_IR-5 FedRAMP Moderate IR-5 Incident Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance FedRAMP_Moderate_R4 IR-6(1) FedRAMP_Moderate_R4_IR-6(1) FedRAMP Moderate IR-6 (1) Automated Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance FedRAMP_Moderate_R4 IR-7 FedRAMP_Moderate_R4_IR-7 FedRAMP Moderate IR-7 Incident Response Assistance FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance FedRAMP_Moderate_R4 IR-7(1) FedRAMP_Moderate_R4_IR-7(1) FedRAMP Moderate IR-7 (1) Automation Support For Availability Of Information / Support FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance FedRAMP_Moderate_R4 IR-7(1) FedRAMP_Moderate_R4_IR-7(1) FedRAMP Moderate IR-7 (1) Automation Support For Availability Of Information / Support FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance FedRAMP_Moderate_R4 IR-7(1) FedRAMP_Moderate_R4_IR-7(1) FedRAMP Moderate IR-7 (1) Automation Support For Availability Of Information / Support FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance FedRAMP_Moderate_R4 IR-7(1) FedRAMP_Moderate_R4_IR-7(1) FedRAMP Moderate IR-7 (1) Automation Support For Availability Of Information / Support FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance FedRAMP_Moderate_R4 IR-7(1) FedRAMP_Moderate_R4_IR-7(1) FedRAMP Moderate IR-7 (1) Automation Support For Availability Of Information / Support FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance FedRAMP_Moderate_R4 IR-7(1) FedRAMP_Moderate_R4_IR-7(1) FedRAMP Moderate IR-7 (1) Automation Support For Availability Of Information / Support FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance FedRAMP_Moderate_R4 IR-7(1) FedRAMP_Moderate_R4_IR-7(1) FedRAMP Moderate IR-7 (1) Automation Support For Availability Of Information / Support FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
037c0089-6606-2dab-49ad-437005b5035f Identify incident response personnel Regulatory Compliance FedRAMP_Moderate_R4 IR-7(2) FedRAMP_Moderate_R4_IR-7(2) FedRAMP Moderate IR-7 (2) Coordination With External Providers FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b470a37a-7a47-3792-34dd-7a793140702e Establish relationship between incident response capability and external providers Regulatory Compliance FedRAMP_Moderate_R4 IR-7(2) FedRAMP_Moderate_R4_IR-7(2) FedRAMP Moderate IR-7 (2) Coordination With External Providers FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance FedRAMP_Moderate_R4 IR-8 FedRAMP_Moderate_R4_IR-8 FedRAMP Moderate IR-8 Incident Response Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance FedRAMP_Moderate_R4 IR-8 FedRAMP_Moderate_R4_IR-8 FedRAMP Moderate IR-8 Incident Response Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance FedRAMP_Moderate_R4 IR-8 FedRAMP_Moderate_R4_IR-8 FedRAMP Moderate IR-8 Incident Response Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records Regulatory Compliance FedRAMP_Moderate_R4 IR-8 FedRAMP_Moderate_R4_IR-8 FedRAMP Moderate IR-8 Incident Response Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance FedRAMP_Moderate_R4 IR-8 FedRAMP_Moderate_R4_IR-8 FedRAMP Moderate IR-8 Incident Response Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance FedRAMP_Moderate_R4 IR-8 FedRAMP_Moderate_R4_IR-8 FedRAMP Moderate IR-8 Incident Response Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance FedRAMP_Moderate_R4 IR-9 FedRAMP_Moderate_R4_IR-9 FedRAMP Moderate IR-9 Information Spillage Response FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
279052a0-8238-694d-9661-bf649f951747 Identify contaminated systems and components Regulatory Compliance FedRAMP_Moderate_R4 IR-9 FedRAMP_Moderate_R4_IR-9 FedRAMP Moderate IR-9 Information Spillage Response FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance FedRAMP_Moderate_R4 IR-9 FedRAMP_Moderate_R4_IR-9 FedRAMP Moderate IR-9 Information Spillage Response FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance FedRAMP_Moderate_R4 IR-9 FedRAMP_Moderate_R4_IR-9 FedRAMP Moderate IR-9 Information Spillage Response FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
69d90ee6-9f9f-262a-2038-d909fb4e5723 Identify spilled information Regulatory Compliance FedRAMP_Moderate_R4 IR-9 FedRAMP_Moderate_R4_IR-9 FedRAMP Moderate IR-9 Information Spillage Response FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance FedRAMP_Moderate_R4 IR-9 FedRAMP_Moderate_R4_IR-9 FedRAMP Moderate IR-9 Information Spillage Response FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
22457e81-3ec6-5271-a786-c3ca284601dd Isolate information spills Regulatory Compliance FedRAMP_Moderate_R4 IR-9 FedRAMP_Moderate_R4_IR-9 FedRAMP Moderate IR-9 Information Spillage Response FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
037c0089-6606-2dab-49ad-437005b5035f Identify incident response personnel Regulatory Compliance FedRAMP_Moderate_R4 IR-9(1) FedRAMP_Moderate_R4_IR-9(1) FedRAMP Moderate IR-9 (1) Responsible Personnel FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance FedRAMP_Moderate_R4 IR-9(2) FedRAMP_Moderate_R4_IR-9(2) FedRAMP Moderate IR-9 (2) Training FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bb048641-6017-7272-7772-a008f285a520 Develop spillage response procedures Regulatory Compliance FedRAMP_Moderate_R4 IR-9(3) FedRAMP_Moderate_R4_IR-9(3) FedRAMP Moderate IR-9 (3) Post-Spill Operations FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance FedRAMP_Moderate_R4 IR-9(4) FedRAMP_Moderate_R4_IR-9(4) FedRAMP Moderate IR-9 (4) Exposure To Unauthorized Personnel FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 MA-1 FedRAMP_Moderate_R4_MA-1 FedRAMP Moderate MA-1 System Maintenance Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance FedRAMP_Moderate_R4 MA-2 FedRAMP_Moderate_R4_MA-2 FedRAMP Moderate MA-2 Controlled Maintenance FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance FedRAMP_Moderate_R4 MA-2 FedRAMP_Moderate_R4_MA-2 FedRAMP Moderate MA-2 Controlled Maintenance FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance FedRAMP_Moderate_R4 MA-2 FedRAMP_Moderate_R4_MA-2 FedRAMP Moderate MA-2 Controlled Maintenance FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_Moderate_R4 MA-2 FedRAMP_Moderate_R4_MA-2 FedRAMP Moderate MA-2 Controlled Maintenance FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance FedRAMP_Moderate_R4 MA-3 FedRAMP_Moderate_R4_MA-3 FedRAMP Moderate MA-3 Maintenance Tools FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance FedRAMP_Moderate_R4 MA-3 FedRAMP_Moderate_R4_MA-3 FedRAMP Moderate MA-3 Maintenance Tools FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance FedRAMP_Moderate_R4 MA-3(1) FedRAMP_Moderate_R4_MA-3(1) FedRAMP Moderate MA-3 (1) Inspect Tools FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance FedRAMP_Moderate_R4 MA-3(1) FedRAMP_Moderate_R4_MA-3(1) FedRAMP Moderate MA-3 (1) Inspect Tools FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance FedRAMP_Moderate_R4 MA-3(2) FedRAMP_Moderate_R4_MA-3(2) FedRAMP Moderate MA-3 (2) Inspect Media FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance FedRAMP_Moderate_R4 MA-3(2) FedRAMP_Moderate_R4_MA-3(2) FedRAMP Moderate MA-3 (2) Inspect Media FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance FedRAMP_Moderate_R4 MA-3(3) FedRAMP_Moderate_R4_MA-3(3) FedRAMP Moderate MA-3 (3) Prevent Unauthorized Removal FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance FedRAMP_Moderate_R4 MA-3(3) FedRAMP_Moderate_R4_MA-3(3) FedRAMP Moderate MA-3 (3) Prevent Unauthorized Removal FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_Moderate_R4 MA-3(3) FedRAMP_Moderate_R4_MA-3(3) FedRAMP Moderate MA-3 (3) Prevent Unauthorized Removal FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance FedRAMP_Moderate_R4 MA-3(3) FedRAMP_Moderate_R4_MA-3(3) FedRAMP Moderate MA-3 (3) Prevent Unauthorized Removal FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance FedRAMP_Moderate_R4 MA-4 FedRAMP_Moderate_R4_MA-4 FedRAMP Moderate MA-4 Nonlocal Maintenance FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance FedRAMP_Moderate_R4 MA-4(2) FedRAMP_Moderate_R4_MA-4(2) FedRAMP Moderate MA-4 (2) Document Nonlocal Maintenance FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d Manage maintenance personnel Regulatory Compliance FedRAMP_Moderate_R4 MA-5 FedRAMP_Moderate_R4_MA-5 FedRAMP Moderate MA-5 Maintenance Personnel FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4ce91e4e-6dab-3c46-011a-aa14ae1561bf Maintain list of authorized remote maintenance personnel Regulatory Compliance FedRAMP_Moderate_R4 MA-5 FedRAMP_Moderate_R4_MA-5 FedRAMP Moderate MA-5 Maintenance Personnel FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7a489c62-242c-5db9-74df-c073056d6fa3 Designate personnel to supervise unauthorized maintenance activities Regulatory Compliance FedRAMP_Moderate_R4 MA-5 FedRAMP_Moderate_R4_MA-5 FedRAMP Moderate MA-5 Maintenance Personnel FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance FedRAMP_Moderate_R4 MA-5(1) FedRAMP_Moderate_R4_MA-5(1) FedRAMP Moderate MA-5 (1) Individuals Without Appropriate Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_Moderate_R4 MA-5(1) FedRAMP_Moderate_R4_MA-5(1) FedRAMP Moderate MA-5 (1) Individuals Without Appropriate Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eb598832-4bcc-658d-4381-3ecbe17b9866 Provide timely maintenance support Regulatory Compliance FedRAMP_Moderate_R4 MA-6 FedRAMP_Moderate_R4_MA-6 FedRAMP Moderate MA-6 Timely Maintenance FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 MP-1 FedRAMP_Moderate_R4_MP-1 FedRAMP Moderate MP-1 Media Protection Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_Moderate_R4 MP-2 FedRAMP_Moderate_R4_MP-2 FedRAMP Moderate MP-2 Media Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_Moderate_R4 MP-3 FedRAMP_Moderate_R4_MP-3 FedRAMP Moderate MP-3 Media Marking FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_Moderate_R4 MP-4 FedRAMP_Moderate_R4_MP-4 FedRAMP Moderate MP-4 Media Storage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance FedRAMP_Moderate_R4 MP-4 FedRAMP_Moderate_R4_MP-4 FedRAMP Moderate MP-4 Media Storage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance FedRAMP_Moderate_R4 MP-5 FedRAMP_Moderate_R4_MP-5 FedRAMP Moderate MP-5 Media Transport FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_Moderate_R4 MP-5 FedRAMP_Moderate_R4_MP-5 FedRAMP Moderate MP-5 Media Transport FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance FedRAMP_Moderate_R4 MP-5(4) FedRAMP_Moderate_R4_MP-5(4) FedRAMP Moderate MP-5 (4) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_Moderate_R4 MP-5(4) FedRAMP_Moderate_R4_MP-5(4) FedRAMP Moderate MP-5 (4) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance FedRAMP_Moderate_R4 MP-6 FedRAMP_Moderate_R4_MP-6 FedRAMP Moderate MP-6 Media Sanitization FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_Moderate_R4 MP-6 FedRAMP_Moderate_R4_MP-6 FedRAMP Moderate MP-6 Media Sanitization FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_Moderate_R4 MP-6(2) FedRAMP_Moderate_R4_MP-6(2) FedRAMP Moderate MP-6 (2) Equipment Testing FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance FedRAMP_Moderate_R4 MP-6(2) FedRAMP_Moderate_R4_MP-6(2) FedRAMP Moderate MP-6 (2) Equipment Testing FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance FedRAMP_Moderate_R4 MP-7 FedRAMP_Moderate_R4_MP-7 FedRAMP Moderate MP-7 Media Use FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_Moderate_R4 MP-7 FedRAMP_Moderate_R4_MP-7 FedRAMP Moderate MP-7 Media Use FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance FedRAMP_Moderate_R4 MP-7 FedRAMP_Moderate_R4_MP-7 FedRAMP Moderate MP-7 Media Use FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance FedRAMP_Moderate_R4 MP-7 FedRAMP_Moderate_R4_MP-7 FedRAMP Moderate MP-7 Media Use FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance FedRAMP_Moderate_R4 MP-7(1) FedRAMP_Moderate_R4_MP-7(1) FedRAMP Moderate MP-7 (1) Prohibit Use Without Owner FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_Moderate_R4 MP-7(1) FedRAMP_Moderate_R4_MP-7(1) FedRAMP Moderate MP-7 (1) Prohibit Use Without Owner FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance FedRAMP_Moderate_R4 MP-7(1) FedRAMP_Moderate_R4_MP-7(1) FedRAMP Moderate MP-7 (1) Prohibit Use Without Owner FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance FedRAMP_Moderate_R4 MP-7(1) FedRAMP_Moderate_R4_MP-7(1) FedRAMP Moderate MP-7 (1) Prohibit Use Without Owner FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 PE-1 FedRAMP_Moderate_R4_PE-1 FedRAMP Moderate PE-1 Physical And Environmental Protection Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
aa892c0d-2c40-200c-0dd8-eac8c4748ede Employ automatic emergency lighting Regulatory Compliance FedRAMP_Moderate_R4 PE-12 FedRAMP_Moderate_R4_PE-12 FedRAMP Moderate PE-12 Emergency Lighting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_Moderate_R4 PE-13 FedRAMP_Moderate_R4_PE-13 FedRAMP Moderate PE-13 Fire Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_Moderate_R4 PE-13(2) FedRAMP_Moderate_R4_PE-13(2) FedRAMP Moderate PE-13 (2) Suppression Devices / Systems FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_Moderate_R4 PE-13(3) FedRAMP_Moderate_R4_PE-13(3) FedRAMP Moderate PE-13 (3) Automatic Fire Suppression FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_Moderate_R4 PE-14 FedRAMP_Moderate_R4_PE-14 FedRAMP Moderate PE-14 Temperature And Humidity Controls FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance FedRAMP_Moderate_R4 PE-14(2) FedRAMP_Moderate_R4_PE-14(2) FedRAMP Moderate PE-14 (2) Monitoring With Alarms / Notifications FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_Moderate_R4 PE-14(2) FedRAMP_Moderate_R4_PE-14(2) FedRAMP Moderate PE-14 (2) Monitoring With Alarms / Notifications FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_Moderate_R4 PE-15 FedRAMP_Moderate_R4_PE-15 FedRAMP Moderate PE-15 Water Damage Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
25a1f840-65d0-900a-43e4-bee253de04de Define requirements for managing assets Regulatory Compliance FedRAMP_Moderate_R4 PE-16 FedRAMP_Moderate_R4_PE-16 FedRAMP Moderate PE-16 Delivery And Removal FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance FedRAMP_Moderate_R4 PE-16 FedRAMP_Moderate_R4_PE-16 FedRAMP Moderate PE-16 Delivery And Removal FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance FedRAMP_Moderate_R4 PE-17 FedRAMP_Moderate_R4_PE-17 FedRAMP Moderate PE-17 Alternate Work Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance FedRAMP_Moderate_R4 PE-2 FedRAMP_Moderate_R4_PE-2 FedRAMP Moderate PE-2 Physical Access Authorizations FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance FedRAMP_Moderate_R4 PE-3 FedRAMP_Moderate_R4_PE-3 FedRAMP Moderate PE-3 Physical Access Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance FedRAMP_Moderate_R4 PE-3 FedRAMP_Moderate_R4_PE-3 FedRAMP Moderate PE-3 Physical Access Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_Moderate_R4 PE-3 FedRAMP_Moderate_R4_PE-3 FedRAMP Moderate PE-3 Physical Access Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance FedRAMP_Moderate_R4 PE-3 FedRAMP_Moderate_R4_PE-3 FedRAMP Moderate PE-3 Physical Access Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_Moderate_R4 PE-4 FedRAMP_Moderate_R4_PE-4 FedRAMP Moderate PE-4 Access Control For Transmission Medium FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance FedRAMP_Moderate_R4 PE-4 FedRAMP_Moderate_R4_PE-4 FedRAMP Moderate PE-4 Access Control For Transmission Medium FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance FedRAMP_Moderate_R4 PE-5 FedRAMP_Moderate_R4_PE-5 FedRAMP Moderate PE-5 Access Control For Output Devices FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance FedRAMP_Moderate_R4 PE-5 FedRAMP_Moderate_R4_PE-5 FedRAMP Moderate PE-5 Access Control For Output Devices FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_Moderate_R4 PE-5 FedRAMP_Moderate_R4_PE-5 FedRAMP Moderate PE-5 Access Control For Output Devices FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance FedRAMP_Moderate_R4 PE-6(1) FedRAMP_Moderate_R4_PE-6(1) FedRAMP Moderate PE-6 (1) Intrusion Alarms / Surveillance Equipment FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance FedRAMP_Moderate_R4 PE-6(1) FedRAMP_Moderate_R4_PE-6(1) FedRAMP Moderate PE-6 (1) Intrusion Alarms / Surveillance Equipment FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance FedRAMP_Moderate_R4 PE-8 FedRAMP_Moderate_R4_PE-8 FedRAMP Moderate PE-8 Visitor Access Records FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_Moderate_R4 PE-8 FedRAMP_Moderate_R4_PE-8 FedRAMP Moderate PE-8 Visitor Access Records FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 PL-1 FedRAMP_Moderate_R4_PL-1 FedRAMP Moderate PL-1 Security Planning Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance FedRAMP_Moderate_R4 PL-2 FedRAMP_Moderate_R4_PL-2 FedRAMP Moderate PL-2 System Security Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance FedRAMP_Moderate_R4 PL-2 FedRAMP_Moderate_R4_PL-2 FedRAMP Moderate PL-2 System Security Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance FedRAMP_Moderate_R4 PL-2 FedRAMP_Moderate_R4_PL-2 FedRAMP Moderate PL-2 System Security Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance FedRAMP_Moderate_R4 PL-2 FedRAMP_Moderate_R4_PL-2 FedRAMP Moderate PL-2 System Security Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 PL-2 FedRAMP_Moderate_R4_PL-2 FedRAMP Moderate PL-2 System Security Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance FedRAMP_Moderate_R4 PL-2 FedRAMP_Moderate_R4_PL-2 FedRAMP Moderate PL-2 System Security Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance FedRAMP_Moderate_R4 PL-2(3) FedRAMP_Moderate_R4_PL-2(3) FedRAMP Moderate PL-2 (3) Plan / Coordinate With Other Organizational Entities FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance FedRAMP_Moderate_R4 PL-2(3) FedRAMP_Moderate_R4_PL-2(3) FedRAMP Moderate PL-2 (3) Plan / Coordinate With Other Organizational Entities FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance FedRAMP_Moderate_R4 PL-2(3) FedRAMP_Moderate_R4_PL-2(3) FedRAMP Moderate PL-2 (3) Plan / Coordinate With Other Organizational Entities FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance FedRAMP_Moderate_R4 PL-4 FedRAMP_Moderate_R4_PL-4 FedRAMP Moderate PL-4 Rules Of Behavior FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance FedRAMP_Moderate_R4 PL-4 FedRAMP_Moderate_R4_PL-4 FedRAMP Moderate PL-4 Rules Of Behavior FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance FedRAMP_Moderate_R4 PL-4 FedRAMP_Moderate_R4_PL-4 FedRAMP Moderate PL-4 Rules Of Behavior FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 PL-4 FedRAMP_Moderate_R4_PL-4 FedRAMP Moderate PL-4 Rules Of Behavior FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance FedRAMP_Moderate_R4 PL-4 FedRAMP_Moderate_R4_PL-4 FedRAMP Moderate PL-4 Rules Of Behavior FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance FedRAMP_Moderate_R4 PL-4 FedRAMP_Moderate_R4_PL-4 FedRAMP Moderate PL-4 Rules Of Behavior FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance FedRAMP_Moderate_R4 PL-4 FedRAMP_Moderate_R4_PL-4 FedRAMP Moderate PL-4 Rules Of Behavior FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance FedRAMP_Moderate_R4 PL-4 FedRAMP_Moderate_R4_PL-4 FedRAMP Moderate PL-4 Rules Of Behavior FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance FedRAMP_Moderate_R4 PL-4 FedRAMP_Moderate_R4_PL-4 FedRAMP Moderate PL-4 Rules Of Behavior FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 PL-4(1) FedRAMP_Moderate_R4_PL-4(1) FedRAMP Moderate PL-4 (1) Social Media And Networking Restrictions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ced291b8-1d3d-7e27-40cf-829e9dd523c8 Review and update the information security architecture Regulatory Compliance FedRAMP_Moderate_R4 PL-8 FedRAMP_Moderate_R4_PL-8 FedRAMP Moderate PL-8 Information Security Architecture FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e7422f08-65b4-50e4-3779-d793156e0079 Develop a concept of operations (CONOPS) Regulatory Compliance FedRAMP_Moderate_R4 PL-8 FedRAMP_Moderate_R4_PL-8 FedRAMP Moderate PL-8 Information Security Architecture FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 PS-1 FedRAMP_Moderate_R4_PS-1 FedRAMP Moderate PS-1 Personnel Security Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b7897ddc-9716-2460-96f7-7757ad038cc4 Assign risk designations Regulatory Compliance FedRAMP_Moderate_R4 PS-2 FedRAMP_Moderate_R4_PS-2 FedRAMP Moderate PS-2 Position Risk Designation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e0c480bf-0d68-a42d-4cbb-b60f851f8716 Implement personnel screening Regulatory Compliance FedRAMP_Moderate_R4 PS-3 FedRAMP_Moderate_R4_PS-3 FedRAMP Moderate PS-3 Personnel Screening FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c6aeb800-0b19-944d-92dc-59b893722329 Rescreen individuals at a defined frequency Regulatory Compliance FedRAMP_Moderate_R4 PS-3 FedRAMP_Moderate_R4_PS-3 FedRAMP Moderate PS-3 Personnel Screening FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c42f19c9-5d88-92da-0742-371a0ea03126 Clear personnel with access to classified information Regulatory Compliance FedRAMP_Moderate_R4 PS-3 FedRAMP_Moderate_R4_PS-3 FedRAMP Moderate PS-3 Personnel Screening FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance FedRAMP_Moderate_R4 PS-3(3) FedRAMP_Moderate_R4_PS-3(3) FedRAMP Moderate PS-3 (3) Information With Special Protection Measures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance FedRAMP_Moderate_R4 PS-4 FedRAMP_Moderate_R4_PS-4 FedRAMP Moderate PS-4 Personnel Termination FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance FedRAMP_Moderate_R4 PS-4 FedRAMP_Moderate_R4_PS-4 FedRAMP Moderate PS-4 Personnel Termination FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance FedRAMP_Moderate_R4 PS-4 FedRAMP_Moderate_R4_PS-4 FedRAMP Moderate PS-4 Personnel Termination FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance FedRAMP_Moderate_R4 PS-4 FedRAMP_Moderate_R4_PS-4 FedRAMP Moderate PS-4 Personnel Termination FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance FedRAMP_Moderate_R4 PS-4 FedRAMP_Moderate_R4_PS-4 FedRAMP Moderate PS-4 Personnel Termination FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance FedRAMP_Moderate_R4 PS-5 FedRAMP_Moderate_R4_PS-5 FedRAMP Moderate PS-5 Personnel Transfer FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance FedRAMP_Moderate_R4 PS-5 FedRAMP_Moderate_R4_PS-5 FedRAMP Moderate PS-5 Personnel Transfer FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance FedRAMP_Moderate_R4 PS-5 FedRAMP_Moderate_R4_PS-5 FedRAMP Moderate PS-5 Personnel Transfer FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance FedRAMP_Moderate_R4 PS-5 FedRAMP_Moderate_R4_PS-5 FedRAMP Moderate PS-5 Personnel Transfer FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c981fa70-2e58-8141-1457-e7f62ebc2ade Document organizational access agreements Regulatory Compliance FedRAMP_Moderate_R4 PS-6 FedRAMP_Moderate_R4_PS-6 FedRAMP Moderate PS-6 Access Agreements FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e21f91d1-2803-0282-5f2d-26ebc4b170ef Update organizational access agreements Regulatory Compliance FedRAMP_Moderate_R4 PS-6 FedRAMP_Moderate_R4_PS-6 FedRAMP Moderate PS-6 Access Agreements FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance FedRAMP_Moderate_R4 PS-6 FedRAMP_Moderate_R4_PS-6 FedRAMP Moderate PS-6 Access Agreements FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3af53f59-979f-24a8-540f-d7cdbc366607 Require users to sign access agreement Regulatory Compliance FedRAMP_Moderate_R4 PS-6 FedRAMP_Moderate_R4_PS-6 FedRAMP Moderate PS-6 Access Agreements FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e7589f4e-1e8b-72c2-3692-1e14d7f3699f Ensure access agreements are signed or resigned timely Regulatory Compliance FedRAMP_Moderate_R4 PS-6 FedRAMP_Moderate_R4_PS-6 FedRAMP Moderate PS-6 Access Agreements FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance FedRAMP_Moderate_R4 PS-7 FedRAMP_Moderate_R4_PS-7 FedRAMP Moderate PS-7 Third-Party Personnel Security FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance FedRAMP_Moderate_R4 PS-7 FedRAMP_Moderate_R4_PS-7 FedRAMP Moderate PS-7 Third-Party Personnel Security FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance FedRAMP_Moderate_R4 PS-7 FedRAMP_Moderate_R4_PS-7 FedRAMP Moderate PS-7 Third-Party Personnel Security FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 PS-7 FedRAMP_Moderate_R4_PS-7 FedRAMP Moderate PS-7 Third-Party Personnel Security FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
afd5d60a-48d2-8073-1ec2-6687e22f2ddd Require notification of third-party personnel transfer or termination Regulatory Compliance FedRAMP_Moderate_R4 PS-7 FedRAMP_Moderate_R4_PS-7 FedRAMP Moderate PS-7 Third-Party Personnel Security FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions Regulatory Compliance FedRAMP_Moderate_R4 PS-8 FedRAMP_Moderate_R4_PS-8 FedRAMP Moderate PS-8 Personnel Sanctions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process Regulatory Compliance FedRAMP_Moderate_R4 PS-8 FedRAMP_Moderate_R4_PS-8 FedRAMP Moderate PS-8 Personnel Sanctions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 RA-1 FedRAMP_Moderate_R4_RA-1 FedRAMP Moderate RA-1 Risk Assessment Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6c79c3e5-5f7b-a48a-5c7b-8c158bc01115 Ensure security categorization is approved Regulatory Compliance FedRAMP_Moderate_R4 RA-2 FedRAMP_Moderate_R4_RA-2 FedRAMP Moderate RA-2 Security Categorization FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
93fa357f-2e38-22a9-5138-8cc5124e1923 Categorize information Regulatory Compliance FedRAMP_Moderate_R4 RA-2 FedRAMP_Moderate_R4_RA-2 FedRAMP Moderate RA-2 Security Categorization FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
11ba0508-58a8-44de-5f3a-9e05d80571da Develop business classification schemes Regulatory Compliance FedRAMP_Moderate_R4 RA-2 FedRAMP_Moderate_R4_RA-2 FedRAMP Moderate RA-2 Security Categorization FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance FedRAMP_Moderate_R4 RA-2 FedRAMP_Moderate_R4_RA-2 FedRAMP Moderate RA-2 Security Categorization FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance FedRAMP_Moderate_R4 RA-3 FedRAMP_Moderate_R4_RA-3 FedRAMP Moderate RA-3 Risk Assessment FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance FedRAMP_Moderate_R4 RA-3 FedRAMP_Moderate_R4_RA-3 FedRAMP Moderate RA-3 Risk Assessment FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance FedRAMP_Moderate_R4 RA-3 FedRAMP_Moderate_R4_RA-3 FedRAMP Moderate RA-3 Risk Assessment FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance FedRAMP_Moderate_R4 RA-3 FedRAMP_Moderate_R4_RA-3 FedRAMP Moderate RA-3 Risk Assessment FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_Moderate_R4 RA-5(1) FedRAMP_Moderate_R4_RA-5(1) FedRAMP Moderate RA-5 (1) Update Tool Capability FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_Moderate_R4 RA-5(1) FedRAMP_Moderate_R4_RA-5(1) FedRAMP Moderate RA-5 (1) Update Tool Capability FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_Moderate_R4 RA-5(2) FedRAMP_Moderate_R4_RA-5(2) FedRAMP Moderate RA-5 (2) Update By Frequency / Prior To New Scan / When Identified FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_Moderate_R4 RA-5(2) FedRAMP_Moderate_R4_RA-5(2) FedRAMP Moderate RA-5 (2) Update By Frequency / Prior To New Scan / When Identified FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_Moderate_R4 RA-5(3) FedRAMP_Moderate_R4_RA-5(3) FedRAMP Moderate RA-5 (3) Breadth / Depth Of Coverage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_Moderate_R4 RA-5(3) FedRAMP_Moderate_R4_RA-5(3) FedRAMP Moderate RA-5 (3) Breadth / Depth Of Coverage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5b802722-71dd-a13d-2e7e-231e09589efb Implement privileged access for executing vulnerability scanning activities Regulatory Compliance FedRAMP_Moderate_R4 RA-5(5) FedRAMP_Moderate_R4_RA-5(5) FedRAMP Moderate RA-5 (5) Privileged Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ff136354-1c92-76dc-2dab-80fb7c6a9f1a Observe and report security weaknesses Regulatory Compliance FedRAMP_Moderate_R4 RA-5(6) FedRAMP_Moderate_R4_RA-5(6) FedRAMP Moderate RA-5 (6) Automated Trend Analyses FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_Moderate_R4 RA-5(6) FedRAMP_Moderate_R4_RA-5(6) FedRAMP Moderate RA-5 (6) Automated Trend Analyses FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance FedRAMP_Moderate_R4 RA-5(6) FedRAMP_Moderate_R4_RA-5(6) FedRAMP Moderate RA-5 (6) Automated Trend Analyses FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bf883b14-9c19-0f37-8825-5e39a8b66d5b Perform threat modeling Regulatory Compliance FedRAMP_Moderate_R4 RA-5(6) FedRAMP_Moderate_R4_RA-5(6) FedRAMP Moderate RA-5 (6) Automated Trend Analyses FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_Moderate_R4 RA-5(6) FedRAMP_Moderate_R4_RA-5(6) FedRAMP Moderate RA-5 (6) Automated Trend Analyses FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a30bd8e9-7064-312a-0e1f-e1b485d59f6e Review exploit protection events Regulatory Compliance FedRAMP_Moderate_R4 RA-5(8) FedRAMP_Moderate_R4_RA-5(8) FedRAMP Moderate RA-5 (8) Review Historic Audit Logs FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance FedRAMP_Moderate_R4 RA-5(8) FedRAMP_Moderate_R4_RA-5(8) FedRAMP Moderate RA-5 (8) Review Historic Audit Logs FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance FedRAMP_Moderate_R4 RA-5(8) FedRAMP_Moderate_R4_RA-5(8) FedRAMP Moderate RA-5 (8) Review Historic Audit Logs FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance FedRAMP_Moderate_R4 RA-5(8) FedRAMP_Moderate_R4_RA-5(8) FedRAMP Moderate RA-5 (8) Review Historic Audit Logs FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance FedRAMP_Moderate_R4 RA-5(8) FedRAMP_Moderate_R4_RA-5(8) FedRAMP Moderate RA-5 (8) Review Historic Audit Logs FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance FedRAMP_Moderate_R4 RA-5(8) FedRAMP_Moderate_R4_RA-5(8) FedRAMP Moderate RA-5 (8) Review Historic Audit Logs FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance FedRAMP_Moderate_R4 RA-5(8) FedRAMP_Moderate_R4_RA-5(8) FedRAMP Moderate RA-5 (8) Review Historic Audit Logs FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance FedRAMP_Moderate_R4 RA-5(8) FedRAMP_Moderate_R4_RA-5(8) FedRAMP Moderate RA-5 (8) Review Historic Audit Logs FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance FedRAMP_Moderate_R4 RA-5(8) FedRAMP_Moderate_R4_RA-5(8) FedRAMP Moderate RA-5 (8) Review Historic Audit Logs FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance FedRAMP_Moderate_R4 RA-5(8) FedRAMP_Moderate_R4_RA-5(8) FedRAMP Moderate RA-5 (8) Review Historic Audit Logs FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance FedRAMP_Moderate_R4 RA-5(8) FedRAMP_Moderate_R4_RA-5(8) FedRAMP Moderate RA-5 (8) Review Historic Audit Logs FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance FedRAMP_Moderate_R4 RA-5(8) FedRAMP_Moderate_R4_RA-5(8) FedRAMP Moderate RA-5 (8) Review Historic Audit Logs FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance FedRAMP_Moderate_R4 RA-5(8) FedRAMP_Moderate_R4_RA-5(8) FedRAMP Moderate RA-5 (8) Review Historic Audit Logs FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance FedRAMP_Moderate_R4 RA-5(8) FedRAMP_Moderate_R4_RA-5(8) FedRAMP Moderate RA-5 (8) Review Historic Audit Logs FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance FedRAMP_Moderate_R4 RA-5(8) FedRAMP_Moderate_R4_RA-5(8) FedRAMP Moderate RA-5 (8) Review Historic Audit Logs FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 SA-1 FedRAMP_Moderate_R4_SA-1 FedRAMP Moderate SA-1 System And Services Acquisition Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_Moderate_R4 SA-10 FedRAMP_Moderate_R4_SA-10 FedRAMP Moderate SA-10 Developer Configuration Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_Moderate_R4 SA-10 FedRAMP_Moderate_R4_SA-10 FedRAMP Moderate SA-10 Developer Configuration Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance FedRAMP_Moderate_R4 SA-10 FedRAMP_Moderate_R4_SA-10 FedRAMP Moderate SA-10 Developer Configuration Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance FedRAMP_Moderate_R4 SA-10 FedRAMP_Moderate_R4_SA-10 FedRAMP Moderate SA-10 Developer Configuration Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance FedRAMP_Moderate_R4 SA-10 FedRAMP_Moderate_R4_SA-10 FedRAMP Moderate SA-10 Developer Configuration Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance FedRAMP_Moderate_R4 SA-10 FedRAMP_Moderate_R4_SA-10 FedRAMP Moderate SA-10 Developer Configuration Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance FedRAMP_Moderate_R4 SA-10 FedRAMP_Moderate_R4_SA-10 FedRAMP Moderate SA-10 Developer Configuration Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance FedRAMP_Moderate_R4 SA-10 FedRAMP_Moderate_R4_SA-10 FedRAMP Moderate SA-10 Developer Configuration Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance FedRAMP_Moderate_R4 SA-10 FedRAMP_Moderate_R4_SA-10 FedRAMP Moderate SA-10 Developer Configuration Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance FedRAMP_Moderate_R4 SA-10(1) FedRAMP_Moderate_R4_SA-10(1) FedRAMP Moderate SA-10 (1) Software / Firmware Integrity Verification FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_Moderate_R4 SA-11 FedRAMP_Moderate_R4_SA-11 FedRAMP Moderate SA-11 Developer Security Testing And Evaluation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_Moderate_R4 SA-11 FedRAMP_Moderate_R4_SA-11 FedRAMP Moderate SA-11 Developer Security Testing And Evaluation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f8a63511-66f1-503f-196d-d6217ee0823a Require developers to produce evidence of security assessment plan execution Regulatory Compliance FedRAMP_Moderate_R4 SA-11 FedRAMP_Moderate_R4_SA-11 FedRAMP Moderate SA-11 Developer Security Testing And Evaluation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
06af77de-02ca-0f3e-838a-a9420fe466f5 Establish a discrete line item in budgeting documentation Regulatory Compliance FedRAMP_Moderate_R4 SA-2 FedRAMP_Moderate_R4_SA-2 FedRAMP Moderate SA-2 Allocation Of Resources FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership Regulatory Compliance FedRAMP_Moderate_R4 SA-2 FedRAMP_Moderate_R4_SA-2 FedRAMP Moderate SA-2 Allocation Of Resources FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources Regulatory Compliance FedRAMP_Moderate_R4 SA-2 FedRAMP_Moderate_R4_SA-2 FedRAMP Moderate SA-2 Allocation Of Resources FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ab02bb73-4ce1-89dd-3905-d93042809ba0 Align business objectives and IT goals Regulatory Compliance FedRAMP_Moderate_R4 SA-2 FedRAMP_Moderate_R4_SA-2 FedRAMP Moderate SA-2 Allocation Of Resources FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance FedRAMP_Moderate_R4 SA-2 FedRAMP_Moderate_R4_SA-2 FedRAMP Moderate SA-2 Allocation Of Resources FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
90a156a6-49ed-18d1-1052-69aac27c05cd Allocate resources in determining information system requirements Regulatory Compliance FedRAMP_Moderate_R4 SA-2 FedRAMP_Moderate_R4_SA-2 FedRAMP Moderate SA-2 Allocation Of Resources FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance FedRAMP_Moderate_R4 SA-3 FedRAMP_Moderate_R4_SA-3 FedRAMP Moderate SA-3 System Development Life Cycle FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance FedRAMP_Moderate_R4 SA-3 FedRAMP_Moderate_R4_SA-3 FedRAMP Moderate SA-3 System Development Life Cycle FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance FedRAMP_Moderate_R4 SA-3 FedRAMP_Moderate_R4_SA-3 FedRAMP Moderate SA-3 System Development Life Cycle FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance FedRAMP_Moderate_R4 SA-4 FedRAMP_Moderate_R4_SA-4 FedRAMP Moderate SA-4 Acquisition Process FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance FedRAMP_Moderate_R4 SA-4 FedRAMP_Moderate_R4_SA-4 FedRAMP Moderate SA-4 Acquisition Process FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance FedRAMP_Moderate_R4 SA-4 FedRAMP_Moderate_R4_SA-4 FedRAMP Moderate SA-4 Acquisition Process FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance FedRAMP_Moderate_R4 SA-4 FedRAMP_Moderate_R4_SA-4 FedRAMP Moderate SA-4 Acquisition Process FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance FedRAMP_Moderate_R4 SA-4 FedRAMP_Moderate_R4_SA-4 FedRAMP Moderate SA-4 Acquisition Process FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance FedRAMP_Moderate_R4 SA-4 FedRAMP_Moderate_R4_SA-4 FedRAMP Moderate SA-4 Acquisition Process FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance FedRAMP_Moderate_R4 SA-4 FedRAMP_Moderate_R4_SA-4 FedRAMP Moderate SA-4 Acquisition Process FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance FedRAMP_Moderate_R4 SA-4 FedRAMP_Moderate_R4_SA-4 FedRAMP Moderate SA-4 Acquisition Process FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance FedRAMP_Moderate_R4 SA-4 FedRAMP_Moderate_R4_SA-4 FedRAMP Moderate SA-4 Acquisition Process FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance FedRAMP_Moderate_R4 SA-4 FedRAMP_Moderate_R4_SA-4 FedRAMP Moderate SA-4 Acquisition Process FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance FedRAMP_Moderate_R4 SA-4 FedRAMP_Moderate_R4_SA-4 FedRAMP Moderate SA-4 Acquisition Process FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
44b71aa8-099d-8b97-1557-0e853ec38e0d Obtain functional properties of security controls Regulatory Compliance FedRAMP_Moderate_R4 SA-4(1) FedRAMP_Moderate_R4_SA-4(1) FedRAMP Moderate SA-4 (1) Functional Properties Of Security Controls FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8b333332-6efd-7c0d-5a9f-d1eb95105214 Employ FIPS 201-approved technology for PIV Regulatory Compliance FedRAMP_Moderate_R4 SA-4(10) FedRAMP_Moderate_R4_SA-4(10) FedRAMP Moderate SA-4 (10) Use Of Approved Piv Products FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
22a02c9a-49e4-5dc9-0d14-eb35ad717154 Obtain design and implementation information for the security controls Regulatory Compliance FedRAMP_Moderate_R4 SA-4(2) FedRAMP_Moderate_R4_SA-4(2) FedRAMP Moderate SA-4 (2) Design / Implementation Information For Security Controls FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ca6d7878-3189-1833-4620-6c7254ed1607 Obtain continuous monitoring plan for security controls Regulatory Compliance FedRAMP_Moderate_R4 SA-4(8) FedRAMP_Moderate_R4_SA-4(8) FedRAMP Moderate SA-4 (8) Continuous Monitoring Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f6da5cca-5795-60ff-49e1-4972567815fe Require developer to identify SDLC ports, protocols, and services Regulatory Compliance FedRAMP_Moderate_R4 SA-4(9) FedRAMP_Moderate_R4_SA-4(9) FedRAMP Moderate SA-4 (9) Functions / Ports / Protocols / Services In Use FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3f1216b0-30ee-1ac9-3899-63eb744e85f5 Obtain Admin documentation Regulatory Compliance FedRAMP_Moderate_R4 SA-5 FedRAMP_Moderate_R4_SA-5 FedRAMP Moderate SA-5 Information System Documentation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
84a01872-5318-049e-061e-d56734183e84 Distribute information system documentation Regulatory Compliance FedRAMP_Moderate_R4 SA-5 FedRAMP_Moderate_R4_SA-5 FedRAMP Moderate SA-5 Information System Documentation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8c44a0ea-9b09-4d9c-0e91-f9bee3d05bfb Document customer-defined actions Regulatory Compliance FedRAMP_Moderate_R4 SA-5 FedRAMP_Moderate_R4_SA-5 FedRAMP Moderate SA-5 Information System Documentation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
be1c34ab-295a-07a6-785c-36f63c1d223e Obtain user security function documentation Regulatory Compliance FedRAMP_Moderate_R4 SA-5 FedRAMP_Moderate_R4_SA-5 FedRAMP Moderate SA-5 Information System Documentation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
09960521-759e-5d12-086f-4192a72a5e92 Protect administrator and user documentation Regulatory Compliance FedRAMP_Moderate_R4 SA-5 FedRAMP_Moderate_R4_SA-5 FedRAMP Moderate SA-5 Information System Documentation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance FedRAMP_Moderate_R4 SA-9 FedRAMP_Moderate_R4_SA-9 FedRAMP Moderate SA-9 External Information System Services FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance FedRAMP_Moderate_R4 SA-9 FedRAMP_Moderate_R4_SA-9 FedRAMP Moderate SA-9 External Information System Services FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance FedRAMP_Moderate_R4 SA-9 FedRAMP_Moderate_R4_SA-9 FedRAMP Moderate SA-9 External Information System Services FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance FedRAMP_Moderate_R4 SA-9 FedRAMP_Moderate_R4_SA-9 FedRAMP Moderate SA-9 External Information System Services FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance FedRAMP_Moderate_R4 SA-9(1) FedRAMP_Moderate_R4_SA-9(1) FedRAMP Moderate SA-9 (1) Risk Assessments / Organizational Approvals FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
92b94485-1c49-3350-9ada-dffe94f08e87 Obtain approvals for acquisitions and outsourcing Regulatory Compliance FedRAMP_Moderate_R4 SA-9(1) FedRAMP_Moderate_R4_SA-9(1) FedRAMP Moderate SA-9 (1) Risk Assessments / Organizational Approvals FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance FedRAMP_Moderate_R4 SA-9(2) FedRAMP_Moderate_R4_SA-9(2) FedRAMP Moderate SA-9 (2) Identification Of Functions / Ports / Protocols / Services FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3eabed6d-1912-2d3c-858b-f438d08d0412 Ensure external providers consistently meet interests of the customers Regulatory Compliance FedRAMP_Moderate_R4 SA-9(4) FedRAMP_Moderate_R4_SA-9(4) FedRAMP Moderate SA-9 (4) Consistent Interests Of Consumers And Providers FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0040d2e5-2779-170d-6a2c-1f5fca353335 Restrict location of information processing, storage and services Regulatory Compliance FedRAMP_Moderate_R4 SA-9(5) FedRAMP_Moderate_R4_SA-9(5) FedRAMP Moderate SA-9 (5) Processing, Storage, And Service Location FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 SC-1 FedRAMP_Moderate_R4_SC-1 FedRAMP Moderate SC-1 System And Communications Protection Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance FedRAMP_Moderate_R4 SC-10 FedRAMP_Moderate_R4_SC-10 FedRAMP Moderate SC-10 Network Disconnect FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5 Logic Apps Integration Service Environment should be encrypted with customer-managed keys Logic Apps FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
51522a96-0869-4791-82f3-981000c2c67f Bot Service should be encrypted with a customer-managed key Bot Service FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
86efb160-8de7-451d-bc08-5d475b0aadae Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password Data Box FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4ec52d6d-beb7-40c4-9a9e-fe753254690e Azure data factories should be encrypted with a customer-managed key Data Factory FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
64d314f6-6062-4780-a861-c23e8951bee5 Azure HDInsight clusters should use customer-managed keys to encrypt data at rest HDInsight FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6 Azure HDInsight clusters should use encryption at host to encrypt data at rest HDInsight FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fa298e57-9444-42ba-bf04-86e8470e32c7 Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption Monitoring FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Azure AI Services resources should encrypt data at rest with a customer-managed key (CMK) Cognitive Services FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
702dd420-7fcc-42c5-afe8-4026edd20fe0 OS and data disks should be encrypted with a customer-managed key Compute FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
970f84d8-71b6-4091-9979-ace7e3fb6dbb HPC Cache accounts should use customer-managed key for encryption Storage FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
99e9ccd8-3db9-4592-b0d1-14b1715a4d8a Azure Batch account should use customer-managed keys to encrypt data Batch FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1f68a601-6e6d-4e42-babf-3f643a047ea2 Azure Monitor Logs clusters should be encrypted with customer-managed key Monitoring FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f7d52b2d-e161-4dfa-a82b-55e564167385 Azure Synapse workspaces should use customer-managed keys to encrypt data at rest Synapse FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a1ad735a-e96f-45d2-a7b2-9a4932cab7ec Event Hub namespaces should use a customer-managed key for encryption Event Hub FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys Kubernetes FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
295fc8b1-dc9f-4f53-9c61-3f313ceab40a Service Bus Premium namespaces should use a customer-managed key for encryption Service Bus FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
16c54e01-9e65-7524-7c33-beda48a75779 Produce, control and distribute symmetric cryptographic keys Regulatory Compliance FedRAMP_Moderate_R4 SC-12(2) FedRAMP_Moderate_R4_SC-12(2) FedRAMP Moderate SC-12 (2) Symmetric Keys FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance FedRAMP_Moderate_R4 SC-12(3) FedRAMP_Moderate_R4_SC-12(3) FedRAMP Moderate SC-12 (3) Asymmetric Keys FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance FedRAMP_Moderate_R4 SC-13 FedRAMP_Moderate_R4_SC-13 FedRAMP Moderate SC-13 Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
62fa14f0-4cbe-762d-5469-0899a99b98aa Explicitly notify use of collaborative computing devices Regulatory Compliance FedRAMP_Moderate_R4 SC-15 FedRAMP_Moderate_R4_SC-15 FedRAMP Moderate SC-15 Collaborative Computing Devices FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
678ca228-042d-6d8e-a598-c58d5670437d Prohibit remote activation of collaborative computing devices Regulatory Compliance FedRAMP_Moderate_R4 SC-15 FedRAMP_Moderate_R4_SC-15 FedRAMP Moderate SC-15 Collaborative Computing Devices FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance FedRAMP_Moderate_R4 SC-17 FedRAMP_Moderate_R4_SC-17 FedRAMP Moderate SC-17 Public Key Infrastructure Certificates FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ffdaa742-0d6f-726f-3eac-6e6c34e36c93 Establish usage restrictions for mobile code technologies Regulatory Compliance FedRAMP_Moderate_R4 SC-18 FedRAMP_Moderate_R4_SC-18 FedRAMP Moderate SC-18 Mobile Code FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance FedRAMP_Moderate_R4 SC-18 FedRAMP_Moderate_R4_SC-18 FedRAMP Moderate SC-18 Mobile Code FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
291f20d4-8d93-1d73-89f3-6ce28b825563 Authorize, monitor, and control usage of mobile code technologies Regulatory Compliance FedRAMP_Moderate_R4 SC-18 FedRAMP_Moderate_R4_SC-18 FedRAMP Moderate SC-18 Mobile Code FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
68a39c2b-0f17-69ee-37a3-aa10f9853a08 Establish voip usage restrictions Regulatory Compliance FedRAMP_Moderate_R4 SC-19 FedRAMP_Moderate_R4_SC-19 FedRAMP Moderate SC-19 Voice Over Internet Protocol FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance FedRAMP_Moderate_R4 SC-19 FedRAMP_Moderate_R4_SC-19 FedRAMP Moderate SC-19 Voice Over Internet Protocol FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance FedRAMP_Moderate_R4 SC-2 FedRAMP_Moderate_R4_SC-2 FedRAMP Moderate SC-2 Application Partitioning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance FedRAMP_Moderate_R4 SC-2 FedRAMP_Moderate_R4_SC-2 FedRAMP Moderate SC-2 Application Partitioning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance FedRAMP_Moderate_R4 SC-2 FedRAMP_Moderate_R4_SC-2 FedRAMP Moderate SC-2 Application Partitioning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance FedRAMP_Moderate_R4 SC-20 FedRAMP_Moderate_R4_SC-20 FedRAMP Moderate SC-20 Secure Name / Address Resolution Service (Authoritative Source) FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance FedRAMP_Moderate_R4 SC-20 FedRAMP_Moderate_R4_SC-20 FedRAMP Moderate SC-20 Secure Name / Address Resolution Service (Authoritative Source) FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance FedRAMP_Moderate_R4 SC-21 FedRAMP_Moderate_R4_SC-21 FedRAMP Moderate SC-21 Secure Name /Address Resolution Service (Recursive Or Caching Resolver) FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance FedRAMP_Moderate_R4 SC-21 FedRAMP_Moderate_R4_SC-21 FedRAMP Moderate SC-21 Secure Name /Address Resolution Service (Recursive Or Caching Resolver) FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance FedRAMP_Moderate_R4 SC-22 FedRAMP_Moderate_R4_SC-22 FedRAMP Moderate SC-22 Architecture And Provisioning For Name/Address Resolution Service FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance FedRAMP_Moderate_R4 SC-23 FedRAMP_Moderate_R4_SC-23 FedRAMP Moderate SC-23 Session Authenticity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c7d57a6a-7cc2-66c0-299f-83bf90558f5d Enforce random unique session identifiers Regulatory Compliance FedRAMP_Moderate_R4 SC-23 FedRAMP_Moderate_R4_SC-23 FedRAMP Moderate SC-23 Session Authenticity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Double encryption should be enabled on Azure Data Explorer Azure Data Explorer FedRAMP_Moderate_R4 SC-28 FedRAMP_Moderate_R4_SC-28 FedRAMP Moderate SC-28 Protection Of Information At Rest FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance FedRAMP_Moderate_R4 SC-28 FedRAMP_Moderate_R4_SC-28 FedRAMP Moderate SC-28 Protection Of Information At Rest FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance FedRAMP_Moderate_R4 SC-28 FedRAMP_Moderate_R4_SC-28 FedRAMP Moderate SC-28 Protection Of Information At Rest FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fb74e86f-d351-4b8d-b034-93da7391c01f App Service Environment should have internal encryption enabled App Service FedRAMP_Moderate_R4 SC-28 FedRAMP_Moderate_R4_SC-28 FedRAMP Moderate SC-28 Protection Of Information At Rest FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL FedRAMP_Moderate_R4 SC-28 FedRAMP_Moderate_R4_SC-28 FedRAMP Moderate SC-28 Protection Of Information At Rest FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric FedRAMP_Moderate_R4 SC-28 FedRAMP_Moderate_R4_SC-28 FedRAMP Moderate SC-28 Protection Of Information At Rest FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
41425d9f-d1a5-499a-9932-f8ed8453932c Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host Kubernetes FedRAMP_Moderate_R4 SC-28 FedRAMP_Moderate_R4_SC-28 FedRAMP Moderate SC-28 Protection Of Information At Rest FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute FedRAMP_Moderate_R4 SC-28 FedRAMP_Moderate_R4_SC-28 FedRAMP Moderate SC-28 Protection Of Information At Rest FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage FedRAMP_Moderate_R4 SC-28 FedRAMP_Moderate_R4_SC-28 FedRAMP Moderate SC-28 Protection Of Information At Rest FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL FedRAMP_Moderate_R4 SC-28 FedRAMP_Moderate_R4_SC-28 FedRAMP Moderate SC-28 Protection Of Information At Rest FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3a58212a-c829-4f13-9872-6371df2fd0b4 Infrastructure encryption should be enabled for Azure Database for MySQL servers SQL FedRAMP_Moderate_R4 SC-28 FedRAMP_Moderate_R4_SC-28 FedRAMP Moderate SC-28 Protection Of Information At Rest FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ea0dfaed-95fb-448c-934e-d6e713ce393d Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) Monitoring FedRAMP_Moderate_R4 SC-28 FedRAMP_Moderate_R4_SC-28 FedRAMP Moderate SC-28 Protection Of Information At Rest FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b4ac1030-89c5-4697-8e00-28b5ba6a8811 Azure Stack Edge devices should use double-encryption Azure Stack Edge FedRAMP_Moderate_R4 SC-28 FedRAMP_Moderate_R4_SC-28 FedRAMP Moderate SC-28 Protection Of Information At Rest FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation FedRAMP_Moderate_R4 SC-28 FedRAMP_Moderate_R4_SC-28 FedRAMP Moderate SC-28 Protection Of Information At Rest FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c349d81b-9985-44ae-a8da-ff98d108ede8 Azure Data Box jobs should enable double encryption for data at rest on the device Data Box FedRAMP_Moderate_R4 SC-28 FedRAMP_Moderate_R4_SC-28 FedRAMP Moderate SC-28 Protection Of Information At Rest FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer FedRAMP_Moderate_R4 SC-28 FedRAMP_Moderate_R4_SC-28 FedRAMP Moderate SC-28 Protection Of Information At Rest FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance FedRAMP_Moderate_R4 SC-28(1) FedRAMP_Moderate_R4_SC-28(1) FedRAMP Moderate SC-28 (1) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fb74e86f-d351-4b8d-b034-93da7391c01f App Service Environment should have internal encryption enabled App Service FedRAMP_Moderate_R4 SC-28(1) FedRAMP_Moderate_R4_SC-28(1) FedRAMP Moderate SC-28 (1) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL FedRAMP_Moderate_R4 SC-28(1) FedRAMP_Moderate_R4_SC-28(1) FedRAMP Moderate SC-28 (1) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage FedRAMP_Moderate_R4 SC-28(1) FedRAMP_Moderate_R4_SC-28(1) FedRAMP Moderate SC-28 (1) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute FedRAMP_Moderate_R4 SC-28(1) FedRAMP_Moderate_R4_SC-28(1) FedRAMP Moderate SC-28 (1) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_Moderate_R4 SC-28(1) FedRAMP_Moderate_R4_SC-28(1) FedRAMP Moderate SC-28 (1) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer FedRAMP_Moderate_R4 SC-28(1) FedRAMP_Moderate_R4_SC-28(1) FedRAMP Moderate SC-28 (1) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3a58212a-c829-4f13-9872-6371df2fd0b4 Infrastructure encryption should be enabled for Azure Database for MySQL servers SQL FedRAMP_Moderate_R4 SC-28(1) FedRAMP_Moderate_R4_SC-28(1) FedRAMP Moderate SC-28 (1) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
41425d9f-d1a5-499a-9932-f8ed8453932c Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host Kubernetes FedRAMP_Moderate_R4 SC-28(1) FedRAMP_Moderate_R4_SC-28(1) FedRAMP Moderate SC-28 (1) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric FedRAMP_Moderate_R4 SC-28(1) FedRAMP_Moderate_R4_SC-28(1) FedRAMP Moderate SC-28 (1) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL FedRAMP_Moderate_R4 SC-28(1) FedRAMP_Moderate_R4_SC-28(1) FedRAMP Moderate SC-28 (1) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c349d81b-9985-44ae-a8da-ff98d108ede8 Azure Data Box jobs should enable double encryption for data at rest on the device Data Box FedRAMP_Moderate_R4 SC-28(1) FedRAMP_Moderate_R4_SC-28(1) FedRAMP Moderate SC-28 (1) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Double encryption should be enabled on Azure Data Explorer Azure Data Explorer FedRAMP_Moderate_R4 SC-28(1) FedRAMP_Moderate_R4_SC-28(1) FedRAMP Moderate SC-28 (1) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b4ac1030-89c5-4697-8e00-28b5ba6a8811 Azure Stack Edge devices should use double-encryption Azure Stack Edge FedRAMP_Moderate_R4 SC-28(1) FedRAMP_Moderate_R4_SC-28(1) FedRAMP Moderate SC-28 (1) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ea0dfaed-95fb-448c-934e-d6e713ce393d Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) Monitoring FedRAMP_Moderate_R4 SC-28(1) FedRAMP_Moderate_R4_SC-28(1) FedRAMP Moderate SC-28 (1) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation FedRAMP_Moderate_R4 SC-28(1) FedRAMP_Moderate_R4_SC-28(1) FedRAMP Moderate SC-28 (1) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bfc540fe-376c-2eef-4355-121312fa4437 Maintain separate execution domains for running processes Regulatory Compliance FedRAMP_Moderate_R4 SC-39 FedRAMP_Moderate_R4_SC-39 FedRAMP Moderate SC-39 Process Isolation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network FedRAMP_Moderate_R4 SC-5 FedRAMP_Moderate_R4_SC-5 FedRAMP Moderate SC-5 Denial Of Service Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center FedRAMP_Moderate_R4 SC-5 FedRAMP_Moderate_R4_SC-5 FedRAMP Moderate SC-5 Denial Of Service Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b7306e73-0494-83a2-31f5-280e934a8f70 Develop and document a DDoS response plan Regulatory Compliance FedRAMP_Moderate_R4 SC-5 FedRAMP_Moderate_R4_SC-5 FedRAMP Moderate SC-5 Denial Of Service Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center FedRAMP_Moderate_R4 SC-5 FedRAMP_Moderate_R4_SC-5 FedRAMP Moderate SC-5 Denial Of Service Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network FedRAMP_Moderate_R4 SC-5 FedRAMP_Moderate_R4_SC-5 FedRAMP Moderate SC-5 Denial Of Service Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
edcc36f1-511b-81e0-7125-abee29752fe7 Manage availability and capacity Regulatory Compliance FedRAMP_Moderate_R4 SC-6 FedRAMP_Moderate_R4_SC-6 FedRAMP Moderate SC-6 Resource Availability FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership Regulatory Compliance FedRAMP_Moderate_R4 SC-6 FedRAMP_Moderate_R4_SC-6 FedRAMP Moderate SC-6 Resource Availability FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources Regulatory Compliance FedRAMP_Moderate_R4 SC-6 FedRAMP_Moderate_R4_SC-6 FedRAMP Moderate SC-6 Resource Availability FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure AI Search services should disable public network access Search FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance FedRAMP_Moderate_R4 SC-7(12) FedRAMP_Moderate_R4_SC-7(12) FedRAMP Moderate SC-7 (12) Host-Based Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
dd6d00a8-701a-5935-a22b-c7b9c0c698b2 Isolate SecurID systems, Security Incident Management systems Regulatory Compliance FedRAMP_Moderate_R4 SC-7(13) FedRAMP_Moderate_R4_SC-7(13) FedRAMP Moderate SC-7 (13) Isolation Of Security Tools / Mechanisms / Support Components FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
df54d34f-65f3-39f1-103c-a0464b8615df Manage transfers between standby and active system components Regulatory Compliance FedRAMP_Moderate_R4 SC-7(18) FedRAMP_Moderate_R4_SC-7(18) FedRAMP Moderate SC-7 (18) Fail Secure FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance FedRAMP_Moderate_R4 SC-7(18) FedRAMP_Moderate_R4_SC-7(18) FedRAMP Moderate SC-7 (18) Fail Secure FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure AI Search services should disable public network access Search FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance FedRAMP_Moderate_R4 SC-7(4) FedRAMP_Moderate_R4_SC-7(4) FedRAMP Moderate SC-7 (4) External Telecommunications Services FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance FedRAMP_Moderate_R4 SC-7(4) FedRAMP_Moderate_R4_SC-7(4) FedRAMP Moderate SC-7 (4) External Telecommunications Services FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance FedRAMP_Moderate_R4 SC-7(4) FedRAMP_Moderate_R4_SC-7(4) FedRAMP Moderate SC-7 (4) External Telecommunications Services FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance FedRAMP_Moderate_R4 SC-7(7) FedRAMP_Moderate_R4_SC-7(7) FedRAMP Moderate SC-7 (7) Prevent Split Tunneling For Remote Devices FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d91558ce-5a5c-551b-8fbb-83f793255e09 Route traffic through authenticated proxy network Regulatory Compliance FedRAMP_Moderate_R4 SC-7(8) FedRAMP_Moderate_R4_SC-7(8) FedRAMP Moderate SC-7 (8) Route Traffic To Authenticated Proxy Servers FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d9da03a1-f3c3-412a-9709-947156872263 Azure HDInsight clusters should use encryption in transit to encrypt communication between Azure HDInsight cluster nodes HDInsight FedRAMP_Moderate_R4 SC-8 FedRAMP_Moderate_R4_SC-8 FedRAMP Moderate SC-8 Transmission Confidentiality And Integrity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration FedRAMP_Moderate_R4 SC-8 FedRAMP_Moderate_R4_SC-8 FedRAMP Moderate SC-8 Transmission Confidentiality And Integrity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service FedRAMP_Moderate_R4 SC-8 FedRAMP_Moderate_R4_SC-8 FedRAMP Moderate SC-8 Transmission Confidentiality And Integrity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service FedRAMP_Moderate_R4 SC-8 FedRAMP_Moderate_R4_SC-8 FedRAMP Moderate SC-8 Transmission Confidentiality And Integrity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service FedRAMP_Moderate_R4 SC-8 FedRAMP_Moderate_R4_SC-8 FedRAMP Moderate SC-8 Transmission Confidentiality And Integrity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance FedRAMP_Moderate_R4 SC-8 FedRAMP_Moderate_R4_SC-8 FedRAMP Moderate SC-8 Transmission Confidentiality And Integrity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance FedRAMP_Moderate_R4 SC-8 FedRAMP_Moderate_R4_SC-8 FedRAMP Moderate SC-8 Transmission Confidentiality And Integrity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL FedRAMP_Moderate_R4 SC-8 FedRAMP_Moderate_R4_SC-8 FedRAMP Moderate SC-8 Transmission Confidentiality And Integrity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes FedRAMP_Moderate_R4 SC-8 FedRAMP_Moderate_R4_SC-8 FedRAMP Moderate SC-8 Transmission Confidentiality And Integrity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service FedRAMP_Moderate_R4 SC-8 FedRAMP_Moderate_R4_SC-8 FedRAMP Moderate SC-8 Transmission Confidentiality And Integrity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service FedRAMP_Moderate_R4 SC-8 FedRAMP_Moderate_R4_SC-8 FedRAMP Moderate SC-8 Transmission Confidentiality And Integrity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service FedRAMP_Moderate_R4 SC-8 FedRAMP_Moderate_R4_SC-8 FedRAMP Moderate SC-8 Transmission Confidentiality And Integrity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage FedRAMP_Moderate_R4 SC-8 FedRAMP_Moderate_R4_SC-8 FedRAMP Moderate SC-8 Transmission Confidentiality And Integrity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache FedRAMP_Moderate_R4 SC-8 FedRAMP_Moderate_R4_SC-8 FedRAMP Moderate SC-8 Transmission Confidentiality And Integrity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL FedRAMP_Moderate_R4 SC-8 FedRAMP_Moderate_R4_SC-8 FedRAMP Moderate SC-8 Transmission Confidentiality And Integrity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage FedRAMP_Moderate_R4 SC-8(1) FedRAMP_Moderate_R4_SC-8(1) FedRAMP Moderate SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service FedRAMP_Moderate_R4 SC-8(1) FedRAMP_Moderate_R4_SC-8(1) FedRAMP Moderate SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service FedRAMP_Moderate_R4 SC-8(1) FedRAMP_Moderate_R4_SC-8(1) FedRAMP Moderate SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service FedRAMP_Moderate_R4 SC-8(1) FedRAMP_Moderate_R4_SC-8(1) FedRAMP Moderate SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL FedRAMP_Moderate_R4 SC-8(1) FedRAMP_Moderate_R4_SC-8(1) FedRAMP Moderate SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL FedRAMP_Moderate_R4 SC-8(1) FedRAMP_Moderate_R4_SC-8(1) FedRAMP Moderate SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service FedRAMP_Moderate_R4 SC-8(1) FedRAMP_Moderate_R4_SC-8(1) FedRAMP Moderate SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance FedRAMP_Moderate_R4 SC-8(1) FedRAMP_Moderate_R4_SC-8(1) FedRAMP Moderate SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service FedRAMP_Moderate_R4 SC-8(1) FedRAMP_Moderate_R4_SC-8(1) FedRAMP Moderate SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache FedRAMP_Moderate_R4 SC-8(1) FedRAMP_Moderate_R4_SC-8(1) FedRAMP Moderate SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d9da03a1-f3c3-412a-9709-947156872263 Azure HDInsight clusters should use encryption in transit to encrypt communication between Azure HDInsight cluster nodes HDInsight FedRAMP_Moderate_R4 SC-8(1) FedRAMP_Moderate_R4_SC-8(1) FedRAMP Moderate SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes FedRAMP_Moderate_R4 SC-8(1) FedRAMP_Moderate_R4_SC-8(1) FedRAMP Moderate SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration FedRAMP_Moderate_R4 SC-8(1) FedRAMP_Moderate_R4_SC-8(1) FedRAMP Moderate SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service FedRAMP_Moderate_R4 SC-8(1) FedRAMP_Moderate_R4_SC-8(1) FedRAMP Moderate SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 SI-1 FedRAMP_Moderate_R4_SI-1 FedRAMP Moderate SI-1 System And Information Integrity Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8b1f29eb-1b22-4217-5337-9207cb55231e Perform information input validation Regulatory Compliance FedRAMP_Moderate_R4 SI-10 FedRAMP_Moderate_R4_SI-10 FedRAMP Moderate SI-10 Information Input Validation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
20762f1e-85fb-31b0-a600-e833633f10fe Reveal error messages Regulatory Compliance FedRAMP_Moderate_R4 SI-11 FedRAMP_Moderate_R4_SI-11 FedRAMP Moderate SI-11 Error Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c2cb4658-44dc-9d11-3dad-7c6802dd5ba3 Generate error messages Regulatory Compliance FedRAMP_Moderate_R4 SI-11 FedRAMP_Moderate_R4_SI-11 FedRAMP Moderate SI-11 Error Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance FedRAMP_Moderate_R4 SI-12 FedRAMP_Moderate_R4_SI-12 FedRAMP Moderate SI-12 Information Handling And Retention FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance FedRAMP_Moderate_R4 SI-12 FedRAMP_Moderate_R4_SI-12 FedRAMP Moderate SI-12 Information Handling And Retention FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance FedRAMP_Moderate_R4 SI-12 FedRAMP_Moderate_R4_SI-12 FedRAMP Moderate SI-12 Information Handling And Retention FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_Moderate_R4 SI-16 FedRAMP_Moderate_R4_SI-16 FedRAMP Moderate SI-16 Memory Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration FedRAMP_Moderate_R4 SI-16 FedRAMP_Moderate_R4_SI-16 FedRAMP Moderate SI-16 Memory Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a90c4d44-7fac-8e02-6d5b-0d92046b20e6 Automate flaw remediation Regulatory Compliance FedRAMP_Moderate_R4 SI-2(2) FedRAMP_Moderate_R4_SI-2(2) FedRAMP Moderate SI-2 (2) Automated Flaw Remediation Status FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_Moderate_R4 SI-2(2) FedRAMP_Moderate_R4_SI-2(2) FedRAMP Moderate SI-2 (2) Automated Flaw Remediation Status FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
dad1887d-161b-7b61-2e4d-5124a7b5724e Measure the time between flaw identification and flaw remediation Regulatory Compliance FedRAMP_Moderate_R4 SI-2(3) FedRAMP_Moderate_R4_SI-2(3) FedRAMP Moderate SI-2 (3) Time To Remediate Flaws / Benchmarks For Corrective Actions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
dd2523d5-2db3-642b-a1cf-83ac973b32c2 Establish benchmarks for flaw remediation Regulatory Compliance FedRAMP_Moderate_R4 SI-2(3) FedRAMP_Moderate_R4_SI-2(3) FedRAMP Moderate SI-2 (3) Time To Remediate Flaws / Benchmarks For Corrective Actions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration FedRAMP_Moderate_R4 SI-3 FedRAMP_Moderate_R4_SI-3 FedRAMP Moderate SI-3 Malicious Code Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_Moderate_R4 SI-3 FedRAMP_Moderate_R4_SI-3 FedRAMP Moderate SI-3 Malicious Code Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance FedRAMP_Moderate_R4 SI-3 FedRAMP_Moderate_R4_SI-3 FedRAMP Moderate SI-3 Malicious Code Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance FedRAMP_Moderate_R4 SI-3 FedRAMP_Moderate_R4_SI-3 FedRAMP Moderate SI-3 Malicious Code Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_Moderate_R4 SI-3 FedRAMP_Moderate_R4_SI-3 FedRAMP Moderate SI-3 Malicious Code Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance FedRAMP_Moderate_R4 SI-3 FedRAMP_Moderate_R4_SI-3 FedRAMP Moderate SI-3 Malicious Code Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance FedRAMP_Moderate_R4 SI-3 FedRAMP_Moderate_R4_SI-3 FedRAMP Moderate SI-3 Malicious Code Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance FedRAMP_Moderate_R4 SI-3 FedRAMP_Moderate_R4_SI-3 FedRAMP Moderate SI-3 Malicious Code Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance FedRAMP_Moderate_R4 SI-3 FedRAMP_Moderate_R4_SI-3 FedRAMP Moderate SI-3 Malicious Code Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance FedRAMP_Moderate_R4 SI-3(1) FedRAMP_Moderate_R4_SI-3(1) FedRAMP Moderate SI-3 (1) Central Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance FedRAMP_Moderate_R4 SI-3(1) FedRAMP_Moderate_R4_SI-3(1) FedRAMP Moderate SI-3 (1) Central Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance FedRAMP_Moderate_R4 SI-3(1) FedRAMP_Moderate_R4_SI-3(1) FedRAMP Moderate SI-3 (1) Central Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_Moderate_R4 SI-3(1) FedRAMP_Moderate_R4_SI-3(1) FedRAMP Moderate SI-3 (1) Central Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance FedRAMP_Moderate_R4 SI-3(1) FedRAMP_Moderate_R4_SI-3(1) FedRAMP Moderate SI-3 (1) Central Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration FedRAMP_Moderate_R4 SI-3(1) FedRAMP_Moderate_R4_SI-3(1) FedRAMP Moderate SI-3 (1) Central Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_Moderate_R4 SI-3(1) FedRAMP_Moderate_R4_SI-3(1) FedRAMP Moderate SI-3 (1) Central Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance FedRAMP_Moderate_R4 SI-3(1) FedRAMP_Moderate_R4_SI-3(1) FedRAMP Moderate SI-3 (1) Central Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance FedRAMP_Moderate_R4 SI-3(2) FedRAMP_Moderate_R4_SI-3(2) FedRAMP Moderate SI-3 (2) Automatic Updates FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance FedRAMP_Moderate_R4 SI-3(2) FedRAMP_Moderate_R4_SI-3(2) FedRAMP Moderate SI-3 (2) Automatic Updates FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance FedRAMP_Moderate_R4 SI-3(2) FedRAMP_Moderate_R4_SI-3(2) FedRAMP Moderate SI-3 (2) Automatic Updates FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance FedRAMP_Moderate_R4 SI-3(2) FedRAMP_Moderate_R4_SI-3(2) FedRAMP Moderate SI-3 (2) Automatic Updates FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_Moderate_R4 SI-3(2) FedRAMP_Moderate_R4_SI-3(2) FedRAMP Moderate SI-3 (2) Automatic Updates FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance FedRAMP_Moderate_R4 SI-3(2) FedRAMP_Moderate_R4_SI-3(2) FedRAMP Moderate SI-3 (2) Automatic Updates FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance FedRAMP_Moderate_R4 SI-3(7) FedRAMP_Moderate_R4_SI-3(7) FedRAMP Moderate SI-3 (7) Nonsignature-Based Detection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance FedRAMP_Moderate_R4 SI-3(7) FedRAMP_Moderate_R4_SI-3(7) FedRAMP Moderate SI-3 (7) Nonsignature-Based Detection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_Moderate_R4 SI-3(7) FedRAMP_Moderate_R4_SI-3(7) FedRAMP Moderate SI-3 (7) Nonsignature-Based Detection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance FedRAMP_Moderate_R4 SI-3(7) FedRAMP_Moderate_R4_SI-3(7) FedRAMP Moderate SI-3 (7) Nonsignature-Based Detection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance FedRAMP_Moderate_R4 SI-3(7) FedRAMP_Moderate_R4_SI-3(7) FedRAMP Moderate SI-3 (7) Nonsignature-Based Detection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance FedRAMP_Moderate_R4 SI-3(7) FedRAMP_Moderate_R4_SI-3(7) FedRAMP Moderate SI-3 (7) Nonsignature-Based Detection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d9af7f88-686a-5a8b-704b-eafdab278977 Obtain legal opinion for monitoring system activities Regulatory Compliance FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7fc1f0da-0050-19bb-3d75-81ae15940df6 Provide monitoring information as needed Regulatory Compliance FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls Regulatory Compliance FedRAMP_Moderate_R4 SI-4(14) FedRAMP_Moderate_R4_SI-4(14) FedRAMP Moderate SI-4 (14) Wireless Intrusion Detection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance FedRAMP_Moderate_R4 SI-4(2) FedRAMP_Moderate_R4_SI-4(2) FedRAMP Moderate SI-4 (2) Automated Tools For Real-Time Analysis FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance FedRAMP_Moderate_R4 SI-4(2) FedRAMP_Moderate_R4_SI-4(2) FedRAMP Moderate SI-4 (2) Automated Tools For Real-Time Analysis FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance FedRAMP_Moderate_R4 SI-4(4) FedRAMP_Moderate_R4_SI-4(4) FedRAMP Moderate SI-4 (4) Inbound And Outbound Communications Traffic FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance FedRAMP_Moderate_R4 SI-4(4) FedRAMP_Moderate_R4_SI-4(4) FedRAMP Moderate SI-4 (4) Inbound And Outbound Communications Traffic FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance FedRAMP_Moderate_R4 SI-4(4) FedRAMP_Moderate_R4_SI-4(4) FedRAMP Moderate SI-4 (4) Inbound And Outbound Communications Traffic FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance FedRAMP_Moderate_R4 SI-4(4) FedRAMP_Moderate_R4_SI-4(4) FedRAMP Moderate SI-4 (4) Inbound And Outbound Communications Traffic FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance FedRAMP_Moderate_R4 SI-4(5) FedRAMP_Moderate_R4_SI-4(5) FedRAMP Moderate SI-4 (5) System-Generated Alerts FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance FedRAMP_Moderate_R4 SI-4(5) FedRAMP_Moderate_R4_SI-4(5) FedRAMP Moderate SI-4 (5) System-Generated Alerts FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance FedRAMP_Moderate_R4 SI-4(5) FedRAMP_Moderate_R4_SI-4(5) FedRAMP Moderate SI-4 (5) System-Generated Alerts FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
26d178a4-9261-6f04-a100-47ed85314c6e Implement security directives Regulatory Compliance FedRAMP_Moderate_R4 SI-5 FedRAMP_Moderate_R4_SI-5 FedRAMP Moderate SI-5 Security Alerts, Advisories, And Directives FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Disseminate security alerts to personnel Regulatory Compliance FedRAMP_Moderate_R4 SI-5 FedRAMP_Moderate_R4_SI-5 FedRAMP Moderate SI-5 Security Alerts, Advisories, And Directives FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b0e3035d-6366-2e37-796e-8bcab9c649e6 Establish a threat intelligence program Regulatory Compliance FedRAMP_Moderate_R4 SI-5 FedRAMP_Moderate_R4_SI-5 FedRAMP Moderate SI-5 Security Alerts, Advisories, And Directives FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
171e377b-5224-4a97-1eaa-62a3b5231dac Generate internal security alerts Regulatory Compliance FedRAMP_Moderate_R4 SI-5 FedRAMP_Moderate_R4_SI-5 FedRAMP Moderate SI-5 Security Alerts, Advisories, And Directives FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f30edfad-4e1d-1eef-27ee-9292d6d89842 Perform security function verification at a defined frequency Regulatory Compliance FedRAMP_Moderate_R4 SI-6 FedRAMP_Moderate_R4_SI-6 FedRAMP Moderate SI-6 Security Function Verification FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
18e9d748-73d4-0c96-55ab-b108bfbd5bc3 Notify personnel of any failed security verification tests Regulatory Compliance FedRAMP_Moderate_R4 SI-6 FedRAMP_Moderate_R4_SI-6 FedRAMP Moderate SI-6 Security Function Verification FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2 Create alternative actions for identified anomalies Regulatory Compliance FedRAMP_Moderate_R4 SI-6 FedRAMP_Moderate_R4_SI-6 FedRAMP Moderate SI-6 Security Function Verification FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ece8bb17-4080-5127-915f-dc7267ee8549 Verify security functions Regulatory Compliance FedRAMP_Moderate_R4 SI-6 FedRAMP_Moderate_R4_SI-6 FedRAMP Moderate SI-6 Security Function Verification FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance FedRAMP_Moderate_R4 SI-7 FedRAMP_Moderate_R4_SI-7 FedRAMP Moderate SI-7 Software, Firmware, And Information Integrity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance FedRAMP_Moderate_R4 SI-7(1) FedRAMP_Moderate_R4_SI-7(1) FedRAMP Moderate SI-7 (1) Integrity Checks FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance FedRAMP_Moderate_R4 SI-7(1) FedRAMP_Moderate_R4_SI-7(1) FedRAMP Moderate SI-7 (1) Integrity Checks FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center FFIEC_CAT_2017 1.2.2 FFIEC_CAT_2017_1.2.2 FFIEC CAT 2017 1.2.2 Risk Assessment FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FFIEC_CAT_2017 1.2.3 FFIEC_CAT_2017_1.2.3 FFIEC CAT 2017 1.2.3 Audit FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FFIEC_CAT_2017 1.2.3 FFIEC_CAT_2017_1.2.3 FFIEC CAT 2017 1.2.3 Audit FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FFIEC_CAT_2017 1.2.3 FFIEC_CAT_2017_1.2.3 FFIEC CAT 2017 1.2.3 Audit FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes FFIEC_CAT_2017 1.2.3 FFIEC_CAT_2017_1.2.3 FFIEC CAT 2017 1.2.3 Audit FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center FFIEC_CAT_2017 1.2.3 FFIEC_CAT_2017_1.2.3 FFIEC CAT 2017 1.2.3 Audit FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center FFIEC_CAT_2017 1.2.3 FFIEC_CAT_2017_1.2.3 FFIEC CAT 2017 1.2.3 Audit FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center FFIEC_CAT_2017 1.2.3 FFIEC_CAT_2017_1.2.3 FFIEC CAT 2017 1.2.3 Audit FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center FFIEC_CAT_2017 1.2.3 FFIEC_CAT_2017_1.2.3 FFIEC CAT 2017 1.2.3 Audit FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FFIEC_CAT_2017 1.2.3 FFIEC_CAT_2017_1.2.3 FFIEC CAT 2017 1.2.3 Audit FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FFIEC_CAT_2017 1.2.3 FFIEC_CAT_2017_1.2.3 FFIEC CAT 2017 1.2.3 Audit FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center FFIEC_CAT_2017 1.2.3 FFIEC_CAT_2017_1.2.3 FFIEC CAT 2017 1.2.3 Audit FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FFIEC_CAT_2017 1.2.3 FFIEC_CAT_2017_1.2.3 FFIEC CAT 2017 1.2.3 Audit FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center FFIEC_CAT_2017 1.2.3 FFIEC_CAT_2017_1.2.3 FFIEC CAT 2017 1.2.3 Audit FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes FFIEC_CAT_2017 2.1.1 FFIEC_CAT_2017_2.1.1 FFIEC CAT 2017 2.1.1 Threat Intelligence and Information FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes FFIEC_CAT_2017 2.2.1 FFIEC_CAT_2017_2.2.1 FFIEC CAT 2017 2.2.1 Monitoring and Analyzing FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring FFIEC_CAT_2017 2.2.1 FFIEC_CAT_2017_2.2.1 FFIEC CAT 2017 2.2.1 Monitoring and Analyzing FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center FFIEC_CAT_2017 2.2.1 FFIEC_CAT_2017_2.2.1 FFIEC CAT 2017 2.2.1 Monitoring and Analyzing FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring FFIEC_CAT_2017 2.2.1 FFIEC_CAT_2017_2.2.1 FFIEC CAT 2017 2.2.1 Monitoring and Analyzing FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center FFIEC_CAT_2017 2.2.1 FFIEC_CAT_2017_2.2.1 FFIEC CAT 2017 2.2.1 Monitoring and Analyzing FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center FFIEC_CAT_2017 2.2.1 FFIEC_CAT_2017_2.2.1 FFIEC CAT 2017 2.2.1 Monitoring and Analyzing FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL FFIEC_CAT_2017 2.2.1 FFIEC_CAT_2017_2.2.1 FFIEC CAT 2017 2.2.1 Monitoring and Analyzing FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center FFIEC_CAT_2017 2.2.1 FFIEC_CAT_2017_2.2.1 FFIEC CAT 2017 2.2.1 Monitoring and Analyzing FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center FFIEC_CAT_2017 2.2.1 FFIEC_CAT_2017_2.2.1 FFIEC CAT 2017 2.2.1 Monitoring and Analyzing FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center FFIEC_CAT_2017 2.2.1 FFIEC_CAT_2017_2.2.1 FFIEC CAT 2017 2.2.1 Monitoring and Analyzing FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault FFIEC_CAT_2017 2.2.1 FFIEC_CAT_2017_2.2.1 FFIEC CAT 2017 2.2.1 Monitoring and Analyzing FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center FFIEC_CAT_2017 2.2.1 FFIEC_CAT_2017_2.2.1 FFIEC CAT 2017 2.2.1 Monitoring and Analyzing FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring FFIEC_CAT_2017 2.2.1 FFIEC_CAT_2017_2.2.1 FFIEC CAT 2017 2.2.1 Monitoring and Analyzing FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration FFIEC_CAT_2017 2.2.1 FFIEC_CAT_2017_2.2.1 FFIEC CAT 2017 2.2.1 Monitoring and Analyzing FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring FFIEC_CAT_2017 2.2.1 FFIEC_CAT_2017_2.2.1 FFIEC CAT 2017 2.2.1 Monitoring and Analyzing FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring FFIEC_CAT_2017 2.2.1 FFIEC_CAT_2017_2.2.1 FFIEC CAT 2017 2.2.1 Monitoring and Analyzing FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring FFIEC_CAT_2017 2.2.1 FFIEC_CAT_2017_2.2.1 FFIEC CAT 2017 2.2.1 Monitoring and Analyzing FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center FFIEC_CAT_2017 2.2.1 FFIEC_CAT_2017_2.2.1 FFIEC CAT 2017 2.2.1 Monitoring and Analyzing FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FFIEC_CAT_2017 2.2.1 FFIEC_CAT_2017_2.2.1 FFIEC CAT 2017 2.2.1 Monitoring and Analyzing FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center FFIEC_CAT_2017 2.2.1 FFIEC_CAT_2017_2.2.1 FFIEC CAT 2017 2.2.1 Monitoring and Analyzing FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center FFIEC_CAT_2017 2.2.1 FFIEC_CAT_2017_2.2.1 FFIEC CAT 2017 2.2.1 Monitoring and Analyzing FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FFIEC_CAT_2017 2.2.1 FFIEC_CAT_2017_2.2.1 FFIEC CAT 2017 2.2.1 Monitoring and Analyzing FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration FFIEC_CAT_2017 2.2.1 FFIEC_CAT_2017_2.2.1 FFIEC CAT 2017 2.2.1 Monitoring and Analyzing FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
6b2122c1-8120-4ff5-801b-17625a355590 Azure Arc enabled Kubernetes clusters should have the Azure Policy extension installed Kubernetes FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes FFIEC_CAT_2017 3.1.1 FFIEC_CAT_2017_3.1.1 FFIEC CAT 2017 3.1.1 Infrastructure Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring FFIEC_CAT_2017 3.1.2 FFIEC_CAT_2017_3.1.2 FFIEC CAT 2017 3.1.2 Access and Data Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FFIEC_CAT_2017 3.2.2 FFIEC_CAT_2017_3.2.2 FFIEC CAT 2017 3.2.2 Anomalous Activity Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FFIEC_CAT_2017 3.2.2 FFIEC_CAT_2017_3.2.2 FFIEC CAT 2017 3.2.2 Anomalous Activity Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FFIEC_CAT_2017 3.2.2 FFIEC_CAT_2017_3.2.2 FFIEC CAT 2017 3.2.2 Anomalous Activity Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center FFIEC_CAT_2017 3.2.2 FFIEC_CAT_2017_3.2.2 FFIEC CAT 2017 3.2.2 Anomalous Activity Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring FFIEC_CAT_2017 3.2.2 FFIEC_CAT_2017_3.2.2 FFIEC CAT 2017 3.2.2 Anomalous Activity Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center FFIEC_CAT_2017 3.2.2 FFIEC_CAT_2017_3.2.2 FFIEC CAT 2017 3.2.2 Anomalous Activity Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center FFIEC_CAT_2017 3.2.2 FFIEC_CAT_2017_3.2.2 FFIEC CAT 2017 3.2.2 Anomalous Activity Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FFIEC_CAT_2017 3.2.2 FFIEC_CAT_2017_3.2.2 FFIEC CAT 2017 3.2.2 Anomalous Activity Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center FFIEC_CAT_2017 3.2.2 FFIEC_CAT_2017_3.2.2 FFIEC CAT 2017 3.2.2 Anomalous Activity Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center FFIEC_CAT_2017 3.2.2 FFIEC_CAT_2017_3.2.2 FFIEC CAT 2017 3.2.2 Anomalous Activity Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration FFIEC_CAT_2017 3.2.2 FFIEC_CAT_2017_3.2.2 FFIEC CAT 2017 3.2.2 Anomalous Activity Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center FFIEC_CAT_2017 3.2.2 FFIEC_CAT_2017_3.2.2 FFIEC CAT 2017 3.2.2 Anomalous Activity Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center FFIEC_CAT_2017 3.2.2 FFIEC_CAT_2017_3.2.2 FFIEC CAT 2017 3.2.2 Anomalous Activity Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring FFIEC_CAT_2017 3.2.2 FFIEC_CAT_2017_3.2.2 FFIEC CAT 2017 3.2.2 Anomalous Activity Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes FFIEC_CAT_2017 3.2.2 FFIEC_CAT_2017_3.2.2 FFIEC CAT 2017 3.2.2 Anomalous Activity Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault FFIEC_CAT_2017 3.2.2 FFIEC_CAT_2017_3.2.2 FFIEC CAT 2017 3.2.2 Anomalous Activity Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center FFIEC_CAT_2017 3.2.2 FFIEC_CAT_2017_3.2.2 FFIEC CAT 2017 3.2.2 Anomalous Activity Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center FFIEC_CAT_2017 3.2.2 FFIEC_CAT_2017_3.2.2 FFIEC CAT 2017 3.2.2 Anomalous Activity Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring FFIEC_CAT_2017 3.2.2 FFIEC_CAT_2017_3.2.2 FFIEC CAT 2017 3.2.2 Anomalous Activity Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FFIEC_CAT_2017 3.2.2 FFIEC_CAT_2017_3.2.2 FFIEC CAT 2017 3.2.2 Anomalous Activity Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FFIEC_CAT_2017 3.2.2 FFIEC_CAT_2017_3.2.2 FFIEC CAT 2017 3.2.2 Anomalous Activity Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration FFIEC_CAT_2017 3.2.2 FFIEC_CAT_2017_3.2.2 FFIEC CAT 2017 3.2.2 Anomalous Activity Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes FFIEC_CAT_2017 3.2.2 FFIEC_CAT_2017_3.2.2 FFIEC CAT 2017 3.2.2 Anomalous Activity Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FFIEC_CAT_2017 3.2.2 FFIEC_CAT_2017_3.2.2 FFIEC CAT 2017 3.2.2 Anomalous Activity Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring FFIEC_CAT_2017 3.2.2 FFIEC_CAT_2017_3.2.2 FFIEC CAT 2017 3.2.2 Anomalous Activity Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring FFIEC_CAT_2017 3.2.2 FFIEC_CAT_2017_3.2.2 FFIEC CAT 2017 3.2.2 Anomalous Activity Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring FFIEC_CAT_2017 3.2.2 FFIEC_CAT_2017_3.2.2 FFIEC CAT 2017 3.2.2 Anomalous Activity Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FFIEC_CAT_2017 3.2.3 FFIEC_CAT_2017_3.2.3 FFIEC CAT 2017 3.2.3 Event Detection FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager FFIEC_CAT_2017 3.3.1 FFIEC_CAT_2017_3.3.1 FFIEC CAT 2017 3.3.1 Patch Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute FFIEC_CAT_2017 3.3.1 FFIEC_CAT_2017_3.3.1 FFIEC CAT 2017 3.3.1 Patch Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center FFIEC_CAT_2017 3.3.1 FFIEC_CAT_2017_3.3.1 FFIEC CAT 2017 3.3.1 Patch Management FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute FFIEC_CAT_2017 4.1.1 FFIEC_CAT_2017_4.1.1 FFIEC CAT 2017 4.1.1 Connections FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL FFIEC_CAT_2017 5.1.1 FFIEC_CAT_2017_5.1.1 FFIEC CAT 2017 5.1.1 Planning FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes FFIEC_CAT_2017 5.1.2 FFIEC_CAT_2017_5.1.2 FFIEC CAT 2017 5.1.2 Testing FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center FFIEC_CAT_2017 5.3.1 FFIEC_CAT_2017_5.3.1 FFIEC CAT 2017 5.3.1 Escalation and Reporting FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center FFIEC_CAT_2017 5.3.1 FFIEC_CAT_2017_5.3.1 FFIEC CAT 2017 5.3.1 Escalation and Reporting FFIEC CAT 2017 (1d5dbdd5-6f93-43ce-a939-b19df3753cf7)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance hipaa 0101.00a1Organizational.123-00.a hipaa-0101.00a1Organizational.123-00.a 0101.00a1Organizational.123-00.a 0101.00a1Organizational.123-00.a 0.01 Information Security Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2e7a98c9-219f-0d58-38dc-d69038224442 Protect the information security program plan Regulatory Compliance hipaa 0101.00a1Organizational.123-00.a hipaa-0101.00a1Organizational.123-00.a 0101.00a1Organizational.123-00.a 0101.00a1Organizational.123-00.a 0.01 Information Security Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ced291b8-1d3d-7e27-40cf-829e9dd523c8 Review and update the information security architecture Regulatory Compliance hipaa 0101.00a1Organizational.123-00.a hipaa-0101.00a1Organizational.123-00.a 0101.00a1Organizational.123-00.a 0101.00a1Organizational.123-00.a 0.01 Information Security Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e7422f08-65b4-50e4-3779-d793156e0079 Develop a concept of operations (CONOPS) Regulatory Compliance hipaa 0101.00a1Organizational.123-00.a hipaa-0101.00a1Organizational.123-00.a 0101.00a1Organizational.123-00.a 0101.00a1Organizational.123-00.a 0.01 Information Security Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance hipaa 0101.00a1Organizational.123-00.a hipaa-0101.00a1Organizational.123-00.a 0101.00a1Organizational.123-00.a 0101.00a1Organizational.123-00.a 0.01 Information Security Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance hipaa 0102.00a2Organizational.123-00.a hipaa-0102.00a2Organizational.123-00.a 0102.00a2Organizational.123-00.a 0102.00a2Organizational.123-00.a 0.01 Information Security Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance hipaa 0102.00a2Organizational.123-00.a hipaa-0102.00a2Organizational.123-00.a 0102.00a2Organizational.123-00.a 0102.00a2Organizational.123-00.a 0.01 Information Security Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ced291b8-1d3d-7e27-40cf-829e9dd523c8 Review and update the information security architecture Regulatory Compliance hipaa 0102.00a2Organizational.123-00.a hipaa-0102.00a2Organizational.123-00.a 0102.00a2Organizational.123-00.a 0102.00a2Organizational.123-00.a 0.01 Information Security Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance hipaa 0103.00a3Organizational.1234567-00.a hipaa-0103.00a3Organizational.1234567-00.a 0103.00a3Organizational.1234567-00.a 0103.00a3Organizational.1234567-00.a 0.01 Information Security Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance hipaa 0103.00a3Organizational.1234567-00.a hipaa-0103.00a3Organizational.1234567-00.a 0103.00a3Organizational.1234567-00.a 0103.00a3Organizational.1234567-00.a 0.01 Information Security Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance hipaa 0103.00a3Organizational.1234567-00.a hipaa-0103.00a3Organizational.1234567-00.a 0103.00a3Organizational.1234567-00.a 0103.00a3Organizational.1234567-00.a 0.01 Information Security Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance hipaa 0104.02a1Organizational.12-02.a hipaa-0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance hipaa 0104.02a1Organizational.12-02.a hipaa-0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance hipaa 0104.02a1Organizational.12-02.a hipaa-0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance hipaa 0104.02a1Organizational.12-02.a hipaa-0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance hipaa 0104.02a1Organizational.12-02.a hipaa-0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance hipaa 0104.02a1Organizational.12-02.a hipaa-0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance hipaa 0104.02a1Organizational.12-02.a hipaa-0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance hipaa 0104.02a1Organizational.12-02.a hipaa-0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance hipaa 0104.02a1Organizational.12-02.a hipaa-0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance hipaa 0104.02a1Organizational.12-02.a hipaa-0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance hipaa 0104.02a1Organizational.12-02.a hipaa-0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance hipaa 0104.02a1Organizational.12-02.a hipaa-0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance hipaa 0104.02a1Organizational.12-02.a hipaa-0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance hipaa 0104.02a1Organizational.12-02.a hipaa-0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b7897ddc-9716-2460-96f7-7757ad038cc4 Assign risk designations Regulatory Compliance hipaa 0105.02a2Organizational.1-02.a hipaa-0105.02a2Organizational.1-02.a 0105.02a2Organizational.1-02.a 0105.02a2Organizational.1-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6aeb800-0b19-944d-92dc-59b893722329 Rescreen individuals at a defined frequency Regulatory Compliance hipaa 0105.02a2Organizational.1-02.a hipaa-0105.02a2Organizational.1-02.a 0105.02a2Organizational.1-02.a 0105.02a2Organizational.1-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance hipaa 0105.02a2Organizational.1-02.a hipaa-0105.02a2Organizational.1-02.a 0105.02a2Organizational.1-02.a 0105.02a2Organizational.1-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e0c480bf-0d68-a42d-4cbb-b60f851f8716 Implement personnel screening Regulatory Compliance hipaa 0105.02a2Organizational.1-02.a hipaa-0105.02a2Organizational.1-02.a 0105.02a2Organizational.1-02.a 0105.02a2Organizational.1-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c42f19c9-5d88-92da-0742-371a0ea03126 Clear personnel with access to classified information Regulatory Compliance hipaa 0105.02a2Organizational.1-02.a hipaa-0105.02a2Organizational.1-02.a 0105.02a2Organizational.1-02.a 0105.02a2Organizational.1-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance hipaa 0105.02a2Organizational.1-02.a hipaa-0105.02a2Organizational.1-02.a 0105.02a2Organizational.1-02.a 0105.02a2Organizational.1-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c42f19c9-5d88-92da-0742-371a0ea03126 Clear personnel with access to classified information Regulatory Compliance hipaa 0106.02a2Organizational.23-02.a hipaa-0106.02a2Organizational.23-02.a 0106.02a2Organizational.23-02.a 0106.02a2Organizational.23-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e0c480bf-0d68-a42d-4cbb-b60f851f8716 Implement personnel screening Regulatory Compliance hipaa 0106.02a2Organizational.23-02.a hipaa-0106.02a2Organizational.23-02.a 0106.02a2Organizational.23-02.a 0106.02a2Organizational.23-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance hipaa 0106.02a2Organizational.23-02.a hipaa-0106.02a2Organizational.23-02.a 0106.02a2Organizational.23-02.a 0106.02a2Organizational.23-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6aeb800-0b19-944d-92dc-59b893722329 Rescreen individuals at a defined frequency Regulatory Compliance hipaa 0106.02a2Organizational.23-02.a hipaa-0106.02a2Organizational.23-02.a 0106.02a2Organizational.23-02.a 0106.02a2Organizational.23-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b544f797-a73b-1be3-6d01-6b1a085376bc Establish information security workforce development and improvement program Regulatory Compliance hipaa 0107.02d1Organizational.1-02.d hipaa-0107.02d1Organizational.1-02.d 0107.02d1Organizational.1-02.d 0107.02d1Organizational.1-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c3b3cc61-9c70-5d78-7f12-1aefcc477db7 Review security testing, training, and monitoring plans Regulatory Compliance hipaa 0108.02d1Organizational.23-02.d hipaa-0108.02d1Organizational.23-02.d 0108.02d1Organizational.23-02.d 0108.02d1Organizational.23-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance hipaa 0108.02d1Organizational.23-02.d hipaa-0108.02d1Organizational.23-02.d 0108.02d1Organizational.23-02.d 0108.02d1Organizational.23-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance hipaa 0108.02d1Organizational.23-02.d hipaa-0108.02d1Organizational.23-02.d 0108.02d1Organizational.23-02.d 0108.02d1Organizational.23-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance hipaa 0108.02d1Organizational.23-02.d hipaa-0108.02d1Organizational.23-02.d 0108.02d1Organizational.23-02.d 0108.02d1Organizational.23-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3153d9c0-2584-14d3-362d-578b01358aeb Retain training records Regulatory Compliance hipaa 0108.02d1Organizational.23-02.d hipaa-0108.02d1Organizational.23-02.d 0108.02d1Organizational.23-02.d 0108.02d1Organizational.23-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
676c3c35-3c36-612c-9523-36d266a65000 Require developers to provide training Regulatory Compliance hipaa 0108.02d1Organizational.23-02.d hipaa-0108.02d1Organizational.23-02.d 0108.02d1Organizational.23-02.d 0108.02d1Organizational.23-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
21832235-7a07-61f4-530d-d596f76e5b95 Implement security testing, training, and monitoring plans Regulatory Compliance hipaa 0108.02d1Organizational.23-02.d hipaa-0108.02d1Organizational.23-02.d 0108.02d1Organizational.23-02.d 0108.02d1Organizational.23-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance hipaa 0108.02d1Organizational.23-02.d hipaa-0108.02d1Organizational.23-02.d 0108.02d1Organizational.23-02.d 0108.02d1Organizational.23-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d041726f-00e0-41ca-368c-b1a122066482 Provide role-based practical exercises Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f6794ab8-9a7d-3b24-76ab-265d3646232b Provide role-based training on suspicious activities Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b544f797-a73b-1be3-6d01-6b1a085376bc Establish information security workforce development and improvement program Regulatory Compliance hipaa 0110.02d2Organizational.1-02.d hipaa-0110.02d2Organizational.1-02.d 0110.02d2Organizational.1-02.d 0110.02d2Organizational.1-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance hipaa 0110.02d2Organizational.1-02.d hipaa-0110.02d2Organizational.1-02.d 0110.02d2Organizational.1-02.d 0110.02d2Organizational.1-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance hipaa 0111.02d2Organizational.2-02.d hipaa-0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance hipaa 0111.02d2Organizational.2-02.d hipaa-0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance hipaa 0111.02d2Organizational.2-02.d hipaa-0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance hipaa 0111.02d2Organizational.2-02.d hipaa-0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
afd5d60a-48d2-8073-1ec2-6687e22f2ddd Require notification of third-party personnel transfer or termination Regulatory Compliance hipaa 0111.02d2Organizational.2-02.d hipaa-0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats Regulatory Compliance hipaa 0111.02d2Organizational.2-02.d hipaa-0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance hipaa 0111.02d2Organizational.2-02.d hipaa-0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance hipaa 0111.02d2Organizational.2-02.d hipaa-0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance hipaa 0111.02d2Organizational.2-02.d hipaa-0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance hipaa 01110.05a1Organizational.5-05.a hipaa-01110.05a1Organizational.5-05.a 01110.05a1Organizational.5-05.a 01110.05a1Organizational.5-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance hipaa 01110.05a1Organizational.5-05.a hipaa-01110.05a1Organizational.5-05.a 01110.05a1Organizational.5-05.a 01110.05a1Organizational.5-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance hipaa 01110.05a1Organizational.5-05.a hipaa-01110.05a1Organizational.5-05.a 01110.05a1Organizational.5-05.a 01110.05a1Organizational.5-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance hipaa 01110.05a1Organizational.5-05.a hipaa-01110.05a1Organizational.5-05.a 01110.05a1Organizational.5-05.a 01110.05a1Organizational.5-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance hipaa 01111.05a2Organizational.5-05.a hipaa-01111.05a2Organizational.5-05.a 01111.05a2Organizational.5-05.a 01111.05a2Organizational.5-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77cc89bb-774f-48d7-8a84-fb8c322c3000 Track software license usage Regulatory Compliance hipaa 0112.02d2Organizational.3-02.d hipaa-0112.02d2Organizational.3-02.d 0112.02d2Organizational.3-02.d 0112.02d2Organizational.3-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffdaa742-0d6f-726f-3eac-6e6c34e36c93 Establish usage restrictions for mobile code technologies Regulatory Compliance hipaa 0112.02d2Organizational.3-02.d hipaa-0112.02d2Organizational.3-02.d 0112.02d2Organizational.3-02.d 0112.02d2Organizational.3-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance hipaa 0112.02d2Organizational.3-02.d hipaa-0112.02d2Organizational.3-02.d 0112.02d2Organizational.3-02.d 0112.02d2Organizational.3-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
725164e5-3b21-1ec2-7e42-14f077862841 Require compliance with intellectual property rights Regulatory Compliance hipaa 0112.02d2Organizational.3-02.d hipaa-0112.02d2Organizational.3-02.d 0112.02d2Organizational.3-02.d 0112.02d2Organizational.3-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fd81a1b3-2d7a-107c-507e-29b87d040c19 Enforce appropriate usage of all accounts Regulatory Compliance hipaa 0112.02d2Organizational.3-02.d hipaa-0112.02d2Organizational.3-02.d 0112.02d2Organizational.3-02.d 0112.02d2Organizational.3-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance hipaa 0112.02d2Organizational.3-02.d hipaa-0112.02d2Organizational.3-02.d 0112.02d2Organizational.3-02.d 0112.02d2Organizational.3-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance hipaa 0112.02d2Organizational.3-02.d hipaa-0112.02d2Organizational.3-02.d 0112.02d2Organizational.3-02.d 0112.02d2Organizational.3-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance hipaa 0113.04a1Organizational.123-04.a hipaa-0113.04a1Organizational.123-04.a 0113.04a1Organizational.123-04.a 0113.04a1Organizational.123-04.a 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance hipaa 0113.04a1Organizational.123-04.a hipaa-0113.04a1Organizational.123-04.a 0113.04a1Organizational.123-04.a 0113.04a1Organizational.123-04.a 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2e7a98c9-219f-0d58-38dc-d69038224442 Protect the information security program plan Regulatory Compliance hipaa 0113.04a1Organizational.123-04.a hipaa-0113.04a1Organizational.123-04.a 0113.04a1Organizational.123-04.a 0113.04a1Organizational.123-04.a 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance hipaa 0114.04b1Organizational.1-04.b hipaa-0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance hipaa 0114.04b1Organizational.1-04.b hipaa-0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance hipaa 0114.04b1Organizational.1-04.b hipaa-0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance hipaa 0114.04b1Organizational.1-04.b hipaa-0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance hipaa 0114.04b1Organizational.1-04.b hipaa-0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance hipaa 0114.04b1Organizational.1-04.b hipaa-0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance hipaa 0114.04b1Organizational.1-04.b hipaa-0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance hipaa 0114.04b1Organizational.1-04.b hipaa-0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance hipaa 0114.04b1Organizational.1-04.b hipaa-0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance hipaa 0116.04b3Organizational.1-04.b hipaa-0116.04b3Organizational.1-04.b 0116.04b3Organizational.1-04.b 0116.04b3Organizational.1-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance hipaa 0116.04b3Organizational.1-04.b hipaa-0116.04b3Organizational.1-04.b 0116.04b3Organizational.1-04.b 0116.04b3Organizational.1-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance hipaa 0116.04b3Organizational.1-04.b hipaa-0116.04b3Organizational.1-04.b 0116.04b3Organizational.1-04.b 0116.04b3Organizational.1-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance hipaa 0116.04b3Organizational.1-04.b hipaa-0116.04b3Organizational.1-04.b 0116.04b3Organizational.1-04.b 0116.04b3Organizational.1-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance hipaa 0117.05a1Organizational.1-05.a hipaa-0117.05a1Organizational.1-05.a 0117.05a1Organizational.1-05.a 0117.05a1Organizational.1-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance hipaa 0118.05a1Organizational.2-05.a hipaa-0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance hipaa 0118.05a1Organizational.2-05.a hipaa-0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b544f797-a73b-1be3-6d01-6b1a085376bc Establish information security workforce development and improvement program Regulatory Compliance hipaa 0118.05a1Organizational.2-05.a hipaa-0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance hipaa 0118.05a1Organizational.2-05.a hipaa-0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance hipaa 0118.05a1Organizational.2-05.a hipaa-0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance hipaa 0118.05a1Organizational.2-05.a hipaa-0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance hipaa 0118.05a1Organizational.2-05.a hipaa-0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance hipaa 0118.05a1Organizational.2-05.a hipaa-0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance hipaa 0119.05a1Organizational.3-05.a hipaa-0119.05a1Organizational.3-05.a 0119.05a1Organizational.3-05.a 0119.05a1Organizational.3-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance hipaa 0119.05a1Organizational.3-05.a hipaa-0119.05a1Organizational.3-05.a 0119.05a1Organizational.3-05.a 0119.05a1Organizational.3-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance hipaa 0119.05a1Organizational.3-05.a hipaa-0119.05a1Organizational.3-05.a 0119.05a1Organizational.3-05.a 0119.05a1Organizational.3-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance hipaa 0119.05a1Organizational.3-05.a hipaa-0119.05a1Organizational.3-05.a 0119.05a1Organizational.3-05.a 0119.05a1Organizational.3-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance hipaa 0119.05a1Organizational.3-05.a hipaa-0119.05a1Organizational.3-05.a 0119.05a1Organizational.3-05.a 0119.05a1Organizational.3-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance hipaa 0119.05a1Organizational.3-05.a hipaa-0119.05a1Organizational.3-05.a 0119.05a1Organizational.3-05.a 0119.05a1Organizational.3-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
464a7d7a-2358-4869-0b49-6d582ca21292 Ensure capital planning and investment requests include necessary resources Regulatory Compliance hipaa 0120.05a1Organizational.4-05.a hipaa-0120.05a1Organizational.4-05.a 0120.05a1Organizational.4-05.a 0120.05a1Organizational.4-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
06af77de-02ca-0f3e-838a-a9420fe466f5 Establish a discrete line item in budgeting documentation Regulatory Compliance hipaa 0120.05a1Organizational.4-05.a hipaa-0120.05a1Organizational.4-05.a 0120.05a1Organizational.4-05.a 0120.05a1Organizational.4-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance hipaa 0120.05a1Organizational.4-05.a hipaa-0120.05a1Organizational.4-05.a 0120.05a1Organizational.4-05.a 0120.05a1Organizational.4-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ab02bb73-4ce1-89dd-3905-d93042809ba0 Align business objectives and IT goals Regulatory Compliance hipaa 0120.05a1Organizational.4-05.a hipaa-0120.05a1Organizational.4-05.a 0120.05a1Organizational.4-05.a 0120.05a1Organizational.4-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources Regulatory Compliance hipaa 0120.05a1Organizational.4-05.a hipaa-0120.05a1Organizational.4-05.a 0120.05a1Organizational.4-05.a 0120.05a1Organizational.4-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
90a156a6-49ed-18d1-1052-69aac27c05cd Allocate resources in determining information system requirements Regulatory Compliance hipaa 0120.05a1Organizational.4-05.a hipaa-0120.05a1Organizational.4-05.a 0120.05a1Organizational.4-05.a 0120.05a1Organizational.4-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d14ff7e-6ff9-838c-0cde-4962ccdb1689 Employ business case to record the resources required Regulatory Compliance hipaa 0120.05a1Organizational.4-05.a hipaa-0120.05a1Organizational.4-05.a 0120.05a1Organizational.4-05.a 0120.05a1Organizational.4-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership Regulatory Compliance hipaa 0120.05a1Organizational.4-05.a hipaa-0120.05a1Organizational.4-05.a 0120.05a1Organizational.4-05.a 0120.05a1Organizational.4-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance hipaa 0121.05a2Organizational.12-05.a hipaa-0121.05a2Organizational.12-05.a 0121.05a2Organizational.12-05.a 0121.05a2Organizational.12-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance hipaa 0121.05a2Organizational.12-05.a hipaa-0121.05a2Organizational.12-05.a 0121.05a2Organizational.12-05.a 0121.05a2Organizational.12-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance hipaa 0121.05a2Organizational.12-05.a hipaa-0121.05a2Organizational.12-05.a 0121.05a2Organizational.12-05.a 0121.05a2Organizational.12-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance hipaa 0121.05a2Organizational.12-05.a hipaa-0121.05a2Organizational.12-05.a 0121.05a2Organizational.12-05.a 0121.05a2Organizational.12-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance hipaa 0121.05a2Organizational.12-05.a hipaa-0121.05a2Organizational.12-05.a 0121.05a2Organizational.12-05.a 0121.05a2Organizational.12-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance hipaa 0121.05a2Organizational.12-05.a hipaa-0121.05a2Organizational.12-05.a 0121.05a2Organizational.12-05.a 0121.05a2Organizational.12-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance hipaa 0122.05a2Organizational.3-05.a hipaa-0122.05a2Organizational.3-05.a 0122.05a2Organizational.3-05.a 0122.05a2Organizational.3-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance hipaa 0122.05a2Organizational.3-05.a hipaa-0122.05a2Organizational.3-05.a 0122.05a2Organizational.3-05.a 0122.05a2Organizational.3-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance hipaa 0122.05a2Organizational.3-05.a hipaa-0122.05a2Organizational.3-05.a 0122.05a2Organizational.3-05.a 0122.05a2Organizational.3-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance hipaa 0122.05a2Organizational.3-05.a hipaa-0122.05a2Organizational.3-05.a 0122.05a2Organizational.3-05.a 0122.05a2Organizational.3-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance hipaa 0122.05a2Organizational.3-05.a hipaa-0122.05a2Organizational.3-05.a 0122.05a2Organizational.3-05.a 0122.05a2Organizational.3-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance hipaa 0122.05a2Organizational.3-05.a hipaa-0122.05a2Organizational.3-05.a 0122.05a2Organizational.3-05.a 0122.05a2Organizational.3-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5269d7e4-3768-501d-7e46-66c56c15622c Manage contacts for authorities and special interest groups Regulatory Compliance hipaa 0123.05a2Organizational.4-05.a hipaa-0123.05a2Organizational.4-05.a 0123.05a2Organizational.4-05.a 0123.05a2Organizational.4-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance hipaa 0123.05a2Organizational.4-05.a hipaa-0123.05a2Organizational.4-05.a 0123.05a2Organizational.4-05.a 0123.05a2Organizational.4-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance hipaa 0124.05a3Organizational.1-05.a hipaa-0124.05a3Organizational.1-05.a 0124.05a3Organizational.1-05.a 0124.05a3Organizational.1-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance hipaa 0124.05a3Organizational.1-05.a hipaa-0124.05a3Organizational.1-05.a 0124.05a3Organizational.1-05.a 0124.05a3Organizational.1-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance hipaa 0125.05a3Organizational.2-05.a hipaa-0125.05a3Organizational.2-05.a 0125.05a3Organizational.2-05.a 0125.05a3Organizational.2-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance hipaa 0125.05a3Organizational.2-05.a hipaa-0125.05a3Organizational.2-05.a 0125.05a3Organizational.2-05.a 0125.05a3Organizational.2-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3054c74b-9b45-2581-56cf-053a1a716c39 Accept assessment results Regulatory Compliance hipaa 0125.05a3Organizational.2-05.a hipaa-0125.05a3Organizational.2-05.a 0125.05a3Organizational.2-05.a 0125.05a3Organizational.2-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b65c5d8e-9043-9612-2c17-65f231d763bb Employ independent assessors to conduct security control assessments Regulatory Compliance hipaa 0125.05a3Organizational.2-05.a hipaa-0125.05a3Organizational.2-05.a 0125.05a3Organizational.2-05.a 0125.05a3Organizational.2-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance hipaa 0125.05a3Organizational.2-05.a hipaa-0125.05a3Organizational.2-05.a 0125.05a3Organizational.2-05.a 0125.05a3Organizational.2-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance hipaa 0125.05a3Organizational.2-05.a hipaa-0125.05a3Organizational.2-05.a 0125.05a3Organizational.2-05.a 0125.05a3Organizational.2-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance hipaa 0125.05a3Organizational.2-05.a hipaa-0125.05a3Organizational.2-05.a 0125.05a3Organizational.2-05.a 0125.05a3Organizational.2-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance hipaa 0125.05a3Organizational.2-05.a hipaa-0125.05a3Organizational.2-05.a 0125.05a3Organizational.2-05.a 0125.05a3Organizational.2-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b544f797-a73b-1be3-6d01-6b1a085376bc Establish information security workforce development and improvement program Regulatory Compliance hipaa 0135.02f1Organizational.56-02.f hipaa-0135.02f1Organizational.56-02.f 0135.02f1Organizational.56-02.f 0135.02f1Organizational.56-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process Regulatory Compliance hipaa 0135.02f1Organizational.56-02.f hipaa-0135.02f1Organizational.56-02.f 0135.02f1Organizational.56-02.f 0135.02f1Organizational.56-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions Regulatory Compliance hipaa 0135.02f1Organizational.56-02.f hipaa-0135.02f1Organizational.56-02.f 0135.02f1Organizational.56-02.f 0135.02f1Organizational.56-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance hipaa 0135.02f1Organizational.56-02.f hipaa-0135.02f1Organizational.56-02.f 0135.02f1Organizational.56-02.f 0135.02f1Organizational.56-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance hipaa 0137.02a1Organizational.3-02.a hipaa-0137.02a1Organizational.3-02.a 0137.02a1Organizational.3-02.a 0137.02a1Organizational.3-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance hipaa 0162.04b1Organizational.2-04.b hipaa-0162.04b1Organizational.2-04.b 0162.04b1Organizational.2-04.b 0162.04b1Organizational.2-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance hipaa 0162.04b1Organizational.2-04.b hipaa-0162.04b1Organizational.2-04.b 0162.04b1Organizational.2-04.b 0162.04b1Organizational.2-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance hipaa 0162.04b1Organizational.2-04.b hipaa-0162.04b1Organizational.2-04.b 0162.04b1Organizational.2-04.b 0162.04b1Organizational.2-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance hipaa 0162.04b1Organizational.2-04.b hipaa-0162.04b1Organizational.2-04.b 0162.04b1Organizational.2-04.b 0162.04b1Organizational.2-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance hipaa 0165.05a3Organizational.3-05.a hipaa-0165.05a3Organizational.3-05.a 0165.05a3Organizational.3-05.a 0165.05a3Organizational.3-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3054c74b-9b45-2581-56cf-053a1a716c39 Accept assessment results Regulatory Compliance hipaa 0177.05h1Organizational.12-05.h hipaa-0177.05h1Organizational.12-05.h 0177.05h1Organizational.12-05.h 0177.05h1Organizational.12-05.h 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b65c5d8e-9043-9612-2c17-65f231d763bb Employ independent assessors to conduct security control assessments Regulatory Compliance hipaa 0177.05h1Organizational.12-05.h hipaa-0177.05h1Organizational.12-05.h 0177.05h1Organizational.12-05.h 0177.05h1Organizational.12-05.h 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance hipaa 0177.05h1Organizational.12-05.h hipaa-0177.05h1Organizational.12-05.h 0177.05h1Organizational.12-05.h 0177.05h1Organizational.12-05.h 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance hipaa 0177.05h1Organizational.12-05.h hipaa-0177.05h1Organizational.12-05.h 0177.05h1Organizational.12-05.h 0177.05h1Organizational.12-05.h 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f78fc35e-1268-0bca-a798-afcba9d2330a Select additional testing for security control assessments Regulatory Compliance hipaa 0177.05h1Organizational.12-05.h hipaa-0177.05h1Organizational.12-05.h 0177.05h1Organizational.12-05.h 0177.05h1Organizational.12-05.h 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance hipaa 0178.05h1Organizational.3-05.h hipaa-0178.05h1Organizational.3-05.h 0178.05h1Organizational.3-05.h 0178.05h1Organizational.3-05.h 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance hipaa 0178.05h1Organizational.3-05.h hipaa-0178.05h1Organizational.3-05.h 0178.05h1Organizational.3-05.h 0178.05h1Organizational.3-05.h 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance hipaa 0178.05h1Organizational.3-05.h hipaa-0178.05h1Organizational.3-05.h 0178.05h1Organizational.3-05.h 0178.05h1Organizational.3-05.h 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d93fe1be-13e4-421d-9c21-3158e2fa2667 Implement plans of action and milestones for security program process Regulatory Compliance hipaa 0179.05h1Organizational.4-05.h hipaa-0179.05h1Organizational.4-05.h 0179.05h1Organizational.4-05.h 0179.05h1Organizational.4-05.h 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance hipaa 0179.05h1Organizational.4-05.h hipaa-0179.05h1Organizational.4-05.h 0179.05h1Organizational.4-05.h 0179.05h1Organizational.4-05.h 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance hipaa 0179.05h1Organizational.4-05.h hipaa-0179.05h1Organizational.4-05.h 0179.05h1Organizational.4-05.h 0179.05h1Organizational.4-05.h 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance hipaa 0180.05h2Organizational.1-05.h hipaa-0180.05h2Organizational.1-05.h 0180.05h2Organizational.1-05.h 0180.05h2Organizational.1-05.h 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bf883b14-9c19-0f37-8825-5e39a8b66d5b Perform threat modeling Regulatory Compliance hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff136354-1c92-76dc-2dab-80fb7c6a9f1a Observe and report security weaknesses Regulatory Compliance hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls Regulatory Compliance hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance hipaa 0202.09j1Organizational.3-09.j hipaa-0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
85335602-93f5-7730-830b-d43426fd51fa Integrate Audit record analysis Regulatory Compliance hipaa 0202.09j1Organizational.3-09.j hipaa-0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance hipaa 0202.09j1Organizational.3-09.j hipaa-0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance hipaa 0202.09j1Organizational.3-09.j hipaa-0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance hipaa 0202.09j1Organizational.3-09.j hipaa-0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance hipaa 0202.09j1Organizational.3-09.j hipaa-0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance hipaa 0202.09j1Organizational.3-09.j hipaa-0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance hipaa 0202.09j1Organizational.3-09.j hipaa-0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance hipaa 0202.09j1Organizational.3-09.j hipaa-0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3eecf628-a1c8-1b48-1b5c-7ca781e97970 Specify permitted actions associated with customer audit information Regulatory Compliance hipaa 0202.09j1Organizational.3-09.j hipaa-0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de251b09-4a5e-1204-4bef-62ac58d47999 Adjust level of audit review, analysis, and reporting Regulatory Compliance hipaa 0202.09j1Organizational.3-09.j hipaa-0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance hipaa 0202.09j1Organizational.3-09.j hipaa-0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance hipaa 0202.09j1Organizational.3-09.j hipaa-0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance hipaa 0202.09j1Organizational.3-09.j hipaa-0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance hipaa 0202.09j1Organizational.3-09.j hipaa-0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
18e9d748-73d4-0c96-55ab-b108bfbd5bc3 Notify personnel of any failed security verification tests Regulatory Compliance hipaa 0204.09j2Organizational.1-09.j hipaa-0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance hipaa 0204.09j2Organizational.1-09.j hipaa-0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f30edfad-4e1d-1eef-27ee-9292d6d89842 Perform security function verification at a defined frequency Regulatory Compliance hipaa 0204.09j2Organizational.1-09.j hipaa-0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2 Create alternative actions for identified anomalies Regulatory Compliance hipaa 0204.09j2Organizational.1-09.j hipaa-0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ece8bb17-4080-5127-915f-dc7267ee8549 Verify security functions Regulatory Compliance hipaa 0204.09j2Organizational.1-09.j hipaa-0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance hipaa 0204.09j2Organizational.1-09.j hipaa-0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance hipaa 0204.09j2Organizational.1-09.j hipaa-0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance hipaa 0204.09j2Organizational.1-09.j hipaa-0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance hipaa 0204.09j2Organizational.1-09.j hipaa-0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance hipaa 0204.09j2Organizational.1-09.j hipaa-0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance hipaa 0204.09j2Organizational.1-09.j hipaa-0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance hipaa 0205.09j2Organizational.2-09.j hipaa-0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance hipaa 0205.09j2Organizational.2-09.j hipaa-0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance hipaa 0205.09j2Organizational.2-09.j hipaa-0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance hipaa 0205.09j2Organizational.2-09.j hipaa-0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance hipaa 0205.09j2Organizational.2-09.j hipaa-0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance hipaa 0205.09j2Organizational.2-09.j hipaa-0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance hipaa 0205.09j2Organizational.2-09.j hipaa-0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance hipaa 0205.09j2Organizational.2-09.j hipaa-0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance hipaa 0205.09j2Organizational.2-09.j hipaa-0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance hipaa 0205.09j2Organizational.2-09.j hipaa-0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance hipaa 0206.09j2Organizational.34-09.j hipaa-0206.09j2Organizational.34-09.j 0206.09j2Organizational.34-09.j 0206.09j2Organizational.34-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance hipaa 0206.09j2Organizational.34-09.j hipaa-0206.09j2Organizational.34-09.j 0206.09j2Organizational.34-09.j 0206.09j2Organizational.34-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance hipaa 0206.09j2Organizational.34-09.j hipaa-0206.09j2Organizational.34-09.j 0206.09j2Organizational.34-09.j 0206.09j2Organizational.34-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance hipaa 0206.09j2Organizational.34-09.j hipaa-0206.09j2Organizational.34-09.j 0206.09j2Organizational.34-09.j 0206.09j2Organizational.34-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance hipaa 0206.09j2Organizational.34-09.j hipaa-0206.09j2Organizational.34-09.j 0206.09j2Organizational.34-09.j 0206.09j2Organizational.34-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance hipaa 0206.09j2Organizational.34-09.j hipaa-0206.09j2Organizational.34-09.j 0206.09j2Organizational.34-09.j 0206.09j2Organizational.34-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance hipaa 0207.09j2Organizational.56-09.j hipaa-0207.09j2Organizational.56-09.j 0207.09j2Organizational.56-09.j 0207.09j2Organizational.56-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance hipaa 0207.09j2Organizational.56-09.j hipaa-0207.09j2Organizational.56-09.j 0207.09j2Organizational.56-09.j 0207.09j2Organizational.56-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance hipaa 0207.09j2Organizational.56-09.j hipaa-0207.09j2Organizational.56-09.j 0207.09j2Organizational.56-09.j 0207.09j2Organizational.56-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance hipaa 0207.09j2Organizational.56-09.j hipaa-0207.09j2Organizational.56-09.j 0207.09j2Organizational.56-09.j 0207.09j2Organizational.56-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance hipaa 0207.09j2Organizational.56-09.j hipaa-0207.09j2Organizational.56-09.j 0207.09j2Organizational.56-09.j 0207.09j2Organizational.56-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance hipaa 0207.09j2Organizational.56-09.j hipaa-0207.09j2Organizational.56-09.j 0207.09j2Organizational.56-09.j 0207.09j2Organizational.56-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance hipaa 0207.09j2Organizational.56-09.j hipaa-0207.09j2Organizational.56-09.j 0207.09j2Organizational.56-09.j 0207.09j2Organizational.56-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance hipaa 0208.09j2Organizational.7-09.j hipaa-0208.09j2Organizational.7-09.j 0208.09j2Organizational.7-09.j 0208.09j2Organizational.7-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance hipaa 0208.09j2Organizational.7-09.j hipaa-0208.09j2Organizational.7-09.j 0208.09j2Organizational.7-09.j 0208.09j2Organizational.7-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance hipaa 0208.09j2Organizational.7-09.j hipaa-0208.09j2Organizational.7-09.j 0208.09j2Organizational.7-09.j 0208.09j2Organizational.7-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance hipaa 0208.09j2Organizational.7-09.j hipaa-0208.09j2Organizational.7-09.j 0208.09j2Organizational.7-09.j 0208.09j2Organizational.7-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance hipaa 0209.09m3Organizational.7-09.m hipaa-0209.09m3Organizational.7-09.m 0209.09m3Organizational.7-09.m 0209.09m3Organizational.7-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e54901fe-42c2-7f3b-3c5f-327aa5320a69 Automate information sharing decisions Regulatory Compliance hipaa 0209.09m3Organizational.7-09.m hipaa-0209.09m3Organizational.7-09.m 0209.09m3Organizational.7-09.m 0209.09m3Organizational.7-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Employ automatic shutdown/restart when violations are detected Regulatory Compliance hipaa 0209.09m3Organizational.7-09.m hipaa-0209.09m3Organizational.7-09.m 0209.09m3Organizational.7-09.m 0209.09m3Organizational.7-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8019d788-713d-90a1-5570-dac5052f517d Train staff on PII sharing and its consequences Regulatory Compliance hipaa 0209.09m3Organizational.7-09.m hipaa-0209.09m3Organizational.7-09.m 0209.09m3Organizational.7-09.m 0209.09m3Organizational.7-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8b1da407-5e60-5037-612e-2caa1b590719 Record disclosures of PII to third parties Regulatory Compliance hipaa 0209.09m3Organizational.7-09.m hipaa-0209.09m3Organizational.7-09.m 0209.09m3Organizational.7-09.m 0209.09m3Organizational.7-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a44c9fba-43f8-4b7b-7ee6-db52c96b4366 Facilitate information sharing Regulatory Compliance hipaa 0209.09m3Organizational.7-09.m hipaa-0209.09m3Organizational.7-09.m 0209.09m3Organizational.7-09.m 0209.09m3Organizational.7-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance hipaa 0214.09j1Organizational.6-09.j hipaa-0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance hipaa 0214.09j1Organizational.6-09.j hipaa-0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance hipaa 0214.09j1Organizational.6-09.j hipaa-0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance hipaa 0214.09j1Organizational.6-09.j hipaa-0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance hipaa 0214.09j1Organizational.6-09.j hipaa-0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance hipaa 0214.09j1Organizational.6-09.j hipaa-0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance hipaa 0214.09j1Organizational.6-09.j hipaa-0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance hipaa 0214.09j1Organizational.6-09.j hipaa-0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance hipaa 0214.09j1Organizational.6-09.j hipaa-0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance hipaa 0214.09j1Organizational.6-09.j hipaa-0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance hipaa 0214.09j1Organizational.6-09.j hipaa-0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance hipaa 0214.09j1Organizational.6-09.j hipaa-0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance hipaa 0214.09j1Organizational.6-09.j hipaa-0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance hipaa 0215.09j2Organizational.8-09.j hipaa-0215.09j2Organizational.8-09.j 0215.09j2Organizational.8-09.j 0215.09j2Organizational.8-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance hipaa 0215.09j2Organizational.8-09.j hipaa-0215.09j2Organizational.8-09.j 0215.09j2Organizational.8-09.j 0215.09j2Organizational.8-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance hipaa 0215.09j2Organizational.8-09.j hipaa-0215.09j2Organizational.8-09.j 0215.09j2Organizational.8-09.j 0215.09j2Organizational.8-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance hipaa 0215.09j2Organizational.8-09.j hipaa-0215.09j2Organizational.8-09.j 0215.09j2Organizational.8-09.j 0215.09j2Organizational.8-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance hipaa 0215.09j2Organizational.8-09.j hipaa-0215.09j2Organizational.8-09.j 0215.09j2Organizational.8-09.j 0215.09j2Organizational.8-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance hipaa 0215.09j2Organizational.8-09.j hipaa-0215.09j2Organizational.8-09.j 0215.09j2Organizational.8-09.j 0215.09j2Organizational.8-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance hipaa 0215.09j2Organizational.8-09.j hipaa-0215.09j2Organizational.8-09.j 0215.09j2Organizational.8-09.j 0215.09j2Organizational.8-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance hipaa 0216.09j2Organizational.9-09.j hipaa-0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance hipaa 0216.09j2Organizational.9-09.j hipaa-0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance hipaa 0216.09j2Organizational.9-09.j hipaa-0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance hipaa 0216.09j2Organizational.9-09.j hipaa-0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance hipaa 0216.09j2Organizational.9-09.j hipaa-0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance hipaa 0216.09j2Organizational.9-09.j hipaa-0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance hipaa 0216.09j2Organizational.9-09.j hipaa-0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance hipaa 0216.09j2Organizational.9-09.j hipaa-0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance hipaa 0216.09j2Organizational.9-09.j hipaa-0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance hipaa 0216.09j2Organizational.9-09.j hipaa-0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance hipaa 0216.09j2Organizational.9-09.j hipaa-0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance hipaa 0216.09j2Organizational.9-09.j hipaa-0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance hipaa 0216.09j2Organizational.9-09.j hipaa-0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff136354-1c92-76dc-2dab-80fb7c6a9f1a Observe and report security weaknesses Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bf883b14-9c19-0f37-8825-5e39a8b66d5b Perform threat modeling Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a30bd8e9-7064-312a-0e1f-e1b485d59f6e Review exploit protection events Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance hipaa 0219.09j2Organizational.12-09.j hipaa-0219.09j2Organizational.12-09.j 0219.09j2Organizational.12-09.j 0219.09j2Organizational.12-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance hipaa 0219.09j2Organizational.12-09.j hipaa-0219.09j2Organizational.12-09.j 0219.09j2Organizational.12-09.j 0219.09j2Organizational.12-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance hipaa 0219.09j2Organizational.12-09.j hipaa-0219.09j2Organizational.12-09.j 0219.09j2Organizational.12-09.j 0219.09j2Organizational.12-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance hipaa 0219.09j2Organizational.12-09.j hipaa-0219.09j2Organizational.12-09.j 0219.09j2Organizational.12-09.j 0219.09j2Organizational.12-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance hipaa 0219.09j2Organizational.12-09.j hipaa-0219.09j2Organizational.12-09.j 0219.09j2Organizational.12-09.j 0219.09j2Organizational.12-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance hipaa 0219.09j2Organizational.12-09.j hipaa-0219.09j2Organizational.12-09.j 0219.09j2Organizational.12-09.j 0219.09j2Organizational.12-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance hipaa 0219.09j2Organizational.12-09.j hipaa-0219.09j2Organizational.12-09.j 0219.09j2Organizational.12-09.j 0219.09j2Organizational.12-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffdaa742-0d6f-726f-3eac-6e6c34e36c93 Establish usage restrictions for mobile code technologies Regulatory Compliance hipaa 0225.09k1Organizational.1-09.k hipaa-0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance hipaa 0225.09k1Organizational.1-09.k hipaa-0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance hipaa 0225.09k1Organizational.1-09.k hipaa-0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance hipaa 0225.09k1Organizational.1-09.k hipaa-0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
291f20d4-8d93-1d73-89f3-6ce28b825563 Authorize, monitor, and control usage of mobile code technologies Regulatory Compliance hipaa 0225.09k1Organizational.1-09.k hipaa-0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance hipaa 0225.09k1Organizational.1-09.k hipaa-0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance hipaa 0225.09k1Organizational.1-09.k hipaa-0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance hipaa 0225.09k1Organizational.1-09.k hipaa-0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance hipaa 0225.09k1Organizational.1-09.k hipaa-0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance hipaa 0225.09k1Organizational.1-09.k hipaa-0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
291f20d4-8d93-1d73-89f3-6ce28b825563 Authorize, monitor, and control usage of mobile code technologies Regulatory Compliance hipaa 0226.09k1Organizational.2-09.k hipaa-0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance hipaa 0226.09k1Organizational.2-09.k hipaa-0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance hipaa 0226.09k1Organizational.2-09.k hipaa-0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance hipaa 0226.09k1Organizational.2-09.k hipaa-0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance hipaa 0226.09k1Organizational.2-09.k hipaa-0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance hipaa 0226.09k1Organizational.2-09.k hipaa-0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance hipaa 0226.09k1Organizational.2-09.k hipaa-0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffdaa742-0d6f-726f-3eac-6e6c34e36c93 Establish usage restrictions for mobile code technologies Regulatory Compliance hipaa 0226.09k1Organizational.2-09.k hipaa-0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance hipaa 0226.09k1Organizational.2-09.k hipaa-0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffdaa742-0d6f-726f-3eac-6e6c34e36c93 Establish usage restrictions for mobile code technologies Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
291f20d4-8d93-1d73-89f3-6ce28b825563 Authorize, monitor, and control usage of mobile code technologies Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance hipaa 0228.09k2Organizational.3-09.k hipaa-0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers Regulatory Compliance hipaa 0228.09k2Organizational.3-09.k hipaa-0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance hipaa 0228.09k2Organizational.3-09.k hipaa-0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance hipaa 0228.09k2Organizational.3-09.k hipaa-0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance hipaa 0228.09k2Organizational.3-09.k hipaa-0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance hipaa 0228.09k2Organizational.3-09.k hipaa-0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance hipaa 0228.09k2Organizational.3-09.k hipaa-0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance hipaa 0228.09k2Organizational.3-09.k hipaa-0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance hipaa 0228.09k2Organizational.3-09.k hipaa-0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance hipaa 0228.09k2Organizational.3-09.k hipaa-0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance hipaa 0228.09k2Organizational.3-09.k hipaa-0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance hipaa 0301.09o1Organizational.123-09.o hipaa-0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance hipaa 0301.09o1Organizational.123-09.o hipaa-0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance hipaa 0301.09o1Organizational.123-09.o hipaa-0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance hipaa 0301.09o1Organizational.123-09.o hipaa-0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance hipaa 0301.09o1Organizational.123-09.o hipaa-0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance hipaa 0301.09o1Organizational.123-09.o hipaa-0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL hipaa 0301.09o1Organizational.123-09.o hipaa-0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance hipaa 0301.09o1Organizational.123-09.o hipaa-0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance hipaa 0301.09o1Organizational.123-09.o hipaa-0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance hipaa 0301.09o1Organizational.123-09.o hipaa-0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance hipaa 0301.09o1Organizational.123-09.o hipaa-0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance hipaa 0301.09o1Organizational.123-09.o hipaa-0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance hipaa 0301.09o1Organizational.123-09.o hipaa-0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance hipaa 0301.09o1Organizational.123-09.o hipaa-0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance hipaa 0302.09o2Organizational.1-09.o hipaa-0302.09o2Organizational.1-09.o 0302.09o2Organizational.1-09.o 0302.09o2Organizational.1-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance hipaa 0302.09o2Organizational.1-09.o hipaa-0302.09o2Organizational.1-09.o 0302.09o2Organizational.1-09.o 0302.09o2Organizational.1-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance hipaa 0302.09o2Organizational.1-09.o hipaa-0302.09o2Organizational.1-09.o 0302.09o2Organizational.1-09.o 0302.09o2Organizational.1-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance hipaa 0302.09o2Organizational.1-09.o hipaa-0302.09o2Organizational.1-09.o 0302.09o2Organizational.1-09.o 0302.09o2Organizational.1-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance hipaa 0302.09o2Organizational.1-09.o hipaa-0302.09o2Organizational.1-09.o 0302.09o2Organizational.1-09.o 0302.09o2Organizational.1-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance hipaa 0302.09o2Organizational.1-09.o hipaa-0302.09o2Organizational.1-09.o 0302.09o2Organizational.1-09.o 0302.09o2Organizational.1-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance hipaa 0303.09o2Organizational.2-09.o hipaa-0303.09o2Organizational.2-09.o 0303.09o2Organizational.2-09.o 0303.09o2Organizational.2-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance hipaa 0303.09o2Organizational.2-09.o hipaa-0303.09o2Organizational.2-09.o 0303.09o2Organizational.2-09.o 0303.09o2Organizational.2-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance hipaa 0303.09o2Organizational.2-09.o hipaa-0303.09o2Organizational.2-09.o 0303.09o2Organizational.2-09.o 0303.09o2Organizational.2-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance hipaa 0303.09o2Organizational.2-09.o hipaa-0303.09o2Organizational.2-09.o 0303.09o2Organizational.2-09.o 0303.09o2Organizational.2-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance hipaa 0303.09o2Organizational.2-09.o hipaa-0303.09o2Organizational.2-09.o 0303.09o2Organizational.2-09.o 0303.09o2Organizational.2-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance hipaa 0303.09o2Organizational.2-09.o hipaa-0303.09o2Organizational.2-09.o 0303.09o2Organizational.2-09.o 0303.09o2Organizational.2-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL hipaa 0304.09o3Organizational.1-09.o hipaa-0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL hipaa 0304.09o3Organizational.1-09.o hipaa-0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance hipaa 0304.09o3Organizational.1-09.o hipaa-0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance hipaa 0304.09o3Organizational.1-09.o hipaa-0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance hipaa 0304.09o3Organizational.1-09.o hipaa-0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a7ff3161-0087-490a-9ad9-ad6217f4f43a Require encryption on Data Lake Store accounts Data Lake hipaa 0304.09o3Organizational.1-09.o hipaa-0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance hipaa 0304.09o3Organizational.1-09.o hipaa-0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance hipaa 0304.09o3Organizational.1-09.o hipaa-0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance hipaa 0305.09q1Organizational.12-09.q hipaa-0305.09q1Organizational.12-09.q 0305.09q1Organizational.12-09.q 0305.09q1Organizational.12-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance hipaa 0305.09q1Organizational.12-09.q hipaa-0305.09q1Organizational.12-09.q 0305.09q1Organizational.12-09.q 0305.09q1Organizational.12-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance hipaa 0305.09q1Organizational.12-09.q hipaa-0305.09q1Organizational.12-09.q 0305.09q1Organizational.12-09.q 0305.09q1Organizational.12-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance hipaa 0305.09q1Organizational.12-09.q hipaa-0305.09q1Organizational.12-09.q 0305.09q1Organizational.12-09.q 0305.09q1Organizational.12-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance hipaa 0305.09q1Organizational.12-09.q hipaa-0305.09q1Organizational.12-09.q 0305.09q1Organizational.12-09.q 0305.09q1Organizational.12-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance hipaa 0305.09q1Organizational.12-09.q hipaa-0305.09q1Organizational.12-09.q 0305.09q1Organizational.12-09.q 0305.09q1Organizational.12-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance hipaa 0305.09q1Organizational.12-09.q hipaa-0305.09q1Organizational.12-09.q 0305.09q1Organizational.12-09.q 0305.09q1Organizational.12-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37dbe3dc-0e9c-24fa-36f2-11197cbfa207 Ensure authorized users protect provided authenticators Regulatory Compliance hipaa 0306.09q1Organizational.3-09.q hipaa-0306.09q1Organizational.3-09.q 0306.09q1Organizational.3-09.q 0306.09q1Organizational.3-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a44c9fba-43f8-4b7b-7ee6-db52c96b4366 Facilitate information sharing Regulatory Compliance hipaa 0306.09q1Organizational.3-09.q hipaa-0306.09q1Organizational.3-09.q 0306.09q1Organizational.3-09.q 0306.09q1Organizational.3-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e54901fe-42c2-7f3b-3c5f-327aa5320a69 Automate information sharing decisions Regulatory Compliance hipaa 0306.09q1Organizational.3-09.q hipaa-0306.09q1Organizational.3-09.q 0306.09q1Organizational.3-09.q 0306.09q1Organizational.3-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance hipaa 0306.09q1Organizational.3-09.q hipaa-0306.09q1Organizational.3-09.q 0306.09q1Organizational.3-09.q 0306.09q1Organizational.3-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eda0cbb7-6043-05bf-645b-67411f1a59b3 Ensure there are no unencrypted static authenticators Regulatory Compliance hipaa 0306.09q1Organizational.3-09.q hipaa-0306.09q1Organizational.3-09.q 0306.09q1Organizational.3-09.q 0306.09q1Organizational.3-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance hipaa 0306.09q1Organizational.3-09.q hipaa-0306.09q1Organizational.3-09.q 0306.09q1Organizational.3-09.q 0306.09q1Organizational.3-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance hipaa 0307.09q2Organizational.12-09.q hipaa-0307.09q2Organizational.12-09.q 0307.09q2Organizational.12-09.q 0307.09q2Organizational.12-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance hipaa 0307.09q2Organizational.12-09.q hipaa-0307.09q2Organizational.12-09.q 0307.09q2Organizational.12-09.q 0307.09q2Organizational.12-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance hipaa 0308.09q3Organizational.1-09.q hipaa-0308.09q3Organizational.1-09.q 0308.09q3Organizational.1-09.q 0308.09q3Organizational.1-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance hipaa 0308.09q3Organizational.1-09.q hipaa-0308.09q3Organizational.1-09.q 0308.09q3Organizational.1-09.q 0308.09q3Organizational.1-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance hipaa 0308.09q3Organizational.1-09.q hipaa-0308.09q3Organizational.1-09.q 0308.09q3Organizational.1-09.q 0308.09q3Organizational.1-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance hipaa 0314.09q3Organizational.2-09.q hipaa-0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance hipaa 0314.09q3Organizational.2-09.q hipaa-0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance hipaa 0314.09q3Organizational.2-09.q hipaa-0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance hipaa 0314.09q3Organizational.2-09.q hipaa-0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance hipaa 0314.09q3Organizational.2-09.q hipaa-0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance hipaa 0314.09q3Organizational.2-09.q hipaa-0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance hipaa 0314.09q3Organizational.2-09.q hipaa-0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance hipaa 0314.09q3Organizational.2-09.q hipaa-0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance hipaa 0314.09q3Organizational.2-09.q hipaa-0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance hipaa 0401.01x1System.124579-01.x hipaa-0401.01x1System.124579-01.x 0401.01x1System.124579-01.x 0401.01x1System.124579-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance hipaa 0401.01x1System.124579-01.x hipaa-0401.01x1System.124579-01.x 0401.01x1System.124579-01.x 0401.01x1System.124579-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
291f20d4-8d93-1d73-89f3-6ce28b825563 Authorize, monitor, and control usage of mobile code technologies Regulatory Compliance hipaa 0401.01x1System.124579-01.x hipaa-0401.01x1System.124579-01.x 0401.01x1System.124579-01.x 0401.01x1System.124579-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance hipaa 0401.01x1System.124579-01.x hipaa-0401.01x1System.124579-01.x 0401.01x1System.124579-01.x 0401.01x1System.124579-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffdaa742-0d6f-726f-3eac-6e6c34e36c93 Establish usage restrictions for mobile code technologies Regulatory Compliance hipaa 0401.01x1System.124579-01.x hipaa-0401.01x1System.124579-01.x 0401.01x1System.124579-01.x 0401.01x1System.124579-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance hipaa 0401.01x1System.124579-01.x hipaa-0401.01x1System.124579-01.x 0401.01x1System.124579-01.x 0401.01x1System.124579-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
678ca228-042d-6d8e-a598-c58d5670437d Prohibit remote activation of collaborative computing devices Regulatory Compliance hipaa 0401.01x1System.124579-01.x hipaa-0401.01x1System.124579-01.x 0401.01x1System.124579-01.x 0401.01x1System.124579-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance hipaa 0403.01x1System.8-01.x hipaa-0403.01x1System.8-01.x 0403.01x1System.8-01.x 0403.01x1System.8-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance hipaa 0403.01x1System.8-01.x hipaa-0403.01x1System.8-01.x 0403.01x1System.8-01.x 0403.01x1System.8-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance hipaa 0403.01x1System.8-01.x hipaa-0403.01x1System.8-01.x 0403.01x1System.8-01.x 0403.01x1System.8-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance hipaa 0403.01x1System.8-01.x hipaa-0403.01x1System.8-01.x 0403.01x1System.8-01.x 0403.01x1System.8-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance hipaa 0403.01x1System.8-01.x hipaa-0403.01x1System.8-01.x 0403.01x1System.8-01.x 0403.01x1System.8-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals Regulatory Compliance hipaa 0403.01x1System.8-01.x hipaa-0403.01x1System.8-01.x 0403.01x1System.8-01.x 0403.01x1System.8-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return Regulatory Compliance hipaa 0403.01x1System.8-01.x hipaa-0403.01x1System.8-01.x 0403.01x1System.8-01.x 0403.01x1System.8-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance hipaa 0405.01y1Organizational.12345678-01.y hipaa-0405.01y1Organizational.12345678-01.y 0405.01y1Organizational.12345678-01.y 0405.01y1Organizational.12345678-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance hipaa 0407.01y2Organizational.1-01.y hipaa-0407.01y2Organizational.1-01.y 0407.01y2Organizational.1-01.y 0407.01y2Organizational.1-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance hipaa 0407.01y2Organizational.1-01.y hipaa-0407.01y2Organizational.1-01.y 0407.01y2Organizational.1-01.y 0407.01y2Organizational.1-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance hipaa 0408.01y3Organizational.12-01.y hipaa-0408.01y3Organizational.12-01.y 0408.01y3Organizational.12-01.y 0408.01y3Organizational.12-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance hipaa 0408.01y3Organizational.12-01.y hipaa-0408.01y3Organizational.12-01.y 0408.01y3Organizational.12-01.y 0408.01y3Organizational.12-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance hipaa 0408.01y3Organizational.12-01.y hipaa-0408.01y3Organizational.12-01.y 0408.01y3Organizational.12-01.y 0408.01y3Organizational.12-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance hipaa 0408.01y3Organizational.12-01.y hipaa-0408.01y3Organizational.12-01.y 0408.01y3Organizational.12-01.y 0408.01y3Organizational.12-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance hipaa 0408.01y3Organizational.12-01.y hipaa-0408.01y3Organizational.12-01.y 0408.01y3Organizational.12-01.y 0408.01y3Organizational.12-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance hipaa 0409.01y3Organizational.3-01.y hipaa-0409.01y3Organizational.3-01.y 0409.01y3Organizational.3-01.y 0409.01y3Organizational.3-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance hipaa 0410.01x1System.12-01.xMobileComputingandCommunications hipaa-0410.01x1System.12-01.xMobileComputingandCommunications 0410.01x1System.12-01.xMobileComputingandCommunications 0410.01x1System.12-01.xMobileComputingandCommunications 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance hipaa 0410.01x1System.12-01.xMobileComputingandCommunications hipaa-0410.01x1System.12-01.xMobileComputingandCommunications 0410.01x1System.12-01.xMobileComputingandCommunications 0410.01x1System.12-01.xMobileComputingandCommunications 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance hipaa 0415.01y1Organizational.10-01.y hipaa-0415.01y1Organizational.10-01.y 0415.01y1Organizational.10-01.y 0415.01y1Organizational.10-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance hipaa 0415.01y1Organizational.10-01.y hipaa-0415.01y1Organizational.10-01.y 0415.01y1Organizational.10-01.y 0415.01y1Organizational.10-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance hipaa 0415.01y1Organizational.10-01.y hipaa-0415.01y1Organizational.10-01.y 0415.01y1Organizational.10-01.y 0415.01y1Organizational.10-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance hipaa 0415.01y1Organizational.10-01.y hipaa-0415.01y1Organizational.10-01.y 0415.01y1Organizational.10-01.y 0415.01y1Organizational.10-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance hipaa 0415.01y1Organizational.10-01.y hipaa-0415.01y1Organizational.10-01.y 0415.01y1Organizational.10-01.y 0415.01y1Organizational.10-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance hipaa 0416.01y3Organizational.4-01.y hipaa-0416.01y3Organizational.4-01.y 0416.01y3Organizational.4-01.y 0416.01y3Organizational.4-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance hipaa 0416.01y3Organizational.4-01.y hipaa-0416.01y3Organizational.4-01.y 0416.01y3Organizational.4-01.y 0416.01y3Organizational.4-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance hipaa 0416.01y3Organizational.4-01.y hipaa-0416.01y3Organizational.4-01.y 0416.01y3Organizational.4-01.y 0416.01y3Organizational.4-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance hipaa 0416.01y3Organizational.4-01.y hipaa-0416.01y3Organizational.4-01.y 0416.01y3Organizational.4-01.y 0416.01y3Organizational.4-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance hipaa 0417.01y3Organizational.5-01.y hipaa-0417.01y3Organizational.5-01.y 0417.01y3Organizational.5-01.y 0417.01y3Organizational.5-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance hipaa 0425.01x1System.13-01.x hipaa-0425.01x1System.13-01.x 0425.01x1System.13-01.x 0425.01x1System.13-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance hipaa 0426.01x2System.1-01.x hipaa-0426.01x2System.1-01.x 0426.01x2System.1-01.x 0426.01x2System.1-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance hipaa 0426.01x2System.1-01.x hipaa-0426.01x2System.1-01.x 0426.01x2System.1-01.x 0426.01x2System.1-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals Regulatory Compliance hipaa 0426.01x2System.1-01.x hipaa-0426.01x2System.1-01.x 0426.01x2System.1-01.x 0426.01x2System.1-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return Regulatory Compliance hipaa 0426.01x2System.1-01.x hipaa-0426.01x2System.1-01.x 0426.01x2System.1-01.x 0426.01x2System.1-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance hipaa 0426.01x2System.1-01.x hipaa-0426.01x2System.1-01.x 0426.01x2System.1-01.x 0426.01x2System.1-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance hipaa 0426.01x2System.1-01.x hipaa-0426.01x2System.1-01.x 0426.01x2System.1-01.x 0426.01x2System.1-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance hipaa 0426.01x2System.1-01.x hipaa-0426.01x2System.1-01.x 0426.01x2System.1-01.x 0426.01x2System.1-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance hipaa 0427.01x2System.2-01.x hipaa-0427.01x2System.2-01.x 0427.01x2System.2-01.x 0427.01x2System.2-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals Regulatory Compliance hipaa 0427.01x2System.2-01.x hipaa-0427.01x2System.2-01.x 0427.01x2System.2-01.x 0427.01x2System.2-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance hipaa 0427.01x2System.2-01.x hipaa-0427.01x2System.2-01.x 0427.01x2System.2-01.x 0427.01x2System.2-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return Regulatory Compliance hipaa 0427.01x2System.2-01.x hipaa-0427.01x2System.2-01.x 0427.01x2System.2-01.x 0427.01x2System.2-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance hipaa 0428.01x2System.3-01.x hipaa-0428.01x2System.3-01.x 0428.01x2System.3-01.x 0428.01x2System.3-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals Regulatory Compliance hipaa 0428.01x2System.3-01.x hipaa-0428.01x2System.3-01.x 0428.01x2System.3-01.x 0428.01x2System.3-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance hipaa 0428.01x2System.3-01.x hipaa-0428.01x2System.3-01.x 0428.01x2System.3-01.x 0428.01x2System.3-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return Regulatory Compliance hipaa 0428.01x2System.3-01.x hipaa-0428.01x2System.3-01.x 0428.01x2System.3-01.x 0428.01x2System.3-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance hipaa 0429.01x1System.14-01.x hipaa-0429.01x1System.14-01.x 0429.01x1System.14-01.x 0429.01x1System.14-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals Regulatory Compliance hipaa 0429.01x1System.14-01.x hipaa-0429.01x1System.14-01.x 0429.01x1System.14-01.x 0429.01x1System.14-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance hipaa 0429.01x1System.14-01.x hipaa-0429.01x1System.14-01.x 0429.01x1System.14-01.x 0429.01x1System.14-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance hipaa 0429.01x1System.14-01.x hipaa-0429.01x1System.14-01.x 0429.01x1System.14-01.x 0429.01x1System.14-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance hipaa 0429.01x1System.14-01.x hipaa-0429.01x1System.14-01.x 0429.01x1System.14-01.x 0429.01x1System.14-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return Regulatory Compliance hipaa 0429.01x1System.14-01.x hipaa-0429.01x1System.14-01.x 0429.01x1System.14-01.x 0429.01x1System.14-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance hipaa 0429.01x1System.14-01.x hipaa-0429.01x1System.14-01.x 0429.01x1System.14-01.x 0429.01x1System.14-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance hipaa 0504.09m2Organizational.5-09.m hipaa-0504.09m2Organizational.5-09.m 0504.09m2Organizational.5-09.m 0504.09m2Organizational.5-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance hipaa 0504.09m2Organizational.5-09.m hipaa-0504.09m2Organizational.5-09.m 0504.09m2Organizational.5-09.m 0504.09m2Organizational.5-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls Regulatory Compliance hipaa 0504.09m2Organizational.5-09.m hipaa-0504.09m2Organizational.5-09.m 0504.09m2Organizational.5-09.m 0504.09m2Organizational.5-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance hipaa 0504.09m2Organizational.5-09.m hipaa-0504.09m2Organizational.5-09.m 0504.09m2Organizational.5-09.m 0504.09m2Organizational.5-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance hipaa 0505.09m2Organizational.3-09.m hipaa-0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls Regulatory Compliance hipaa 0505.09m2Organizational.3-09.m hipaa-0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance hipaa 0505.09m2Organizational.3-09.m hipaa-0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
25a1f840-65d0-900a-43e4-bee253de04de Define requirements for managing assets Regulatory Compliance hipaa 0505.09m2Organizational.3-09.m hipaa-0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance hipaa 0505.09m2Organizational.3-09.m hipaa-0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance hipaa 0505.09m2Organizational.3-09.m hipaa-0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance hipaa 0505.09m2Organizational.3-09.m hipaa-0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance hipaa 0505.09m2Organizational.3-09.m hipaa-0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance hipaa 0601.06g1Organizational.124-06.g hipaa-0601.06g1Organizational.124-06.g 0601.06g1Organizational.124-06.g 0601.06g1Organizational.124-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance hipaa 0601.06g1Organizational.124-06.g hipaa-0601.06g1Organizational.124-06.g 0601.06g1Organizational.124-06.g 0601.06g1Organizational.124-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance hipaa 0601.06g1Organizational.124-06.g hipaa-0601.06g1Organizational.124-06.g 0601.06g1Organizational.124-06.g 0601.06g1Organizational.124-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance hipaa 0601.06g1Organizational.124-06.g hipaa-0601.06g1Organizational.124-06.g 0601.06g1Organizational.124-06.g 0601.06g1Organizational.124-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance hipaa 0601.06g1Organizational.124-06.g hipaa-0601.06g1Organizational.124-06.g 0601.06g1Organizational.124-06.g 0601.06g1Organizational.124-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance hipaa 0601.06g1Organizational.124-06.g hipaa-0601.06g1Organizational.124-06.g 0601.06g1Organizational.124-06.g 0601.06g1Organizational.124-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance hipaa 0602.06g1Organizational.3-06.g hipaa-0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance hipaa 0602.06g1Organizational.3-06.g hipaa-0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance hipaa 0602.06g1Organizational.3-06.g hipaa-0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance hipaa 0602.06g1Organizational.3-06.g hipaa-0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance hipaa 0602.06g1Organizational.3-06.g hipaa-0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance hipaa 0602.06g1Organizational.3-06.g hipaa-0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance hipaa 0602.06g1Organizational.3-06.g hipaa-0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance hipaa 0602.06g1Organizational.3-06.g hipaa-0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance hipaa 0602.06g1Organizational.3-06.g hipaa-0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance hipaa 0602.06g1Organizational.3-06.g hipaa-0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance hipaa 0603.06g2Organizational.1-06.g hipaa-0603.06g2Organizational.1-06.g 0603.06g2Organizational.1-06.g 0603.06g2Organizational.1-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance hipaa 0603.06g2Organizational.1-06.g hipaa-0603.06g2Organizational.1-06.g 0603.06g2Organizational.1-06.g 0603.06g2Organizational.1-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance hipaa 0603.06g2Organizational.1-06.g hipaa-0603.06g2Organizational.1-06.g 0603.06g2Organizational.1-06.g 0603.06g2Organizational.1-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers Regulatory Compliance hipaa 0603.06g2Organizational.1-06.g hipaa-0603.06g2Organizational.1-06.g 0603.06g2Organizational.1-06.g 0603.06g2Organizational.1-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance hipaa 0603.06g2Organizational.1-06.g hipaa-0603.06g2Organizational.1-06.g 0603.06g2Organizational.1-06.g 0603.06g2Organizational.1-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance hipaa 0603.06g2Organizational.1-06.g hipaa-0603.06g2Organizational.1-06.g 0603.06g2Organizational.1-06.g 0603.06g2Organizational.1-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3baee3fd-30f5-882c-018c-cc78703a0106 Employ independent assessors for continuous monitoring Regulatory Compliance hipaa 0604.06g2Organizational.2-06.g hipaa-0604.06g2Organizational.2-06.g 0604.06g2Organizational.2-06.g 0604.06g2Organizational.2-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance hipaa 0604.06g2Organizational.2-06.g hipaa-0604.06g2Organizational.2-06.g 0604.06g2Organizational.2-06.g 0604.06g2Organizational.2-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance hipaa 0604.06g2Organizational.2-06.g hipaa-0604.06g2Organizational.2-06.g 0604.06g2Organizational.2-06.g 0604.06g2Organizational.2-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance hipaa 0604.06g2Organizational.2-06.g hipaa-0604.06g2Organizational.2-06.g 0604.06g2Organizational.2-06.g 0604.06g2Organizational.2-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b65c5d8e-9043-9612-2c17-65f231d763bb Employ independent assessors to conduct security control assessments Regulatory Compliance hipaa 0604.06g2Organizational.2-06.g hipaa-0604.06g2Organizational.2-06.g 0604.06g2Organizational.2-06.g 0604.06g2Organizational.2-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance hipaa 0604.06g2Organizational.2-06.g hipaa-0604.06g2Organizational.2-06.g 0604.06g2Organizational.2-06.g 0604.06g2Organizational.2-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6a379d74-903b-244a-4c44-838728bea6b0 Analyse data obtained from continuous monitoring Regulatory Compliance hipaa 0604.06g2Organizational.2-06.g hipaa-0604.06g2Organizational.2-06.g 0604.06g2Organizational.2-06.g 0604.06g2Organizational.2-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration hipaa 0605.10h1System.12-10.h hipaa-0605.10h1System.12-10.h 0605.10h1System.12-10.h 0605.10h1System.12-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration hipaa 0605.10h1System.12-10.h hipaa-0605.10h1System.12-10.h 0605.10h1System.12-10.h 0605.10h1System.12-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges Regulatory Compliance hipaa 0605.10h1System.12-10.h hipaa-0605.10h1System.12-10.h 0605.10h1System.12-10.h 0605.10h1System.12-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance hipaa 0605.10h1System.12-10.h hipaa-0605.10h1System.12-10.h 0605.10h1System.12-10.h 0605.10h1System.12-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance hipaa 0605.10h1System.12-10.h hipaa-0605.10h1System.12-10.h 0605.10h1System.12-10.h 0605.10h1System.12-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance hipaa 0613.06h1Organizational.12-06.h hipaa-0613.06h1Organizational.12-06.h 0613.06h1Organizational.12-06.h 0613.06h1Organizational.12-06.h 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance hipaa 0613.06h1Organizational.12-06.h hipaa-0613.06h1Organizational.12-06.h 0613.06h1Organizational.12-06.h 0613.06h1Organizational.12-06.h 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance hipaa 0614.06h2Organizational.12-06.h hipaa-0614.06h2Organizational.12-06.h 0614.06h2Organizational.12-06.h 0614.06h2Organizational.12-06.h 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance hipaa 0614.06h2Organizational.12-06.h hipaa-0614.06h2Organizational.12-06.h 0614.06h2Organizational.12-06.h 0614.06h2Organizational.12-06.h 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance hipaa 0614.06h2Organizational.12-06.h hipaa-0614.06h2Organizational.12-06.h 0614.06h2Organizational.12-06.h 0614.06h2Organizational.12-06.h 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f78fc35e-1268-0bca-a798-afcba9d2330a Select additional testing for security control assessments Regulatory Compliance hipaa 0614.06h2Organizational.12-06.h hipaa-0614.06h2Organizational.12-06.h 0614.06h2Organizational.12-06.h 0614.06h2Organizational.12-06.h 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance hipaa 0614.06h2Organizational.12-06.h hipaa-0614.06h2Organizational.12-06.h 0614.06h2Organizational.12-06.h 0614.06h2Organizational.12-06.h 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance hipaa 0614.06h2Organizational.12-06.h hipaa-0614.06h2Organizational.12-06.h 0614.06h2Organizational.12-06.h 0614.06h2Organizational.12-06.h 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance hipaa 0615.06h2Organizational.3-06.h hipaa-0615.06h2Organizational.3-06.h 0615.06h2Organizational.3-06.h 0615.06h2Organizational.3-06.h 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 0618.09b1System.1-09.b 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 0618.09b1System.1-09.b 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 0618.09b1System.1-09.b 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 0618.09b1System.1-09.b 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 0618.09b1System.1-09.b 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 0618.09b1System.1-09.b 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 0618.09b1System.1-09.b 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 0618.09b1System.1-09.b 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 0618.09b1System.1-09.b 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 0618.09b1System.1-09.b 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5e4e9685-3818-5934-0071-2620c4fa2ca5 Retain previous versions of baseline configs Regulatory Compliance hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 0618.09b1System.1-09.b 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 0618.09b1System.1-09.b 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 0618.09b1System.1-09.b 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 0618.09b1System.1-09.b 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 0618.09b1System.1-09.b 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers Regulatory Compliance hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 0618.09b1System.1-09.b 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance hipaa 0626.10h1System.3-10.h hipaa-0626.10h1System.3-10.h 0626.10h1System.3-10.h 0626.10h1System.3-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Employ automatic shutdown/restart when violations are detected Regulatory Compliance hipaa 0626.10h1System.3-10.h hipaa-0626.10h1System.3-10.h 0626.10h1System.3-10.h 0626.10h1System.3-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance hipaa 0626.10h1System.3-10.h hipaa-0626.10h1System.3-10.h 0626.10h1System.3-10.h 0626.10h1System.3-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals Regulatory Compliance hipaa 0627.10h1System.45-10.h hipaa-0627.10h1System.45-10.h 0627.10h1System.45-10.h 0627.10h1System.45-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance hipaa 0627.10h1System.45-10.h hipaa-0627.10h1System.45-10.h 0627.10h1System.45-10.h 0627.10h1System.45-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance hipaa 0627.10h1System.45-10.h hipaa-0627.10h1System.45-10.h 0627.10h1System.45-10.h 0627.10h1System.45-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance hipaa 0627.10h1System.45-10.h hipaa-0627.10h1System.45-10.h 0627.10h1System.45-10.h 0627.10h1System.45-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance hipaa 0627.10h1System.45-10.h hipaa-0627.10h1System.45-10.h 0627.10h1System.45-10.h 0627.10h1System.45-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance hipaa 0627.10h1System.45-10.h hipaa-0627.10h1System.45-10.h 0627.10h1System.45-10.h 0627.10h1System.45-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5e4e9685-3818-5934-0071-2620c4fa2ca5 Retain previous versions of baseline configs Regulatory Compliance hipaa 0627.10h1System.45-10.h hipaa-0627.10h1System.45-10.h 0627.10h1System.45-10.h 0627.10h1System.45-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return Regulatory Compliance hipaa 0627.10h1System.45-10.h hipaa-0627.10h1System.45-10.h 0627.10h1System.45-10.h 0627.10h1System.45-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance hipaa 0627.10h1System.45-10.h hipaa-0627.10h1System.45-10.h 0627.10h1System.45-10.h 0627.10h1System.45-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance hipaa 0627.10h1System.45-10.h hipaa-0627.10h1System.45-10.h 0627.10h1System.45-10.h 0627.10h1System.45-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance hipaa 0627.10h1System.45-10.h hipaa-0627.10h1System.45-10.h 0627.10h1System.45-10.h 0627.10h1System.45-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance hipaa 0628.10h1System.6-10.h hipaa-0628.10h1System.6-10.h 0628.10h1System.6-10.h 0628.10h1System.6-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance hipaa 0628.10h1System.6-10.h hipaa-0628.10h1System.6-10.h 0628.10h1System.6-10.h 0628.10h1System.6-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance hipaa 0628.10h1System.6-10.h hipaa-0628.10h1System.6-10.h 0628.10h1System.6-10.h 0628.10h1System.6-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Employ automatic shutdown/restart when violations are detected Regulatory Compliance hipaa 0628.10h1System.6-10.h hipaa-0628.10h1System.6-10.h 0628.10h1System.6-10.h 0628.10h1System.6-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance hipaa 0635.10k1Organizational.12-10.k hipaa-0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance hipaa 0635.10k1Organizational.12-10.k hipaa-0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 Review development process, standards and tools Regulatory Compliance hipaa 0635.10k1Organizational.12-10.k hipaa-0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration hipaa 0635.10k1Organizational.12-10.k hipaa-0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance hipaa 0635.10k1Organizational.12-10.k hipaa-0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance hipaa 0635.10k1Organizational.12-10.k hipaa-0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance hipaa 0635.10k1Organizational.12-10.k hipaa-0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance hipaa 0635.10k1Organizational.12-10.k hipaa-0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance hipaa 0635.10k1Organizational.12-10.k hipaa-0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance hipaa 0636.10k2Organizational.1-10.k hipaa-0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance hipaa 0636.10k2Organizational.1-10.k hipaa-0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance hipaa 0636.10k2Organizational.1-10.k hipaa-0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
836f8406-3b8a-11bb-12cb-6c7fa0765668 Develop configuration item identification plan Regulatory Compliance hipaa 0636.10k2Organizational.1-10.k hipaa-0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
874a6f2e-2098-53bc-3a16-20dcdc425a7e Create configuration plan protection Regulatory Compliance hipaa 0636.10k2Organizational.1-10.k hipaa-0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance hipaa 0636.10k2Organizational.1-10.k hipaa-0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance hipaa 0636.10k2Organizational.1-10.k hipaa-0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration hipaa 0636.10k2Organizational.1-10.k hipaa-0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance hipaa 0637.10k2Organizational.2-10.k hipaa-0637.10k2Organizational.2-10.k 0637.10k2Organizational.2-10.k 0637.10k2Organizational.2-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance hipaa 0637.10k2Organizational.2-10.k hipaa-0637.10k2Organizational.2-10.k 0637.10k2Organizational.2-10.k 0637.10k2Organizational.2-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance hipaa 0637.10k2Organizational.2-10.k hipaa-0637.10k2Organizational.2-10.k 0637.10k2Organizational.2-10.k 0637.10k2Organizational.2-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration hipaa 0637.10k2Organizational.2-10.k hipaa-0637.10k2Organizational.2-10.k 0637.10k2Organizational.2-10.k 0637.10k2Organizational.2-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
836f8406-3b8a-11bb-12cb-6c7fa0765668 Develop configuration item identification plan Regulatory Compliance hipaa 0637.10k2Organizational.2-10.k hipaa-0637.10k2Organizational.2-10.k 0637.10k2Organizational.2-10.k 0637.10k2Organizational.2-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
874a6f2e-2098-53bc-3a16-20dcdc425a7e Create configuration plan protection Regulatory Compliance hipaa 0637.10k2Organizational.2-10.k hipaa-0637.10k2Organizational.2-10.k 0637.10k2Organizational.2-10.k 0637.10k2Organizational.2-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance hipaa 0637.10k2Organizational.2-10.k hipaa-0637.10k2Organizational.2-10.k 0637.10k2Organizational.2-10.k 0637.10k2Organizational.2-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance hipaa 0638.10k2Organizational.34569-10.k hipaa-0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance hipaa 0638.10k2Organizational.34569-10.k hipaa-0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration hipaa 0638.10k2Organizational.34569-10.k hipaa-0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance hipaa 0638.10k2Organizational.34569-10.k hipaa-0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance hipaa 0638.10k2Organizational.34569-10.k hipaa-0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance hipaa 0638.10k2Organizational.34569-10.k hipaa-0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance hipaa 0638.10k2Organizational.34569-10.k hipaa-0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance hipaa 0638.10k2Organizational.34569-10.k hipaa-0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance hipaa 0638.10k2Organizational.34569-10.k hipaa-0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance hipaa 0638.10k2Organizational.34569-10.k hipaa-0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance hipaa 0638.10k2Organizational.34569-10.k hipaa-0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance hipaa 0638.10k2Organizational.34569-10.k hipaa-0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance hipaa 0638.10k2Organizational.34569-10.k hipaa-0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance hipaa 0638.10k2Organizational.34569-10.k hipaa-0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance hipaa 0639.10k2Organizational.78-10.k hipaa-0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance hipaa 0639.10k2Organizational.78-10.k hipaa-0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance hipaa 0639.10k2Organizational.78-10.k hipaa-0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance hipaa 0639.10k2Organizational.78-10.k hipaa-0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance hipaa 0639.10k2Organizational.78-10.k hipaa-0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration hipaa 0639.10k2Organizational.78-10.k hipaa-0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance hipaa 0639.10k2Organizational.78-10.k hipaa-0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance hipaa 0639.10k2Organizational.78-10.k hipaa-0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f8a63511-66f1-503f-196d-d6217ee0823a Require developers to produce evidence of security assessment plan execution Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance hipaa 0641.10k2Organizational.11-10.k hipaa-0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance hipaa 0641.10k2Organizational.11-10.k hipaa-0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance hipaa 0641.10k2Organizational.11-10.k hipaa-0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance hipaa 0641.10k2Organizational.11-10.k hipaa-0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance hipaa 0641.10k2Organizational.11-10.k hipaa-0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance hipaa 0641.10k2Organizational.11-10.k hipaa-0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration hipaa 0641.10k2Organizational.11-10.k hipaa-0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance hipaa 0641.10k2Organizational.11-10.k hipaa-0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance hipaa 0641.10k2Organizational.11-10.k hipaa-0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance hipaa 0641.10k2Organizational.11-10.k hipaa-0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance hipaa 0641.10k2Organizational.11-10.k hipaa-0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 Review development process, standards and tools Regulatory Compliance hipaa 0641.10k2Organizational.11-10.k hipaa-0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance hipaa 0641.10k2Organizational.11-10.k hipaa-0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance hipaa 0642.10k3Organizational.12-10.k hipaa-0642.10k3Organizational.12-10.k 0642.10k3Organizational.12-10.k 0642.10k3Organizational.12-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance hipaa 0642.10k3Organizational.12-10.k hipaa-0642.10k3Organizational.12-10.k 0642.10k3Organizational.12-10.k 0642.10k3Organizational.12-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance hipaa 0642.10k3Organizational.12-10.k hipaa-0642.10k3Organizational.12-10.k 0642.10k3Organizational.12-10.k 0642.10k3Organizational.12-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance hipaa 0642.10k3Organizational.12-10.k hipaa-0642.10k3Organizational.12-10.k 0642.10k3Organizational.12-10.k 0642.10k3Organizational.12-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance hipaa 0642.10k3Organizational.12-10.k hipaa-0642.10k3Organizational.12-10.k 0642.10k3Organizational.12-10.k 0642.10k3Organizational.12-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance hipaa 0642.10k3Organizational.12-10.k hipaa-0642.10k3Organizational.12-10.k 0642.10k3Organizational.12-10.k 0642.10k3Organizational.12-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration hipaa 0642.10k3Organizational.12-10.k hipaa-0642.10k3Organizational.12-10.k 0642.10k3Organizational.12-10.k 0642.10k3Organizational.12-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5e4e9685-3818-5934-0071-2620c4fa2ca5 Retain previous versions of baseline configs Regulatory Compliance hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
836f8406-3b8a-11bb-12cb-6c7fa0765668 Develop configuration item identification plan Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f78fc35e-1268-0bca-a798-afcba9d2330a Select additional testing for security control assessments Regulatory Compliance hipaa 0662.09sCSPOrganizational.2-09.s hipaa-0662.09sCSPOrganizational.2-09.s 0662.09sCSPOrganizational.2-09.s 0662.09sCSPOrganizational.2-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service hipaa 0662.09sCSPOrganizational.2-09.s hipaa-0662.09sCSPOrganizational.2-09.s 0662.09sCSPOrganizational.2-09.s 0662.09sCSPOrganizational.2-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b65c5d8e-9043-9612-2c17-65f231d763bb Employ independent assessors to conduct security control assessments Regulatory Compliance hipaa 0662.09sCSPOrganizational.2-09.s hipaa-0662.09sCSPOrganizational.2-09.s 0662.09sCSPOrganizational.2-09.s 0662.09sCSPOrganizational.2-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Employ automatic shutdown/restart when violations are detected Regulatory Compliance hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 0663.10h1System.7-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 0663.10h1System.7-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 0663.10h1System.7-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 0663.10h1System.7-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 0663.10h1System.7-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 0663.10h1System.7-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 0663.10h1System.7-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 0663.10h1System.7-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls Regulatory Compliance hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 0663.10h1System.7-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 0663.10h1System.7-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 0663.10h1System.7-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 0663.10h1System.7-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 0663.10h1System.7-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 0663.10h1System.7-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 0663.10h1System.7-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 0663.10h1System.7-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance hipaa 0669.10hCSPSystem.1-10.h hipaa-0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance hipaa 0669.10hCSPSystem.1-10.h hipaa-0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance hipaa 0669.10hCSPSystem.1-10.h hipaa-0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance hipaa 0669.10hCSPSystem.1-10.h hipaa-0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance hipaa 0669.10hCSPSystem.1-10.h hipaa-0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance hipaa 0669.10hCSPSystem.1-10.h hipaa-0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance hipaa 0669.10hCSPSystem.1-10.h hipaa-0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance hipaa 0669.10hCSPSystem.1-10.h hipaa-0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance hipaa 0669.10hCSPSystem.1-10.h hipaa-0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance hipaa 0669.10hCSPSystem.1-10.h hipaa-0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance hipaa 0669.10hCSPSystem.1-10.h hipaa-0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance hipaa 0669.10hCSPSystem.1-10.h hipaa-0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance hipaa 0669.10hCSPSystem.1-10.h hipaa-0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance hipaa 0669.10hCSPSystem.1-10.h hipaa-0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
836f8406-3b8a-11bb-12cb-6c7fa0765668 Develop configuration item identification plan Regulatory Compliance hipaa 0669.10hCSPSystem.1-10.h hipaa-0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance hipaa 0669.10hCSPSystem.1-10.h hipaa-0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance hipaa 0670.10hCSPSystem.2-10.h hipaa-0670.10hCSPSystem.2-10.h 0670.10hCSPSystem.2-10.h 0670.10hCSPSystem.2-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance hipaa 0670.10hCSPSystem.2-10.h hipaa-0670.10hCSPSystem.2-10.h 0670.10hCSPSystem.2-10.h 0670.10hCSPSystem.2-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance hipaa 0670.10hCSPSystem.2-10.h hipaa-0670.10hCSPSystem.2-10.h 0670.10hCSPSystem.2-10.h 0670.10hCSPSystem.2-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance hipaa 0671.10k1System.1-10.k hipaa-0671.10k1System.1-10.k 0671.10k1System.1-10.k 0671.10k1System.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance hipaa 0671.10k1System.1-10.k hipaa-0671.10k1System.1-10.k 0671.10k1System.1-10.k 0671.10k1System.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance hipaa 0671.10k1System.1-10.k hipaa-0671.10k1System.1-10.k 0671.10k1System.1-10.k 0671.10k1System.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance hipaa 0671.10k1System.1-10.k hipaa-0671.10k1System.1-10.k 0671.10k1System.1-10.k 0671.10k1System.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance hipaa 0671.10k1System.1-10.k hipaa-0671.10k1System.1-10.k 0671.10k1System.1-10.k 0671.10k1System.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance hipaa 0671.10k1System.1-10.k hipaa-0671.10k1System.1-10.k 0671.10k1System.1-10.k 0671.10k1System.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance hipaa 0671.10k1System.1-10.k hipaa-0671.10k1System.1-10.k 0671.10k1System.1-10.k 0671.10k1System.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance hipaa 0671.10k1System.1-10.k hipaa-0671.10k1System.1-10.k 0671.10k1System.1-10.k 0671.10k1System.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance hipaa 0671.10k1System.1-10.k hipaa-0671.10k1System.1-10.k 0671.10k1System.1-10.k 0671.10k1System.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance hipaa 0671.10k1System.1-10.k hipaa-0671.10k1System.1-10.k 0671.10k1System.1-10.k 0671.10k1System.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance hipaa 0671.10k1System.1-10.k hipaa-0671.10k1System.1-10.k 0671.10k1System.1-10.k 0671.10k1System.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance hipaa 0671.10k1System.1-10.k hipaa-0671.10k1System.1-10.k 0671.10k1System.1-10.k 0671.10k1System.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance hipaa 0671.10k1System.1-10.k hipaa-0671.10k1System.1-10.k 0671.10k1System.1-10.k 0671.10k1System.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance hipaa 0671.10k1System.1-10.k hipaa-0671.10k1System.1-10.k 0671.10k1System.1-10.k 0671.10k1System.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance hipaa 0671.10k1System.1-10.k hipaa-0671.10k1System.1-10.k 0671.10k1System.1-10.k 0671.10k1System.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance hipaa 0671.10k1System.1-10.k hipaa-0671.10k1System.1-10.k 0671.10k1System.1-10.k 0671.10k1System.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8e920169-739d-40b5-3f99-c4d855327bb2 Prohibit binary/machine-executable code Regulatory Compliance hipaa 0672.10k3System.5-10.k hipaa-0672.10k3System.5-10.k 0672.10k3System.5-10.k 0672.10k3System.5-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance hipaa 0672.10k3System.5-10.k hipaa-0672.10k3System.5-10.k 0672.10k3System.5-10.k 0672.10k3System.5-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance hipaa 0672.10k3System.5-10.k hipaa-0672.10k3System.5-10.k 0672.10k3System.5-10.k 0672.10k3System.5-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance hipaa 0672.10k3System.5-10.k hipaa-0672.10k3System.5-10.k 0672.10k3System.5-10.k 0672.10k3System.5-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance hipaa 0672.10k3System.5-10.k hipaa-0672.10k3System.5-10.k 0672.10k3System.5-10.k 0672.10k3System.5-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance hipaa 0672.10k3System.5-10.k hipaa-0672.10k3System.5-10.k 0672.10k3System.5-10.k 0672.10k3System.5-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance hipaa 0672.10k3System.5-10.k hipaa-0672.10k3System.5-10.k 0672.10k3System.5-10.k 0672.10k3System.5-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Employ automatic shutdown/restart when violations are detected Regulatory Compliance hipaa 0672.10k3System.5-10.k hipaa-0672.10k3System.5-10.k 0672.10k3System.5-10.k 0672.10k3System.5-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance hipaa 0672.10k3System.5-10.k hipaa-0672.10k3System.5-10.k 0672.10k3System.5-10.k 0672.10k3System.5-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance hipaa 0672.10k3System.5-10.k hipaa-0672.10k3System.5-10.k 0672.10k3System.5-10.k 0672.10k3System.5-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance hipaa 0672.10k3System.5-10.k hipaa-0672.10k3System.5-10.k 0672.10k3System.5-10.k 0672.10k3System.5-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance hipaa 0672.10k3System.5-10.k hipaa-0672.10k3System.5-10.k 0672.10k3System.5-10.k 0672.10k3System.5-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b65c5d8e-9043-9612-2c17-65f231d763bb Employ independent assessors to conduct security control assessments Regulatory Compliance hipaa 068.06g2Organizational.34-06.g hipaa-068.06g2Organizational.34-06.g 068.06g2Organizational.34-06.g 068.06g2Organizational.34-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance hipaa 068.06g2Organizational.34-06.g hipaa-068.06g2Organizational.34-06.g 068.06g2Organizational.34-06.g 068.06g2Organizational.34-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance hipaa 068.06g2Organizational.34-06.g hipaa-068.06g2Organizational.34-06.g 068.06g2Organizational.34-06.g 068.06g2Organizational.34-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance hipaa 068.06g2Organizational.34-06.g hipaa-068.06g2Organizational.34-06.g 068.06g2Organizational.34-06.g 068.06g2Organizational.34-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3baee3fd-30f5-882c-018c-cc78703a0106 Employ independent assessors for continuous monitoring Regulatory Compliance hipaa 068.06g2Organizational.34-06.g hipaa-068.06g2Organizational.34-06.g 068.06g2Organizational.34-06.g 068.06g2Organizational.34-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance hipaa 068.06g2Organizational.34-06.g hipaa-068.06g2Organizational.34-06.g 068.06g2Organizational.34-06.g 068.06g2Organizational.34-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance hipaa 069.06g2Organizational.56-06.g hipaa-069.06g2Organizational.56-06.g 069.06g2Organizational.56-06.g 069.06g2Organizational.56-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance hipaa 069.06g2Organizational.56-06.g hipaa-069.06g2Organizational.56-06.g 069.06g2Organizational.56-06.g 069.06g2Organizational.56-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance hipaa 069.06g2Organizational.56-06.g hipaa-069.06g2Organizational.56-06.g 069.06g2Organizational.56-06.g 069.06g2Organizational.56-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance hipaa 069.06g2Organizational.56-06.g hipaa-069.06g2Organizational.56-06.g 069.06g2Organizational.56-06.g 069.06g2Organizational.56-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance hipaa 069.06g2Organizational.56-06.g hipaa-069.06g2Organizational.56-06.g 069.06g2Organizational.56-06.g 069.06g2Organizational.56-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance hipaa 069.06g2Organizational.56-06.g hipaa-069.06g2Organizational.56-06.g 069.06g2Organizational.56-06.g 069.06g2Organizational.56-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance hipaa 069.06g2Organizational.56-06.g hipaa-069.06g2Organizational.56-06.g 069.06g2Organizational.56-06.g 069.06g2Organizational.56-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance hipaa 0701.07a1Organizational.12-07.a hipaa-0701.07a1Organizational.12-07.a 0701.07a1Organizational.12-07.a 0701.07a1Organizational.12-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance hipaa 0701.07a1Organizational.12-07.a hipaa-0701.07a1Organizational.12-07.a 0701.07a1Organizational.12-07.a 0701.07a1Organizational.12-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance hipaa 0701.07a1Organizational.12-07.a hipaa-0701.07a1Organizational.12-07.a 0701.07a1Organizational.12-07.a 0701.07a1Organizational.12-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance hipaa 0701.07a1Organizational.12-07.a hipaa-0701.07a1Organizational.12-07.a 0701.07a1Organizational.12-07.a 0701.07a1Organizational.12-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance hipaa 0701.07a1Organizational.12-07.a hipaa-0701.07a1Organizational.12-07.a 0701.07a1Organizational.12-07.a 0701.07a1Organizational.12-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance hipaa 0701.07a1Organizational.12-07.a hipaa-0701.07a1Organizational.12-07.a 0701.07a1Organizational.12-07.a 0701.07a1Organizational.12-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance hipaa 0701.07a1Organizational.12-07.a hipaa-0701.07a1Organizational.12-07.a 0701.07a1Organizational.12-07.a 0701.07a1Organizational.12-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance hipaa 0702.07a1Organizational.3-07.a hipaa-0702.07a1Organizational.3-07.a 0702.07a1Organizational.3-07.a 0702.07a1Organizational.3-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance hipaa 0702.07a1Organizational.3-07.a hipaa-0702.07a1Organizational.3-07.a 0702.07a1Organizational.3-07.a 0702.07a1Organizational.3-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance hipaa 0703.07a2Organizational.1-07.a hipaa-0703.07a2Organizational.1-07.a 0703.07a2Organizational.1-07.a 0703.07a2Organizational.1-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance hipaa 0703.07a2Organizational.1-07.a hipaa-0703.07a2Organizational.1-07.a 0703.07a2Organizational.1-07.a 0703.07a2Organizational.1-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance hipaa 0703.07a2Organizational.1-07.a hipaa-0703.07a2Organizational.1-07.a 0703.07a2Organizational.1-07.a 0703.07a2Organizational.1-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance hipaa 0704.07a3Organizational.12-07.a hipaa-0704.07a3Organizational.12-07.a 0704.07a3Organizational.12-07.a 0704.07a3Organizational.12-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance hipaa 0704.07a3Organizational.12-07.a hipaa-0704.07a3Organizational.12-07.a 0704.07a3Organizational.12-07.a 0704.07a3Organizational.12-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance hipaa 0704.07a3Organizational.12-07.a hipaa-0704.07a3Organizational.12-07.a 0704.07a3Organizational.12-07.a 0704.07a3Organizational.12-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance hipaa 0705.07a3Organizational.3-07.a hipaa-0705.07a3Organizational.3-07.a 0705.07a3Organizational.3-07.a 0705.07a3Organizational.3-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance hipaa 0705.07a3Organizational.3-07.a hipaa-0705.07a3Organizational.3-07.a 0705.07a3Organizational.3-07.a 0705.07a3Organizational.3-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance hipaa 0705.07a3Organizational.3-07.a hipaa-0705.07a3Organizational.3-07.a 0705.07a3Organizational.3-07.a 0705.07a3Organizational.3-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance hipaa 0706.10b1System.12-10.b hipaa-0706.10b1System.12-10.b 0706.10b1System.12-10.b 0706.10b1System.12-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8b1f29eb-1b22-4217-5337-9207cb55231e Perform information input validation Regulatory Compliance hipaa 0706.10b1System.12-10.b hipaa-0706.10b1System.12-10.b 0706.10b1System.12-10.b 0706.10b1System.12-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance hipaa 0706.10b1System.12-10.b hipaa-0706.10b1System.12-10.b 0706.10b1System.12-10.b 0706.10b1System.12-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance hipaa 0706.10b1System.12-10.b hipaa-0706.10b1System.12-10.b 0706.10b1System.12-10.b 0706.10b1System.12-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance hipaa 0708.10b2System.2-10.b hipaa-0708.10b2System.2-10.b 0708.10b2System.2-10.b 0708.10b2System.2-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance hipaa 0708.10b2System.2-10.b hipaa-0708.10b2System.2-10.b 0708.10b2System.2-10.b 0708.10b2System.2-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance hipaa 0708.10b2System.2-10.b hipaa-0708.10b2System.2-10.b 0708.10b2System.2-10.b 0708.10b2System.2-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center hipaa 0709.10m1Organizational.1-10.m hipaa-0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL hipaa 0709.10m1Organizational.1-10.m hipaa-0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance hipaa 0709.10m1Organizational.1-10.m hipaa-0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f78fc35e-1268-0bca-a798-afcba9d2330a Select additional testing for security control assessments Regulatory Compliance hipaa 0709.10m1Organizational.1-10.m hipaa-0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance hipaa 0709.10m1Organizational.1-10.m hipaa-0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance hipaa 0709.10m1Organizational.1-10.m hipaa-0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL hipaa 0709.10m1Organizational.1-10.m hipaa-0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance hipaa 0709.10m1Organizational.1-10.m hipaa-0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center hipaa 0709.10m1Organizational.1-10.m hipaa-0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration hipaa 0709.10m1Organizational.1-10.m hipaa-0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance hipaa 0710.10m2Organizational.1-10.m hipaa-0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance hipaa 0710.10m2Organizational.1-10.m hipaa-0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance hipaa 0710.10m2Organizational.1-10.m hipaa-0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance hipaa 0710.10m2Organizational.1-10.m hipaa-0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance hipaa 0710.10m2Organizational.1-10.m hipaa-0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers Regulatory Compliance hipaa 0710.10m2Organizational.1-10.m hipaa-0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance hipaa 0710.10m2Organizational.1-10.m hipaa-0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance hipaa 0710.10m2Organizational.1-10.m hipaa-0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL hipaa 0710.10m2Organizational.1-10.m hipaa-0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bf883b14-9c19-0f37-8825-5e39a8b66d5b Perform threat modeling Regulatory Compliance hipaa 0711.10m2Organizational.23-10.m hipaa-0711.10m2Organizational.23-10.m 0711.10m2Organizational.23-10.m 0711.10m2Organizational.23-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance hipaa 0711.10m2Organizational.23-10.m hipaa-0711.10m2Organizational.23-10.m 0711.10m2Organizational.23-10.m 0711.10m2Organizational.23-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff136354-1c92-76dc-2dab-80fb7c6a9f1a Observe and report security weaknesses Regulatory Compliance hipaa 0711.10m2Organizational.23-10.m hipaa-0711.10m2Organizational.23-10.m 0711.10m2Organizational.23-10.m 0711.10m2Organizational.23-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center hipaa 0711.10m2Organizational.23-10.m hipaa-0711.10m2Organizational.23-10.m 0711.10m2Organizational.23-10.m 0711.10m2Organizational.23-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f78fc35e-1268-0bca-a798-afcba9d2330a Select additional testing for security control assessments Regulatory Compliance hipaa 0712.10m2Organizational.4-10.m hipaa-0712.10m2Organizational.4-10.m 0712.10m2Organizational.4-10.m 0712.10m2Organizational.4-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
611ebc63-8600-50b6-a0e3-fef272457132 Employ independent team for penetration testing Regulatory Compliance hipaa 0712.10m2Organizational.4-10.m hipaa-0712.10m2Organizational.4-10.m 0712.10m2Organizational.4-10.m 0712.10m2Organizational.4-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance hipaa 0713.10m2Organizational.5-10.m hipaa-0713.10m2Organizational.5-10.m 0713.10m2Organizational.5-10.m 0713.10m2Organizational.5-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a90c4d44-7fac-8e02-6d5b-0d92046b20e6 Automate flaw remediation Regulatory Compliance hipaa 0713.10m2Organizational.5-10.m hipaa-0713.10m2Organizational.5-10.m 0713.10m2Organizational.5-10.m 0713.10m2Organizational.5-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
dd2523d5-2db3-642b-a1cf-83ac973b32c2 Establish benchmarks for flaw remediation Regulatory Compliance hipaa 0713.10m2Organizational.5-10.m hipaa-0713.10m2Organizational.5-10.m 0713.10m2Organizational.5-10.m 0713.10m2Organizational.5-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
dad1887d-161b-7b61-2e4d-5124a7b5724e Measure the time between flaw identification and flaw remediation Regulatory Compliance hipaa 0713.10m2Organizational.5-10.m hipaa-0713.10m2Organizational.5-10.m 0713.10m2Organizational.5-10.m 0713.10m2Organizational.5-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff136354-1c92-76dc-2dab-80fb7c6a9f1a Observe and report security weaknesses Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bf883b14-9c19-0f37-8825-5e39a8b66d5b Perform threat modeling Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5b802722-71dd-a13d-2e7e-231e09589efb Implement privileged access for executing vulnerability scanning activities Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a30bd8e9-7064-312a-0e1f-e1b485d59f6e Review exploit protection events Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance hipaa 0716.10m3Organizational.1-10.m hipaa-0716.10m3Organizational.1-10.m 0716.10m3Organizational.1-10.m 0716.10m3Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance hipaa 0716.10m3Organizational.1-10.m hipaa-0716.10m3Organizational.1-10.m 0716.10m3Organizational.1-10.m 0716.10m3Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance hipaa 0716.10m3Organizational.1-10.m hipaa-0716.10m3Organizational.1-10.m 0716.10m3Organizational.1-10.m 0716.10m3Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance hipaa 0716.10m3Organizational.1-10.m hipaa-0716.10m3Organizational.1-10.m 0716.10m3Organizational.1-10.m 0716.10m3Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center hipaa 0716.10m3Organizational.1-10.m hipaa-0716.10m3Organizational.1-10.m 0716.10m3Organizational.1-10.m 0716.10m3Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff136354-1c92-76dc-2dab-80fb7c6a9f1a Observe and report security weaknesses Regulatory Compliance hipaa 0717.10m3Organizational.2-10.m hipaa-0717.10m3Organizational.2-10.m 0717.10m3Organizational.2-10.m 0717.10m3Organizational.2-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bf883b14-9c19-0f37-8825-5e39a8b66d5b Perform threat modeling Regulatory Compliance hipaa 0717.10m3Organizational.2-10.m hipaa-0717.10m3Organizational.2-10.m 0717.10m3Organizational.2-10.m 0717.10m3Organizational.2-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bf883b14-9c19-0f37-8825-5e39a8b66d5b Perform threat modeling Regulatory Compliance hipaa 0718.10m3Organizational.34-10.m hipaa-0718.10m3Organizational.34-10.m 0718.10m3Organizational.34-10.m 0718.10m3Organizational.34-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff136354-1c92-76dc-2dab-80fb7c6a9f1a Observe and report security weaknesses Regulatory Compliance hipaa 0718.10m3Organizational.34-10.m hipaa-0718.10m3Organizational.34-10.m 0718.10m3Organizational.34-10.m 0718.10m3Organizational.34-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a90c4d44-7fac-8e02-6d5b-0d92046b20e6 Automate flaw remediation Regulatory Compliance hipaa 0718.10m3Organizational.34-10.m hipaa-0718.10m3Organizational.34-10.m 0718.10m3Organizational.34-10.m 0718.10m3Organizational.34-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL hipaa 0719.10m3Organizational.5-10.m hipaa-0719.10m3Organizational.5-10.m 0719.10m3Organizational.5-10.m 0719.10m3Organizational.5-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bf883b14-9c19-0f37-8825-5e39a8b66d5b Perform threat modeling Regulatory Compliance hipaa 0719.10m3Organizational.5-10.m hipaa-0719.10m3Organizational.5-10.m 0719.10m3Organizational.5-10.m 0719.10m3Organizational.5-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff136354-1c92-76dc-2dab-80fb7c6a9f1a Observe and report security weaknesses Regulatory Compliance hipaa 0719.10m3Organizational.5-10.m hipaa-0719.10m3Organizational.5-10.m 0719.10m3Organizational.5-10.m 0719.10m3Organizational.5-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance hipaa 0720.07a1Organizational.4-07.a hipaa-0720.07a1Organizational.4-07.a 0720.07a1Organizational.4-07.a 0720.07a1Organizational.4-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance hipaa 0720.07a1Organizational.4-07.a hipaa-0720.07a1Organizational.4-07.a 0720.07a1Organizational.4-07.a 0720.07a1Organizational.4-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
08c11b48-8745-034d-1c1b-a144feec73b9 Restrict use of open source software Regulatory Compliance hipaa 0722.07a1Organizational.67-07.a hipaa-0722.07a1Organizational.67-07.a 0722.07a1Organizational.67-07.a 0722.07a1Organizational.67-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77cc89bb-774f-48d7-8a84-fb8c322c3000 Track software license usage Regulatory Compliance hipaa 0722.07a1Organizational.67-07.a hipaa-0722.07a1Organizational.67-07.a 0722.07a1Organizational.67-07.a 0722.07a1Organizational.67-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
725164e5-3b21-1ec2-7e42-14f077862841 Require compliance with intellectual property rights Regulatory Compliance hipaa 0722.07a1Organizational.67-07.a hipaa-0722.07a1Organizational.67-07.a 0722.07a1Organizational.67-07.a 0722.07a1Organizational.67-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance hipaa 0723.07a1Organizational.8-07.a hipaa-0723.07a1Organizational.8-07.a 0723.07a1Organizational.8-07.a 0723.07a1Organizational.8-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance hipaa 0724.07a3Organizational.4-07.a hipaa-0724.07a3Organizational.4-07.a 0724.07a3Organizational.4-07.a 0724.07a3Organizational.4-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance hipaa 0724.07a3Organizational.4-07.a hipaa-0724.07a3Organizational.4-07.a 0724.07a3Organizational.4-07.a 0724.07a3Organizational.4-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance hipaa 0724.07a3Organizational.4-07.a hipaa-0724.07a3Organizational.4-07.a 0724.07a3Organizational.4-07.a 0724.07a3Organizational.4-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance hipaa 0724.07a3Organizational.4-07.a hipaa-0724.07a3Organizational.4-07.a 0724.07a3Organizational.4-07.a 0724.07a3Organizational.4-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance hipaa 0724.07a3Organizational.4-07.a hipaa-0724.07a3Organizational.4-07.a 0724.07a3Organizational.4-07.a 0724.07a3Organizational.4-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices Regulatory Compliance hipaa 0724.07a3Organizational.4-07.a hipaa-0724.07a3Organizational.4-07.a 0724.07a3Organizational.4-07.a 0724.07a3Organizational.4-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance hipaa 0725.07a3Organizational.5-07.a hipaa-0725.07a3Organizational.5-07.a 0725.07a3Organizational.5-07.a 0725.07a3Organizational.5-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance hipaa 0725.07a3Organizational.5-07.a hipaa-0725.07a3Organizational.5-07.a 0725.07a3Organizational.5-07.a 0725.07a3Organizational.5-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance hipaa 0725.07a3Organizational.5-07.a hipaa-0725.07a3Organizational.5-07.a 0725.07a3Organizational.5-07.a 0725.07a3Organizational.5-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8b1f29eb-1b22-4217-5337-9207cb55231e Perform information input validation Regulatory Compliance hipaa 0733.10b2System.4-10.b hipaa-0733.10b2System.4-10.b 0733.10b2System.4-10.b 0733.10b2System.4-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance hipaa 0733.10b2System.4-10.b hipaa-0733.10b2System.4-10.b 0733.10b2System.4-10.b 0733.10b2System.4-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance hipaa 0786.10m2Organizational.13-10.m hipaa-0786.10m2Organizational.13-10.m 0786.10m2Organizational.13-10.m 0786.10m2Organizational.13-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance hipaa 0787.10m2Organizational.14-10.m hipaa-0787.10m2Organizational.14-10.m 0787.10m2Organizational.14-10.m 0787.10m2Organizational.14-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
dad1887d-161b-7b61-2e4d-5124a7b5724e Measure the time between flaw identification and flaw remediation Regulatory Compliance hipaa 0787.10m2Organizational.14-10.m hipaa-0787.10m2Organizational.14-10.m 0787.10m2Organizational.14-10.m 0787.10m2Organizational.14-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
dd2523d5-2db3-642b-a1cf-83ac973b32c2 Establish benchmarks for flaw remediation Regulatory Compliance hipaa 0787.10m2Organizational.14-10.m hipaa-0787.10m2Organizational.14-10.m 0787.10m2Organizational.14-10.m 0787.10m2Organizational.14-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a90c4d44-7fac-8e02-6d5b-0d92046b20e6 Automate flaw remediation Regulatory Compliance hipaa 0787.10m2Organizational.14-10.m hipaa-0787.10m2Organizational.14-10.m 0787.10m2Organizational.14-10.m 0787.10m2Organizational.14-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
611ebc63-8600-50b6-a0e3-fef272457132 Employ independent team for penetration testing Regulatory Compliance hipaa 0788.10m3Organizational.20-10.m hipaa-0788.10m3Organizational.20-10.m 0788.10m3Organizational.20-10.m 0788.10m3Organizational.20-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff136354-1c92-76dc-2dab-80fb7c6a9f1a Observe and report security weaknesses Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bf883b14-9c19-0f37-8825-5e39a8b66d5b Perform threat modeling Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a30bd8e9-7064-312a-0e1f-e1b485d59f6e Review exploit protection events Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance hipaa 0791.10b2Organizational.4-10.b hipaa-0791.10b2Organizational.4-10.b 0791.10b2Organizational.4-10.b 0791.10b2Organizational.4-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance hipaa 0791.10b2Organizational.4-10.b hipaa-0791.10b2Organizational.4-10.b 0791.10b2Organizational.4-10.b 0791.10b2Organizational.4-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance hipaa 0791.10b2Organizational.4-10.b hipaa-0791.10b2Organizational.4-10.b 0791.10b2Organizational.4-10.b 0791.10b2Organizational.4-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance hipaa 0791.10b2Organizational.4-10.b hipaa-0791.10b2Organizational.4-10.b 0791.10b2Organizational.4-10.b 0791.10b2Organizational.4-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance hipaa 0791.10b2Organizational.4-10.b hipaa-0791.10b2Organizational.4-10.b 0791.10b2Organizational.4-10.b 0791.10b2Organizational.4-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance hipaa 0791.10b2Organizational.4-10.b hipaa-0791.10b2Organizational.4-10.b 0791.10b2Organizational.4-10.b 0791.10b2Organizational.4-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance hipaa 0791.10b2Organizational.4-10.b hipaa-0791.10b2Organizational.4-10.b 0791.10b2Organizational.4-10.b 0791.10b2Organizational.4-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance hipaa 0791.10b2Organizational.4-10.b hipaa-0791.10b2Organizational.4-10.b 0791.10b2Organizational.4-10.b 0791.10b2Organizational.4-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network hipaa 0805.01m1Organizational.12-01.m hipaa-0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network hipaa 0805.01m1Organizational.12-01.m hipaa-0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance hipaa 0805.01m1Organizational.12-01.m hipaa-0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network hipaa 0805.01m1Organizational.12-01.m hipaa-0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network hipaa 0805.01m1Organizational.12-01.m hipaa-0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network hipaa 0805.01m1Organizational.12-01.m hipaa-0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network hipaa 0805.01m1Organizational.12-01.m hipaa-0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center hipaa 0805.01m1Organizational.12-01.m hipaa-0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network hipaa 0805.01m1Organizational.12-01.m hipaa-0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network hipaa 0805.01m1Organizational.12-01.m hipaa-0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center hipaa 0805.01m1Organizational.12-01.m hipaa-0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
35f9c03a-cc27-418e-9c0c-539ff999d010 Gateway subnets should not be configured with a network security group Network hipaa 0805.01m1Organizational.12-01.m hipaa-0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance hipaa 0806.01m2Organizational.12356-01.m hipaa-0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network hipaa 0806.01m2Organizational.12356-01.m hipaa-0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network hipaa 0806.01m2Organizational.12356-01.m hipaa-0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
35f9c03a-cc27-418e-9c0c-539ff999d010 Gateway subnets should not be configured with a network security group Network hipaa 0806.01m2Organizational.12356-01.m hipaa-0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network hipaa 0806.01m2Organizational.12356-01.m hipaa-0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
dd6d00a8-701a-5935-a22b-c7b9c0c698b2 Isolate SecurID systems, Security Incident Management systems Regulatory Compliance hipaa 0806.01m2Organizational.12356-01.m hipaa-0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center hipaa 0806.01m2Organizational.12356-01.m hipaa-0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network hipaa 0806.01m2Organizational.12356-01.m hipaa-0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center hipaa 0806.01m2Organizational.12356-01.m hipaa-0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network hipaa 0806.01m2Organizational.12356-01.m hipaa-0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network hipaa 0806.01m2Organizational.12356-01.m hipaa-0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network hipaa 0806.01m2Organizational.12356-01.m hipaa-0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network hipaa 0806.01m2Organizational.12356-01.m hipaa-0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance hipaa 0808.10b2System.3-10.b hipaa-0808.10b2System.3-10.b 0808.10b2System.3-10.b 0808.10b2System.3-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d91558ce-5a5c-551b-8fbb-83f793255e09 Route traffic through authenticated proxy network Regulatory Compliance hipaa 0808.10b2System.3-10.b hipaa-0808.10b2System.3-10.b 0808.10b2System.3-10.b 0808.10b2System.3-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance hipaa 08101.09m2Organizational.14-09.m hipaa-08101.09m2Organizational.14-09.m 08101.09m2Organizational.14-09.m 08101.09m2Organizational.14-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance hipaa 08101.09m2Organizational.14-09.m hipaa-08101.09m2Organizational.14-09.m 08101.09m2Organizational.14-09.m 08101.09m2Organizational.14-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance hipaa 08101.09m2Organizational.14-09.m hipaa-08101.09m2Organizational.14-09.m 08101.09m2Organizational.14-09.m 08101.09m2Organizational.14-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance hipaa 08101.09m2Organizational.14-09.m hipaa-08101.09m2Organizational.14-09.m 08101.09m2Organizational.14-09.m 08101.09m2Organizational.14-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance hipaa 08101.09m2Organizational.14-09.m hipaa-08101.09m2Organizational.14-09.m 08101.09m2Organizational.14-09.m 08101.09m2Organizational.14-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance hipaa 08101.09m2Organizational.14-09.m hipaa-08101.09m2Organizational.14-09.m 08101.09m2Organizational.14-09.m 08101.09m2Organizational.14-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance hipaa 08101.09m2Organizational.14-09.m hipaa-08101.09m2Organizational.14-09.m 08101.09m2Organizational.14-09.m 08101.09m2Organizational.14-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance hipaa 08101.09m2Organizational.14-09.m hipaa-08101.09m2Organizational.14-09.m 08101.09m2Organizational.14-09.m 08101.09m2Organizational.14-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance hipaa 08102.09nCSPOrganizational.1-09.n hipaa-08102.09nCSPOrganizational.1-09.n 08102.09nCSPOrganizational.1-09.n 08102.09nCSPOrganizational.1-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance hipaa 08102.09nCSPOrganizational.1-09.n hipaa-08102.09nCSPOrganizational.1-09.n 08102.09nCSPOrganizational.1-09.n 08102.09nCSPOrganizational.1-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
dbcef108-7a04-38f5-8609-99da110a2a57 Determine information protection needs Regulatory Compliance hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance hipaa 0812.01n2Organizational.8-01.n hipaa-0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service hipaa 0812.01n2Organizational.8-01.n hipaa-0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service hipaa 0812.01n2Organizational.8-01.n hipaa-0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL hipaa 0812.01n2Organizational.8-01.n hipaa-0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service hipaa 0812.01n2Organizational.8-01.n hipaa-0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network hipaa 0812.01n2Organizational.8-01.n hipaa-0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center hipaa 0812.01n2Organizational.8-01.n hipaa-0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center hipaa 0812.01n2Organizational.8-01.n hipaa-0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache hipaa 0812.01n2Organizational.8-01.n hipaa-0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage hipaa 0812.01n2Organizational.8-01.n hipaa-0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service hipaa 0812.01n2Organizational.8-01.n hipaa-0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL hipaa 0812.01n2Organizational.8-01.n hipaa-0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center hipaa 0814.01n1Organizational.12-01.n hipaa-0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service hipaa 0814.01n1Organizational.12-01.n hipaa-0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service hipaa 0814.01n1Organizational.12-01.n hipaa-0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage hipaa 0814.01n1Organizational.12-01.n hipaa-0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service hipaa 0814.01n1Organizational.12-01.n hipaa-0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL hipaa 0814.01n1Organizational.12-01.n hipaa-0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache hipaa 0814.01n1Organizational.12-01.n hipaa-0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service hipaa 0814.01n1Organizational.12-01.n hipaa-0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL hipaa 0814.01n1Organizational.12-01.n hipaa-0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center hipaa 0814.01n1Organizational.12-01.n hipaa-0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network hipaa 0814.01n1Organizational.12-01.n hipaa-0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance hipaa 0815.01o2Organizational.123-01.o hipaa-0815.01o2Organizational.123-01.o 0815.01o2Organizational.123-01.o 0815.01o2Organizational.123-01.o 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d91558ce-5a5c-551b-8fbb-83f793255e09 Route traffic through authenticated proxy network Regulatory Compliance hipaa 0815.01o2Organizational.123-01.o hipaa-0815.01o2Organizational.123-01.o 0815.01o2Organizational.123-01.o 0815.01o2Organizational.123-01.o 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance hipaa 0815.01o2Organizational.123-01.o hipaa-0815.01o2Organizational.123-01.o 0815.01o2Organizational.123-01.o 0815.01o2Organizational.123-01.o 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance hipaa 0815.01o2Organizational.123-01.o hipaa-0815.01o2Organizational.123-01.o 0815.01o2Organizational.123-01.o 0815.01o2Organizational.123-01.o 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance hipaa 0816.01w1System.1-01.w hipaa-0816.01w1System.1-01.w 0816.01w1System.1-01.w 0816.01w1System.1-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3f1216b0-30ee-1ac9-3899-63eb744e85f5 Obtain Admin documentation Regulatory Compliance hipaa 0816.01w1System.1-01.w hipaa-0816.01w1System.1-01.w 0816.01w1System.1-01.w 0816.01w1System.1-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84a01872-5318-049e-061e-d56734183e84 Distribute information system documentation Regulatory Compliance hipaa 0816.01w1System.1-01.w hipaa-0816.01w1System.1-01.w 0816.01w1System.1-01.w 0816.01w1System.1-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
09960521-759e-5d12-086f-4192a72a5e92 Protect administrator and user documentation Regulatory Compliance hipaa 0816.01w1System.1-01.w hipaa-0816.01w1System.1-01.w 0816.01w1System.1-01.w 0816.01w1System.1-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c44a0ea-9b09-4d9c-0e91-f9bee3d05bfb Document customer-defined actions Regulatory Compliance hipaa 0816.01w1System.1-01.w hipaa-0816.01w1System.1-01.w 0816.01w1System.1-01.w 0816.01w1System.1-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be1c34ab-295a-07a6-785c-36f63c1d223e Obtain user security function documentation Regulatory Compliance hipaa 0816.01w1System.1-01.w hipaa-0816.01w1System.1-01.w 0816.01w1System.1-01.w 0816.01w1System.1-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance hipaa 0817.01w2System.123-01.w hipaa-0817.01w2System.123-01.w 0817.01w2System.123-01.w 0817.01w2System.123-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance hipaa 0817.01w2System.123-01.w hipaa-0817.01w2System.123-01.w 0817.01w2System.123-01.w 0817.01w2System.123-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance hipaa 0817.01w2System.123-01.w hipaa-0817.01w2System.123-01.w 0817.01w2System.123-01.w 0817.01w2System.123-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance hipaa 0817.01w2System.123-01.w hipaa-0817.01w2System.123-01.w 0817.01w2System.123-01.w 0817.01w2System.123-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
83eea3d3-0d2c-9ccd-1021-2111b29b2a62 Ensure system capable of dynamic isolation of resources Regulatory Compliance hipaa 0817.01w2System.123-01.w hipaa-0817.01w2System.123-01.w 0817.01w2System.123-01.w 0817.01w2System.123-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance hipaa 0817.01w2System.123-01.w hipaa-0817.01w2System.123-01.w 0817.01w2System.123-01.w 0817.01w2System.123-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance hipaa 0817.01w2System.123-01.w hipaa-0817.01w2System.123-01.w 0817.01w2System.123-01.w 0817.01w2System.123-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance hipaa 0817.01w2System.123-01.w hipaa-0817.01w2System.123-01.w 0817.01w2System.123-01.w 0817.01w2System.123-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
dd6d00a8-701a-5935-a22b-c7b9c0c698b2 Isolate SecurID systems, Security Incident Management systems Regulatory Compliance hipaa 0817.01w2System.123-01.w hipaa-0817.01w2System.123-01.w 0817.01w2System.123-01.w 0817.01w2System.123-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance hipaa 0817.01w2System.123-01.w hipaa-0817.01w2System.123-01.w 0817.01w2System.123-01.w 0817.01w2System.123-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance hipaa 0817.01w2System.123-01.w hipaa-0817.01w2System.123-01.w 0817.01w2System.123-01.w 0817.01w2System.123-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bfc540fe-376c-2eef-4355-121312fa4437 Maintain separate execution domains for running processes Regulatory Compliance hipaa 0817.01w2System.123-01.w hipaa-0817.01w2System.123-01.w 0817.01w2System.123-01.w 0817.01w2System.123-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance hipaa 0817.01w2System.123-01.w hipaa-0817.01w2System.123-01.w 0817.01w2System.123-01.w 0817.01w2System.123-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
edcc36f1-511b-81e0-7125-abee29752fe7 Manage availability and capacity Regulatory Compliance hipaa 0818.01w3System.12-01.w hipaa-0818.01w3System.12-01.w 0818.01w3System.12-01.w 0818.01w3System.12-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bfc540fe-376c-2eef-4355-121312fa4437 Maintain separate execution domains for running processes Regulatory Compliance hipaa 0818.01w3System.12-01.w hipaa-0818.01w3System.12-01.w 0818.01w3System.12-01.w 0818.01w3System.12-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership Regulatory Compliance hipaa 0818.01w3System.12-01.w hipaa-0818.01w3System.12-01.w 0818.01w3System.12-01.w 0818.01w3System.12-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources Regulatory Compliance hipaa 0818.01w3System.12-01.w hipaa-0818.01w3System.12-01.w 0818.01w3System.12-01.w 0818.01w3System.12-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance hipaa 0819.09m1Organizational.23-09.m hipaa-0819.09m1Organizational.23-09.m 0819.09m1Organizational.23-09.m 0819.09m1Organizational.23-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance hipaa 0819.09m1Organizational.23-09.m hipaa-0819.09m1Organizational.23-09.m 0819.09m1Organizational.23-09.m 0819.09m1Organizational.23-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
836f8406-3b8a-11bb-12cb-6c7fa0765668 Develop configuration item identification plan Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
874a6f2e-2098-53bc-3a16-20dcdc425a7e Create configuration plan protection Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c246d146-82b0-301f-32e7-1065dcd248b7 Review changes for any unauthorized changes Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance hipaa 0822.09m2Organizational.4-09.m hipaa-0822.09m2Organizational.4-09.m 0822.09m2Organizational.4-09.m 0822.09m2Organizational.4-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance hipaa 0822.09m2Organizational.4-09.m hipaa-0822.09m2Organizational.4-09.m 0822.09m2Organizational.4-09.m 0822.09m2Organizational.4-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance hipaa 0822.09m2Organizational.4-09.m hipaa-0822.09m2Organizational.4-09.m 0822.09m2Organizational.4-09.m 0822.09m2Organizational.4-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance hipaa 0822.09m2Organizational.4-09.m hipaa-0822.09m2Organizational.4-09.m 0822.09m2Organizational.4-09.m 0822.09m2Organizational.4-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance hipaa 0822.09m2Organizational.4-09.m hipaa-0822.09m2Organizational.4-09.m 0822.09m2Organizational.4-09.m 0822.09m2Organizational.4-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d91558ce-5a5c-551b-8fbb-83f793255e09 Route traffic through authenticated proxy network Regulatory Compliance hipaa 0822.09m2Organizational.4-09.m hipaa-0822.09m2Organizational.4-09.m 0822.09m2Organizational.4-09.m 0822.09m2Organizational.4-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance hipaa 0822.09m2Organizational.4-09.m hipaa-0822.09m2Organizational.4-09.m 0822.09m2Organizational.4-09.m 0822.09m2Organizational.4-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance hipaa 0824.09m3Organizational.1-09.m hipaa-0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance hipaa 0824.09m3Organizational.1-09.m hipaa-0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance hipaa 0824.09m3Organizational.1-09.m hipaa-0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance hipaa 0824.09m3Organizational.1-09.m hipaa-0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance hipaa 0824.09m3Organizational.1-09.m hipaa-0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance hipaa 0824.09m3Organizational.1-09.m hipaa-0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance hipaa 0824.09m3Organizational.1-09.m hipaa-0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance hipaa 0824.09m3Organizational.1-09.m hipaa-0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance hipaa 0824.09m3Organizational.1-09.m hipaa-0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance hipaa 0824.09m3Organizational.1-09.m hipaa-0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance hipaa 0825.09m3Organizational.23-09.m hipaa-0825.09m3Organizational.23-09.m 0825.09m3Organizational.23-09.m 0825.09m3Organizational.23-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls Regulatory Compliance hipaa 0825.09m3Organizational.23-09.m hipaa-0825.09m3Organizational.23-09.m 0825.09m3Organizational.23-09.m 0825.09m3Organizational.23-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance hipaa 0825.09m3Organizational.23-09.m hipaa-0825.09m3Organizational.23-09.m 0825.09m3Organizational.23-09.m 0825.09m3Organizational.23-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7fc1f0da-0050-19bb-3d75-81ae15940df6 Provide monitoring information as needed Regulatory Compliance hipaa 0825.09m3Organizational.23-09.m hipaa-0825.09m3Organizational.23-09.m 0825.09m3Organizational.23-09.m 0825.09m3Organizational.23-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d9af7f88-686a-5a8b-704b-eafdab278977 Obtain legal opinion for monitoring system activities Regulatory Compliance hipaa 0825.09m3Organizational.23-09.m hipaa-0825.09m3Organizational.23-09.m 0825.09m3Organizational.23-09.m 0825.09m3Organizational.23-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance hipaa 0825.09m3Organizational.23-09.m hipaa-0825.09m3Organizational.23-09.m 0825.09m3Organizational.23-09.m 0825.09m3Organizational.23-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance hipaa 0825.09m3Organizational.23-09.m hipaa-0825.09m3Organizational.23-09.m 0825.09m3Organizational.23-09.m 0825.09m3Organizational.23-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance hipaa 0826.09m3Organizational.45-09.m hipaa-0826.09m3Organizational.45-09.m 0826.09m3Organizational.45-09.m 0826.09m3Organizational.45-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance hipaa 0826.09m3Organizational.45-09.m hipaa-0826.09m3Organizational.45-09.m 0826.09m3Organizational.45-09.m 0826.09m3Organizational.45-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance hipaa 0826.09m3Organizational.45-09.m hipaa-0826.09m3Organizational.45-09.m 0826.09m3Organizational.45-09.m 0826.09m3Organizational.45-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c246d146-82b0-301f-32e7-1065dcd248b7 Review changes for any unauthorized changes Regulatory Compliance hipaa 0828.09m3Organizational.8-09.m hipaa-0828.09m3Organizational.8-09.m 0828.09m3Organizational.8-09.m 0828.09m3Organizational.8-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance hipaa 0829.09m3Organizational.911-09.m hipaa-0829.09m3Organizational.911-09.m 0829.09m3Organizational.911-09.m 0829.09m3Organizational.911-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance hipaa 0829.09m3Organizational.911-09.m hipaa-0829.09m3Organizational.911-09.m 0829.09m3Organizational.911-09.m 0829.09m3Organizational.911-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance hipaa 0830.09m3Organizational.1012-09.m hipaa-0830.09m3Organizational.1012-09.m 0830.09m3Organizational.1012-09.m 0830.09m3Organizational.1012-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance hipaa 0830.09m3Organizational.1012-09.m hipaa-0830.09m3Organizational.1012-09.m 0830.09m3Organizational.1012-09.m 0830.09m3Organizational.1012-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance hipaa 0830.09m3Organizational.1012-09.m hipaa-0830.09m3Organizational.1012-09.m 0830.09m3Organizational.1012-09.m 0830.09m3Organizational.1012-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance hipaa 0830.09m3Organizational.1012-09.m hipaa-0830.09m3Organizational.1012-09.m 0830.09m3Organizational.1012-09.m 0830.09m3Organizational.1012-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance hipaa 0830.09m3Organizational.1012-09.m hipaa-0830.09m3Organizational.1012-09.m 0830.09m3Organizational.1012-09.m 0830.09m3Organizational.1012-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance hipaa 0830.09m3Organizational.1012-09.m hipaa-0830.09m3Organizational.1012-09.m 0830.09m3Organizational.1012-09.m 0830.09m3Organizational.1012-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance hipaa 0830.09m3Organizational.1012-09.m hipaa-0830.09m3Organizational.1012-09.m 0830.09m3Organizational.1012-09.m 0830.09m3Organizational.1012-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance hipaa 0830.09m3Organizational.1012-09.m hipaa-0830.09m3Organizational.1012-09.m 0830.09m3Organizational.1012-09.m 0830.09m3Organizational.1012-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance hipaa 0832.09m3Organizational.14-09.m hipaa-0832.09m3Organizational.14-09.m 0832.09m3Organizational.14-09.m 0832.09m3Organizational.14-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance hipaa 0832.09m3Organizational.14-09.m hipaa-0832.09m3Organizational.14-09.m 0832.09m3Organizational.14-09.m 0832.09m3Organizational.14-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance hipaa 0832.09m3Organizational.14-09.m hipaa-0832.09m3Organizational.14-09.m 0832.09m3Organizational.14-09.m 0832.09m3Organizational.14-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring hipaa 0835.09n1Organizational.1-09.n hipaa-0835.09n1Organizational.1-09.n 0835.09n1Organizational.1-09.n 0835.09n1Organizational.1-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance hipaa 0835.09n1Organizational.1-09.n hipaa-0835.09n1Organizational.1-09.n 0835.09n1Organizational.1-09.n 0835.09n1Organizational.1-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute hipaa 0835.09n1Organizational.1-09.n hipaa-0835.09n1Organizational.1-09.n 0835.09n1Organizational.1-09.n 0835.09n1Organizational.1-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance hipaa 0835.09n1Organizational.1-09.n hipaa-0835.09n1Organizational.1-09.n 0835.09n1Organizational.1-09.n 0835.09n1Organizational.1-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance hipaa 0835.09n1Organizational.1-09.n hipaa-0835.09n1Organizational.1-09.n 0835.09n1Organizational.1-09.n 0835.09n1Organizational.1-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance hipaa 0835.09n1Organizational.1-09.n hipaa-0835.09n1Organizational.1-09.n 0835.09n1Organizational.1-09.n 0835.09n1Organizational.1-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance hipaa 0835.09n1Organizational.1-09.n hipaa-0835.09n1Organizational.1-09.n 0835.09n1Organizational.1-09.n 0835.09n1Organizational.1-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance hipaa 0836.09.n2Organizational.1-09.n hipaa-0836.09.n2Organizational.1-09.n 0836.09.n2Organizational.1-09.n 0836.09.n2Organizational.1-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance hipaa 0836.09.n2Organizational.1-09.n hipaa-0836.09.n2Organizational.1-09.n 0836.09.n2Organizational.1-09.n 0836.09.n2Organizational.1-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance hipaa 0836.09.n2Organizational.1-09.n hipaa-0836.09.n2Organizational.1-09.n 0836.09.n2Organizational.1-09.n 0836.09.n2Organizational.1-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring hipaa 0836.09.n2Organizational.1-09.n hipaa-0836.09.n2Organizational.1-09.n 0836.09.n2Organizational.1-09.n 0836.09.n2Organizational.1-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3eabed6d-1912-2d3c-858b-f438d08d0412 Ensure external providers consistently meet interests of the customers Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d91558ce-5a5c-551b-8fbb-83f793255e09 Route traffic through authenticated proxy network Regulatory Compliance hipaa 0850.01o1Organizational.12-01.o hipaa-0850.01o1Organizational.12-01.o 0850.01o1Organizational.12-01.o 0850.01o1Organizational.12-01.o 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance hipaa 0858.09m1Organizational.4-09.m hipaa-0858.09m1Organizational.4-09.m 0858.09m1Organizational.4-09.m 0858.09m1Organizational.4-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center hipaa 0858.09m1Organizational.4-09.m hipaa-0858.09m1Organizational.4-09.m 0858.09m1Organizational.4-09.m 0858.09m1Organizational.4-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center hipaa 0858.09m1Organizational.4-09.m hipaa-0858.09m1Organizational.4-09.m 0858.09m1Organizational.4-09.m 0858.09m1Organizational.4-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration hipaa 0858.09m1Organizational.4-09.m hipaa-0858.09m1Organizational.4-09.m 0858.09m1Organizational.4-09.m 0858.09m1Organizational.4-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls Regulatory Compliance hipaa 0858.09m1Organizational.4-09.m hipaa-0858.09m1Organizational.4-09.m 0858.09m1Organizational.4-09.m 0858.09m1Organizational.4-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance hipaa 0858.09m1Organizational.4-09.m hipaa-0858.09m1Organizational.4-09.m 0858.09m1Organizational.4-09.m 0858.09m1Organizational.4-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance hipaa 0858.09m1Organizational.4-09.m hipaa-0858.09m1Organizational.4-09.m 0858.09m1Organizational.4-09.m 0858.09m1Organizational.4-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance hipaa 0859.09m1Organizational.78-09.m hipaa-0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance hipaa 0859.09m1Organizational.78-09.m hipaa-0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance hipaa 0859.09m1Organizational.78-09.m hipaa-0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance hipaa 0859.09m1Organizational.78-09.m hipaa-0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance hipaa 0859.09m1Organizational.78-09.m hipaa-0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance hipaa 0859.09m1Organizational.78-09.m hipaa-0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance hipaa 0859.09m1Organizational.78-09.m hipaa-0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance hipaa 0859.09m1Organizational.78-09.m hipaa-0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance hipaa 0859.09m1Organizational.78-09.m hipaa-0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance hipaa 0859.09m1Organizational.78-09.m hipaa-0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance hipaa 0859.09m1Organizational.78-09.m hipaa-0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance hipaa 0859.09m1Organizational.78-09.m hipaa-0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance hipaa 0859.09m1Organizational.78-09.m hipaa-0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c9c29499-c1d1-4195-99bd-2ec9e3a9dc89 Deploy Diagnostic Settings for Network Security Groups Monitoring hipaa 0860.09m1Organizational.9-09.m hipaa-0860.09m1Organizational.9-09.m 0860.09m1Organizational.9-09.m 0860.09m1Organizational.9-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance hipaa 0860.09m1Organizational.9-09.m hipaa-0860.09m1Organizational.9-09.m 0860.09m1Organizational.9-09.m 0860.09m1Organizational.9-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance hipaa 0860.09m1Organizational.9-09.m hipaa-0860.09m1Organizational.9-09.m 0860.09m1Organizational.9-09.m 0860.09m1Organizational.9-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance hipaa 0860.09m1Organizational.9-09.m hipaa-0860.09m1Organizational.9-09.m 0860.09m1Organizational.9-09.m 0860.09m1Organizational.9-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance hipaa 0860.09m1Organizational.9-09.m hipaa-0860.09m1Organizational.9-09.m 0860.09m1Organizational.9-09.m 0860.09m1Organizational.9-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance hipaa 0861.09m2Organizational.67-09.m hipaa-0861.09m2Organizational.67-09.m 0861.09m2Organizational.67-09.m 0861.09m2Organizational.67-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls Regulatory Compliance hipaa 0861.09m2Organizational.67-09.m hipaa-0861.09m2Organizational.67-09.m 0861.09m2Organizational.67-09.m 0861.09m2Organizational.67-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance hipaa 0861.09m2Organizational.67-09.m hipaa-0861.09m2Organizational.67-09.m 0861.09m2Organizational.67-09.m 0861.09m2Organizational.67-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance hipaa 0861.09m2Organizational.67-09.m hipaa-0861.09m2Organizational.67-09.m 0861.09m2Organizational.67-09.m 0861.09m2Organizational.67-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network hipaa 0861.09m2Organizational.67-09.m hipaa-0861.09m2Organizational.67-09.m 0861.09m2Organizational.67-09.m 0861.09m2Organizational.67-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration hipaa 0861.09m2Organizational.67-09.m hipaa-0861.09m2Organizational.67-09.m 0861.09m2Organizational.67-09.m 0861.09m2Organizational.67-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance hipaa 0861.09m2Organizational.67-09.m hipaa-0861.09m2Organizational.67-09.m 0861.09m2Organizational.67-09.m 0861.09m2Organizational.67-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance hipaa 0862.09m2Organizational.8-09.m hipaa-0862.09m2Organizational.8-09.m 0862.09m2Organizational.8-09.m 0862.09m2Organizational.8-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network hipaa 0862.09m2Organizational.8-09.m hipaa-0862.09m2Organizational.8-09.m 0862.09m2Organizational.8-09.m 0862.09m2Organizational.8-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance hipaa 0862.09m2Organizational.8-09.m hipaa-0862.09m2Organizational.8-09.m 0862.09m2Organizational.8-09.m 0862.09m2Organizational.8-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance hipaa 0862.09m2Organizational.8-09.m hipaa-0862.09m2Organizational.8-09.m 0862.09m2Organizational.8-09.m 0862.09m2Organizational.8-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ced291b8-1d3d-7e27-40cf-829e9dd523c8 Review and update the information security architecture Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
836f8406-3b8a-11bb-12cb-6c7fa0765668 Develop configuration item identification plan Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e7422f08-65b4-50e4-3779-d793156e0079 Develop a concept of operations (CONOPS) Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network hipaa 0864.09m2Organizational.12-09.m hipaa-0864.09m2Organizational.12-09.m 0864.09m2Organizational.12-09.m 0864.09m2Organizational.12-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance hipaa 0864.09m2Organizational.12-09.m hipaa-0864.09m2Organizational.12-09.m 0864.09m2Organizational.12-09.m 0864.09m2Organizational.12-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance hipaa 0864.09m2Organizational.12-09.m hipaa-0864.09m2Organizational.12-09.m 0864.09m2Organizational.12-09.m 0864.09m2Organizational.12-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
68a39c2b-0f17-69ee-37a3-aa10f9853a08 Establish voip usage restrictions Regulatory Compliance hipaa 0864.09m2Organizational.12-09.m hipaa-0864.09m2Organizational.12-09.m 0864.09m2Organizational.12-09.m 0864.09m2Organizational.12-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance hipaa 0865.09m2Organizational.13-09.m hipaa-0865.09m2Organizational.13-09.m 0865.09m2Organizational.13-09.m 0865.09m2Organizational.13-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
80029bc5-834f-3a9c-a2d8-acbc1aab4e9f Employ restrictions on external system interconnections Regulatory Compliance hipaa 0865.09m2Organizational.13-09.m hipaa-0865.09m2Organizational.13-09.m 0865.09m2Organizational.13-09.m 0865.09m2Organizational.13-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network hipaa 0865.09m2Organizational.13-09.m hipaa-0865.09m2Organizational.13-09.m 0865.09m2Organizational.13-09.m 0865.09m2Organizational.13-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance hipaa 0865.09m2Organizational.13-09.m hipaa-0865.09m2Organizational.13-09.m 0865.09m2Organizational.13-09.m 0865.09m2Organizational.13-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance hipaa 0865.09m2Organizational.13-09.m hipaa-0865.09m2Organizational.13-09.m 0865.09m2Organizational.13-09.m 0865.09m2Organizational.13-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance hipaa 0866.09m3Organizational.1516-09.m hipaa-0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage hipaa 0866.09m3Organizational.1516-09.m hipaa-0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance hipaa 0866.09m3Organizational.1516-09.m hipaa-0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance hipaa 0866.09m3Organizational.1516-09.m hipaa-0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance hipaa 0866.09m3Organizational.1516-09.m hipaa-0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance hipaa 0866.09m3Organizational.1516-09.m hipaa-0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance hipaa 0866.09m3Organizational.1516-09.m hipaa-0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance hipaa 0866.09m3Organizational.1516-09.m hipaa-0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance hipaa 0866.09m3Organizational.1516-09.m hipaa-0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance hipaa 0866.09m3Organizational.1516-09.m hipaa-0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance hipaa 0866.09m3Organizational.1516-09.m hipaa-0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network hipaa 0867.09m3Organizational.17-09.m hipaa-0867.09m3Organizational.17-09.m 0867.09m3Organizational.17 - 09.m Wireless access points are placed in secure areas and shut down when not in use (e.g. nights, weekends). HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance hipaa 0868.09m3Organizational.18-09.m hipaa-0868.09m3Organizational.18-09.m 0868.09m3Organizational.18-09.m 0868.09m3Organizational.18-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance hipaa 0868.09m3Organizational.18-09.m hipaa-0868.09m3Organizational.18-09.m 0868.09m3Organizational.18-09.m 0868.09m3Organizational.18-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance hipaa 0868.09m3Organizational.18-09.m hipaa-0868.09m3Organizational.18-09.m 0868.09m3Organizational.18-09.m 0868.09m3Organizational.18-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance hipaa 0868.09m3Organizational.18-09.m hipaa-0868.09m3Organizational.18-09.m 0868.09m3Organizational.18-09.m 0868.09m3Organizational.18-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network hipaa 0868.09m3Organizational.18-09.m hipaa-0868.09m3Organizational.18-09.m 0868.09m3Organizational.18-09.m 0868.09m3Organizational.18-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance hipaa 0869.09m3Organizational.19-09.m hipaa-0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance hipaa 0869.09m3Organizational.19-09.m hipaa-0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance hipaa 0869.09m3Organizational.19-09.m hipaa-0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance hipaa 0869.09m3Organizational.19-09.m hipaa-0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance hipaa 0869.09m3Organizational.19-09.m hipaa-0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance hipaa 0869.09m3Organizational.19-09.m hipaa-0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
836f8406-3b8a-11bb-12cb-6c7fa0765668 Develop configuration item identification plan Regulatory Compliance hipaa 0869.09m3Organizational.19-09.m hipaa-0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
874a6f2e-2098-53bc-3a16-20dcdc425a7e Create configuration plan protection Regulatory Compliance hipaa 0869.09m3Organizational.19-09.m hipaa-0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network hipaa 0869.09m3Organizational.19-09.m hipaa-0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Employ automatic shutdown/restart when violations are detected Regulatory Compliance hipaa 0869.09m3Organizational.19-09.m hipaa-0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance hipaa 0869.09m3Organizational.19-09.m hipaa-0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance hipaa 0870.09m3Organizational.20-09.m hipaa-0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d91558ce-5a5c-551b-8fbb-83f793255e09 Route traffic through authenticated proxy network Regulatory Compliance hipaa 0870.09m3Organizational.20-09.m hipaa-0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance hipaa 0870.09m3Organizational.20-09.m hipaa-0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance hipaa 0870.09m3Organizational.20-09.m hipaa-0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance hipaa 0870.09m3Organizational.20-09.m hipaa-0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network hipaa 0870.09m3Organizational.20-09.m hipaa-0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance hipaa 0870.09m3Organizational.20-09.m hipaa-0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance hipaa 0870.09m3Organizational.20-09.m hipaa-0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance hipaa 0871.09m3Organizational.22-09.m hipaa-0871.09m3Organizational.22-09.m 0871.09m3Organizational.22-09.m 0871.09m3Organizational.22-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance hipaa 0871.09m3Organizational.22-09.m hipaa-0871.09m3Organizational.22-09.m 0871.09m3Organizational.22-09.m 0871.09m3Organizational.22-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance hipaa 0871.09m3Organizational.22-09.m hipaa-0871.09m3Organizational.22-09.m 0871.09m3Organizational.22-09.m 0871.09m3Organizational.22-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network hipaa 0871.09m3Organizational.22-09.m hipaa-0871.09m3Organizational.22-09.m 0871.09m3Organizational.22-09.m 0871.09m3Organizational.22-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance hipaa 0885.09n2Organizational.3-09.n hipaa-0885.09n2Organizational.3-09.n 0885.09n2Organizational.3-09.n 0885.09n2Organizational.3-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance hipaa 0885.09n2Organizational.3-09.n hipaa-0885.09n2Organizational.3-09.n 0885.09n2Organizational.3-09.n 0885.09n2Organizational.3-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring hipaa 0885.09n2Organizational.3-09.n hipaa-0885.09n2Organizational.3-09.n 0885.09n2Organizational.3-09.n 0885.09n2Organizational.3-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network hipaa 0886.09n2Organizational.4-09.n hipaa-0886.09n2Organizational.4-09.n 0886.09n2Organizational.4-09.n 0886.09n2Organizational.4-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
80029bc5-834f-3a9c-a2d8-acbc1aab4e9f Employ restrictions on external system interconnections Regulatory Compliance hipaa 0886.09n2Organizational.4-09.n hipaa-0886.09n2Organizational.4-09.n 0886.09n2Organizational.4-09.n 0886.09n2Organizational.4-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f6da5cca-5795-60ff-49e1-4972567815fe Require developer to identify SDLC ports, protocols, and services Regulatory Compliance hipaa 0887.09n2Organizational.5-09.n hipaa-0887.09n2Organizational.5-09.n 0887.09n2Organizational.5-09.n 0887.09n2Organizational.5-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring hipaa 0887.09n2Organizational.5-09.n hipaa-0887.09n2Organizational.5-09.n 0887.09n2Organizational.5-09.n 0887.09n2Organizational.5-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance hipaa 0887.09n2Organizational.5-09.n hipaa-0887.09n2Organizational.5-09.n 0887.09n2Organizational.5-09.n 0887.09n2Organizational.5-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3eabed6d-1912-2d3c-858b-f438d08d0412 Ensure external providers consistently meet interests of the customers Regulatory Compliance hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d91558ce-5a5c-551b-8fbb-83f793255e09 Route traffic through authenticated proxy network Regulatory Compliance hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
35f9c03a-cc27-418e-9c0c-539ff999d010 Gateway subnets should not be configured with a network security group Network hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c79c3e5-5f7b-a48a-5c7b-8c158bc01115 Ensure security categorization is approved Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8b1f29eb-1b22-4217-5337-9207cb55231e Perform information input validation Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
93fa357f-2e38-22a9-5138-8cc5124e1923 Categorize information Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
11ba0508-58a8-44de-5f3a-9e05d80571da Develop business classification schemes Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service hipaa 0902.09s2Organizational.13-09.s hipaa-0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4edaca8c-0912-1ac5-9eaa-6a1057740fae Provide capability to disconnect or disable remote access Regulatory Compliance hipaa 0902.09s2Organizational.13-09.s hipaa-0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance hipaa 0902.09s2Organizational.13-09.s hipaa-0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01c387ea-383d-4ca9-295a-977fab516b03 Authorize remote access to privileged commands Regulatory Compliance hipaa 0902.09s2Organizational.13-09.s hipaa-0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance hipaa 0902.09s2Organizational.13-09.s hipaa-0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance hipaa 0902.09s2Organizational.13-09.s hipaa-0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance hipaa 0902.09s2Organizational.13-09.s hipaa-0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance hipaa 0902.09s2Organizational.13-09.s hipaa-0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance hipaa 0902.09s2Organizational.13-09.s hipaa-0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance hipaa 0902.09s2Organizational.13-09.s hipaa-0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance hipaa 0902.09s2Organizational.13-09.s hipaa-0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance hipaa 0902.09s2Organizational.13-09.s hipaa-0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance hipaa 0902.09s2Organizational.13-09.s hipaa-0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance hipaa 0902.09s2Organizational.13-09.s hipaa-0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance hipaa 0903.10f1Organizational.1-10.f hipaa-0903.10f1Organizational.1-10.f 0903.10f1Organizational.1-10.f 0903.10f1Organizational.1-10.f 10.03 Cryptographic Controls HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance hipaa 0903.10f1Organizational.1-10.f hipaa-0903.10f1Organizational.1-10.f 0903.10f1Organizational.1-10.f 0903.10f1Organizational.1-10.f 10.03 Cryptographic Controls HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance hipaa 0903.10f1Organizational.1-10.f hipaa-0903.10f1Organizational.1-10.f 0903.10f1Organizational.1-10.f 0903.10f1Organizational.1-10.f 10.03 Cryptographic Controls HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance hipaa 0904.10f2Organizational.1-10.f hipaa-0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 10.03 Cryptographic Controls HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance hipaa 0904.10f2Organizational.1-10.f hipaa-0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 10.03 Cryptographic Controls HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance hipaa 0904.10f2Organizational.1-10.f hipaa-0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 10.03 Cryptographic Controls HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance hipaa 0904.10f2Organizational.1-10.f hipaa-0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 10.03 Cryptographic Controls HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance hipaa 0904.10f2Organizational.1-10.f hipaa-0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 10.03 Cryptographic Controls HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance hipaa 0904.10f2Organizational.1-10.f hipaa-0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 10.03 Cryptographic Controls HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
16c54e01-9e65-7524-7c33-beda48a75779 Produce, control and distribute symmetric cryptographic keys Regulatory Compliance hipaa 0904.10f2Organizational.1-10.f hipaa-0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 10.03 Cryptographic Controls HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance hipaa 0904.10f2Organizational.1-10.f hipaa-0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 10.03 Cryptographic Controls HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance hipaa 0904.10f2Organizational.1-10.f hipaa-0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 10.03 Cryptographic Controls HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance hipaa 0904.10f2Organizational.1-10.f hipaa-0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 10.03 Cryptographic Controls HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance hipaa 0912.09s1Organizational.4-09.s hipaa-0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance hipaa 0912.09s1Organizational.4-09.s hipaa-0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance hipaa 0912.09s1Organizational.4-09.s hipaa-0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service hipaa 0912.09s1Organizational.4-09.s hipaa-0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance hipaa 0912.09s1Organizational.4-09.s hipaa-0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance hipaa 0912.09s1Organizational.4-09.s hipaa-0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance hipaa 0912.09s1Organizational.4-09.s hipaa-0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance hipaa 0912.09s1Organizational.4-09.s hipaa-0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance hipaa 0912.09s1Organizational.4-09.s hipaa-0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance hipaa 0913.09s1Organizational.5-09.s hipaa-0913.09s1Organizational.5-09.s 0913.09s1Organizational.5-09.s 0913.09s1Organizational.5-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance hipaa 0913.09s1Organizational.5-09.s hipaa-0913.09s1Organizational.5-09.s 0913.09s1Organizational.5-09.s 0913.09s1Organizational.5-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance hipaa 0913.09s1Organizational.5-09.s hipaa-0913.09s1Organizational.5-09.s 0913.09s1Organizational.5-09.s 0913.09s1Organizational.5-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service hipaa 0913.09s1Organizational.5-09.s hipaa-0913.09s1Organizational.5-09.s 0913.09s1Organizational.5-09.s 0913.09s1Organizational.5-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance hipaa 0913.09s1Organizational.5-09.s hipaa-0913.09s1Organizational.5-09.s 0913.09s1Organizational.5-09.s 0913.09s1Organizational.5-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance hipaa 0914.09s1Organizational.6-09.s hipaa-0914.09s1Organizational.6-09.s 0914.09s1Organizational.6-09.s 0914.09s1Organizational.6-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance hipaa 0914.09s1Organizational.6-09.s hipaa-0914.09s1Organizational.6-09.s 0914.09s1Organizational.6-09.s 0914.09s1Organizational.6-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance hipaa 0914.09s1Organizational.6-09.s hipaa-0914.09s1Organizational.6-09.s 0914.09s1Organizational.6-09.s 0914.09s1Organizational.6-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b65c5d8e-9043-9612-2c17-65f231d763bb Employ independent assessors to conduct security control assessments Regulatory Compliance hipaa 0914.09s1Organizational.6-09.s hipaa-0914.09s1Organizational.6-09.s 0914.09s1Organizational.6-09.s 0914.09s1Organizational.6-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance hipaa 0914.09s1Organizational.6-09.s hipaa-0914.09s1Organizational.6-09.s 0914.09s1Organizational.6-09.s 0914.09s1Organizational.6-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance hipaa 0914.09s1Organizational.6-09.s hipaa-0914.09s1Organizational.6-09.s 0914.09s1Organizational.6-09.s 0914.09s1Organizational.6-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance hipaa 0915.09s2Organizational.2-09.s hipaa-0915.09s2Organizational.2-09.s 0915.09s2Organizational.2-09.s 0915.09s2Organizational.2-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance hipaa 0915.09s2Organizational.2-09.s hipaa-0915.09s2Organizational.2-09.s 0915.09s2Organizational.2-09.s 0915.09s2Organizational.2-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance hipaa 0915.09s2Organizational.2-09.s hipaa-0915.09s2Organizational.2-09.s 0915.09s2Organizational.2-09.s 0915.09s2Organizational.2-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service hipaa 0915.09s2Organizational.2-09.s hipaa-0915.09s2Organizational.2-09.s 0915.09s2Organizational.2-09.s 0915.09s2Organizational.2-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance hipaa 0916.09s2Organizational.4-09.s hipaa-0916.09s2Organizational.4-09.s 0916.09s2Organizational.4-09.s 0916.09s2Organizational.4-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance hipaa 0916.09s2Organizational.4-09.s hipaa-0916.09s2Organizational.4-09.s 0916.09s2Organizational.4-09.s 0916.09s2Organizational.4-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance hipaa 0916.09s2Organizational.4-09.s hipaa-0916.09s2Organizational.4-09.s 0916.09s2Organizational.4-09.s 0916.09s2Organizational.4-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service hipaa 0916.09s2Organizational.4-09.s hipaa-0916.09s2Organizational.4-09.s 0916.09s2Organizational.4-09.s 0916.09s2Organizational.4-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance hipaa 0916.09s2Organizational.4-09.s hipaa-0916.09s2Organizational.4-09.s 0916.09s2Organizational.4-09.s 0916.09s2Organizational.4-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
678ca228-042d-6d8e-a598-c58d5670437d Prohibit remote activation of collaborative computing devices Regulatory Compliance hipaa 0916.09s2Organizational.4-09.s hipaa-0916.09s2Organizational.4-09.s 0916.09s2Organizational.4-09.s 0916.09s2Organizational.4-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
62fa14f0-4cbe-762d-5469-0899a99b98aa Explicitly notify use of collaborative computing devices Regulatory Compliance hipaa 0916.09s2Organizational.4-09.s hipaa-0916.09s2Organizational.4-09.s 0916.09s2Organizational.4-09.s 0916.09s2Organizational.4-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance hipaa 0926.09v1Organizational.2-09.v hipaa-0926.09v1Organizational.2-09.v 0926.09v1Organizational.2-09.v 0926.09v1Organizational.2-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance hipaa 0926.09v1Organizational.2-09.v hipaa-0926.09v1Organizational.2-09.v 0926.09v1Organizational.2-09.v 0926.09v1Organizational.2-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance hipaa 0926.09v1Organizational.2-09.v hipaa-0926.09v1Organizational.2-09.v 0926.09v1Organizational.2-09.v 0926.09v1Organizational.2-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance hipaa 0926.09v1Organizational.2-09.v hipaa-0926.09v1Organizational.2-09.v 0926.09v1Organizational.2-09.v 0926.09v1Organizational.2-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance hipaa 0926.09v1Organizational.2-09.v hipaa-0926.09v1Organizational.2-09.v 0926.09v1Organizational.2-09.v 0926.09v1Organizational.2-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance hipaa 0927.09v1Organizational.3-09.v hipaa-0927.09v1Organizational.3-09.v 0927.09v1Organizational.3-09.v 0927.09v1Organizational.3-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance hipaa 0927.09v1Organizational.3-09.v hipaa-0927.09v1Organizational.3-09.v 0927.09v1Organizational.3-09.v 0927.09v1Organizational.3-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance hipaa 0927.09v1Organizational.3-09.v hipaa-0927.09v1Organizational.3-09.v 0927.09v1Organizational.3-09.v 0927.09v1Organizational.3-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance hipaa 0927.09v1Organizational.3-09.v hipaa-0927.09v1Organizational.3-09.v 0927.09v1Organizational.3-09.v 0927.09v1Organizational.3-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance hipaa 0928.09v1Organizational.45-09.v hipaa-0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance hipaa 0928.09v1Organizational.45-09.v hipaa-0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance hipaa 0928.09v1Organizational.45-09.v hipaa-0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance hipaa 0928.09v1Organizational.45-09.v hipaa-0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance hipaa 0928.09v1Organizational.45-09.v hipaa-0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance hipaa 0928.09v1Organizational.45-09.v hipaa-0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance hipaa 0928.09v1Organizational.45-09.v hipaa-0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance hipaa 0928.09v1Organizational.45-09.v hipaa-0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance hipaa 0928.09v1Organizational.45-09.v hipaa-0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance hipaa 0929.09v1Organizational.6-09.v hipaa-0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance hipaa 0929.09v1Organizational.6-09.v hipaa-0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance hipaa 0929.09v1Organizational.6-09.v hipaa-0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance hipaa 0929.09v1Organizational.6-09.v hipaa-0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance hipaa 0929.09v1Organizational.6-09.v hipaa-0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance hipaa 0929.09v1Organizational.6-09.v hipaa-0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance hipaa 0929.09v1Organizational.6-09.v hipaa-0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance hipaa 0929.09v1Organizational.6-09.v hipaa-0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance hipaa 0929.09v1Organizational.6-09.v hipaa-0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance hipaa 0943.09y1Organizational.1-09.y hipaa-0943.09y1Organizational.1-09.y 0943.09y1Organizational.1-09.y 0943.09y1Organizational.1-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
18e7906d-4197-20fa-2f14-aaac21864e71 Document process to ensure integrity of PII Regulatory Compliance hipaa 0943.09y1Organizational.1-09.y hipaa-0943.09y1Organizational.1-09.y 0943.09y1Organizational.1-09.y 0943.09y1Organizational.1-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance hipaa 0943.09y1Organizational.1-09.y hipaa-0943.09y1Organizational.1-09.y 0943.09y1Organizational.1-09.y 0943.09y1Organizational.1-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage hipaa 0943.09y1Organizational.1-09.y hipaa-0943.09y1Organizational.1-09.y 0943.09y1Organizational.1-09.y 0943.09y1Organizational.1-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance hipaa 0944.09y1Organizational.2-09.y hipaa-0944.09y1Organizational.2-09.y 0944.09y1Organizational.2-09.y 0944.09y1Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance hipaa 0944.09y1Organizational.2-09.y hipaa-0944.09y1Organizational.2-09.y 0944.09y1Organizational.2-09.y 0944.09y1Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance hipaa 0944.09y1Organizational.2-09.y hipaa-0944.09y1Organizational.2-09.y 0944.09y1Organizational.2-09.y 0944.09y1Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance hipaa 0944.09y1Organizational.2-09.y hipaa-0944.09y1Organizational.2-09.y 0944.09y1Organizational.2-09.y 0944.09y1Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance hipaa 0944.09y1Organizational.2-09.y hipaa-0944.09y1Organizational.2-09.y 0944.09y1Organizational.2-09.y 0944.09y1Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance hipaa 0944.09y1Organizational.2-09.y hipaa-0944.09y1Organizational.2-09.y 0944.09y1Organizational.2-09.y 0944.09y1Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance hipaa 0944.09y1Organizational.2-09.y hipaa-0944.09y1Organizational.2-09.y 0944.09y1Organizational.2-09.y 0944.09y1Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance hipaa 0944.09y1Organizational.2-09.y hipaa-0944.09y1Organizational.2-09.y 0944.09y1Organizational.2-09.y 0944.09y1Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance hipaa 0945.09y1Organizational.3-09.y hipaa-0945.09y1Organizational.3-09.y 0945.09y1Organizational.3-09.y 0945.09y1Organizational.3-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance hipaa 0945.09y1Organizational.3-09.y hipaa-0945.09y1Organizational.3-09.y 0945.09y1Organizational.3-09.y 0945.09y1Organizational.3-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance hipaa 0945.09y1Organizational.3-09.y hipaa-0945.09y1Organizational.3-09.y 0945.09y1Organizational.3-09.y 0945.09y1Organizational.3-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance hipaa 0945.09y1Organizational.3-09.y hipaa-0945.09y1Organizational.3-09.y 0945.09y1Organizational.3-09.y 0945.09y1Organizational.3-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance hipaa 0945.09y1Organizational.3-09.y hipaa-0945.09y1Organizational.3-09.y 0945.09y1Organizational.3-09.y 0945.09y1Organizational.3-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration hipaa 0945.09y1Organizational.3-09.y hipaa-0945.09y1Organizational.3-09.y 0945.09y1Organizational.3-09.y 0945.09y1Organizational.3-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache hipaa 0946.09y2Organizational.14-09.y hipaa-0946.09y2Organizational.14-09.y 0946.09y2Organizational.14 - 09.y The organization requires the use of encryption between, and the use of electronic signatures by, each of the parties involved in the transaction. HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance hipaa 0947.09y2Organizational.2-09.y hipaa-0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL hipaa 0947.09y2Organizational.2-09.y hipaa-0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance hipaa 0947.09y2Organizational.2-09.y hipaa-0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance hipaa 0947.09y2Organizational.2-09.y hipaa-0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance hipaa 0947.09y2Organizational.2-09.y hipaa-0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance hipaa 0947.09y2Organizational.2-09.y hipaa-0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance hipaa 0947.09y2Organizational.2-09.y hipaa-0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance hipaa 0947.09y2Organizational.2-09.y hipaa-0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance hipaa 0947.09y2Organizational.2-09.y hipaa-0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance hipaa 0947.09y2Organizational.2-09.y hipaa-0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0040d2e5-2779-170d-6a2c-1f5fca353335 Restrict location of information processing, storage and services Regulatory Compliance hipaa 0947.09y2Organizational.2-09.y hipaa-0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance hipaa 0948.09y2Organizational.3-09.y hipaa-0948.09y2Organizational.3-09.y 0948.09y2Organizational.3-09.y 0948.09y2Organizational.3-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL hipaa 0948.09y2Organizational.3-09.y hipaa-0948.09y2Organizational.3-09.y 0948.09y2Organizational.3-09.y 0948.09y2Organizational.3-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance hipaa 0948.09y2Organizational.3-09.y hipaa-0948.09y2Organizational.3-09.y 0948.09y2Organizational.3-09.y 0948.09y2Organizational.3-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
098dcde7-016a-06c3-0985-0daaf3301d3a Distribute authenticators Regulatory Compliance hipaa 0948.09y2Organizational.3-09.y hipaa-0948.09y2Organizational.3-09.y 0948.09y2Organizational.3-09.y 0948.09y2Organizational.3-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance hipaa 0948.09y2Organizational.3-09.y hipaa-0948.09y2Organizational.3-09.y 0948.09y2Organizational.3-09.y 0948.09y2Organizational.3-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c7d57a6a-7cc2-66c0-299f-83bf90558f5d Enforce random unique session identifiers Regulatory Compliance hipaa 0948.09y2Organizational.3-09.y hipaa-0948.09y2Organizational.3-09.y 0948.09y2Organizational.3-09.y 0948.09y2Organizational.3-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service hipaa 0949.09y2Organizational.5-09.y hipaa-0949.09y2Organizational.5-09.y 0949.09y2Organizational.5-09.y 0949.09y2Organizational.5-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service hipaa 0949.09y2Organizational.5-09.y hipaa-0949.09y2Organizational.5-09.y 0949.09y2Organizational.5-09.y 0949.09y2Organizational.5-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service hipaa 0949.09y2Organizational.5-09.y hipaa-0949.09y2Organizational.5-09.y 0949.09y2Organizational.5-09.y 0949.09y2Organizational.5-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance hipaa 0949.09y2Organizational.5-09.y hipaa-0949.09y2Organizational.5-09.y 0949.09y2Organizational.5-09.y 0949.09y2Organizational.5-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f6da5cca-5795-60ff-49e1-4972567815fe Require developer to identify SDLC ports, protocols, and services Regulatory Compliance hipaa 0949.09y2Organizational.5-09.y hipaa-0949.09y2Organizational.5-09.y 0949.09y2Organizational.5-09.y 0949.09y2Organizational.5-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service hipaa 0949.09y2Organizational.5-09.y hipaa-0949.09y2Organizational.5-09.y 0949.09y2Organizational.5-09.y 0949.09y2Organizational.5-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance hipaa 0960.09sCSPOrganizational.1-09.s hipaa-0960.09sCSPOrganizational.1-09.s 0960.09sCSPOrganizational.1-09.s 0960.09sCSPOrganizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service hipaa 0960.09sCSPOrganizational.1-09.s hipaa-0960.09sCSPOrganizational.1-09.s 0960.09sCSPOrganizational.1-09.s 0960.09sCSPOrganizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance hipaa 099.09m2Organizational.11-09.m hipaa-099.09m2Organizational.11-09.m 099.09m2Organizational.11-09.m 099.09m2Organizational.11-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance hipaa 099.09m2Organizational.11-09.m hipaa-099.09m2Organizational.11-09.m 099.09m2Organizational.11-09.m 099.09m2Organizational.11-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance hipaa 099.09m2Organizational.11-09.m hipaa-099.09m2Organizational.11-09.m 099.09m2Organizational.11-09.m 099.09m2Organizational.11-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1ff03f2a-974b-3272-34f2-f6cd51420b30 Obscure feedback information during authentication process Regulatory Compliance hipaa 1002.01d1System.1-01.d hipaa-1002.01d1System.1-01.d 1002.01d1System.1-01.d 1002.01d1System.1-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance hipaa 1002.01d1System.1-01.d hipaa-1002.01d1System.1-01.d 1002.01d1System.1-01.d 1002.01d1System.1-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance hipaa 1003.01d1System.3-01.d hipaa-1003.01d1System.3-01.d 1003.01d1System.3-01.d 1003.01d1System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance hipaa 1003.01d1System.3-01.d hipaa-1003.01d1System.3-01.d 1003.01d1System.3-01.d 1003.01d1System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance hipaa 1003.01d1System.3-01.d hipaa-1003.01d1System.3-01.d 1003.01d1System.3-01.d 1003.01d1System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance hipaa 1004.01d1System.8913-01.d hipaa-1004.01d1System.8913-01.d 1004.01d1System.8913-01.d 1004.01d1System.8913-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance hipaa 1004.01d1System.8913-01.d hipaa-1004.01d1System.8913-01.d 1004.01d1System.8913-01.d 1004.01d1System.8913-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance hipaa 1004.01d1System.8913-01.d hipaa-1004.01d1System.8913-01.d 1004.01d1System.8913-01.d 1004.01d1System.8913-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance hipaa 1004.01d1System.8913-01.d hipaa-1004.01d1System.8913-01.d 1004.01d1System.8913-01.d 1004.01d1System.8913-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance hipaa 1004.01d1System.8913-01.d hipaa-1004.01d1System.8913-01.d 1004.01d1System.8913-01.d 1004.01d1System.8913-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance hipaa 1004.01d1System.8913-01.d hipaa-1004.01d1System.8913-01.d 1004.01d1System.8913-01.d 1004.01d1System.8913-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance hipaa 1004.01d1System.8913-01.d hipaa-1004.01d1System.8913-01.d 1004.01d1System.8913-01.d 1004.01d1System.8913-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance hipaa 1004.01d1System.8913-01.d hipaa-1004.01d1System.8913-01.d 1004.01d1System.8913-01.d 1004.01d1System.8913-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance hipaa 1005.01d1System.1011-01.d hipaa-1005.01d1System.1011-01.d 1005.01d1System.1011-01.d 1005.01d1System.1011-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance hipaa 1005.01d1System.1011-01.d hipaa-1005.01d1System.1011-01.d 1005.01d1System.1011-01.d 1005.01d1System.1011-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance hipaa 1005.01d1System.1011-01.d hipaa-1005.01d1System.1011-01.d 1005.01d1System.1011-01.d 1005.01d1System.1011-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
16c54e01-9e65-7524-7c33-beda48a75779 Produce, control and distribute symmetric cryptographic keys Regulatory Compliance hipaa 1005.01d1System.1011-01.d hipaa-1005.01d1System.1011-01.d 1005.01d1System.1011-01.d 1005.01d1System.1011-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance hipaa 1005.01d1System.1011-01.d hipaa-1005.01d1System.1011-01.d 1005.01d1System.1011-01.d 1005.01d1System.1011-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance hipaa 1005.01d1System.1011-01.d hipaa-1005.01d1System.1011-01.d 1005.01d1System.1011-01.d 1005.01d1System.1011-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance hipaa 1006.01d2System.1-01.d hipaa-1006.01d2System.1-01.d 1006.01d2System.1-01.d 1006.01d2System.1-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eda0cbb7-6043-05bf-645b-67411f1a59b3 Ensure there are no unencrypted static authenticators Regulatory Compliance hipaa 1006.01d2System.1-01.d hipaa-1006.01d2System.1-01.d 1006.01d2System.1-01.d 1006.01d2System.1-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance hipaa 1006.01d2System.1-01.d hipaa-1006.01d2System.1-01.d 1006.01d2System.1-01.d 1006.01d2System.1-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1ff03f2a-974b-3272-34f2-f6cd51420b30 Obscure feedback information during authentication process Regulatory Compliance hipaa 1006.01d2System.1-01.d hipaa-1006.01d2System.1-01.d 1006.01d2System.1-01.d 1006.01d2System.1-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c2cb4658-44dc-9d11-3dad-7c6802dd5ba3 Generate error messages Regulatory Compliance hipaa 1006.01d2System.1-01.d hipaa-1006.01d2System.1-01.d 1006.01d2System.1-01.d 1006.01d2System.1-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance hipaa 1007.01d2System.2-01.d hipaa-1007.01d2System.2-01.d 1007.01d2System.2-01.d 1007.01d2System.2-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance hipaa 1008.01d2System.3-01.d hipaa-1008.01d2System.3-01.d 1008.01d2System.3-01.d 1008.01d2System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e21f91d1-2803-0282-5f2d-26ebc4b170ef Update organizational access agreements Regulatory Compliance hipaa 1008.01d2System.3-01.d hipaa-1008.01d2System.3-01.d 1008.01d2System.3-01.d 1008.01d2System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance hipaa 1008.01d2System.3-01.d hipaa-1008.01d2System.3-01.d 1008.01d2System.3-01.d 1008.01d2System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance hipaa 1008.01d2System.3-01.d hipaa-1008.01d2System.3-01.d 1008.01d2System.3-01.d 1008.01d2System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance hipaa 1008.01d2System.3-01.d hipaa-1008.01d2System.3-01.d 1008.01d2System.3-01.d 1008.01d2System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance hipaa 1008.01d2System.3-01.d hipaa-1008.01d2System.3-01.d 1008.01d2System.3-01.d 1008.01d2System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance hipaa 1008.01d2System.3-01.d hipaa-1008.01d2System.3-01.d 1008.01d2System.3-01.d 1008.01d2System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance hipaa 1008.01d2System.3-01.d hipaa-1008.01d2System.3-01.d 1008.01d2System.3-01.d 1008.01d2System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance hipaa 1008.01d2System.3-01.d hipaa-1008.01d2System.3-01.d 1008.01d2System.3-01.d 1008.01d2System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c981fa70-2e58-8141-1457-e7f62ebc2ade Document organizational access agreements Regulatory Compliance hipaa 1008.01d2System.3-01.d hipaa-1008.01d2System.3-01.d 1008.01d2System.3-01.d 1008.01d2System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance hipaa 1008.01d2System.3-01.d hipaa-1008.01d2System.3-01.d 1008.01d2System.3-01.d 1008.01d2System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance hipaa 1008.01d2System.3-01.d hipaa-1008.01d2System.3-01.d 1008.01d2System.3-01.d 1008.01d2System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance hipaa 1008.01d2System.3-01.d hipaa-1008.01d2System.3-01.d 1008.01d2System.3-01.d 1008.01d2System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance hipaa 1008.01d2System.3-01.d hipaa-1008.01d2System.3-01.d 1008.01d2System.3-01.d 1008.01d2System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3af53f59-979f-24a8-540f-d7cdbc366607 Require users to sign access agreement Regulatory Compliance hipaa 1008.01d2System.3-01.d hipaa-1008.01d2System.3-01.d 1008.01d2System.3-01.d 1008.01d2System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance hipaa 1009.01d2System.4-01.d hipaa-1009.01d2System.4-01.d 1009.01d2System.4-01.d 1009.01d2System.4-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance hipaa 1009.01d2System.4-01.d hipaa-1009.01d2System.4-01.d 1009.01d2System.4-01.d 1009.01d2System.4-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance hipaa 1009.01d2System.4-01.d hipaa-1009.01d2System.4-01.d 1009.01d2System.4-01.d 1009.01d2System.4-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance hipaa 1009.01d2System.4-01.d hipaa-1009.01d2System.4-01.d 1009.01d2System.4-01.d 1009.01d2System.4-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance hipaa 1014.01d1System.12-01.d hipaa-1014.01d1System.12-01.d 1014.01d1System.12-01.d 1014.01d1System.12-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance hipaa 1014.01d1System.12-01.d hipaa-1014.01d1System.12-01.d 1014.01d1System.12-01.d 1014.01d1System.12-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance hipaa 1014.01d1System.12-01.d hipaa-1014.01d1System.12-01.d 1014.01d1System.12-01.d 1014.01d1System.12-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance hipaa 1014.01d1System.12-01.d hipaa-1014.01d1System.12-01.d 1014.01d1System.12-01.d 1014.01d1System.12-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance hipaa 1014.01d1System.12-01.d hipaa-1014.01d1System.12-01.d 1014.01d1System.12-01.d 1014.01d1System.12-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance hipaa 1014.01d1System.12-01.d hipaa-1014.01d1System.12-01.d 1014.01d1System.12-01.d 1014.01d1System.12-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance hipaa 1014.01d1System.12-01.d hipaa-1014.01d1System.12-01.d 1014.01d1System.12-01.d 1014.01d1System.12-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance hipaa 1014.01d1System.12-01.d hipaa-1014.01d1System.12-01.d 1014.01d1System.12-01.d 1014.01d1System.12-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance hipaa 1014.01d1System.12-01.d hipaa-1014.01d1System.12-01.d 1014.01d1System.12-01.d 1014.01d1System.12-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance hipaa 1014.01d1System.12-01.d hipaa-1014.01d1System.12-01.d 1014.01d1System.12-01.d 1014.01d1System.12-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance hipaa 1014.01d1System.12-01.d hipaa-1014.01d1System.12-01.d 1014.01d1System.12-01.d 1014.01d1System.12-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance hipaa 1015.01d1System.14-01.d hipaa-1015.01d1System.14-01.d 1015.01d1System.14-01.d 1015.01d1System.14-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance hipaa 1015.01d1System.14-01.d hipaa-1015.01d1System.14-01.d 1015.01d1System.14-01.d 1015.01d1System.14-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance hipaa 1015.01d1System.14-01.d hipaa-1015.01d1System.14-01.d 1015.01d1System.14-01.d 1015.01d1System.14-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance hipaa 1015.01d1System.14-01.d hipaa-1015.01d1System.14-01.d 1015.01d1System.14-01.d 1015.01d1System.14-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance hipaa 1022.01d1System.15-01.d hipaa-1022.01d1System.15-01.d 1022.01d1System.15-01.d 1022.01d1System.15-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance hipaa 1022.01d1System.15-01.d hipaa-1022.01d1System.15-01.d 1022.01d1System.15-01.d 1022.01d1System.15-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance hipaa 1022.01d1System.15-01.d hipaa-1022.01d1System.15-01.d 1022.01d1System.15-01.d 1022.01d1System.15-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance hipaa 1022.01d1System.15-01.d hipaa-1022.01d1System.15-01.d 1022.01d1System.15-01.d 1022.01d1System.15-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance hipaa 1022.01d1System.15-01.d hipaa-1022.01d1System.15-01.d 1022.01d1System.15-01.d 1022.01d1System.15-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance hipaa 1022.01d1System.15-01.d hipaa-1022.01d1System.15-01.d 1022.01d1System.15-01.d 1022.01d1System.15-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance hipaa 1022.01d1System.15-01.d hipaa-1022.01d1System.15-01.d 1022.01d1System.15-01.d 1022.01d1System.15-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance hipaa 1022.01d1System.15-01.d hipaa-1022.01d1System.15-01.d 1022.01d1System.15-01.d 1022.01d1System.15-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance hipaa 1031.01d1System.34510-01.d hipaa-1031.01d1System.34510-01.d 1031.01d1System.34510-01.d 1031.01d1System.34510-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance hipaa 1031.01d1System.34510-01.d hipaa-1031.01d1System.34510-01.d 1031.01d1System.34510-01.d 1031.01d1System.34510-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance hipaa 1031.01d1System.34510-01.d hipaa-1031.01d1System.34510-01.d 1031.01d1System.34510-01.d 1031.01d1System.34510-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance hipaa 1031.01d1System.34510-01.d hipaa-1031.01d1System.34510-01.d 1031.01d1System.34510-01.d 1031.01d1System.34510-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance hipaa 1031.01d1System.34510-01.d hipaa-1031.01d1System.34510-01.d 1031.01d1System.34510-01.d 1031.01d1System.34510-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance hipaa 1031.01d1System.34510-01.d hipaa-1031.01d1System.34510-01.d 1031.01d1System.34510-01.d 1031.01d1System.34510-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance hipaa 1106.01b1System.1-01.b hipaa-1106.01b1System.1-01.b 1106.01b1System.1-01.b 1106.01b1System.1-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance hipaa 1106.01b1System.1-01.b hipaa-1106.01b1System.1-01.b 1106.01b1System.1-01.b 1106.01b1System.1-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance hipaa 1106.01b1System.1-01.b hipaa-1106.01b1System.1-01.b 1106.01b1System.1-01.b 1106.01b1System.1-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance hipaa 1106.01b1System.1-01.b hipaa-1106.01b1System.1-01.b 1106.01b1System.1-01.b 1106.01b1System.1-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance hipaa 1106.01b1System.1-01.b hipaa-1106.01b1System.1-01.b 1106.01b1System.1-01.b 1106.01b1System.1-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance hipaa 1106.01b1System.1-01.b hipaa-1106.01b1System.1-01.b 1106.01b1System.1-01.b 1106.01b1System.1-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance hipaa 1106.01b1System.1-01.b hipaa-1106.01b1System.1-01.b 1106.01b1System.1-01.b 1106.01b1System.1-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance hipaa 1106.01b1System.1-01.b hipaa-1106.01b1System.1-01.b 1106.01b1System.1-01.b 1106.01b1System.1-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance hipaa 1106.01b1System.1-01.b hipaa-1106.01b1System.1-01.b 1106.01b1System.1-01.b 1106.01b1System.1-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance hipaa 1106.01b1System.1-01.b hipaa-1106.01b1System.1-01.b 1106.01b1System.1-01.b 1106.01b1System.1-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance hipaa 1107.01b1System.2-01.b hipaa-1107.01b1System.2-01.b 1107.01b1System.2-01.b 1107.01b1System.2-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance hipaa 1107.01b1System.2-01.b hipaa-1107.01b1System.2-01.b 1107.01b1System.2-01.b 1107.01b1System.2-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance hipaa 1107.01b1System.2-01.b hipaa-1107.01b1System.2-01.b 1107.01b1System.2-01.b 1107.01b1System.2-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance hipaa 1107.01b1System.2-01.b hipaa-1107.01b1System.2-01.b 1107.01b1System.2-01.b 1107.01b1System.2-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance hipaa 1108.01b1System.3-01.b hipaa-1108.01b1System.3-01.b 1108.01b1System.3-01.b 1108.01b1System.3-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance hipaa 1108.01b1System.3-01.b hipaa-1108.01b1System.3-01.b 1108.01b1System.3-01.b 1108.01b1System.3-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance hipaa 1108.01b1System.3-01.b hipaa-1108.01b1System.3-01.b 1108.01b1System.3-01.b 1108.01b1System.3-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance hipaa 1108.01b1System.3-01.b hipaa-1108.01b1System.3-01.b 1108.01b1System.3-01.b 1108.01b1System.3-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance hipaa 1110.01b1System.5-01.b hipaa-1110.01b1System.5-01.b 1110.01b1System.5-01.b 1110.01b1System.5-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance hipaa 1110.01b1System.5-01.b hipaa-1110.01b1System.5-01.b 1110.01b1System.5-01.b 1110.01b1System.5-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance hipaa 1110.01b1System.5-01.b hipaa-1110.01b1System.5-01.b 1110.01b1System.5-01.b 1110.01b1System.5-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance hipaa 1110.01b1System.5-01.b hipaa-1110.01b1System.5-01.b 1110.01b1System.5-01.b 1110.01b1System.5-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance hipaa 1110.01b1System.5-01.b hipaa-1110.01b1System.5-01.b 1110.01b1System.5-01.b 1110.01b1System.5-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance hipaa 1110.01b1System.5-01.b hipaa-1110.01b1System.5-01.b 1110.01b1System.5-01.b 1110.01b1System.5-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance hipaa 1110.01b1System.5-01.b hipaa-1110.01b1System.5-01.b 1110.01b1System.5-01.b 1110.01b1System.5-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance hipaa 1110.01b1System.5-01.b hipaa-1110.01b1System.5-01.b 1110.01b1System.5-01.b 1110.01b1System.5-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance hipaa 1110.01b1System.5-01.b hipaa-1110.01b1System.5-01.b 1110.01b1System.5-01.b 1110.01b1System.5-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance hipaa 1110.01b1System.5-01.b hipaa-1110.01b1System.5-01.b 1110.01b1System.5-01.b 1110.01b1System.5-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts Regulatory Compliance hipaa 1110.01b1System.5-01.b hipaa-1110.01b1System.5-01.b 1110.01b1System.5-01.b 1110.01b1System.5-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance hipaa 11109.01q1Organizational.57-01.q hipaa-11109.01q1Organizational.57-01.q 11109.01q1Organizational.57-01.q 11109.01q1Organizational.57-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f29b17a4-0df2-8a50-058a-8570f9979d28 Assign system identifiers Regulatory Compliance hipaa 11109.01q1Organizational.57-01.q hipaa-11109.01q1Organizational.57-01.q 11109.01q1Organizational.57-01.q 11109.01q1Organizational.57-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4781e5fd-76b8-7d34-6df3-a0a7fca47665 Prevent identifier reuse for the defined time period Regulatory Compliance hipaa 11109.01q1Organizational.57-01.q hipaa-11109.01q1Organizational.57-01.q 11109.01q1Organizational.57-01.q 11109.01q1Organizational.57-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ca748dfe-3e28-1d18-4221-89aea30aa0a5 Identify status of individual users Regulatory Compliance hipaa 11109.01q1Organizational.57-01.q hipaa-11109.01q1Organizational.57-01.q 11109.01q1Organizational.57-01.q 11109.01q1Organizational.57-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance hipaa 11109.01q1Organizational.57-01.q hipaa-11109.01q1Organizational.57-01.q 11109.01q1Organizational.57-01.q 11109.01q1Organizational.57-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance hipaa 11109.01q1Organizational.57-01.q hipaa-11109.01q1Organizational.57-01.q 11109.01q1Organizational.57-01.q 11109.01q1Organizational.57-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts Regulatory Compliance hipaa 1111.01b2System.1-01.b hipaa-1111.01b2System.1-01.b 1111.01b2System.1-01.b 1111.01b2System.1-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance hipaa 1111.01b2System.1-01.b hipaa-1111.01b2System.1-01.b 1111.01b2System.1-01.b 1111.01b2System.1-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance hipaa 11111.01q2System.4-01.q hipaa-11111.01q2System.4-01.q 11111.01q2System.4-01.q 11111.01q2System.4-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance hipaa 11111.01q2System.4-01.q hipaa-11111.01q2System.4-01.q 11111.01q2System.4-01.q 11111.01q2System.4-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance hipaa 11111.01q2System.4-01.q hipaa-11111.01q2System.4-01.q 11111.01q2System.4-01.q 11111.01q2System.4-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center hipaa 11112.01q2Organizational.67-01.q hipaa-11112.01q2Organizational.67-01.q 11112.01q2Organizational.67-01.q 11112.01q2Organizational.67-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance hipaa 11112.01q2Organizational.67-01.q hipaa-11112.01q2Organizational.67-01.q 11112.01q2Organizational.67-01.q 11112.01q2Organizational.67-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance hipaa 11112.01q2Organizational.67-01.q hipaa-11112.01q2Organizational.67-01.q 11112.01q2Organizational.67-01.q 11112.01q2Organizational.67-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance hipaa 1112.01b2System.2-01.b hipaa-1112.01b2System.2-01.b 1112.01b2System.2-01.b 1112.01b2System.2-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e29a8f1b-149b-2fa3-969d-ebee1baa9472 Assign an authorizing official (AO) Regulatory Compliance hipaa 1112.01b2System.2-01.b hipaa-1112.01b2System.2-01.b 1112.01b2System.2-01.b 1112.01b2System.2-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0716f0f5-4955-2ccb-8d5e-c6be14d57c0f Ensure resources are authorized Regulatory Compliance hipaa 1112.01b2System.2-01.b hipaa-1112.01b2System.2-01.b 1112.01b2System.2-01.b 1112.01b2System.2-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
449ebb52-945b-36e5-3446-af6f33770f8f Update the security authorization Regulatory Compliance hipaa 1112.01b2System.2-01.b hipaa-1112.01b2System.2-01.b 1112.01b2System.2-01.b 1112.01b2System.2-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
098dcde7-016a-06c3-0985-0daaf3301d3a Distribute authenticators Regulatory Compliance hipaa 1112.01b2System.2-01.b hipaa-1112.01b2System.2-01.b 1112.01b2System.2-01.b 1112.01b2System.2-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance hipaa 1112.01b2System.2-01.b hipaa-1112.01b2System.2-01.b 1112.01b2System.2-01.b 1112.01b2System.2-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance hipaa 1112.01b2System.2-01.b hipaa-1112.01b2System.2-01.b 1112.01b2System.2-01.b 1112.01b2System.2-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance hipaa 11126.01t1Organizational.12-01.t hipaa-11126.01t1Organizational.12-01.t 11126.01t1Organizational.12-01.t 11126.01t1Organizational.12-01.t 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance hipaa 1114.01h1Organizational.123-01.h hipaa-1114.01h1Organizational.123-01.h 1114.01h1Organizational.123-01.h 1114.01h1Organizational.123-01.h 01.03 User Responsibilities HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d8350d4c-9314-400b-288f-20ddfce04fbd Define and enforce the limit of concurrent sessions Regulatory Compliance hipaa 1114.01h1Organizational.123-01.h hipaa-1114.01h1Organizational.123-01.h 1114.01h1Organizational.123-01.h 1114.01h1Organizational.123-01.h 01.03 User Responsibilities HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance hipaa 11154.02i1Organizational.5-02.i hipaa-11154.02i1Organizational.5-02.i 11154.02i1Organizational.5-02.i 11154.02i1Organizational.5-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance hipaa 11154.02i1Organizational.5-02.i hipaa-11154.02i1Organizational.5-02.i 11154.02i1Organizational.5-02.i 11154.02i1Organizational.5-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance hipaa 11154.02i1Organizational.5-02.i hipaa-11154.02i1Organizational.5-02.i 11154.02i1Organizational.5-02.i 11154.02i1Organizational.5-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance hipaa 11154.02i1Organizational.5-02.i hipaa-11154.02i1Organizational.5-02.i 11154.02i1Organizational.5-02.i 11154.02i1Organizational.5-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance hipaa 11154.02i1Organizational.5-02.i hipaa-11154.02i1Organizational.5-02.i 11154.02i1Organizational.5-02.i 11154.02i1Organizational.5-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance hipaa 11154.02i1Organizational.5-02.i hipaa-11154.02i1Organizational.5-02.i 11154.02i1Organizational.5-02.i 11154.02i1Organizational.5-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance hipaa 11154.02i1Organizational.5-02.i hipaa-11154.02i1Organizational.5-02.i 11154.02i1Organizational.5-02.i 11154.02i1Organizational.5-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance hipaa 11154.02i1Organizational.5-02.i hipaa-11154.02i1Organizational.5-02.i 11154.02i1Organizational.5-02.i 11154.02i1Organizational.5-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance hipaa 11155.02i2Organizational.2-02.i hipaa-11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance hipaa 11155.02i2Organizational.2-02.i hipaa-11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance hipaa 11155.02i2Organizational.2-02.i hipaa-11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance hipaa 11155.02i2Organizational.2-02.i hipaa-11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance hipaa 11155.02i2Organizational.2-02.i hipaa-11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance hipaa 11155.02i2Organizational.2-02.i hipaa-11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance hipaa 11155.02i2Organizational.2-02.i hipaa-11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance hipaa 11155.02i2Organizational.2-02.i hipaa-11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance hipaa 11155.02i2Organizational.2-02.i hipaa-11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance hipaa 11155.02i2Organizational.2-02.i hipaa-11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance hipaa 1116.01j1Organizational.145-01.j hipaa-1116.01j1Organizational.145-01.j 1116.01j1Organizational.145-01.j 1116.01j1Organizational.145-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance hipaa 1116.01j1Organizational.145-01.j hipaa-1116.01j1Organizational.145-01.j 1116.01j1Organizational.145-01.j 1116.01j1Organizational.145-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance hipaa 1116.01j1Organizational.145-01.j hipaa-1116.01j1Organizational.145-01.j 1116.01j1Organizational.145-01.j 1116.01j1Organizational.145-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance hipaa 1116.01j1Organizational.145-01.j hipaa-1116.01j1Organizational.145-01.j 1116.01j1Organizational.145-01.j 1116.01j1Organizational.145-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance hipaa 1116.01j1Organizational.145-01.j hipaa-1116.01j1Organizational.145-01.j 1116.01j1Organizational.145-01.j 1116.01j1Organizational.145-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance hipaa 1118.01j2Organizational.124-01.j hipaa-1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance hipaa 1118.01j2Organizational.124-01.j hipaa-1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance hipaa 1118.01j2Organizational.124-01.j hipaa-1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance hipaa 1118.01j2Organizational.124-01.j hipaa-1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance hipaa 1118.01j2Organizational.124-01.j hipaa-1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance hipaa 1118.01j2Organizational.124-01.j hipaa-1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance hipaa 1118.01j2Organizational.124-01.j hipaa-1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance hipaa 1118.01j2Organizational.124-01.j hipaa-1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance hipaa 11180.01c3System.6-01.c hipaa-11180.01c3System.6-01.c 11180.01c3System.6-01.c 11180.01c3System.6-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center hipaa 11180.01c3System.6-01.c hipaa-11180.01c3System.6-01.c 11180.01c3System.6-01.c 11180.01c3System.6-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance hipaa 11180.01c3System.6-01.c hipaa-11180.01c3System.6-01.c 11180.01c3System.6-01.c 11180.01c3System.6-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance hipaa 11180.01c3System.6-01.c hipaa-11180.01c3System.6-01.c 11180.01c3System.6-01.c 11180.01c3System.6-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance hipaa 11180.01c3System.6-01.c hipaa-11180.01c3System.6-01.c 11180.01c3System.6-01.c 11180.01c3System.6-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance hipaa 11180.01c3System.6-01.c hipaa-11180.01c3System.6-01.c 11180.01c3System.6-01.c 11180.01c3System.6-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance hipaa 11180.01c3System.6-01.c hipaa-11180.01c3System.6-01.c 11180.01c3System.6-01.c 11180.01c3System.6-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center hipaa 1119.01j2Organizational.3-01.j hipaa-1119.01j2Organizational.3-01.j 1119.01j2Organizational.3-01.j 1119.01j2Organizational.3-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance hipaa 1119.01j2Organizational.3-01.j hipaa-1119.01j2Organizational.3-01.j 1119.01j2Organizational.3-01.j 1119.01j2Organizational.3-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance hipaa 1119.01j2Organizational.3-01.j hipaa-1119.01j2Organizational.3-01.j 1119.01j2Organizational.3-01.j 1119.01j2Organizational.3-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices Regulatory Compliance hipaa 1119.01j2Organizational.3-01.j hipaa-1119.01j2Organizational.3-01.j 1119.01j2Organizational.3-01.j 1119.01j2Organizational.3-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance hipaa 1119.01j2Organizational.3-01.j hipaa-1119.01j2Organizational.3-01.j 1119.01j2Organizational.3-01.j 1119.01j2Organizational.3-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance hipaa 11190.01t1Organizational.3-01.t hipaa-11190.01t1Organizational.3-01.t 11190.01t1Organizational.3-01.t 11190.01t1Organizational.3-01.t 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance hipaa 11190.01t1Organizational.3-01.t hipaa-11190.01t1Organizational.3-01.t 11190.01t1Organizational.3-01.t 11190.01t1Organizational.3-01.t 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance hipaa 11190.01t1Organizational.3-01.t hipaa-11190.01t1Organizational.3-01.t 11190.01t1Organizational.3-01.t 11190.01t1Organizational.3-01.t 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance hipaa 11190.01t1Organizational.3-01.t hipaa-11190.01t1Organizational.3-01.t 11190.01t1Organizational.3-01.t 11190.01t1Organizational.3-01.t 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance hipaa 11190.01t1Organizational.3-01.t hipaa-11190.01t1Organizational.3-01.t 11190.01t1Organizational.3-01.t 11190.01t1Organizational.3-01.t 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring hipaa 1120.09ab3System.9-09.ab hipaa-1120.09ab3System.9-09.ab 1120.09ab3System.9-09.ab 1120.09ab3System.9-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center hipaa 11208.01q1Organizational.8-01.q hipaa-11208.01q1Organizational.8-01.q 11208.01q1Organizational.8 - 01.q The organization requires that electronic signatures, unique to one individual, cannot be reused by, or reassigned to, anyone else. HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance hipaa 1121.01j3Organizational.2-01.j hipaa-1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance hipaa 1121.01j3Organizational.2-01.j hipaa-1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance hipaa 1121.01j3Organizational.2-01.j hipaa-1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance hipaa 1121.01j3Organizational.2-01.j hipaa-1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance hipaa 1121.01j3Organizational.2-01.j hipaa-1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance hipaa 1121.01j3Organizational.2-01.j hipaa-1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance hipaa 1121.01j3Organizational.2-01.j hipaa-1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance hipaa 1121.01j3Organizational.2-01.j hipaa-1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance hipaa 1121.01j3Organizational.2-01.j hipaa-1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance hipaa 1121.01j3Organizational.2-01.j hipaa-1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration hipaa 11210.01q2Organizational.10-01.q hipaa-11210.01q2Organizational.10-01.q 11210.01q2Organizational.10 - 01.q Electronic signatures and handwritten signatures executed to electronic records shall be linked to their respective electronic records. HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration hipaa 11211.01q2Organizational.11-01.q hipaa-11211.01q2Organizational.11-01.q 11211.01q2Organizational.11 - 01.q Signed electronic records shall contain information associated with the signing in human-readable format. HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance hipaa 11219.01b1Organizational.10-01.b hipaa-11219.01b1Organizational.10-01.b 11219.01b1Organizational.10-01.b 11219.01b1Organizational.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance hipaa 11219.01b1Organizational.10-01.b hipaa-11219.01b1Organizational.10-01.b 11219.01b1Organizational.10-01.b 11219.01b1Organizational.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance hipaa 11219.01b1Organizational.10-01.b hipaa-11219.01b1Organizational.10-01.b 11219.01b1Organizational.10-01.b 11219.01b1Organizational.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance hipaa 11219.01b1Organizational.10-01.b hipaa-11219.01b1Organizational.10-01.b 11219.01b1Organizational.10-01.b 11219.01b1Organizational.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance hipaa 11219.01b1Organizational.10-01.b hipaa-11219.01b1Organizational.10-01.b 11219.01b1Organizational.10-01.b 11219.01b1Organizational.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance hipaa 1122.01q1System.1-01.q hipaa-1122.01q1System.1-01.q 1122.01q1System.1-01.q 1122.01q1System.1-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance hipaa 1122.01q1System.1-01.q hipaa-1122.01q1System.1-01.q 1122.01q1System.1-01.q 1122.01q1System.1-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8df9c78-4044-98be-2c05-31a315ac8957 Conform to FICAM-issued profiles Regulatory Compliance hipaa 1122.01q1System.1-01.q hipaa-1122.01q1System.1-01.q 1122.01q1System.1-01.q 1122.01q1System.1-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance hipaa 1122.01q1System.1-01.q hipaa-1122.01q1System.1-01.q 1122.01q1System.1-01.q 1122.01q1System.1-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d2ca910-7957-23ee-2945-33f401606efc Accept only FICAM-approved third-party credentials Regulatory Compliance hipaa 1122.01q1System.1-01.q hipaa-1122.01q1System.1-01.q 1122.01q1System.1-01.q 1122.01q1System.1-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
db8b35d6-8adb-3f51-44ff-c648ab5b1530 Employ FICAM-approved resources to accept third-party credentials Regulatory Compliance hipaa 1122.01q1System.1-01.q hipaa-1122.01q1System.1-01.q 1122.01q1System.1-01.q 1122.01q1System.1-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance hipaa 1122.01q1System.1-01.q hipaa-1122.01q1System.1-01.q 1122.01q1System.1-01.q 1122.01q1System.1-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance hipaa 1123.01q1System.2-01.q hipaa-1123.01q1System.2-01.q 1123.01q1System.2-01.q 1123.01q1System.2-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance hipaa 1123.01q1System.2-01.q hipaa-1123.01q1System.2-01.q 1123.01q1System.2-01.q 1123.01q1System.2-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance hipaa 1123.01q1System.2-01.q hipaa-1123.01q1System.2-01.q 1123.01q1System.2-01.q 1123.01q1System.2-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance hipaa 1123.01q1System.2-01.q hipaa-1123.01q1System.2-01.q 1123.01q1System.2-01.q 1123.01q1System.2-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance hipaa 1123.01q1System.2-01.q hipaa-1123.01q1System.2-01.q 1123.01q1System.2-01.q 1123.01q1System.2-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration hipaa 1123.01q1System.2-01.q hipaa-1123.01q1System.2-01.q 1123.01q1System.2-01.q 1123.01q1System.2-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts Regulatory Compliance hipaa 1124.01q1System.34-01.q hipaa-1124.01q1System.34-01.q 1124.01q1System.34-01.q 1124.01q1System.34-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance hipaa 1124.01q1System.34-01.q hipaa-1124.01q1System.34-01.q 1124.01q1System.34-01.q 1124.01q1System.34-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance hipaa 1125.01q2System.1-01.q hipaa-1125.01q2System.1-01.q 1125.01q2System.1-01.q 1125.01q2System.1-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration hipaa 1125.01q2System.1-01.q hipaa-1125.01q2System.1-01.q 1125.01q2System.1-01.q 1125.01q2System.1-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance hipaa 1125.01q2System.1-01.q hipaa-1125.01q2System.1-01.q 1125.01q2System.1-01.q 1125.01q2System.1-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance hipaa 1125.01q2System.1-01.q hipaa-1125.01q2System.1-01.q 1125.01q2System.1-01.q 1125.01q2System.1-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration hipaa 1127.01q2System.3-01.q hipaa-1127.01q2System.3-01.q 1127.01q2System.3-01.q 1127.01q2System.3-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
098dcde7-016a-06c3-0985-0daaf3301d3a Distribute authenticators Regulatory Compliance hipaa 1127.01q2System.3-01.q hipaa-1127.01q2System.3-01.q 1127.01q2System.3-01.q 1127.01q2System.3-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance hipaa 1128.01q2System.5-01.q hipaa-1128.01q2System.5-01.q 1128.01q2System.5-01.q 1128.01q2System.5-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance hipaa 1128.01q2System.5-01.q hipaa-1128.01q2System.5-01.q 1128.01q2System.5-01.q 1128.01q2System.5-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance hipaa 1128.01q2System.5-01.q hipaa-1128.01q2System.5-01.q 1128.01q2System.5-01.q 1128.01q2System.5-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance hipaa 1129.01v1System.12-01.v hipaa-1129.01v1System.12-01.v 1129.01v1System.12-01.v 1129.01v1System.12-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance hipaa 1129.01v1System.12-01.v hipaa-1129.01v1System.12-01.v 1129.01v1System.12-01.v 1129.01v1System.12-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance hipaa 1129.01v1System.12-01.v hipaa-1129.01v1System.12-01.v 1129.01v1System.12-01.v 1129.01v1System.12-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance hipaa 1129.01v1System.12-01.v hipaa-1129.01v1System.12-01.v 1129.01v1System.12-01.v 1129.01v1System.12-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance hipaa 1129.01v1System.12-01.v hipaa-1129.01v1System.12-01.v 1129.01v1System.12-01.v 1129.01v1System.12-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance hipaa 1129.01v1System.12-01.v hipaa-1129.01v1System.12-01.v 1129.01v1System.12-01.v 1129.01v1System.12-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance hipaa 1129.01v1System.12-01.v hipaa-1129.01v1System.12-01.v 1129.01v1System.12-01.v 1129.01v1System.12-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance hipaa 1129.01v1System.12-01.v hipaa-1129.01v1System.12-01.v 1129.01v1System.12-01.v 1129.01v1System.12-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance hipaa 1129.01v1System.12-01.v hipaa-1129.01v1System.12-01.v 1129.01v1System.12-01.v 1129.01v1System.12-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance hipaa 1129.01v1System.12-01.v hipaa-1129.01v1System.12-01.v 1129.01v1System.12-01.v 1129.01v1System.12-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance hipaa 1129.01v1System.12-01.v hipaa-1129.01v1System.12-01.v 1129.01v1System.12-01.v 1129.01v1System.12-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance hipaa 1129.01v1System.12-01.v hipaa-1129.01v1System.12-01.v 1129.01v1System.12-01.v 1129.01v1System.12-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance hipaa 1130.01v2System.1-01.v hipaa-1130.01v2System.1-01.v 1130.01v2System.1-01.v 1130.01v2System.1-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance hipaa 1130.01v2System.1-01.v hipaa-1130.01v2System.1-01.v 1130.01v2System.1-01.v 1130.01v2System.1-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance hipaa 1130.01v2System.1-01.v hipaa-1130.01v2System.1-01.v 1130.01v2System.1-01.v 1130.01v2System.1-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance hipaa 1130.01v2System.1-01.v hipaa-1130.01v2System.1-01.v 1130.01v2System.1-01.v 1130.01v2System.1-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance hipaa 1130.01v2System.1-01.v hipaa-1130.01v2System.1-01.v 1130.01v2System.1-01.v 1130.01v2System.1-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance hipaa 1131.01v2System.2-01.v hipaa-1131.01v2System.2-01.v 1131.01v2System.2-01.v 1131.01v2System.2-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance hipaa 1131.01v2System.2-01.v hipaa-1131.01v2System.2-01.v 1131.01v2System.2-01.v 1131.01v2System.2-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance hipaa 1131.01v2System.2-01.v hipaa-1131.01v2System.2-01.v 1131.01v2System.2-01.v 1131.01v2System.2-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance hipaa 1131.01v2System.2-01.v hipaa-1131.01v2System.2-01.v 1131.01v2System.2-01.v 1131.01v2System.2-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance hipaa 1131.01v2System.2-01.v hipaa-1131.01v2System.2-01.v 1131.01v2System.2-01.v 1131.01v2System.2-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance hipaa 1131.01v2System.2-01.v hipaa-1131.01v2System.2-01.v 1131.01v2System.2-01.v 1131.01v2System.2-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance hipaa 1132.01v2System.3-01.v hipaa-1132.01v2System.3-01.v 1132.01v2System.3-01.v 1132.01v2System.3-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance hipaa 1132.01v2System.3-01.v hipaa-1132.01v2System.3-01.v 1132.01v2System.3-01.v 1132.01v2System.3-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication Regulatory Compliance hipaa 1133.01v2System.4-01.v hipaa-1133.01v2System.4-01.v 1133.01v2System.4-01.v 1133.01v2System.4-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance hipaa 1134.01v3System.1-01.v hipaa-1134.01v3System.1-01.v 1134.01v3System.1-01.v 1134.01v3System.1-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance hipaa 1134.01v3System.1-01.v hipaa-1134.01v3System.1-01.v 1134.01v3System.1-01.v 1134.01v3System.1-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance hipaa 1134.01v3System.1-01.v hipaa-1134.01v3System.1-01.v 1134.01v3System.1-01.v 1134.01v3System.1-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance hipaa 1135.02i1Organizational.1234-02.i hipaa-1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance hipaa 1135.02i1Organizational.1234-02.i hipaa-1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance hipaa 1135.02i1Organizational.1234-02.i hipaa-1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance hipaa 1135.02i1Organizational.1234-02.i hipaa-1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance hipaa 1135.02i1Organizational.1234-02.i hipaa-1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance hipaa 1135.02i1Organizational.1234-02.i hipaa-1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance hipaa 1135.02i1Organizational.1234-02.i hipaa-1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance hipaa 1135.02i1Organizational.1234-02.i hipaa-1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance hipaa 1135.02i1Organizational.1234-02.i hipaa-1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance hipaa 1136.02i2Organizational.1-02.i hipaa-1136.02i2Organizational.1-02.i 1136.02i2Organizational.1-02.i 1136.02i2Organizational.1-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
22c16ae4-19d0-29cb-422f-cb44061180ee Disable user accounts posing a significant risk Regulatory Compliance hipaa 1136.02i2Organizational.1-02.i hipaa-1136.02i2Organizational.1-02.i 1136.02i2Organizational.1-02.i 1136.02i2Organizational.1-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance hipaa 1136.02i2Organizational.1-02.i hipaa-1136.02i2Organizational.1-02.i 1136.02i2Organizational.1-02.i 1136.02i2Organizational.1-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance hipaa 1136.02i2Organizational.1-02.i hipaa-1136.02i2Organizational.1-02.i 1136.02i2Organizational.1-02.i 1136.02i2Organizational.1-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance hipaa 1136.02i2Organizational.1-02.i hipaa-1136.02i2Organizational.1-02.i 1136.02i2Organizational.1-02.i 1136.02i2Organizational.1-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance hipaa 1136.02i2Organizational.1-02.i hipaa-1136.02i2Organizational.1-02.i 1136.02i2Organizational.1-02.i 1136.02i2Organizational.1-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance hipaa 1137.06e1Organizational.1-06.e hipaa-1137.06e1Organizational.1-06.e 1137.06e1Organizational.1-06.e 1137.06e1Organizational.1-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance hipaa 1137.06e1Organizational.1-06.e hipaa-1137.06e1Organizational.1-06.e 1137.06e1Organizational.1-06.e 1137.06e1Organizational.1-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance hipaa 1137.06e1Organizational.1-06.e hipaa-1137.06e1Organizational.1-06.e 1137.06e1Organizational.1-06.e 1137.06e1Organizational.1-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance hipaa 1137.06e1Organizational.1-06.e hipaa-1137.06e1Organizational.1-06.e 1137.06e1Organizational.1-06.e 1137.06e1Organizational.1-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance hipaa 1137.06e1Organizational.1-06.e hipaa-1137.06e1Organizational.1-06.e 1137.06e1Organizational.1-06.e 1137.06e1Organizational.1-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance hipaa 1137.06e1Organizational.1-06.e hipaa-1137.06e1Organizational.1-06.e 1137.06e1Organizational.1-06.e 1137.06e1Organizational.1-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance hipaa 1137.06e1Organizational.1-06.e hipaa-1137.06e1Organizational.1-06.e 1137.06e1Organizational.1-06.e 1137.06e1Organizational.1-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance hipaa 1137.06e1Organizational.1-06.e hipaa-1137.06e1Organizational.1-06.e 1137.06e1Organizational.1-06.e 1137.06e1Organizational.1-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance hipaa 1139.01b1System.68-01.b hipaa-1139.01b1System.68-01.b 1139.01b1System.68-01.b 1139.01b1System.68-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance hipaa 1139.01b1System.68-01.b hipaa-1139.01b1System.68-01.b 1139.01b1System.68-01.b 1139.01b1System.68-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance hipaa 1139.01b1System.68-01.b hipaa-1139.01b1System.68-01.b 1139.01b1System.68-01.b 1139.01b1System.68-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance hipaa 1139.01b1System.68-01.b hipaa-1139.01b1System.68-01.b 1139.01b1System.68-01.b 1139.01b1System.68-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance hipaa 1139.01b1System.68-01.b hipaa-1139.01b1System.68-01.b 1139.01b1System.68-01.b 1139.01b1System.68-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts Regulatory Compliance hipaa 1139.01b1System.68-01.b hipaa-1139.01b1System.68-01.b 1139.01b1System.68-01.b 1139.01b1System.68-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance hipaa 1143.01c1System.123-01.c hipaa-1143.01c1System.123-01.c 1143.01c1System.123-01.c 1143.01c1System.123-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance hipaa 1143.01c1System.123-01.c hipaa-1143.01c1System.123-01.c 1143.01c1System.123-01.c 1143.01c1System.123-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance hipaa 1143.01c1System.123-01.c hipaa-1143.01c1System.123-01.c 1143.01c1System.123-01.c 1143.01c1System.123-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance hipaa 1143.01c1System.123-01.c hipaa-1143.01c1System.123-01.c 1143.01c1System.123-01.c 1143.01c1System.123-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance hipaa 1143.01c1System.123-01.c hipaa-1143.01c1System.123-01.c 1143.01c1System.123-01.c 1143.01c1System.123-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance hipaa 1143.01c1System.123-01.c hipaa-1143.01c1System.123-01.c 1143.01c1System.123-01.c 1143.01c1System.123-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance hipaa 1143.01c1System.123-01.c hipaa-1143.01c1System.123-01.c 1143.01c1System.123-01.c 1143.01c1System.123-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance hipaa 1143.01c1System.123-01.c hipaa-1143.01c1System.123-01.c 1143.01c1System.123-01.c 1143.01c1System.123-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance hipaa 1143.01c1System.123-01.c hipaa-1143.01c1System.123-01.c 1143.01c1System.123-01.c 1143.01c1System.123-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center hipaa 1143.01c1System.123-01.c hipaa-1143.01c1System.123-01.c 1143.01c1System.123-01.c 1143.01c1System.123-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center hipaa 1144.01c1System.4-01.c hipaa-1144.01c1System.4-01.c 1144.01c1System.4-01.c 1144.01c1System.4-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance hipaa 1144.01c1System.4-01.c hipaa-1144.01c1System.4-01.c 1144.01c1System.4-01.c 1144.01c1System.4-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance hipaa 1144.01c1System.4-01.c hipaa-1144.01c1System.4-01.c 1144.01c1System.4-01.c 1144.01c1System.4-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance hipaa 1144.01c1System.4-01.c hipaa-1144.01c1System.4-01.c 1144.01c1System.4-01.c 1144.01c1System.4-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance hipaa 1144.01c1System.4-01.c hipaa-1144.01c1System.4-01.c 1144.01c1System.4-01.c 1144.01c1System.4-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance hipaa 1144.01c1System.4-01.c hipaa-1144.01c1System.4-01.c 1144.01c1System.4-01.c 1144.01c1System.4-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance hipaa 1145.01c2System.1-01.c hipaa-1145.01c2System.1-01.c 1145.01c2System.1-01.c 1145.01c2System.1-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center hipaa 1145.01c2System.1-01.c hipaa-1145.01c2System.1-01.c 1145.01c2System.1-01.c 1145.01c2System.1-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance hipaa 1145.01c2System.1-01.c hipaa-1145.01c2System.1-01.c 1145.01c2System.1-01.c 1145.01c2System.1-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance hipaa 1145.01c2System.1-01.c hipaa-1145.01c2System.1-01.c 1145.01c2System.1-01.c 1145.01c2System.1-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance hipaa 1145.01c2System.1-01.c hipaa-1145.01c2System.1-01.c 1145.01c2System.1-01.c 1145.01c2System.1-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance hipaa 1145.01c2System.1-01.c hipaa-1145.01c2System.1-01.c 1145.01c2System.1-01.c 1145.01c2System.1-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance hipaa 1145.01c2System.1-01.c hipaa-1145.01c2System.1-01.c 1145.01c2System.1-01.c 1145.01c2System.1-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance hipaa 1145.01c2System.1-01.c hipaa-1145.01c2System.1-01.c 1145.01c2System.1-01.c 1145.01c2System.1-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center hipaa 1146.01c2System.23-01.c hipaa-1146.01c2System.23-01.c 1146.01c2System.23-01.c 1146.01c2System.23-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
68d2e478-3b19-23eb-1357-31b296547457 Enforce software execution privileges Regulatory Compliance hipaa 1146.01c2System.23-01.c hipaa-1146.01c2System.23-01.c 1146.01c2System.23-01.c 1146.01c2System.23-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance hipaa 1146.01c2System.23-01.c hipaa-1146.01c2System.23-01.c 1146.01c2System.23-01.c 1146.01c2System.23-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance hipaa 1146.01c2System.23-01.c hipaa-1146.01c2System.23-01.c 1146.01c2System.23-01.c 1146.01c2System.23-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance hipaa 1146.01c2System.23-01.c hipaa-1146.01c2System.23-01.c 1146.01c2System.23-01.c 1146.01c2System.23-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance hipaa 1146.01c2System.23-01.c hipaa-1146.01c2System.23-01.c 1146.01c2System.23-01.c 1146.01c2System.23-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance hipaa 1146.01c2System.23-01.c hipaa-1146.01c2System.23-01.c 1146.01c2System.23-01.c 1146.01c2System.23-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance hipaa 1146.01c2System.23-01.c hipaa-1146.01c2System.23-01.c 1146.01c2System.23-01.c 1146.01c2System.23-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance hipaa 1147.01c2System.456-01.c hipaa-1147.01c2System.456-01.c 1147.01c2System.456-01.c 1147.01c2System.456-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance hipaa 1147.01c2System.456-01.c hipaa-1147.01c2System.456-01.c 1147.01c2System.456-01.c 1147.01c2System.456-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance hipaa 1147.01c2System.456-01.c hipaa-1147.01c2System.456-01.c 1147.01c2System.456-01.c 1147.01c2System.456-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance hipaa 1147.01c2System.456-01.c hipaa-1147.01c2System.456-01.c 1147.01c2System.456-01.c 1147.01c2System.456-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance hipaa 1147.01c2System.456-01.c hipaa-1147.01c2System.456-01.c 1147.01c2System.456-01.c 1147.01c2System.456-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center hipaa 1147.01c2System.456-01.c hipaa-1147.01c2System.456-01.c 1147.01c2System.456-01.c 1147.01c2System.456-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance hipaa 1148.01c2System.78-01.c hipaa-1148.01c2System.78-01.c 1148.01c2System.78-01.c 1148.01c2System.78-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General hipaa 1148.01c2System.78-01.c hipaa-1148.01c2System.78-01.c 1148.01c2System.78-01.c 1148.01c2System.78-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration hipaa 1148.01c2System.78-01.c hipaa-1148.01c2System.78-01.c 1148.01c2System.78-01.c 1148.01c2System.78-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance hipaa 1148.01c2System.78-01.c hipaa-1148.01c2System.78-01.c 1148.01c2System.78-01.c 1148.01c2System.78-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance hipaa 1148.01c2System.78-01.c hipaa-1148.01c2System.78-01.c 1148.01c2System.78-01.c 1148.01c2System.78-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance hipaa 1148.01c2System.78-01.c hipaa-1148.01c2System.78-01.c 1148.01c2System.78-01.c 1148.01c2System.78-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance hipaa 1148.01c2System.78-01.c hipaa-1148.01c2System.78-01.c 1148.01c2System.78-01.c 1148.01c2System.78-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance hipaa 1148.01c2System.78-01.c hipaa-1148.01c2System.78-01.c 1148.01c2System.78-01.c 1148.01c2System.78-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center hipaa 1149.01c2System.9-01.c hipaa-1149.01c2System.9-01.c 1149.01c2System.9 - 01.c The organization facilitates information sharing by enabling authorized users to determine a business partner's access when discretion is allowed as defined by the organization and by employing manual processes or automated mechanisms to assist users in making information sharing/collaboration decisions. HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance hipaa 1150.01c2System.10-01.c hipaa-1150.01c2System.10-01.c 1150.01c2System.10-01.c 1150.01c2System.10-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance hipaa 1150.01c2System.10-01.c hipaa-1150.01c2System.10-01.c 1150.01c2System.10-01.c 1150.01c2System.10-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance hipaa 1150.01c2System.10-01.c hipaa-1150.01c2System.10-01.c 1150.01c2System.10-01.c 1150.01c2System.10-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance hipaa 1150.01c2System.10-01.c hipaa-1150.01c2System.10-01.c 1150.01c2System.10-01.c 1150.01c2System.10-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance hipaa 1150.01c2System.10-01.c hipaa-1150.01c2System.10-01.c 1150.01c2System.10-01.c 1150.01c2System.10-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center hipaa 1150.01c2System.10-01.c hipaa-1150.01c2System.10-01.c 1150.01c2System.10-01.c 1150.01c2System.10-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance hipaa 1150.01c2System.10-01.c hipaa-1150.01c2System.10-01.c 1150.01c2System.10-01.c 1150.01c2System.10-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance hipaa 1151.01c3System.1-01.c hipaa-1151.01c3System.1-01.c 1151.01c3System.1-01.c 1151.01c3System.1-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance hipaa 1151.01c3System.1-01.c hipaa-1151.01c3System.1-01.c 1151.01c3System.1-01.c 1151.01c3System.1-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance hipaa 1151.01c3System.1-01.c hipaa-1151.01c3System.1-01.c 1151.01c3System.1-01.c 1151.01c3System.1-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center hipaa 1151.01c3System.1-01.c hipaa-1151.01c3System.1-01.c 1151.01c3System.1-01.c 1151.01c3System.1-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance hipaa 1151.01c3System.1-01.c hipaa-1151.01c3System.1-01.c 1151.01c3System.1-01.c 1151.01c3System.1-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance hipaa 1151.01c3System.1-01.c hipaa-1151.01c3System.1-01.c 1151.01c3System.1-01.c 1151.01c3System.1-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance hipaa 1151.01c3System.1-01.c hipaa-1151.01c3System.1-01.c 1151.01c3System.1-01.c 1151.01c3System.1-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance hipaa 1152.01c3System.2-01.c hipaa-1152.01c3System.2-01.c 1152.01c3System.2-01.c 1152.01c3System.2-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance hipaa 1152.01c3System.2-01.c hipaa-1152.01c3System.2-01.c 1152.01c3System.2-01.c 1152.01c3System.2-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance hipaa 1152.01c3System.2-01.c hipaa-1152.01c3System.2-01.c 1152.01c3System.2-01.c 1152.01c3System.2-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance hipaa 1152.01c3System.2-01.c hipaa-1152.01c3System.2-01.c 1152.01c3System.2-01.c 1152.01c3System.2-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance hipaa 1152.01c3System.2-01.c hipaa-1152.01c3System.2-01.c 1152.01c3System.2-01.c 1152.01c3System.2-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance hipaa 1152.01c3System.2-01.c hipaa-1152.01c3System.2-01.c 1152.01c3System.2-01.c 1152.01c3System.2-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance hipaa 1152.01c3System.2-01.c hipaa-1152.01c3System.2-01.c 1152.01c3System.2-01.c 1152.01c3System.2-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance hipaa 1152.01c3System.2-01.c hipaa-1152.01c3System.2-01.c 1152.01c3System.2-01.c 1152.01c3System.2-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center hipaa 1152.01c3System.2-01.c hipaa-1152.01c3System.2-01.c 1152.01c3System.2-01.c 1152.01c3System.2-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance hipaa 1153.01c3System.35-01.c hipaa-1153.01c3System.35-01.c 1153.01c3System.35-01.c 1153.01c3System.35-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center hipaa 1153.01c3System.35-01.c hipaa-1153.01c3System.35-01.c 1153.01c3System.35-01.c 1153.01c3System.35-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center hipaa 1154.01c3System.4-01.c hipaa-1154.01c3System.4-01.c 1154.01c3System.4 - 01.c Contractors are provided with minimal system and physical access only after the organization assesses the contractor's ability to comply with its security requirements and the contractor agrees to comply. HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance hipaa 1166.01e1System.12-01.e hipaa-1166.01e1System.12-01.e 1166.01e1System.12-01.e 1166.01e1System.12-01.e 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance hipaa 1166.01e1System.12-01.e hipaa-1166.01e1System.12-01.e 1166.01e1System.12-01.e 1166.01e1System.12-01.e 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance hipaa 1166.01e1System.12-01.e hipaa-1166.01e1System.12-01.e 1166.01e1System.12-01.e 1166.01e1System.12-01.e 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance hipaa 1166.01e1System.12-01.e hipaa-1166.01e1System.12-01.e 1166.01e1System.12-01.e 1166.01e1System.12-01.e 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance hipaa 1166.01e1System.12-01.e hipaa-1166.01e1System.12-01.e 1166.01e1System.12-01.e 1166.01e1System.12-01.e 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance hipaa 1166.01e1System.12-01.e hipaa-1166.01e1System.12-01.e 1166.01e1System.12-01.e 1166.01e1System.12-01.e 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance hipaa 1166.01e1System.12-01.e hipaa-1166.01e1System.12-01.e 1166.01e1System.12-01.e 1166.01e1System.12-01.e 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance hipaa 1166.01e1System.12-01.e hipaa-1166.01e1System.12-01.e 1166.01e1System.12-01.e 1166.01e1System.12-01.e 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ca748dfe-3e28-1d18-4221-89aea30aa0a5 Identify status of individual users Regulatory Compliance hipaa 1167.01e2System.1-01.e hipaa-1167.01e2System.1-01.e 1167.01e2System.1-01.e 1167.01e2System.1-01.e 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f29b17a4-0df2-8a50-058a-8570f9979d28 Assign system identifiers Regulatory Compliance hipaa 1167.01e2System.1-01.e hipaa-1167.01e2System.1-01.e 1167.01e2System.1-01.e 1167.01e2System.1-01.e 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance hipaa 1168.01e2System.2-01.e hipaa-1168.01e2System.2-01.e 1168.01e2System.2-01.e 1168.01e2System.2-01.e 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance hipaa 1168.01e2System.2-01.e hipaa-1168.01e2System.2-01.e 1168.01e2System.2-01.e 1168.01e2System.2-01.e 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance hipaa 1168.01e2System.2-01.e hipaa-1168.01e2System.2-01.e 1168.01e2System.2-01.e 1168.01e2System.2-01.e 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance hipaa 1168.01e2System.2-01.e hipaa-1168.01e2System.2-01.e 1168.01e2System.2-01.e 1168.01e2System.2-01.e 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance hipaa 1175.01j1Organizational.8-01.j hipaa-1175.01j1Organizational.8-01.j 1175.01j1Organizational.8-01.j 1175.01j1Organizational.8-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance hipaa 1175.01j1Organizational.8-01.j hipaa-1175.01j1Organizational.8-01.j 1175.01j1Organizational.8-01.j 1175.01j1Organizational.8-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance hipaa 1175.01j1Organizational.8-01.j hipaa-1175.01j1Organizational.8-01.j 1175.01j1Organizational.8-01.j 1175.01j1Organizational.8-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center hipaa 1175.01j1Organizational.8-01.j hipaa-1175.01j1Organizational.8-01.j 1175.01j1Organizational.8-01.j 1175.01j1Organizational.8-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance hipaa 1175.01j1Organizational.8-01.j hipaa-1175.01j1Organizational.8-01.j 1175.01j1Organizational.8-01.j 1175.01j1Organizational.8-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance hipaa 1178.01j2Organizational.7-01.j hipaa-1178.01j2Organizational.7-01.j 1178.01j2Organizational.7-01.j 1178.01j2Organizational.7-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance hipaa 1178.01j2Organizational.7-01.j hipaa-1178.01j2Organizational.7-01.j 1178.01j2Organizational.7-01.j 1178.01j2Organizational.7-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
08ad71d0-52be-6503-4908-e015460a16ae Require use of individual authenticators Regulatory Compliance hipaa 1178.01j2Organizational.7-01.j hipaa-1178.01j2Organizational.7-01.j 1178.01j2Organizational.7-01.j 1178.01j2Organizational.7-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance hipaa 1179.01j3Organizational.1-01.j hipaa-1179.01j3Organizational.1-01.j 1179.01j3Organizational.1-01.j 1179.01j3Organizational.1-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center hipaa 1179.01j3Organizational.1-01.j hipaa-1179.01j3Organizational.1-01.j 1179.01j3Organizational.1-01.j 1179.01j3Organizational.1-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance hipaa 1179.01j3Organizational.1-01.j hipaa-1179.01j3Organizational.1-01.j 1179.01j3Organizational.1-01.j 1179.01j3Organizational.1-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance hipaa 1179.01j3Organizational.1-01.j hipaa-1179.01j3Organizational.1-01.j 1179.01j3Organizational.1-01.j 1179.01j3Organizational.1-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance hipaa 1179.01j3Organizational.1-01.j hipaa-1179.01j3Organizational.1-01.j 1179.01j3Organizational.1-01.j 1179.01j3Organizational.1-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance hipaa 1179.01j3Organizational.1-01.j hipaa-1179.01j3Organizational.1-01.j 1179.01j3Organizational.1-01.j 1179.01j3Organizational.1-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance hipaa 1179.01j3Organizational.1-01.j hipaa-1179.01j3Organizational.1-01.j 1179.01j3Organizational.1-01.j 1179.01j3Organizational.1-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance hipaa 1192.01l1Organizational.1-01.l hipaa-1192.01l1Organizational.1-01.l 1192.01l1Organizational.1-01.l 1192.01l1Organizational.1-01.l 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance hipaa 1192.01l1Organizational.1-01.l hipaa-1192.01l1Organizational.1-01.l 1192.01l1Organizational.1-01.l 1192.01l1Organizational.1-01.l 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance hipaa 1192.01l1Organizational.1-01.l hipaa-1192.01l1Organizational.1-01.l 1192.01l1Organizational.1-01.l 1192.01l1Organizational.1-01.l 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center hipaa 1192.01l1Organizational.1-01.l hipaa-1192.01l1Organizational.1-01.l 1192.01l1Organizational.1-01.l 1192.01l1Organizational.1-01.l 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance hipaa 1192.01l1Organizational.1-01.l hipaa-1192.01l1Organizational.1-01.l 1192.01l1Organizational.1-01.l 1192.01l1Organizational.1-01.l 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance hipaa 1193.01l2Organizational.13-01.l hipaa-1193.01l2Organizational.13-01.l 1193.01l2Organizational.13-01.l 1193.01l2Organizational.13-01.l 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center hipaa 1193.01l2Organizational.13-01.l hipaa-1193.01l2Organizational.13-01.l 1193.01l2Organizational.13-01.l 1193.01l2Organizational.13-01.l 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance hipaa 1193.01l2Organizational.13-01.l hipaa-1193.01l2Organizational.13-01.l 1193.01l2Organizational.13-01.l 1193.01l2Organizational.13-01.l 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance hipaa 1193.01l2Organizational.13-01.l hipaa-1193.01l2Organizational.13-01.l 1193.01l2Organizational.13-01.l 1193.01l2Organizational.13-01.l 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance hipaa 1193.01l2Organizational.13-01.l hipaa-1193.01l2Organizational.13-01.l 1193.01l2Organizational.13-01.l 1193.01l2Organizational.13-01.l 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service hipaa 1194.01l2Organizational.2-01.l hipaa-1194.01l2Organizational.2-01.l 1194.01l2Organizational.2-01.l 1194.01l2Organizational.2-01.l 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service hipaa 1195.01l3Organizational.1-01.l hipaa-1195.01l3Organizational.1-01.l 1195.01l3Organizational.1-01.l 1195.01l3Organizational.1-01.l 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance hipaa 1201.06e1Organizational.2-06.e hipaa-1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance hipaa 1201.06e1Organizational.2-06.e hipaa-1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance hipaa 1201.06e1Organizational.2-06.e hipaa-1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance hipaa 1201.06e1Organizational.2-06.e hipaa-1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance hipaa 1201.06e1Organizational.2-06.e hipaa-1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance hipaa 1201.06e1Organizational.2-06.e hipaa-1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance hipaa 1201.06e1Organizational.2-06.e hipaa-1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance hipaa 1201.06e1Organizational.2-06.e hipaa-1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance hipaa 1201.06e1Organizational.2-06.e hipaa-1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance hipaa 1201.06e1Organizational.2-06.e hipaa-1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance hipaa 1201.06e1Organizational.2-06.e hipaa-1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance hipaa 1201.06e1Organizational.2-06.e hipaa-1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance hipaa 1202.09aa1System.1-09.aa hipaa-1202.09aa1System.1-09.aa 1202.09aa1System.1-09.aa 1202.09aa1System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a930f477-9dcb-2113-8aa7-45bb6fc90861 Review and update the events defined in AU-02 Regulatory Compliance hipaa 1202.09aa1System.1-09.aa hipaa-1202.09aa1System.1-09.aa 1202.09aa1System.1-09.aa 1202.09aa1System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance hipaa 1202.09aa1System.1-09.aa hipaa-1202.09aa1System.1-09.aa 1202.09aa1System.1-09.aa 1202.09aa1System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake hipaa 1202.09aa1System.1-09.aa hipaa-1202.09aa1System.1-09.aa 1202.09aa1System.1-09.aa 1202.09aa1System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps hipaa 1203.09aa1System.2-09.aa hipaa-1203.09aa1System.2-09.aa 1203.09aa1System.2-09.aa 1203.09aa1System.2-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance hipaa 1203.09aa1System.2-09.aa hipaa-1203.09aa1System.2-09.aa 1203.09aa1System.2-09.aa 1203.09aa1System.2-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance hipaa 1203.09aa1System.2-09.aa hipaa-1203.09aa1System.2-09.aa 1203.09aa1System.2-09.aa 1203.09aa1System.2-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance hipaa 1204.09aa1System.3-09.aa hipaa-1204.09aa1System.3-09.aa 1204.09aa1System.3-09.aa 1204.09aa1System.3-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things hipaa 1204.09aa1System.3-09.aa hipaa-1204.09aa1System.3-09.aa 1204.09aa1System.3-09.aa 1204.09aa1System.3-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance hipaa 1204.09aa1System.3-09.aa hipaa-1204.09aa1System.3-09.aa 1204.09aa1System.3-09.aa 1204.09aa1System.3-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance hipaa 1204.09aa1System.3-09.aa hipaa-1204.09aa1System.3-09.aa 1204.09aa1System.3-09.aa 1204.09aa1System.3-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance hipaa 1205.09aa2System.1-09.aa hipaa-1205.09aa2System.1-09.aa 1205.09aa2System.1-09.aa 1205.09aa2System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch hipaa 1205.09aa2System.1-09.aa hipaa-1205.09aa2System.1-09.aa 1205.09aa2System.1-09.aa 1205.09aa2System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
21633c09-804e-7fcd-78e3-635c6bfe2be7 Provide capability to process customer-controlled audit records Regulatory Compliance hipaa 1205.09aa2System.1-09.aa hipaa-1205.09aa2System.1-09.aa 1205.09aa2System.1-09.aa 1205.09aa2System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance hipaa 1205.09aa2System.1-09.aa hipaa-1205.09aa2System.1-09.aa 1205.09aa2System.1-09.aa 1205.09aa2System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
27ce30dd-3d56-8b54-6144-e26d9a37a541 Ensure audit records are not altered Regulatory Compliance hipaa 1205.09aa2System.1-09.aa hipaa-1205.09aa2System.1-09.aa 1205.09aa2System.1-09.aa 1205.09aa2System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
44f8a42d-739f-8030-89a8-4c2d5b3f6af3 Provide audit review, analysis, and reporting capability Regulatory Compliance hipaa 1205.09aa2System.1-09.aa hipaa-1205.09aa2System.1-09.aa 1205.09aa2System.1-09.aa 1205.09aa2System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance hipaa 1206.09aa2System.23-09.aa hipaa-1206.09aa2System.23-09.aa 1206.09aa2System.23-09.aa 1206.09aa2System.23-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance hipaa 1206.09aa2System.23-09.aa hipaa-1206.09aa2System.23-09.aa 1206.09aa2System.23-09.aa 1206.09aa2System.23-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance hipaa 1206.09aa2System.23-09.aa hipaa-1206.09aa2System.23-09.aa 1206.09aa2System.23-09.aa 1206.09aa2System.23-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance hipaa 1206.09aa2System.23-09.aa hipaa-1206.09aa2System.23-09.aa 1206.09aa2System.23-09.aa 1206.09aa2System.23-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Employ automatic shutdown/restart when violations are detected Regulatory Compliance hipaa 1206.09aa2System.23-09.aa hipaa-1206.09aa2System.23-09.aa 1206.09aa2System.23-09.aa 1206.09aa2System.23-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8e920169-739d-40b5-3f99-c4d855327bb2 Prohibit binary/machine-executable code Regulatory Compliance hipaa 1206.09aa2System.23-09.aa hipaa-1206.09aa2System.23-09.aa 1206.09aa2System.23-09.aa 1206.09aa2System.23-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance hipaa 1207.09aa2System.4-09.aa hipaa-1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance hipaa 1207.09aa2System.4-09.aa hipaa-1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance hipaa 1207.09aa2System.4-09.aa hipaa-1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance hipaa 1207.09aa2System.4-09.aa hipaa-1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance hipaa 1207.09aa2System.4-09.aa hipaa-1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance hipaa 1207.09aa2System.4-09.aa hipaa-1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance hipaa 1207.09aa2System.4-09.aa hipaa-1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub hipaa 1207.09aa2System.4-09.aa hipaa-1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics hipaa 1207.09aa2System.4-09.aa hipaa-1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance hipaa 1207.09aa2System.4-09.aa hipaa-1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance hipaa 1207.09aa2System.4-09.aa hipaa-1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance hipaa 1207.09aa2System.4-09.aa hipaa-1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance hipaa 1207.09aa2System.4-09.aa hipaa-1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service hipaa 1209.09aa3System.2-09.aa hipaa-1209.09aa3System.2-09.aa 1209.09aa3System.2-09.aa 1209.09aa3System.2-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance hipaa 1209.09aa3System.2-09.aa hipaa-1209.09aa3System.2-09.aa 1209.09aa3System.2-09.aa 1209.09aa3System.2-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance hipaa 1209.09aa3System.2-09.aa hipaa-1209.09aa3System.2-09.aa 1209.09aa3System.2-09.aa 1209.09aa3System.2-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance hipaa 1210.09aa3System.3-09.aa hipaa-1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake hipaa 1210.09aa3System.3-09.aa hipaa-1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring hipaa 1210.09aa3System.3-09.aa hipaa-1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1ee4c7eb-480a-0007-77ff-4ba370776266 Use system clocks for audit records Regulatory Compliance hipaa 1210.09aa3System.3-09.aa hipaa-1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance hipaa 1210.09aa3System.3-09.aa hipaa-1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a930f477-9dcb-2113-8aa7-45bb6fc90861 Review and update the events defined in AU-02 Regulatory Compliance hipaa 1210.09aa3System.3-09.aa hipaa-1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance hipaa 1210.09aa3System.3-09.aa hipaa-1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance hipaa 1210.09aa3System.3-09.aa hipaa-1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance hipaa 1210.09aa3System.3-09.aa hipaa-1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance hipaa 1210.09aa3System.3-09.aa hipaa-1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance hipaa 1210.09aa3System.3-09.aa hipaa-1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring hipaa 12100.09ab2System.15-09.ab hipaa-12100.09ab2System.15-09.ab 12100.09ab2System.15-09.ab 12100.09ab2System.15-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
07b42fb5-027e-5a3c-4915-9d9ef3020ec7 Discover any indicators of compromise Regulatory Compliance hipaa 12100.09ab2System.15-09.ab hipaa-12100.09ab2System.15-09.ab 12100.09ab2System.15-09.ab 12100.09ab2System.15-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls Regulatory Compliance hipaa 12100.09ab2System.15-09.ab hipaa-12100.09ab2System.15-09.ab 12100.09ab2System.15-09.ab 12100.09ab2System.15-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3eecf628-a1c8-1b48-1b5c-7ca781e97970 Specify permitted actions associated with customer audit information Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de251b09-4a5e-1204-4bef-62ac58d47999 Adjust level of audit review, analysis, and reporting Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance hipaa 12102.09ab1Organizational.4-09.ab hipaa-12102.09ab1Organizational.4-09.ab 12102.09ab1Organizational.4-09.ab 12102.09ab1Organizational.4-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance hipaa 12102.09ab1Organizational.4-09.ab hipaa-12102.09ab1Organizational.4-09.ab 12102.09ab1Organizational.4-09.ab 12102.09ab1Organizational.4-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance hipaa 12102.09ab1Organizational.4-09.ab hipaa-12102.09ab1Organizational.4-09.ab 12102.09ab1Organizational.4-09.ab 12102.09ab1Organizational.4-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f78fc35e-1268-0bca-a798-afcba9d2330a Select additional testing for security control assessments Regulatory Compliance hipaa 12102.09ab1Organizational.4-09.ab hipaa-12102.09ab1Organizational.4-09.ab 12102.09ab1Organizational.4-09.ab 12102.09ab1Organizational.4-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance hipaa 12102.09ab1Organizational.4-09.ab hipaa-12102.09ab1Organizational.4-09.ab 12102.09ab1Organizational.4-09.ab 12102.09ab1Organizational.4-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance hipaa 12102.09ab1Organizational.4-09.ab hipaa-12102.09ab1Organizational.4-09.ab 12102.09ab1Organizational.4-09.ab 12102.09ab1Organizational.4-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6265018c-d7e2-432f-a75d-094d5f6f4465 Audit Windows machines on which the Log Analytics agent is not connected as expected Guest Configuration hipaa 12102.09ab1Organizational.4-09.ab hipaa-12102.09ab1Organizational.4-09.ab 12102.09ab1Organizational.4-09.ab 12102.09ab1Organizational.4-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance hipaa 12103.09ab1Organizational.5-09.ab hipaa-12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance hipaa 12103.09ab1Organizational.5-09.ab hipaa-12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance hipaa 12103.09ab1Organizational.5-09.ab hipaa-12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance hipaa 12103.09ab1Organizational.5-09.ab hipaa-12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance hipaa 12103.09ab1Organizational.5-09.ab hipaa-12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance hipaa 12103.09ab1Organizational.5-09.ab hipaa-12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance hipaa 12103.09ab1Organizational.5-09.ab hipaa-12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance hipaa 12103.09ab1Organizational.5-09.ab hipaa-12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance hipaa 12103.09ab1Organizational.5-09.ab hipaa-12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance hipaa 12103.09ab1Organizational.5-09.ab hipaa-12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance hipaa 12103.09ab1Organizational.5-09.ab hipaa-12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance hipaa 1211.09aa3System.4-09.aa hipaa-1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance hipaa 1211.09aa3System.4-09.aa hipaa-1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance hipaa 1211.09aa3System.4-09.aa hipaa-1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance hipaa 1211.09aa3System.4-09.aa hipaa-1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance hipaa 1211.09aa3System.4-09.aa hipaa-1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL hipaa 1211.09aa3System.4-09.aa hipaa-1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault hipaa 1211.09aa3System.4-09.aa hipaa-1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault hipaa 1211.09aa3System.4-09.aa hipaa-1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance hipaa 1211.09aa3System.4-09.aa hipaa-1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d9af7f88-686a-5a8b-704b-eafdab278977 Obtain legal opinion for monitoring system activities Regulatory Compliance hipaa 1212.09ab1System.1-09.ab hipaa-1212.09ab1System.1-09.ab 1212.09ab1System.1-09.ab 1212.09ab1System.1-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring hipaa 1212.09ab1System.1-09.ab hipaa-1212.09ab1System.1-09.ab 1212.09ab1System.1-09.ab 1212.09ab1System.1-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7fc1f0da-0050-19bb-3d75-81ae15940df6 Provide monitoring information as needed Regulatory Compliance hipaa 1212.09ab1System.1-09.ab hipaa-1212.09ab1System.1-09.ab 1212.09ab1System.1-09.ab 1212.09ab1System.1-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance hipaa 1213.09ab2System.128-09.ab hipaa-1213.09ab2System.128-09.ab 1213.09ab2System.128-09.ab 1213.09ab2System.128-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance hipaa 1213.09ab2System.128-09.ab hipaa-1213.09ab2System.128-09.ab 1213.09ab2System.128-09.ab 1213.09ab2System.128-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance hipaa 1214.09ab2System.3456-09.ab hipaa-1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance hipaa 1214.09ab2System.3456-09.ab hipaa-1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance hipaa 1214.09ab2System.3456-09.ab hipaa-1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance hipaa 1214.09ab2System.3456-09.ab hipaa-1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring hipaa 1214.09ab2System.3456-09.ab hipaa-1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance hipaa 1214.09ab2System.3456-09.ab hipaa-1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance hipaa 1214.09ab2System.3456-09.ab hipaa-1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance hipaa 1214.09ab2System.3456-09.ab hipaa-1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance hipaa 1214.09ab2System.3456-09.ab hipaa-1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
44f8a42d-739f-8030-89a8-4c2d5b3f6af3 Provide audit review, analysis, and reporting capability Regulatory Compliance hipaa 1215.09ab2System.7-09.ab hipaa-1215.09ab2System.7-09.ab 1215.09ab2System.7-09.ab 1215.09ab2System.7-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
27ce30dd-3d56-8b54-6144-e26d9a37a541 Ensure audit records are not altered Regulatory Compliance hipaa 1215.09ab2System.7-09.ab hipaa-1215.09ab2System.7-09.ab 1215.09ab2System.7-09.ab 1215.09ab2System.7-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
21633c09-804e-7fcd-78e3-635c6bfe2be7 Provide capability to process customer-controlled audit records Regulatory Compliance hipaa 1215.09ab2System.7-09.ab hipaa-1215.09ab2System.7-09.ab 1215.09ab2System.7-09.ab 1215.09ab2System.7-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring hipaa 1215.09ab2System.7-09.ab hipaa-1215.09ab2System.7-09.ab 1215.09ab2System.7-09.ab 1215.09ab2System.7-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a930f477-9dcb-2113-8aa7-45bb6fc90861 Review and update the events defined in AU-02 Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls Regulatory Compliance hipaa 1217.09ab3System.3-09.ab hipaa-1217.09ab3System.3-09.ab 1217.09ab3System.3-09.ab 1217.09ab3System.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6265018c-d7e2-432f-a75d-094d5f6f4465 Audit Windows machines on which the Log Analytics agent is not connected as expected Guest Configuration hipaa 1217.09ab3System.3-09.ab hipaa-1217.09ab3System.3-09.ab 1217.09ab3System.3-09.ab 1217.09ab3System.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance hipaa 1217.09ab3System.3-09.ab hipaa-1217.09ab3System.3-09.ab 1217.09ab3System.3-09.ab 1217.09ab3System.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance hipaa 1217.09ab3System.3-09.ab hipaa-1217.09ab3System.3-09.ab 1217.09ab3System.3-09.ab 1217.09ab3System.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance hipaa 1217.09ab3System.3-09.ab hipaa-1217.09ab3System.3-09.ab 1217.09ab3System.3-09.ab 1217.09ab3System.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance hipaa 1218.09ab3System.47-09.ab hipaa-1218.09ab3System.47-09.ab 1218.09ab3System.47-09.ab 1218.09ab3System.47-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance hipaa 1218.09ab3System.47-09.ab hipaa-1218.09ab3System.47-09.ab 1218.09ab3System.47-09.ab 1218.09ab3System.47-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance hipaa 1218.09ab3System.47-09.ab hipaa-1218.09ab3System.47-09.ab 1218.09ab3System.47-09.ab 1218.09ab3System.47-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance hipaa 1218.09ab3System.47-09.ab hipaa-1218.09ab3System.47-09.ab 1218.09ab3System.47-09.ab 1218.09ab3System.47-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance hipaa 1218.09ab3System.47-09.ab hipaa-1218.09ab3System.47-09.ab 1218.09ab3System.47-09.ab 1218.09ab3System.47-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance hipaa 1218.09ab3System.47-09.ab hipaa-1218.09ab3System.47-09.ab 1218.09ab3System.47-09.ab 1218.09ab3System.47-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance hipaa 1218.09ab3System.47-09.ab hipaa-1218.09ab3System.47-09.ab 1218.09ab3System.47-09.ab 1218.09ab3System.47-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
44f8a42d-739f-8030-89a8-4c2d5b3f6af3 Provide audit review, analysis, and reporting capability Regulatory Compliance hipaa 1219.09ab3System.10-09.ab hipaa-1219.09ab3System.10-09.ab 1219.09ab3System.10-09.ab 1219.09ab3System.10-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring hipaa 1219.09ab3System.10-09.ab hipaa-1219.09ab3System.10-09.ab 1219.09ab3System.10-09.ab 1219.09ab3System.10-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
21633c09-804e-7fcd-78e3-635c6bfe2be7 Provide capability to process customer-controlled audit records Regulatory Compliance hipaa 1219.09ab3System.10-09.ab hipaa-1219.09ab3System.10-09.ab 1219.09ab3System.10-09.ab 1219.09ab3System.10-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
27ce30dd-3d56-8b54-6144-e26d9a37a541 Ensure audit records are not altered Regulatory Compliance hipaa 1219.09ab3System.10-09.ab hipaa-1219.09ab3System.10-09.ab 1219.09ab3System.10-09.ab 1219.09ab3System.10-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance hipaa 1220.09ab3System.56-09.ab hipaa-1220.09ab3System.56-09.ab 1220.09ab3System.56-09.ab 1220.09ab3System.56-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance hipaa 1220.09ab3System.56-09.ab hipaa-1220.09ab3System.56-09.ab 1220.09ab3System.56-09.ab 1220.09ab3System.56-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance hipaa 1220.09ab3System.56-09.ab hipaa-1220.09ab3System.56-09.ab 1220.09ab3System.56-09.ab 1220.09ab3System.56-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance hipaa 1220.09ab3System.56-09.ab hipaa-1220.09ab3System.56-09.ab 1220.09ab3System.56-09.ab 1220.09ab3System.56-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
26d178a4-9261-6f04-a100-47ed85314c6e Implement security directives Regulatory Compliance hipaa 1222.09ab3System.8-09.ab hipaa-1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Disseminate security alerts to personnel Regulatory Compliance hipaa 1222.09ab3System.8-09.ab hipaa-1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b0e3035d-6366-2e37-796e-8bcab9c649e6 Establish a threat intelligence program Regulatory Compliance hipaa 1222.09ab3System.8-09.ab hipaa-1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
21633c09-804e-7fcd-78e3-635c6bfe2be7 Provide capability to process customer-controlled audit records Regulatory Compliance hipaa 1222.09ab3System.8-09.ab hipaa-1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance hipaa 1222.09ab3System.8-09.ab hipaa-1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance hipaa 1222.09ab3System.8-09.ab hipaa-1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance hipaa 1222.09ab3System.8-09.ab hipaa-1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance hipaa 1222.09ab3System.8-09.ab hipaa-1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance hipaa 1222.09ab3System.8-09.ab hipaa-1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
171e377b-5224-4a97-1eaa-62a3b5231dac Generate internal security alerts Regulatory Compliance hipaa 1222.09ab3System.8-09.ab hipaa-1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance hipaa 1229.09c1Organizational.1-09.c hipaa-1229.09c1Organizational.1-09.c 1229.09c1Organizational.1-09.c 1229.09c1Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance hipaa 1229.09c1Organizational.1-09.c hipaa-1229.09c1Organizational.1-09.c 1229.09c1Organizational.1-09.c 1229.09c1Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center hipaa 1229.09c1Organizational.1-09.c hipaa-1229.09c1Organizational.1-09.c 1229.09c1Organizational.1-09.c 1229.09c1Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance hipaa 1229.09c1Organizational.1-09.c hipaa-1229.09c1Organizational.1-09.c 1229.09c1Organizational.1-09.c 1229.09c1Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance hipaa 1230.09c2Organizational.1-09.c hipaa-1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance hipaa 1230.09c2Organizational.1-09.c hipaa-1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance hipaa 1230.09c2Organizational.1-09.c hipaa-1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance hipaa 1230.09c2Organizational.1-09.c hipaa-1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance hipaa 1230.09c2Organizational.1-09.c hipaa-1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance hipaa 1230.09c2Organizational.1-09.c hipaa-1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance hipaa 1230.09c2Organizational.1-09.c hipaa-1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance hipaa 1230.09c2Organizational.1-09.c hipaa-1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance hipaa 1230.09c2Organizational.1-09.c hipaa-1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance hipaa 1230.09c2Organizational.1-09.c hipaa-1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance hipaa 1230.09c2Organizational.1-09.c hipaa-1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General hipaa 1230.09c2Organizational.1-09.c hipaa-1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance hipaa 1230.09c2Organizational.1-09.c hipaa-1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance hipaa 1231.09c2Organizational.23-09.c hipaa-1231.09c2Organizational.23-09.c 1231.09c2Organizational.23-09.c 1231.09c2Organizational.23-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance hipaa 1231.09c2Organizational.23-09.c hipaa-1231.09c2Organizational.23-09.c 1231.09c2Organizational.23-09.c 1231.09c2Organizational.23-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance hipaa 1231.09c2Organizational.23-09.c hipaa-1231.09c2Organizational.23-09.c 1231.09c2Organizational.23-09.c 1231.09c2Organizational.23-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
68d2e478-3b19-23eb-1357-31b296547457 Enforce software execution privileges Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance hipaa 1233.09c3Organizational.3-09.c hipaa-1233.09c3Organizational.3-09.c 1233.09c3Organizational.3-09.c 1233.09c3Organizational.3-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance hipaa 1233.09c3Organizational.3-09.c hipaa-1233.09c3Organizational.3-09.c 1233.09c3Organizational.3-09.c 1233.09c3Organizational.3-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance hipaa 1233.09c3Organizational.3-09.c hipaa-1233.09c3Organizational.3-09.c 1233.09c3Organizational.3-09.c 1233.09c3Organizational.3-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance hipaa 1271.09ad1System.1-09.ad hipaa-1271.09ad1System.1-09.ad 1271.09ad1System.1-09.ad 1271.09ad1System.1-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance hipaa 1271.09ad1System.1-09.ad hipaa-1271.09ad1System.1-09.ad 1271.09ad1System.1-09.ad 1271.09ad1System.1-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance hipaa 1271.09ad1System.1-09.ad hipaa-1271.09ad1System.1-09.ad 1271.09ad1System.1-09.ad 1271.09ad1System.1-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance hipaa 1271.09ad1System.1-09.ad hipaa-1271.09ad1System.1-09.ad 1271.09ad1System.1-09.ad 1271.09ad1System.1-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance hipaa 1271.09ad1System.1-09.ad hipaa-1271.09ad1System.1-09.ad 1271.09ad1System.1-09.ad 1271.09ad1System.1-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance hipaa 1271.09ad1System.1-09.ad hipaa-1271.09ad1System.1-09.ad 1271.09ad1System.1-09.ad 1271.09ad1System.1-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance hipaa 1271.09ad1System.1-09.ad hipaa-1271.09ad1System.1-09.ad 1271.09ad1System.1-09.ad 1271.09ad1System.1-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring hipaa 1271.09ad1System.1-09.ad hipaa-1271.09ad1System.1-09.ad 1271.09ad1System.1-09.ad 1271.09ad1System.1-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance hipaa 1271.09ad2System.1 hipaa-1271.09ad2System.1 1271.09ad2System.1 1271.09ad2System.1 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance hipaa 1271.09ad2System.1 hipaa-1271.09ad2System.1 1271.09ad2System.1 1271.09ad2System.1 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance hipaa 1271.09ad2System.1 hipaa-1271.09ad2System.1 1271.09ad2System.1 1271.09ad2System.1 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance hipaa 1271.09ad2System.1 hipaa-1271.09ad2System.1 1271.09ad2System.1 1271.09ad2System.1 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance hipaa 1271.09ad2System.1 hipaa-1271.09ad2System.1 1271.09ad2System.1 1271.09ad2System.1 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance hipaa 1271.09ad2System.1 hipaa-1271.09ad2System.1 1271.09ad2System.1 1271.09ad2System.1 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance hipaa 1271.09ad2System.1 hipaa-1271.09ad2System.1 1271.09ad2System.1 1271.09ad2System.1 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
68d2e478-3b19-23eb-1357-31b296547457 Enforce software execution privileges Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration hipaa 1277.09c2Organizational.4-09.c hipaa-1277.09c2Organizational.4-09.c 1277.09c2Organizational.4-09.c 1277.09c2Organizational.4-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance hipaa 1277.09c2Organizational.4-09.c hipaa-1277.09c2Organizational.4-09.c 1277.09c2Organizational.4-09.c 1277.09c2Organizational.4-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance hipaa 1277.09c2Organizational.4-09.c hipaa-1277.09c2Organizational.4-09.c 1277.09c2Organizational.4-09.c 1277.09c2Organizational.4-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance hipaa 1277.09c2Organizational.4-09.c hipaa-1277.09c2Organizational.4-09.c 1277.09c2Organizational.4-09.c 1277.09c2Organizational.4-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance hipaa 1278.09c2Organizational.56-09.c hipaa-1278.09c2Organizational.56-09.c 1278.09c2Organizational.56-09.c 1278.09c2Organizational.56-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance hipaa 1278.09c2Organizational.56-09.c hipaa-1278.09c2Organizational.56-09.c 1278.09c2Organizational.56-09.c 1278.09c2Organizational.56-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance hipaa 1278.09c2Organizational.56-09.c hipaa-1278.09c2Organizational.56-09.c 1278.09c2Organizational.56-09.c 1278.09c2Organizational.56-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance hipaa 1279.09c3Organizational.4-09.c hipaa-1279.09c3Organizational.4-09.c 1279.09c3Organizational.4-09.c 1279.09c3Organizational.4-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance hipaa 1279.09c3Organizational.4-09.c hipaa-1279.09c3Organizational.4-09.c 1279.09c3Organizational.4-09.c 1279.09c3Organizational.4-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance hipaa 1279.09c3Organizational.4-09.c hipaa-1279.09c3Organizational.4-09.c 1279.09c3Organizational.4-09.c 1279.09c3Organizational.4-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f6794ab8-9a7d-3b24-76ab-265d3646232b Provide role-based training on suspicious activities Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d041726f-00e0-41ca-368c-b1a122066482 Provide role-based practical exercises Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
35de8462-03ff-45b3-5746-9d4603c74c56 Implement an insider threat program Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
015b4935-448a-8684-27c0-d13086356c33 Implement a threat awareness program Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3153d9c0-2584-14d3-362d-578b01358aeb Retain training records Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance hipaa 1303.02e2Organizational.2-02.e hipaa-1303.02e2Organizational.2-02.e 1303.02e2Organizational.2-02.e 1303.02e2Organizational.2-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance hipaa 1303.02e2Organizational.2-02.e hipaa-1303.02e2Organizational.2-02.e 1303.02e2Organizational.2-02.e 1303.02e2Organizational.2-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance hipaa 1303.02e2Organizational.2-02.e hipaa-1303.02e2Organizational.2-02.e 1303.02e2Organizational.2-02.e 1303.02e2Organizational.2-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance hipaa 1303.02e2Organizational.2-02.e hipaa-1303.02e2Organizational.2-02.e 1303.02e2Organizational.2-02.e 1303.02e2Organizational.2-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance hipaa 1303.02e2Organizational.2-02.e hipaa-1303.02e2Organizational.2-02.e 1303.02e2Organizational.2-02.e 1303.02e2Organizational.2-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance hipaa 1303.02e2Organizational.2-02.e hipaa-1303.02e2Organizational.2-02.e 1303.02e2Organizational.2-02.e 1303.02e2Organizational.2-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance hipaa 1303.02e2Organizational.2-02.e hipaa-1303.02e2Organizational.2-02.e 1303.02e2Organizational.2-02.e 1303.02e2Organizational.2-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance hipaa 1303.02e2Organizational.2-02.e hipaa-1303.02e2Organizational.2-02.e 1303.02e2Organizational.2-02.e 1303.02e2Organizational.2-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance hipaa 1304.02e3Organizational.1-02.e hipaa-1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance hipaa 1304.02e3Organizational.1-02.e hipaa-1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance hipaa 1304.02e3Organizational.1-02.e hipaa-1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information Regulatory Compliance hipaa 1304.02e3Organizational.1-02.e hipaa-1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance hipaa 1304.02e3Organizational.1-02.e hipaa-1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance hipaa 1304.02e3Organizational.1-02.e hipaa-1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
676c3c35-3c36-612c-9523-36d266a65000 Require developers to provide training Regulatory Compliance hipaa 1304.02e3Organizational.1-02.e hipaa-1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance hipaa 1304.02e3Organizational.1-02.e hipaa-1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance hipaa 1304.02e3Organizational.1-02.e hipaa-1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3153d9c0-2584-14d3-362d-578b01358aeb Retain training records Regulatory Compliance hipaa 1305.02e3Organizational.23-02.e hipaa-1305.02e3Organizational.23-02.e 1305.02e3Organizational.23-02.e 1305.02e3Organizational.23-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance hipaa 1305.02e3Organizational.23-02.e hipaa-1305.02e3Organizational.23-02.e 1305.02e3Organizational.23-02.e 1305.02e3Organizational.23-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance hipaa 1305.02e3Organizational.23-02.e hipaa-1305.02e3Organizational.23-02.e 1305.02e3Organizational.23-02.e 1305.02e3Organizational.23-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance hipaa 1306.06e1Organizational.5-06.e hipaa-1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance hipaa 1306.06e1Organizational.5-06.e hipaa-1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance hipaa 1306.06e1Organizational.5-06.e hipaa-1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance hipaa 1306.06e1Organizational.5-06.e hipaa-1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance hipaa 1306.06e1Organizational.5-06.e hipaa-1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance hipaa 1306.06e1Organizational.5-06.e hipaa-1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance hipaa 1306.06e1Organizational.5-06.e hipaa-1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance hipaa 1306.06e1Organizational.5-06.e hipaa-1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance hipaa 1306.06e1Organizational.5-06.e hipaa-1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process Regulatory Compliance hipaa 1306.06e1Organizational.5-06.e hipaa-1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions Regulatory Compliance hipaa 1306.06e1Organizational.5-06.e hipaa-1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance hipaa 1307.07c1Organizational.124-07.c hipaa-1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance hipaa 1307.07c1Organizational.124-07.c hipaa-1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance hipaa 1307.07c1Organizational.124-07.c hipaa-1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance hipaa 1307.07c1Organizational.124-07.c hipaa-1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance hipaa 1307.07c1Organizational.124-07.c hipaa-1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance hipaa 1307.07c1Organizational.124-07.c hipaa-1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance hipaa 1307.07c1Organizational.124-07.c hipaa-1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance hipaa 1307.07c1Organizational.124-07.c hipaa-1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance hipaa 1307.07c1Organizational.124-07.c hipaa-1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance hipaa 1308.09j1Organizational.5-09.j hipaa-1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance hipaa 1308.09j1Organizational.5-09.j hipaa-1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance hipaa 1308.09j1Organizational.5-09.j hipaa-1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance hipaa 1308.09j1Organizational.5-09.j hipaa-1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance hipaa 1308.09j1Organizational.5-09.j hipaa-1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance hipaa 1308.09j1Organizational.5-09.j hipaa-1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance hipaa 1308.09j1Organizational.5-09.j hipaa-1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance hipaa 1308.09j1Organizational.5-09.j hipaa-1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance hipaa 1308.09j1Organizational.5-09.j hipaa-1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance hipaa 1308.09j1Organizational.5-09.j hipaa-1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance hipaa 1308.09j1Organizational.5-09.j hipaa-1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance hipaa 1308.09j1Organizational.5-09.j hipaa-1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance hipaa 1309.01x1System.36-01.x hipaa-1309.01x1System.36-01.x 1309.01x1System.36-01.x 1309.01x1System.36-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance hipaa 1309.01x1System.36-01.x hipaa-1309.01x1System.36-01.x 1309.01x1System.36-01.x 1309.01x1System.36-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance hipaa 1309.01x1System.36-01.x hipaa-1309.01x1System.36-01.x 1309.01x1System.36-01.x 1309.01x1System.36-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance hipaa 1309.01x1System.36-01.x hipaa-1309.01x1System.36-01.x 1309.01x1System.36-01.x 1309.01x1System.36-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance hipaa 1309.01x1System.36-01.x hipaa-1309.01x1System.36-01.x 1309.01x1System.36-01.x 1309.01x1System.36-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance hipaa 1309.01x1System.36-01.x hipaa-1309.01x1System.36-01.x 1309.01x1System.36-01.x 1309.01x1System.36-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance hipaa 1310.01y1Organizational.9-01.y hipaa-1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d041726f-00e0-41ca-368c-b1a122066482 Provide role-based practical exercises Regulatory Compliance hipaa 1310.01y1Organizational.9-01.y hipaa-1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats Regulatory Compliance hipaa 1310.01y1Organizational.9-01.y hipaa-1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance hipaa 1310.01y1Organizational.9-01.y hipaa-1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance hipaa 1310.01y1Organizational.9-01.y hipaa-1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance hipaa 1310.01y1Organizational.9-01.y hipaa-1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance hipaa 1310.01y1Organizational.9-01.y hipaa-1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance hipaa 1310.01y1Organizational.9-01.y hipaa-1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance hipaa 1310.01y1Organizational.9-01.y hipaa-1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f6794ab8-9a7d-3b24-76ab-265d3646232b Provide role-based training on suspicious activities Regulatory Compliance hipaa 1310.01y1Organizational.9-01.y hipaa-1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance hipaa 1311.12c2Organizational.3-12.c hipaa-1311.12c2Organizational.3-12.c 1311.12c2Organizational.3-12.c 1311.12c2Organizational.3-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance hipaa 1311.12c2Organizational.3-12.c hipaa-1311.12c2Organizational.3-12.c 1311.12c2Organizational.3-12.c 1311.12c2Organizational.3-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9c954fcf-6dd8-81f1-41b5-832ae5c62caf Incorporate simulated contingency training Regulatory Compliance hipaa 1311.12c2Organizational.3-12.c hipaa-1311.12c2Organizational.3-12.c 1311.12c2Organizational.3-12.c 1311.12c2Organizational.3-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance hipaa 1313.02e1Organizational.3-02.e hipaa-1313.02e1Organizational.3-02.e 1313.02e1Organizational.3-02.e 1313.02e1Organizational.3-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance hipaa 1313.02e1Organizational.3-02.e hipaa-1313.02e1Organizational.3-02.e 1313.02e1Organizational.3-02.e 1313.02e1Organizational.3-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance hipaa 1313.02e1Organizational.3-02.e hipaa-1313.02e1Organizational.3-02.e 1313.02e1Organizational.3-02.e 1313.02e1Organizational.3-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance hipaa 1314.02e2Organizational.5-02.e hipaa-1314.02e2Organizational.5-02.e 1314.02e2Organizational.5-02.e 1314.02e2Organizational.5-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance hipaa 1314.02e2Organizational.5-02.e hipaa-1314.02e2Organizational.5-02.e 1314.02e2Organizational.5-02.e 1314.02e2Organizational.5-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance hipaa 1314.02e2Organizational.5-02.e hipaa-1314.02e2Organizational.5-02.e 1314.02e2Organizational.5-02.e 1314.02e2Organizational.5-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance hipaa 1314.02e2Organizational.5-02.e hipaa-1314.02e2Organizational.5-02.e 1314.02e2Organizational.5-02.e 1314.02e2Organizational.5-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance hipaa 1315.02e2Organizational.67-02.e hipaa-1315.02e2Organizational.67-02.e 1315.02e2Organizational.67-02.e 1315.02e2Organizational.67-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance hipaa 1315.02e2Organizational.67-02.e hipaa-1315.02e2Organizational.67-02.e 1315.02e2Organizational.67-02.e 1315.02e2Organizational.67-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance hipaa 1315.02e2Organizational.67-02.e hipaa-1315.02e2Organizational.67-02.e 1315.02e2Organizational.67-02.e 1315.02e2Organizational.67-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance hipaa 1315.02e2Organizational.67-02.e hipaa-1315.02e2Organizational.67-02.e 1315.02e2Organizational.67-02.e 1315.02e2Organizational.67-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance hipaa 1315.02e2Organizational.67-02.e hipaa-1315.02e2Organizational.67-02.e 1315.02e2Organizational.67-02.e 1315.02e2Organizational.67-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance hipaa 1315.02e2Organizational.67-02.e hipaa-1315.02e2Organizational.67-02.e 1315.02e2Organizational.67-02.e 1315.02e2Organizational.67-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance hipaa 1324.07c1Organizational.3-07.c hipaa-1324.07c1Organizational.3-07.c 1324.07c1Organizational.3-07.c 1324.07c1Organizational.3-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance hipaa 1324.07c1Organizational.3-07.c hipaa-1324.07c1Organizational.3-07.c 1324.07c1Organizational.3-07.c 1324.07c1Organizational.3-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance hipaa 1324.07c1Organizational.3-07.c hipaa-1324.07c1Organizational.3-07.c 1324.07c1Organizational.3-07.c 1324.07c1Organizational.3-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance hipaa 1324.07c1Organizational.3-07.c hipaa-1324.07c1Organizational.3-07.c 1324.07c1Organizational.3-07.c 1324.07c1Organizational.3-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance hipaa 1324.07c1Organizational.3-07.c hipaa-1324.07c1Organizational.3-07.c 1324.07c1Organizational.3-07.c 1324.07c1Organizational.3-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance hipaa 1324.07c1Organizational.3-07.c hipaa-1324.07c1Organizational.3-07.c 1324.07c1Organizational.3-07.c 1324.07c1Organizational.3-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance hipaa 1324.07c1Organizational.3-07.c hipaa-1324.07c1Organizational.3-07.c 1324.07c1Organizational.3-07.c 1324.07c1Organizational.3-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance hipaa 1324.07c1Organizational.3-07.c hipaa-1324.07c1Organizational.3-07.c 1324.07c1Organizational.3-07.c 1324.07c1Organizational.3-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service hipaa 1325.09s1Organizational.3-09.s hipaa-1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance hipaa 1325.09s1Organizational.3-09.s hipaa-1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance hipaa 1325.09s1Organizational.3-09.s hipaa-1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance hipaa 1325.09s1Organizational.3-09.s hipaa-1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance hipaa 1325.09s1Organizational.3-09.s hipaa-1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance hipaa 1325.09s1Organizational.3-09.s hipaa-1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance hipaa 1325.09s1Organizational.3-09.s hipaa-1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance hipaa 1325.09s1Organizational.3-09.s hipaa-1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance hipaa 1325.09s1Organizational.3-09.s hipaa-1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance hipaa 1325.09s1Organizational.3-09.s hipaa-1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance hipaa 1325.09s1Organizational.3-09.s hipaa-1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance hipaa 1327.02e2Organizational.8-02.e hipaa-1327.02e2Organizational.8-02.e 1327.02e2Organizational.8-02.e 1327.02e2Organizational.8-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance hipaa 1327.02e2Organizational.8-02.e hipaa-1327.02e2Organizational.8-02.e 1327.02e2Organizational.8-02.e 1327.02e2Organizational.8-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance hipaa 1327.02e2Organizational.8-02.e hipaa-1327.02e2Organizational.8-02.e 1327.02e2Organizational.8-02.e 1327.02e2Organizational.8-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance hipaa 1327.02e2Organizational.8-02.e hipaa-1327.02e2Organizational.8-02.e 1327.02e2Organizational.8-02.e 1327.02e2Organizational.8-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats Regulatory Compliance hipaa 1327.02e2Organizational.8-02.e hipaa-1327.02e2Organizational.8-02.e 1327.02e2Organizational.8-02.e 1327.02e2Organizational.8-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance hipaa 1331.02e3Organizational.4-02.e hipaa-1331.02e3Organizational.4-02.e 1331.02e3Organizational.4-02.e 1331.02e3Organizational.4-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fdeb7c4-4c93-8271-a135-17ebe85f1cc7 Incorporate simulated events into incident response training Regulatory Compliance hipaa 1331.02e3Organizational.4-02.e hipaa-1331.02e3Organizational.4-02.e 1331.02e3Organizational.4-02.e 1331.02e3Organizational.4-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance hipaa 1331.02e3Organizational.4-02.e hipaa-1331.02e3Organizational.4-02.e 1331.02e3Organizational.4-02.e 1331.02e3Organizational.4-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance hipaa 1331.02e3Organizational.4-02.e hipaa-1331.02e3Organizational.4-02.e 1331.02e3Organizational.4-02.e 1331.02e3Organizational.4-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance hipaa 1331.02e3Organizational.4-02.e hipaa-1331.02e3Organizational.4-02.e 1331.02e3Organizational.4-02.e 1331.02e3Organizational.4-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance hipaa 1331.02e3Organizational.4-02.e hipaa-1331.02e3Organizational.4-02.e 1331.02e3Organizational.4-02.e 1331.02e3Organizational.4-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance hipaa 1334.02e2Organizational.12-02.e hipaa-1334.02e2Organizational.12-02.e 1334.02e2Organizational.12-02.e 1334.02e2Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance hipaa 1334.02e2Organizational.12-02.e hipaa-1334.02e2Organizational.12-02.e 1334.02e2Organizational.12-02.e 1334.02e2Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance hipaa 1334.02e2Organizational.12-02.e hipaa-1334.02e2Organizational.12-02.e 1334.02e2Organizational.12-02.e 1334.02e2Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance hipaa 1334.02e2Organizational.12-02.e hipaa-1334.02e2Organizational.12-02.e 1334.02e2Organizational.12-02.e 1334.02e2Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance hipaa 1336.02e1Organizational.5-02.e hipaa-1336.02e1Organizational.5-02.e 1336.02e1Organizational.5-02.e 1336.02e1Organizational.5-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats Regulatory Compliance hipaa 1336.02e1Organizational.5-02.e hipaa-1336.02e1Organizational.5-02.e 1336.02e1Organizational.5-02.e 1336.02e1Organizational.5-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance hipaa 1336.02e1Organizational.5-02.e hipaa-1336.02e1Organizational.5-02.e 1336.02e1Organizational.5-02.e 1336.02e1Organizational.5-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f6794ab8-9a7d-3b24-76ab-265d3646232b Provide role-based training on suspicious activities Regulatory Compliance hipaa 1336.02e1Organizational.5-02.e hipaa-1336.02e1Organizational.5-02.e 1336.02e1Organizational.5-02.e 1336.02e1Organizational.5-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d041726f-00e0-41ca-368c-b1a122066482 Provide role-based practical exercises Regulatory Compliance hipaa 1336.02e1Organizational.5-02.e hipaa-1336.02e1Organizational.5-02.e 1336.02e1Organizational.5-02.e 1336.02e1Organizational.5-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance hipaa 1336.02e1Organizational.5-02.e hipaa-1336.02e1Organizational.5-02.e 1336.02e1Organizational.5-02.e 1336.02e1Organizational.5-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance hipaa 1336.02e1Organizational.5-02.e hipaa-1336.02e1Organizational.5-02.e 1336.02e1Organizational.5-02.e 1336.02e1Organizational.5-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage hipaa 1401.05i1Organizational.1239-05.i hipaa-1401.05i1Organizational.1239-05.i 1401.05i1Organizational.1239 - 05.i Access to the organizations information and systems by external parties is not permitted until due diligence has been conducted, the appropriate controls have been implemented, and a contract/agreement reflecting the security requirements is signed acknowledging they understand and accept their obligations. HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service hipaa 1402.05i1Organizational.45-05.i hipaa-1402.05i1Organizational.45-05.i 1402.05i1Organizational.45 - 05.i Remote access connections between the organization and external parties are encrypted. HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service hipaa 1403.05i1Organizational.67-05.i hipaa-1403.05i1Organizational.67-05.i 1403.05i1Organizational.67 - 05.i Access granted to external parties is limited to the minimum necessary and granted only for the duration required. HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance hipaa 1404.05i2Organizational.1-05.i hipaa-1404.05i2Organizational.1-05.i 1404.05i2Organizational.1-05.i 1404.05i2Organizational.1-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance hipaa 1406.05k1Organizational.110-05.k hipaa-1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance hipaa 1406.05k1Organizational.110-05.k hipaa-1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance hipaa 1406.05k1Organizational.110-05.k hipaa-1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance hipaa 1406.05k1Organizational.110-05.k hipaa-1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance hipaa 1406.05k1Organizational.110-05.k hipaa-1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance hipaa 1406.05k1Organizational.110-05.k hipaa-1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance hipaa 1406.05k1Organizational.110-05.k hipaa-1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance hipaa 1406.05k1Organizational.110-05.k hipaa-1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance hipaa 1406.05k1Organizational.110-05.k hipaa-1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance hipaa 1406.05k1Organizational.110-05.k hipaa-1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance hipaa 1406.05k1Organizational.110-05.k hipaa-1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
afd5d60a-48d2-8073-1ec2-6687e22f2ddd Require notification of third-party personnel transfer or termination Regulatory Compliance hipaa 1407.05k2Organizational.1-05.k hipaa-1407.05k2Organizational.1-05.k 1407.05k2Organizational.1-05.k 1407.05k2Organizational.1-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance hipaa 1407.05k2Organizational.1-05.k hipaa-1407.05k2Organizational.1-05.k 1407.05k2Organizational.1-05.k 1407.05k2Organizational.1-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance hipaa 1407.05k2Organizational.1-05.k hipaa-1407.05k2Organizational.1-05.k 1407.05k2Organizational.1-05.k 1407.05k2Organizational.1-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance hipaa 1407.05k2Organizational.1-05.k hipaa-1407.05k2Organizational.1-05.k 1407.05k2Organizational.1-05.k 1407.05k2Organizational.1-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance hipaa 1407.05k2Organizational.1-05.k hipaa-1407.05k2Organizational.1-05.k 1407.05k2Organizational.1-05.k 1407.05k2Organizational.1-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance hipaa 1408.09e1System.1-09.e hipaa-1408.09e1System.1-09.e 1408.09e1System.1-09.e 1408.09e1System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance hipaa 1408.09e1System.1-09.e hipaa-1408.09e1System.1-09.e 1408.09e1System.1-09.e 1408.09e1System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance hipaa 1408.09e1System.1-09.e hipaa-1408.09e1System.1-09.e 1408.09e1System.1-09.e 1408.09e1System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance hipaa 1408.09e1System.1-09.e hipaa-1408.09e1System.1-09.e 1408.09e1System.1-09.e 1408.09e1System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance hipaa 1408.09e1System.1-09.e hipaa-1408.09e1System.1-09.e 1408.09e1System.1-09.e 1408.09e1System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance hipaa 1408.09e1System.1-09.e hipaa-1408.09e1System.1-09.e 1408.09e1System.1-09.e 1408.09e1System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance hipaa 1409.09e2System.1-09.e hipaa-1409.09e2System.1-09.e 1409.09e2System.1-09.e 1409.09e2System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance hipaa 1409.09e2System.1-09.e hipaa-1409.09e2System.1-09.e 1409.09e2System.1-09.e 1409.09e2System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance hipaa 1409.09e2System.1-09.e hipaa-1409.09e2System.1-09.e 1409.09e2System.1-09.e 1409.09e2System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance hipaa 1409.09e2System.1-09.e hipaa-1409.09e2System.1-09.e 1409.09e2System.1-09.e 1409.09e2System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance hipaa 1409.09e2System.1-09.e hipaa-1409.09e2System.1-09.e 1409.09e2System.1-09.e 1409.09e2System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance hipaa 1409.09e2System.1-09.e hipaa-1409.09e2System.1-09.e 1409.09e2System.1-09.e 1409.09e2System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance hipaa 1409.09e2System.1-09.e hipaa-1409.09e2System.1-09.e 1409.09e2System.1-09.e 1409.09e2System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance hipaa 1409.09e2System.1-09.e hipaa-1409.09e2System.1-09.e 1409.09e2System.1-09.e 1409.09e2System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance hipaa 1409.09e2System.1-09.e hipaa-1409.09e2System.1-09.e 1409.09e2System.1-09.e 1409.09e2System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance hipaa 1409.09e2System.1-09.e hipaa-1409.09e2System.1-09.e 1409.09e2System.1-09.e 1409.09e2System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance hipaa 1409.09e2System.1-09.e hipaa-1409.09e2System.1-09.e 1409.09e2System.1-09.e 1409.09e2System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance hipaa 1409.09e2System.1-09.e hipaa-1409.09e2System.1-09.e 1409.09e2System.1-09.e 1409.09e2System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance hipaa 1409.09e2System.1-09.e hipaa-1409.09e2System.1-09.e 1409.09e2System.1-09.e 1409.09e2System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance hipaa 1409.09e2System.1-09.e hipaa-1409.09e2System.1-09.e 1409.09e2System.1-09.e 1409.09e2System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance hipaa 1409.09e2System.1-09.e hipaa-1409.09e2System.1-09.e 1409.09e2System.1-09.e 1409.09e2System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance hipaa 1410.09e2System.23-09.e hipaa-1410.09e2System.23-09.e 1410.09e2System.23-09.e 1410.09e2System.23-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance hipaa 1410.09e2System.23-09.e hipaa-1410.09e2System.23-09.e 1410.09e2System.23-09.e 1410.09e2System.23-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance hipaa 1410.09e2System.23-09.e hipaa-1410.09e2System.23-09.e 1410.09e2System.23-09.e 1410.09e2System.23-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance hipaa 1410.09e2System.23-09.e hipaa-1410.09e2System.23-09.e 1410.09e2System.23-09.e 1410.09e2System.23-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance hipaa 1410.09e2System.23-09.e hipaa-1410.09e2System.23-09.e 1410.09e2System.23-09.e 1410.09e2System.23-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance hipaa 1410.09e2System.23-09.e hipaa-1410.09e2System.23-09.e 1410.09e2System.23-09.e 1410.09e2System.23-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance hipaa 1410.09e2System.23-09.e hipaa-1410.09e2System.23-09.e 1410.09e2System.23-09.e 1410.09e2System.23-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance hipaa 1410.09e2System.23-09.e hipaa-1410.09e2System.23-09.e 1410.09e2System.23-09.e 1410.09e2System.23-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance hipaa 1410.09e2System.23-09.e hipaa-1410.09e2System.23-09.e 1410.09e2System.23-09.e 1410.09e2System.23-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance hipaa 1410.09e2System.23-09.e hipaa-1410.09e2System.23-09.e 1410.09e2System.23-09.e 1410.09e2System.23-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance hipaa 1410.09e2System.23-09.e hipaa-1410.09e2System.23-09.e 1410.09e2System.23-09.e 1410.09e2System.23-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance hipaa 1411.09f1System.1-09.f hipaa-1411.09f1System.1-09.f 1411.09f1System.1-09.f 1411.09f1System.1-09.f 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance hipaa 1411.09f1System.1-09.f hipaa-1411.09f1System.1-09.f 1411.09f1System.1-09.f 1411.09f1System.1-09.f 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance hipaa 1411.09f1System.1-09.f hipaa-1411.09f1System.1-09.f 1411.09f1System.1-09.f 1411.09f1System.1-09.f 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance hipaa 1411.09f1System.1-09.f hipaa-1411.09f1System.1-09.f 1411.09f1System.1-09.f 1411.09f1System.1-09.f 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance hipaa 1411.09f1System.1-09.f hipaa-1411.09f1System.1-09.f 1411.09f1System.1-09.f 1411.09f1System.1-09.f 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b0e3035d-6366-2e37-796e-8bcab9c649e6 Establish a threat intelligence program Regulatory Compliance hipaa 1411.09f1System.1-09.f hipaa-1411.09f1System.1-09.f 1411.09f1System.1-09.f 1411.09f1System.1-09.f 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance hipaa 1411.09f1System.1-09.f hipaa-1411.09f1System.1-09.f 1411.09f1System.1-09.f 1411.09f1System.1-09.f 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls Regulatory Compliance hipaa 1411.09f1System.1-09.f hipaa-1411.09f1System.1-09.f 1411.09f1System.1-09.f 1411.09f1System.1-09.f 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Disseminate security alerts to personnel Regulatory Compliance hipaa 1411.09f1System.1-09.f hipaa-1411.09f1System.1-09.f 1411.09f1System.1-09.f 1411.09f1System.1-09.f 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance hipaa 1416.10l1Organizational.1-10.l hipaa-1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance hipaa 1416.10l1Organizational.1-10.l hipaa-1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance hipaa 1416.10l1Organizational.1-10.l hipaa-1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance hipaa 1416.10l1Organizational.1-10.l hipaa-1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance hipaa 1416.10l1Organizational.1-10.l hipaa-1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance hipaa 1416.10l1Organizational.1-10.l hipaa-1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance hipaa 1416.10l1Organizational.1-10.l hipaa-1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance hipaa 1416.10l1Organizational.1-10.l hipaa-1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance hipaa 1416.10l1Organizational.1-10.l hipaa-1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance hipaa 1416.10l1Organizational.1-10.l hipaa-1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance hipaa 1416.10l1Organizational.1-10.l hipaa-1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance hipaa 1417.10l2Organizational.1-10.l hipaa-1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance hipaa 1417.10l2Organizational.1-10.l hipaa-1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance hipaa 1417.10l2Organizational.1-10.l hipaa-1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance hipaa 1417.10l2Organizational.1-10.l hipaa-1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance hipaa 1417.10l2Organizational.1-10.l hipaa-1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance hipaa 1417.10l2Organizational.1-10.l hipaa-1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f8a63511-66f1-503f-196d-d6217ee0823a Require developers to produce evidence of security assessment plan execution Regulatory Compliance hipaa 1417.10l2Organizational.1-10.l hipaa-1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance hipaa 1417.10l2Organizational.1-10.l hipaa-1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance hipaa 1417.10l2Organizational.1-10.l hipaa-1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance hipaa 1417.10l2Organizational.1-10.l hipaa-1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance hipaa 1417.10l2Organizational.1-10.l hipaa-1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance hipaa 1417.10l2Organizational.1-10.l hipaa-1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL hipaa 1418.05i1Organizational.8-05.i hipaa-1418.05i1Organizational.8-05.i 1418.05i1Organizational.8 - 05.i The identification of risks related to external party access takes into account a minimal set of specifically defined issues. HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance hipaa 1419.05j1Organizational.12-05.j hipaa-1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance hipaa 1419.05j1Organizational.12-05.j hipaa-1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance hipaa 1419.05j1Organizational.12-05.j hipaa-1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance hipaa 1419.05j1Organizational.12-05.j hipaa-1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance hipaa 1419.05j1Organizational.12-05.j hipaa-1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance hipaa 1419.05j1Organizational.12-05.j hipaa-1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance hipaa 1419.05j1Organizational.12-05.j hipaa-1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance hipaa 1419.05j1Organizational.12-05.j hipaa-1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance hipaa 1419.05j1Organizational.12-05.j hipaa-1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance hipaa 1419.05j1Organizational.12-05.j hipaa-1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance hipaa 1419.05j1Organizational.12-05.j hipaa-1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance hipaa 1421.05j2Organizational.12-05.j hipaa-1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance hipaa 1421.05j2Organizational.12-05.j hipaa-1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance hipaa 1421.05j2Organizational.12-05.j hipaa-1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance hipaa 1421.05j2Organizational.12-05.j hipaa-1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance hipaa 1421.05j2Organizational.12-05.j hipaa-1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance hipaa 1421.05j2Organizational.12-05.j hipaa-1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance hipaa 1421.05j2Organizational.12-05.j hipaa-1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance hipaa 1421.05j2Organizational.12-05.j hipaa-1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance hipaa 1421.05j2Organizational.12-05.j hipaa-1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance hipaa 1421.05j2Organizational.12-05.j hipaa-1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3eabed6d-1912-2d3c-858b-f438d08d0412 Ensure external providers consistently meet interests of the customers Regulatory Compliance hipaa 1422.05j2Organizational.3-05.j hipaa-1422.05j2Organizational.3-05.j 1422.05j2Organizational.3-05.j 1422.05j2Organizational.3-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance hipaa 1422.05j2Organizational.3-05.j hipaa-1422.05j2Organizational.3-05.j 1422.05j2Organizational.3-05.j 1422.05j2Organizational.3-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance hipaa 1422.05j2Organizational.3-05.j hipaa-1422.05j2Organizational.3-05.j 1422.05j2Organizational.3-05.j 1422.05j2Organizational.3-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance hipaa 1422.05j2Organizational.3-05.j hipaa-1422.05j2Organizational.3-05.j 1422.05j2Organizational.3-05.j 1422.05j2Organizational.3-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance hipaa 1422.05j2Organizational.3-05.j hipaa-1422.05j2Organizational.3-05.j 1422.05j2Organizational.3-05.j 1422.05j2Organizational.3-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
92b94485-1c49-3350-9ada-dffe94f08e87 Obtain approvals for acquisitions and outsourcing Regulatory Compliance hipaa 1422.05j2Organizational.3-05.j hipaa-1422.05j2Organizational.3-05.j 1422.05j2Organizational.3-05.j 1422.05j2Organizational.3-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance hipaa 1423.05j2Organizational.4-05.j hipaa-1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance hipaa 1423.05j2Organizational.4-05.j hipaa-1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance hipaa 1423.05j2Organizational.4-05.j hipaa-1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3eabed6d-1912-2d3c-858b-f438d08d0412 Ensure external providers consistently meet interests of the customers Regulatory Compliance hipaa 1423.05j2Organizational.4-05.j hipaa-1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance hipaa 1423.05j2Organizational.4-05.j hipaa-1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance hipaa 1423.05j2Organizational.4-05.j hipaa-1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance hipaa 1423.05j2Organizational.4-05.j hipaa-1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance hipaa 1423.05j2Organizational.4-05.j hipaa-1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance hipaa 1423.05j2Organizational.4-05.j hipaa-1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance hipaa 1424.05j2Organizational.5-05.j hipaa-1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance hipaa 1424.05j2Organizational.5-05.j hipaa-1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance hipaa 1424.05j2Organizational.5-05.j hipaa-1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
db8b35d6-8adb-3f51-44ff-c648ab5b1530 Employ FICAM-approved resources to accept third-party credentials Regulatory Compliance hipaa 1424.05j2Organizational.5-05.j hipaa-1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d2ca910-7957-23ee-2945-33f401606efc Accept only FICAM-approved third-party credentials Regulatory Compliance hipaa 1424.05j2Organizational.5-05.j hipaa-1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8df9c78-4044-98be-2c05-31a315ac8957 Conform to FICAM-issued profiles Regulatory Compliance hipaa 1424.05j2Organizational.5-05.j hipaa-1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55be3260-a7a2-3c06-7fe6-072d07525ab7 Accept PIV credentials Regulatory Compliance hipaa 1424.05j2Organizational.5-05.j hipaa-1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance hipaa 1424.05j2Organizational.5-05.j hipaa-1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance hipaa 1429.05k1Organizational.34-05.k hipaa-1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance hipaa 1429.05k1Organizational.34-05.k hipaa-1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance hipaa 1429.05k1Organizational.34-05.k hipaa-1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance hipaa 1429.05k1Organizational.34-05.k hipaa-1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance hipaa 1429.05k1Organizational.34-05.k hipaa-1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance hipaa 1429.05k1Organizational.34-05.k hipaa-1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance hipaa 1429.05k1Organizational.34-05.k hipaa-1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance hipaa 1429.05k1Organizational.34-05.k hipaa-1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance hipaa 1429.05k1Organizational.34-05.k hipaa-1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance hipaa 1429.05k1Organizational.34-05.k hipaa-1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance hipaa 1429.05k1Organizational.34-05.k hipaa-1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance hipaa 1429.05k1Organizational.34-05.k hipaa-1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance hipaa 1429.05k1Organizational.34-05.k hipaa-1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance hipaa 1429.05k1Organizational.34-05.k hipaa-1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance hipaa 1430.05k1Organizational.56-05.k hipaa-1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance hipaa 1430.05k1Organizational.56-05.k hipaa-1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance hipaa 1430.05k1Organizational.56-05.k hipaa-1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance hipaa 1430.05k1Organizational.56-05.k hipaa-1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance hipaa 1430.05k1Organizational.56-05.k hipaa-1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance hipaa 1430.05k1Organizational.56-05.k hipaa-1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance hipaa 1430.05k1Organizational.56-05.k hipaa-1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance hipaa 1430.05k1Organizational.56-05.k hipaa-1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance hipaa 1430.05k1Organizational.56-05.k hipaa-1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance hipaa 1430.05k1Organizational.56-05.k hipaa-1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance hipaa 1430.05k1Organizational.56-05.k hipaa-1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance hipaa 1430.05k1Organizational.56-05.k hipaa-1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance hipaa 1430.05k1Organizational.56-05.k hipaa-1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance hipaa 1431.05k1Organizational.7-05.k hipaa-1431.05k1Organizational.7-05.k 1431.05k1Organizational.7-05.k 1431.05k1Organizational.7-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance hipaa 1431.05k1Organizational.7-05.k hipaa-1431.05k1Organizational.7-05.k 1431.05k1Organizational.7-05.k 1431.05k1Organizational.7-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
afd5d60a-48d2-8073-1ec2-6687e22f2ddd Require notification of third-party personnel transfer or termination Regulatory Compliance hipaa 1431.05k1Organizational.7-05.k hipaa-1431.05k1Organizational.7-05.k 1431.05k1Organizational.7-05.k 1431.05k1Organizational.7-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance hipaa 1431.05k1Organizational.7-05.k hipaa-1431.05k1Organizational.7-05.k 1431.05k1Organizational.7-05.k 1431.05k1Organizational.7-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance hipaa 1431.05k1Organizational.7-05.k hipaa-1431.05k1Organizational.7-05.k 1431.05k1Organizational.7-05.k 1431.05k1Organizational.7-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e0c480bf-0d68-a42d-4cbb-b60f851f8716 Implement personnel screening Regulatory Compliance hipaa 1432.05k1Organizational.89-05.k hipaa-1432.05k1Organizational.89-05.k 1432.05k1Organizational.89-05.k 1432.05k1Organizational.89-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f8d141b7-4e21-62a6-6608-c79336e36bc9 Establish privacy requirements for contractors and service providers Regulatory Compliance hipaa 1432.05k1Organizational.89-05.k hipaa-1432.05k1Organizational.89-05.k 1432.05k1Organizational.89-05.k 1432.05k1Organizational.89-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance hipaa 1432.05k1Organizational.89-05.k hipaa-1432.05k1Organizational.89-05.k 1432.05k1Organizational.89-05.k 1432.05k1Organizational.89-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c42f19c9-5d88-92da-0742-371a0ea03126 Clear personnel with access to classified information Regulatory Compliance hipaa 1432.05k1Organizational.89-05.k hipaa-1432.05k1Organizational.89-05.k 1432.05k1Organizational.89-05.k 1432.05k1Organizational.89-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance hipaa 1432.05k1Organizational.89-05.k hipaa-1432.05k1Organizational.89-05.k 1432.05k1Organizational.89-05.k 1432.05k1Organizational.89-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance hipaa 1432.05k1Organizational.89-05.k hipaa-1432.05k1Organizational.89-05.k 1432.05k1Organizational.89-05.k 1432.05k1Organizational.89-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance hipaa 1432.05k1Organizational.89-05.k hipaa-1432.05k1Organizational.89-05.k 1432.05k1Organizational.89-05.k 1432.05k1Organizational.89-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance hipaa 1438.09e2System.4-09.e hipaa-1438.09e2System.4-09.e 1438.09e2System.4-09.e 1438.09e2System.4-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance hipaa 1438.09e2System.4-09.e hipaa-1438.09e2System.4-09.e 1438.09e2System.4-09.e 1438.09e2System.4-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance hipaa 1438.09e2System.4-09.e hipaa-1438.09e2System.4-09.e 1438.09e2System.4-09.e 1438.09e2System.4-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance hipaa 1438.09e2System.4-09.e hipaa-1438.09e2System.4-09.e 1438.09e2System.4-09.e 1438.09e2System.4-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance hipaa 1438.09e2System.4-09.e hipaa-1438.09e2System.4-09.e 1438.09e2System.4-09.e 1438.09e2System.4-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance hipaa 1438.09e2System.4-09.e hipaa-1438.09e2System.4-09.e 1438.09e2System.4-09.e 1438.09e2System.4-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance hipaa 1438.09e2System.4-09.e hipaa-1438.09e2System.4-09.e 1438.09e2System.4-09.e 1438.09e2System.4-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance hipaa 1438.09e2System.4-09.e hipaa-1438.09e2System.4-09.e 1438.09e2System.4-09.e 1438.09e2System.4-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance hipaa 1438.09e2System.4-09.e hipaa-1438.09e2System.4-09.e 1438.09e2System.4-09.e 1438.09e2System.4-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance hipaa 1438.09e2System.4-09.e hipaa-1438.09e2System.4-09.e 1438.09e2System.4-09.e 1438.09e2System.4-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3eabed6d-1912-2d3c-858b-f438d08d0412 Ensure external providers consistently meet interests of the customers Regulatory Compliance hipaa 1438.09e2System.4-09.e hipaa-1438.09e2System.4-09.e 1438.09e2System.4-09.e 1438.09e2System.4-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance hipaa 1438.09e2System.4-09.e hipaa-1438.09e2System.4-09.e 1438.09e2System.4-09.e 1438.09e2System.4-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance hipaa 1438.09e2System.4-09.e hipaa-1438.09e2System.4-09.e 1438.09e2System.4-09.e 1438.09e2System.4-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance hipaa 1438.09e2System.4-09.e hipaa-1438.09e2System.4-09.e 1438.09e2System.4-09.e 1438.09e2System.4-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance hipaa 1450.05i2Organizational.2-05.i hipaa-1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance hipaa 1450.05i2Organizational.2-05.i hipaa-1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance hipaa 1450.05i2Organizational.2-05.i hipaa-1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
037c0089-6606-2dab-49ad-437005b5035f Identify incident response personnel Regulatory Compliance hipaa 1450.05i2Organizational.2-05.i hipaa-1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance hipaa 1450.05i2Organizational.2-05.i hipaa-1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance hipaa 1450.05i2Organizational.2-05.i hipaa-1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance hipaa 1450.05i2Organizational.2-05.i hipaa-1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL hipaa 1450.05i2Organizational.2-05.i hipaa-1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance hipaa 1450.05i2Organizational.2-05.i hipaa-1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance hipaa 1450.05i2Organizational.2-05.i hipaa-1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
68d2e478-3b19-23eb-1357-31b296547457 Enforce software execution privileges Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance hipaa 1452.05kCSPOrganizational.1-05.k hipaa-1452.05kCSPOrganizational.1-05.k 1452.05kCSPOrganizational.1-05.k 1452.05kCSPOrganizational.1-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance hipaa 1452.05kCSPOrganizational.1-05.k hipaa-1452.05kCSPOrganizational.1-05.k 1452.05kCSPOrganizational.1-05.k 1452.05kCSPOrganizational.1-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance hipaa 1452.05kCSPOrganizational.1-05.k hipaa-1452.05kCSPOrganizational.1-05.k 1452.05kCSPOrganizational.1-05.k 1452.05kCSPOrganizational.1-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance hipaa 1453.05kCSPOrganizational.2-05.k hipaa-1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance hipaa 1453.05kCSPOrganizational.2-05.k hipaa-1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance hipaa 1453.05kCSPOrganizational.2-05.k hipaa-1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance hipaa 1453.05kCSPOrganizational.2-05.k hipaa-1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance hipaa 1453.05kCSPOrganizational.2-05.k hipaa-1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance hipaa 1453.05kCSPOrganizational.2-05.k hipaa-1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance hipaa 1453.05kCSPOrganizational.2-05.k hipaa-1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance hipaa 1453.05kCSPOrganizational.2-05.k hipaa-1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3eabed6d-1912-2d3c-858b-f438d08d0412 Ensure external providers consistently meet interests of the customers Regulatory Compliance hipaa 1453.05kCSPOrganizational.2-05.k hipaa-1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance hipaa 1453.05kCSPOrganizational.2-05.k hipaa-1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance hipaa 1454.05kCSPOrganizational.3-05.k hipaa-1454.05kCSPOrganizational.3-05.k 1454.05kCSPOrganizational.3-05.k 1454.05kCSPOrganizational.3-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance hipaa 1454.05kCSPOrganizational.3-05.k hipaa-1454.05kCSPOrganizational.3-05.k 1454.05kCSPOrganizational.3-05.k 1454.05kCSPOrganizational.3-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance hipaa 1454.05kCSPOrganizational.3-05.k hipaa-1454.05kCSPOrganizational.3-05.k 1454.05kCSPOrganizational.3-05.k 1454.05kCSPOrganizational.3-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance hipaa 1454.05kCSPOrganizational.3-05.k hipaa-1454.05kCSPOrganizational.3-05.k 1454.05kCSPOrganizational.3-05.k 1454.05kCSPOrganizational.3-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance hipaa 1454.05kCSPOrganizational.3-05.k hipaa-1454.05kCSPOrganizational.3-05.k 1454.05kCSPOrganizational.3-05.k 1454.05kCSPOrganizational.3-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance hipaa 1454.05kCSPOrganizational.3-05.k hipaa-1454.05kCSPOrganizational.3-05.k 1454.05kCSPOrganizational.3-05.k 1454.05kCSPOrganizational.3-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance hipaa 1454.05kCSPOrganizational.3-05.k hipaa-1454.05kCSPOrganizational.3-05.k 1454.05kCSPOrganizational.3-05.k 1454.05kCSPOrganizational.3-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance hipaa 1454.05kCSPOrganizational.3-05.k hipaa-1454.05kCSPOrganizational.3-05.k 1454.05kCSPOrganizational.3-05.k 1454.05kCSPOrganizational.3-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance hipaa 1455.05kCSPOrganizational.4-05.k hipaa-1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance hipaa 1455.05kCSPOrganizational.4-05.k hipaa-1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance hipaa 1455.05kCSPOrganizational.4-05.k hipaa-1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance hipaa 1455.05kCSPOrganizational.4-05.k hipaa-1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance hipaa 1455.05kCSPOrganizational.4-05.k hipaa-1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance hipaa 1455.05kCSPOrganizational.4-05.k hipaa-1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
afd5d60a-48d2-8073-1ec2-6687e22f2ddd Require notification of third-party personnel transfer or termination Regulatory Compliance hipaa 1455.05kCSPOrganizational.4-05.k hipaa-1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance hipaa 1455.05kCSPOrganizational.4-05.k hipaa-1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance hipaa 1455.05kCSPOrganizational.4-05.k hipaa-1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f33c3238-11d2-508c-877c-4262ec1132e1 Recover and reconstitute resources after any disruption Regulatory Compliance hipaa 1464.09e2Organizational.5-09.e hipaa-1464.09e2Organizational.5-09.e 1464.09e2Organizational.5-09.e 1464.09e2Organizational.5-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site Regulatory Compliance hipaa 1464.09e2Organizational.5-09.e hipaa-1464.09e2Organizational.5-09.e 1464.09e2Organizational.5-09.e 1464.09e2Organizational.5-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance hipaa 1464.09e2Organizational.5-09.e hipaa-1464.09e2Organizational.5-09.e 1464.09e2Organizational.5-09.e 1464.09e2Organizational.5-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance hipaa 1464.09e2Organizational.5-09.e hipaa-1464.09e2Organizational.5-09.e 1464.09e2Organizational.5-09.e 1464.09e2Organizational.5-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance hipaa 1464.09e2Organizational.5-09.e hipaa-1464.09e2Organizational.5-09.e 1464.09e2Organizational.5-09.e 1464.09e2Organizational.5-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions Regulatory Compliance hipaa 1501.02f1Organizational.123-02.f hipaa-1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance hipaa 1501.02f1Organizational.123-02.f hipaa-1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance hipaa 1501.02f1Organizational.123-02.f hipaa-1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance hipaa 1501.02f1Organizational.123-02.f hipaa-1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance hipaa 1501.02f1Organizational.123-02.f hipaa-1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process Regulatory Compliance hipaa 1501.02f1Organizational.123-02.f hipaa-1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance hipaa 1501.02f1Organizational.123-02.f hipaa-1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance hipaa 1501.02f1Organizational.123-02.f hipaa-1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance hipaa 1501.02f1Organizational.123-02.f hipaa-1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance hipaa 1501.02f1Organizational.123-02.f hipaa-1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance hipaa 1501.02f1Organizational.123-02.f hipaa-1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance hipaa 1503.02f2Organizational.12-02.f hipaa-1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance hipaa 1503.02f2Organizational.12-02.f hipaa-1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance hipaa 1503.02f2Organizational.12-02.f hipaa-1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process Regulatory Compliance hipaa 1503.02f2Organizational.12-02.f hipaa-1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions Regulatory Compliance hipaa 1503.02f2Organizational.12-02.f hipaa-1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance hipaa 1503.02f2Organizational.12-02.f hipaa-1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98e33927-8d7f-6d5f-44f5-2469b40b7215 Implement Incident handling capability Regulatory Compliance hipaa 1503.02f2Organizational.12-02.f hipaa-1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance hipaa 1503.02f2Organizational.12-02.f hipaa-1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance hipaa 1503.02f2Organizational.12-02.f hipaa-1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance hipaa 1503.02f2Organizational.12-02.f hipaa-1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance hipaa 1503.02f2Organizational.12-02.f hipaa-1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices Regulatory Compliance hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b470a37a-7a47-3792-34dd-7a793140702e Establish relationship between incident response capability and external providers Regulatory Compliance hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process Regulatory Compliance hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions Regulatory Compliance hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
23d1a569-2d1e-7f43-9e22-1f94115b7dd5 Identify classes of Incidents and Actions taken Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b470a37a-7a47-3792-34dd-7a793140702e Establish relationship between incident response capability and external providers Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
037c0089-6606-2dab-49ad-437005b5035f Identify incident response personnel Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance hipaa 1506.11a1Organizational.2-11.a hipaa-1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5269d7e4-3768-501d-7e46-66c56c15622c Manage contacts for authorities and special interest groups Regulatory Compliance hipaa 1506.11a1Organizational.2-11.a hipaa-1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance hipaa 1506.11a1Organizational.2-11.a hipaa-1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance hipaa 1506.11a1Organizational.2-11.a hipaa-1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance hipaa 1506.11a1Organizational.2-11.a hipaa-1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance hipaa 1506.11a1Organizational.2-11.a hipaa-1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance hipaa 1506.11a1Organizational.2-11.a hipaa-1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance hipaa 1506.11a1Organizational.2-11.a hipaa-1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance hipaa 1506.11a1Organizational.2-11.a hipaa-1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance hipaa 1506.11a1Organizational.2-11.a hipaa-1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
35de8462-03ff-45b3-5746-9d4603c74c56 Implement an insider threat program Regulatory Compliance hipaa 1507.11a1Organizational.4-11.a hipaa-1507.11a1Organizational.4-11.a 1507.11a1Organizational.4-11.a 1507.11a1Organizational.4-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98e33927-8d7f-6d5f-44f5-2469b40b7215 Implement Incident handling capability Regulatory Compliance hipaa 1507.11a1Organizational.4-11.a hipaa-1507.11a1Organizational.4-11.a 1507.11a1Organizational.4-11.a 1507.11a1Organizational.4-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats Regulatory Compliance hipaa 1507.11a1Organizational.4-11.a hipaa-1507.11a1Organizational.4-11.a 1507.11a1Organizational.4-11.a 1507.11a1Organizational.4-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance hipaa 1508.11a2Organizational.1-11.a hipaa-1508.11a2Organizational.1-11.a 1508.11a2Organizational.1-11.a 1508.11a2Organizational.1-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance hipaa 1508.11a2Organizational.1-11.a hipaa-1508.11a2Organizational.1-11.a 1508.11a2Organizational.1-11.a 1508.11a2Organizational.1-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance hipaa 1508.11a2Organizational.1-11.a hipaa-1508.11a2Organizational.1-11.a 1508.11a2Organizational.1-11.a 1508.11a2Organizational.1-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance hipaa 1508.11a2Organizational.1-11.a hipaa-1508.11a2Organizational.1-11.a 1508.11a2Organizational.1-11.a 1508.11a2Organizational.1-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance hipaa 1508.11a2Organizational.1-11.a hipaa-1508.11a2Organizational.1-11.a 1508.11a2Organizational.1-11.a 1508.11a2Organizational.1-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance hipaa 1508.11a2Organizational.1-11.a hipaa-1508.11a2Organizational.1-11.a 1508.11a2Organizational.1-11.a 1508.11a2Organizational.1-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance hipaa 1508.11a2Organizational.1-11.a hipaa-1508.11a2Organizational.1-11.a 1508.11a2Organizational.1-11.a 1508.11a2Organizational.1-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance hipaa 1508.11a2Organizational.1-11.a hipaa-1508.11a2Organizational.1-11.a 1508.11a2Organizational.1-11.a 1508.11a2Organizational.1-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
23d1a569-2d1e-7f43-9e22-1f94115b7dd5 Identify classes of Incidents and Actions taken Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance hipaa 1510.11a2Organizational.47-11.a hipaa-1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance hipaa 1510.11a2Organizational.47-11.a hipaa-1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance hipaa 1510.11a2Organizational.47-11.a hipaa-1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance hipaa 1510.11a2Organizational.47-11.a hipaa-1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance hipaa 1510.11a2Organizational.47-11.a hipaa-1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance hipaa 1510.11a2Organizational.47-11.a hipaa-1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance hipaa 1510.11a2Organizational.47-11.a hipaa-1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance hipaa 1510.11a2Organizational.47-11.a hipaa-1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance hipaa 1510.11a2Organizational.47-11.a hipaa-1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance hipaa 1510.11a2Organizational.47-11.a hipaa-1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records Regulatory Compliance hipaa 1510.11a2Organizational.47-11.a hipaa-1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance hipaa 1511.11a2Organizational.5-11.a hipaa-1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance hipaa 1511.11a2Organizational.5-11.a hipaa-1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance hipaa 1511.11a2Organizational.5-11.a hipaa-1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance hipaa 1511.11a2Organizational.5-11.a hipaa-1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance hipaa 1511.11a2Organizational.5-11.a hipaa-1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance hipaa 1511.11a2Organizational.5-11.a hipaa-1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance hipaa 1511.11a2Organizational.5-11.a hipaa-1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance hipaa 1511.11a2Organizational.5-11.a hipaa-1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance hipaa 1511.11a2Organizational.5-11.a hipaa-1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fdeb7c4-4c93-8271-a135-17ebe85f1cc7 Incorporate simulated events into incident response training Regulatory Compliance hipaa 1511.11a2Organizational.5-11.a hipaa-1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance hipaa 1511.11a2Organizational.5-11.a hipaa-1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance hipaa 1511.11a2Organizational.5-11.a hipaa-1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance hipaa 1511.11a2Organizational.5-11.a hipaa-1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance hipaa 1515.11a3Organizational.3-11.a hipaa-1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance hipaa 1515.11a3Organizational.3-11.a hipaa-1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
23d1a569-2d1e-7f43-9e22-1f94115b7dd5 Identify classes of Incidents and Actions taken Regulatory Compliance hipaa 1515.11a3Organizational.3-11.a hipaa-1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance hipaa 1515.11a3Organizational.3-11.a hipaa-1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance hipaa 1515.11a3Organizational.3-11.a hipaa-1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance hipaa 1515.11a3Organizational.3-11.a hipaa-1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance hipaa 1515.11a3Organizational.3-11.a hipaa-1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance hipaa 1515.11a3Organizational.3-11.a hipaa-1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance hipaa 1515.11a3Organizational.3-11.a hipaa-1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance hipaa 1515.11a3Organizational.3-11.a hipaa-1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance hipaa 1515.11a3Organizational.3-11.a hipaa-1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance hipaa 1516.11c1Organizational.12-11.c hipaa-1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance hipaa 1516.11c1Organizational.12-11.c hipaa-1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance hipaa 1516.11c1Organizational.12-11.c hipaa-1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance hipaa 1516.11c1Organizational.12-11.c hipaa-1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance hipaa 1516.11c1Organizational.12-11.c hipaa-1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records Regulatory Compliance hipaa 1516.11c1Organizational.12-11.c hipaa-1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance hipaa 1516.11c1Organizational.12-11.c hipaa-1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance hipaa 1516.11c1Organizational.12-11.c hipaa-1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance hipaa 1516.11c1Organizational.12-11.c hipaa-1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance hipaa 1516.11c1Organizational.12-11.c hipaa-1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance hipaa 1517.11c1Organizational.3-11.c hipaa-1517.11c1Organizational.3-11.c 1517.11c1Organizational.3-11.c 1517.11c1Organizational.3-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance hipaa 1517.11c1Organizational.3-11.c hipaa-1517.11c1Organizational.3-11.c 1517.11c1Organizational.3-11.c 1517.11c1Organizational.3-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance hipaa 1517.11c1Organizational.3-11.c hipaa-1517.11c1Organizational.3-11.c 1517.11c1Organizational.3-11.c 1517.11c1Organizational.3-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance hipaa 1517.11c1Organizational.3-11.c hipaa-1517.11c1Organizational.3-11.c 1517.11c1Organizational.3-11.c 1517.11c1Organizational.3-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records Regulatory Compliance hipaa 1517.11c1Organizational.3-11.c hipaa-1517.11c1Organizational.3-11.c 1517.11c1Organizational.3-11.c 1517.11c1Organizational.3-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance hipaa 1517.11c1Organizational.3-11.c hipaa-1517.11c1Organizational.3-11.c 1517.11c1Organizational.3-11.c 1517.11c1Organizational.3-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance hipaa 1518.11c2Organizational.13-11.c hipaa-1518.11c2Organizational.13-11.c 1518.11c2Organizational.13-11.c 1518.11c2Organizational.13-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance hipaa 1519.11c2Organizational.2-11.c hipaa-1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance hipaa 1519.11c2Organizational.2-11.c hipaa-1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance hipaa 1519.11c2Organizational.2-11.c hipaa-1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
85335602-93f5-7730-830b-d43426fd51fa Integrate Audit record analysis Regulatory Compliance hipaa 1519.11c2Organizational.2-11.c hipaa-1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance hipaa 1519.11c2Organizational.2-11.c hipaa-1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance hipaa 1519.11c2Organizational.2-11.c hipaa-1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance hipaa 1519.11c2Organizational.2-11.c hipaa-1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance hipaa 1519.11c2Organizational.2-11.c hipaa-1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance hipaa 1519.11c2Organizational.2-11.c hipaa-1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance hipaa 1519.11c2Organizational.2-11.c hipaa-1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance hipaa 1519.11c2Organizational.2-11.c hipaa-1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
21633c09-804e-7fcd-78e3-635c6bfe2be7 Provide capability to process customer-controlled audit records Regulatory Compliance hipaa 1519.11c2Organizational.2-11.c hipaa-1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance hipaa 1519.11c2Organizational.2-11.c hipaa-1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance hipaa 1519.11c2Organizational.2-11.c hipaa-1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance hipaa 1520.11c2Organizational.4-11.c hipaa-1520.11c2Organizational.4-11.c 1520.11c2Organizational.4-11.c 1520.11c2Organizational.4-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance hipaa 1520.11c2Organizational.4-11.c hipaa-1520.11c2Organizational.4-11.c 1520.11c2Organizational.4-11.c 1520.11c2Organizational.4-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records Regulatory Compliance hipaa 1520.11c2Organizational.4-11.c hipaa-1520.11c2Organizational.4-11.c 1520.11c2Organizational.4-11.c 1520.11c2Organizational.4-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance hipaa 1520.11c2Organizational.4-11.c hipaa-1520.11c2Organizational.4-11.c 1520.11c2Organizational.4-11.c 1520.11c2Organizational.4-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance hipaa 1520.11c2Organizational.4-11.c hipaa-1520.11c2Organizational.4-11.c 1520.11c2Organizational.4-11.c 1520.11c2Organizational.4-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance hipaa 1520.11c2Organizational.4-11.c hipaa-1520.11c2Organizational.4-11.c 1520.11c2Organizational.4-11.c 1520.11c2Organizational.4-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance hipaa 1520.11c2Organizational.4-11.c hipaa-1520.11c2Organizational.4-11.c 1520.11c2Organizational.4-11.c 1520.11c2Organizational.4-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance hipaa 1520.11c2Organizational.4-11.c hipaa-1520.11c2Organizational.4-11.c 1520.11c2Organizational.4-11.c 1520.11c2Organizational.4-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fdeb7c4-4c93-8271-a135-17ebe85f1cc7 Incorporate simulated events into incident response training Regulatory Compliance hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98e33927-8d7f-6d5f-44f5-2469b40b7215 Implement Incident handling capability Regulatory Compliance hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
23d1a569-2d1e-7f43-9e22-1f94115b7dd5 Identify classes of Incidents and Actions taken Regulatory Compliance hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance hipaa 1522.11c3Organizational.13-11.c hipaa-1522.11c3Organizational.13-11.c 1522.11c3Organizational.13-11.c 1522.11c3Organizational.13-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance hipaa 1522.11c3Organizational.13-11.c hipaa-1522.11c3Organizational.13-11.c 1522.11c3Organizational.13-11.c 1522.11c3Organizational.13-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance hipaa 1522.11c3Organizational.13-11.c hipaa-1522.11c3Organizational.13-11.c 1522.11c3Organizational.13-11.c 1522.11c3Organizational.13-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance hipaa 1522.11c3Organizational.13-11.c hipaa-1522.11c3Organizational.13-11.c 1522.11c3Organizational.13-11.c 1522.11c3Organizational.13-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance hipaa 1522.11c3Organizational.13-11.c hipaa-1522.11c3Organizational.13-11.c 1522.11c3Organizational.13-11.c 1522.11c3Organizational.13-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance hipaa 1522.11c3Organizational.13-11.c hipaa-1522.11c3Organizational.13-11.c 1522.11c3Organizational.13-11.c 1522.11c3Organizational.13-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b8689b2e-4308-a58b-a0b4-6f3343a000df Use automated mechanisms for security alerts Regulatory Compliance hipaa 1523.11c3Organizational.24-11.c hipaa-1523.11c3Organizational.24-11.c 1523.11c3Organizational.24-11.c 1523.11c3Organizational.24-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
037c0089-6606-2dab-49ad-437005b5035f Identify incident response personnel Regulatory Compliance hipaa 1523.11c3Organizational.24-11.c hipaa-1523.11c3Organizational.24-11.c 1523.11c3Organizational.24-11.c 1523.11c3Organizational.24-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b470a37a-7a47-3792-34dd-7a793140702e Establish relationship between incident response capability and external providers Regulatory Compliance hipaa 1523.11c3Organizational.24-11.c hipaa-1523.11c3Organizational.24-11.c 1523.11c3Organizational.24-11.c 1523.11c3Organizational.24-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance hipaa 1523.11c3Organizational.24-11.c hipaa-1523.11c3Organizational.24-11.c 1523.11c3Organizational.24-11.c 1523.11c3Organizational.24-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance hipaa 1524.11a1Organizational.5-11.a hipaa-1524.11a1Organizational.5-11.a 1524.11a1Organizational.5-11.a 1524.11a1Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d4e6a629-28eb-79a9-000b-88030e4823ca Coordinate with external organizations to achieve cross org perspective Regulatory Compliance hipaa 1524.11a1Organizational.5-11.a hipaa-1524.11a1Organizational.5-11.a 1524.11a1Organizational.5-11.a 1524.11a1Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d9af7f88-686a-5a8b-704b-eafdab278977 Obtain legal opinion for monitoring system activities Regulatory Compliance hipaa 1524.11a1Organizational.5-11.a hipaa-1524.11a1Organizational.5-11.a 1524.11a1Organizational.5-11.a 1524.11a1Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process Regulatory Compliance hipaa 1525.11a1Organizational.6-11.a hipaa-1525.11a1Organizational.6-11.a 1525.11a1Organizational.6-11.a 1525.11a1Organizational.6-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions Regulatory Compliance hipaa 1525.11a1Organizational.6-11.a hipaa-1525.11a1Organizational.6-11.a 1525.11a1Organizational.6-11.a 1525.11a1Organizational.6-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
35de8462-03ff-45b3-5746-9d4603c74c56 Implement an insider threat program Regulatory Compliance hipaa 1525.11a1Organizational.6-11.a hipaa-1525.11a1Organizational.6-11.a 1525.11a1Organizational.6-11.a 1525.11a1Organizational.6-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats Regulatory Compliance hipaa 1525.11a1Organizational.6-11.a hipaa-1525.11a1Organizational.6-11.a 1525.11a1Organizational.6-11.a 1525.11a1Organizational.6-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b544f797-a73b-1be3-6d01-6b1a085376bc Establish information security workforce development and improvement program Regulatory Compliance hipaa 1525.11a1Organizational.6-11.a hipaa-1525.11a1Organizational.6-11.a 1525.11a1Organizational.6-11.a 1525.11a1Organizational.6-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98e33927-8d7f-6d5f-44f5-2469b40b7215 Implement Incident handling capability Regulatory Compliance hipaa 1525.11a1Organizational.6-11.a hipaa-1525.11a1Organizational.6-11.a 1525.11a1Organizational.6-11.a 1525.11a1Organizational.6-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance hipaa 1560.11d1Organizational.1-11.d hipaa-1560.11d1Organizational.1-11.d 1560.11d1Organizational.1-11.d 1560.11d1Organizational.1-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance hipaa 1560.11d1Organizational.1-11.d hipaa-1560.11d1Organizational.1-11.d 1560.11d1Organizational.1-11.d 1560.11d1Organizational.1-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance hipaa 1560.11d1Organizational.1-11.d hipaa-1560.11d1Organizational.1-11.d 1560.11d1Organizational.1-11.d 1560.11d1Organizational.1-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records Regulatory Compliance hipaa 1560.11d1Organizational.1-11.d hipaa-1560.11d1Organizational.1-11.d 1560.11d1Organizational.1-11.d 1560.11d1Organizational.1-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance hipaa 1560.11d1Organizational.1-11.d hipaa-1560.11d1Organizational.1-11.d 1560.11d1Organizational.1-11.d 1560.11d1Organizational.1-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance hipaa 1560.11d1Organizational.1-11.d hipaa-1560.11d1Organizational.1-11.d 1560.11d1Organizational.1-11.d 1560.11d1Organizational.1-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance hipaa 1560.11d1Organizational.1-11.d hipaa-1560.11d1Organizational.1-11.d 1560.11d1Organizational.1-11.d 1560.11d1Organizational.1-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance hipaa 1560.11d1Organizational.1-11.d hipaa-1560.11d1Organizational.1-11.d 1560.11d1Organizational.1-11.d 1560.11d1Organizational.1-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance hipaa 1561.11d2Organizational.14-11.d hipaa-1561.11d2Organizational.14-11.d 1561.11d2Organizational.14-11.d 1561.11d2Organizational.14-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance hipaa 1561.11d2Organizational.14-11.d hipaa-1561.11d2Organizational.14-11.d 1561.11d2Organizational.14-11.d 1561.11d2Organizational.14-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance hipaa 1561.11d2Organizational.14-11.d hipaa-1561.11d2Organizational.14-11.d 1561.11d2Organizational.14-11.d 1561.11d2Organizational.14-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance hipaa 1561.11d2Organizational.14-11.d hipaa-1561.11d2Organizational.14-11.d 1561.11d2Organizational.14-11.d 1561.11d2Organizational.14-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance hipaa 1561.11d2Organizational.14-11.d hipaa-1561.11d2Organizational.14-11.d 1561.11d2Organizational.14-11.d 1561.11d2Organizational.14-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance hipaa 1561.11d2Organizational.14-11.d hipaa-1561.11d2Organizational.14-11.d 1561.11d2Organizational.14-11.d 1561.11d2Organizational.14-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance hipaa 1562.11d2Organizational.2-11.d hipaa-1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance hipaa 1562.11d2Organizational.2-11.d hipaa-1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
23d1a569-2d1e-7f43-9e22-1f94115b7dd5 Identify classes of Incidents and Actions taken Regulatory Compliance hipaa 1562.11d2Organizational.2-11.d hipaa-1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance hipaa 1562.11d2Organizational.2-11.d hipaa-1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance hipaa 1562.11d2Organizational.2-11.d hipaa-1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance hipaa 1562.11d2Organizational.2-11.d hipaa-1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance hipaa 1562.11d2Organizational.2-11.d hipaa-1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance hipaa 1562.11d2Organizational.2-11.d hipaa-1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance hipaa 1562.11d2Organizational.2-11.d hipaa-1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance hipaa 1562.11d2Organizational.2-11.d hipaa-1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance hipaa 1562.11d2Organizational.2-11.d hipaa-1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
56fb5173-3865-5a5d-5fad-ae33e53e1577 Address information security issues Regulatory Compliance hipaa 1562.11d2Organizational.2-11.d hipaa-1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance hipaa 1563.11d2Organizational.3-11.d hipaa-1563.11d2Organizational.3-11.d 1563.11d2Organizational.3-11.d 1563.11d2Organizational.3-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance hipaa 1563.11d2Organizational.3-11.d hipaa-1563.11d2Organizational.3-11.d 1563.11d2Organizational.3-11.d 1563.11d2Organizational.3-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance hipaa 1563.11d2Organizational.3-11.d hipaa-1563.11d2Organizational.3-11.d 1563.11d2Organizational.3-11.d 1563.11d2Organizational.3-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance hipaa 1563.11d2Organizational.3-11.d hipaa-1563.11d2Organizational.3-11.d 1563.11d2Organizational.3-11.d 1563.11d2Organizational.3-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3eabed6d-1912-2d3c-858b-f438d08d0412 Ensure external providers consistently meet interests of the customers Regulatory Compliance hipaa 1577.11aCSPOrganizational.1-11.a hipaa-1577.11aCSPOrganizational.1-11.a 1577.11aCSPOrganizational.1-11.a 1577.11aCSPOrganizational.1-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
037c0089-6606-2dab-49ad-437005b5035f Identify incident response personnel Regulatory Compliance hipaa 1577.11aCSPOrganizational.1-11.a hipaa-1577.11aCSPOrganizational.1-11.a 1577.11aCSPOrganizational.1-11.a 1577.11aCSPOrganizational.1-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance hipaa 1587.11c2Organizational.10-11.c hipaa-1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance hipaa 1587.11c2Organizational.10-11.c hipaa-1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records Regulatory Compliance hipaa 1587.11c2Organizational.10-11.c hipaa-1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance hipaa 1587.11c2Organizational.10-11.c hipaa-1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance hipaa 1587.11c2Organizational.10-11.c hipaa-1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance hipaa 1587.11c2Organizational.10-11.c hipaa-1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance hipaa 1587.11c2Organizational.10-11.c hipaa-1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance hipaa 1587.11c2Organizational.10-11.c hipaa-1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance hipaa 1587.11c2Organizational.10-11.c hipaa-1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance hipaa 1589.11c1Organizational.5-11.c hipaa-1589.11c1Organizational.5-11.c 1589.11c1Organizational.5-11.c 1589.11c1Organizational.5-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance hipaa 1589.11c1Organizational.5-11.c hipaa-1589.11c1Organizational.5-11.c 1589.11c1Organizational.5-11.c 1589.11c1Organizational.5-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance hipaa 1589.11c1Organizational.5-11.c hipaa-1589.11c1Organizational.5-11.c 1589.11c1Organizational.5-11.c 1589.11c1Organizational.5-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fdeb7c4-4c93-8271-a135-17ebe85f1cc7 Incorporate simulated events into incident response training Regulatory Compliance hipaa 1589.11c1Organizational.5-11.c hipaa-1589.11c1Organizational.5-11.c 1589.11c1Organizational.5-11.c 1589.11c1Organizational.5-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance hipaa 1601.12c1Organizational.1238-12.c hipaa-1601.12c1Organizational.1238-12.c 1601.12c1Organizational.1238-12.c 1601.12c1Organizational.1238-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance hipaa 1601.12c1Organizational.1238-12.c hipaa-1601.12c1Organizational.1238-12.c 1601.12c1Organizational.1238-12.c 1601.12c1Organizational.1238-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
58a51cde-008b-1a5d-61b5-d95849770677 Test the business continuity and disaster recovery plan Regulatory Compliance hipaa 1601.12c1Organizational.1238-12.c hipaa-1601.12c1Organizational.1238-12.c 1601.12c1Organizational.1238-12.c 1601.12c1Organizational.1238-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance hipaa 1602.12c1Organizational.4567-12.c hipaa-1602.12c1Organizational.4567-12.c 1602.12c1Organizational.4567-12.c 1602.12c1Organizational.4567-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan Regulatory Compliance hipaa 1602.12c1Organizational.4567-12.c hipaa-1602.12c1Organizational.4567-12.c 1602.12c1Organizational.4567-12.c 1602.12c1Organizational.4567-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33602e78-35e3-4f06-17fb-13dd887448e4 Conduct capacity planning Regulatory Compliance hipaa 1602.12c1Organizational.4567-12.c hipaa-1602.12c1Organizational.4567-12.c 1602.12c1Organizational.4567-12.c 1602.12c1Organizational.4567-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance hipaa 1603.12c1Organizational.9-12.c hipaa-1603.12c1Organizational.9-12.c 1603.12c1Organizational.9-12.c 1603.12c1Organizational.9-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance hipaa 1603.12c1Organizational.9-12.c hipaa-1603.12c1Organizational.9-12.c 1603.12c1Organizational.9-12.c 1603.12c1Organizational.9-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance hipaa 1603.12c1Organizational.9-12.c hipaa-1603.12c1Organizational.9-12.c 1603.12c1Organizational.9-12.c 1603.12c1Organizational.9-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance hipaa 1603.12c1Organizational.9-12.c hipaa-1603.12c1Organizational.9-12.c 1603.12c1Organizational.9-12.c 1603.12c1Organizational.9-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures Regulatory Compliance hipaa 1603.12c1Organizational.9-12.c hipaa-1603.12c1Organizational.9-12.c 1603.12c1Organizational.9-12.c 1603.12c1Organizational.9-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance hipaa 1604.12c2Organizational.16789-12.c hipaa-1604.12c2Organizational.16789-12.c 1604.12c2Organizational.16789-12.c 1604.12c2Organizational.16789-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
245fe58b-96f8-9f1e-48c5-7f49903f66fd Establish alternate storage site that facilitates recovery operations Regulatory Compliance hipaa 1604.12c2Organizational.16789-12.c hipaa-1604.12c2Organizational.16789-12.c 1604.12c2Organizational.16789-12.c 1604.12c2Organizational.16789-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers Regulatory Compliance hipaa 1604.12c2Organizational.16789-12.c hipaa-1604.12c2Organizational.16789-12.c 1604.12c2Organizational.16789-12.c 1604.12c2Organizational.16789-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance hipaa 1604.12c2Organizational.16789-12.c hipaa-1604.12c2Organizational.16789-12.c 1604.12c2Organizational.16789-12.c 1604.12c2Organizational.16789-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance hipaa 1604.12c2Organizational.16789-12.c hipaa-1604.12c2Organizational.16789-12.c 1604.12c2Organizational.16789-12.c 1604.12c2Organizational.16789-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance hipaa 1604.12c2Organizational.16789-12.c hipaa-1604.12c2Organizational.16789-12.c 1604.12c2Organizational.16789-12.c 1604.12c2Organizational.16789-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance hipaa 1607.12c2Organizational.4-12.c hipaa-1607.12c2Organizational.4-12.c 1607.12c2Organizational.4-12.c 1607.12c2Organizational.4-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance hipaa 1607.12c2Organizational.4-12.c hipaa-1607.12c2Organizational.4-12.c 1607.12c2Organizational.4-12.c 1607.12c2Organizational.4-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance hipaa 1608.12c2Organizational.5-12.c hipaa-1608.12c2Organizational.5-12.c 1608.12c2Organizational.5-12.c 1608.12c2Organizational.5-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance hipaa 1608.12c2Organizational.5-12.c hipaa-1608.12c2Organizational.5-12.c 1608.12c2Organizational.5-12.c 1608.12c2Organizational.5-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance hipaa 1608.12c2Organizational.5-12.c hipaa-1608.12c2Organizational.5-12.c 1608.12c2Organizational.5-12.c 1608.12c2Organizational.5-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers Regulatory Compliance hipaa 1609.12c3Organizational.12-12.c hipaa-1609.12c3Organizational.12-12.c 1609.12c3Organizational.12-12.c 1609.12c3Organizational.12-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL hipaa 1616.09l1Organizational.16-09.l hipaa-1616.09l1Organizational.16-09.l 1616.09l1Organizational.16-09.l 1616.09l1Organizational.16-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance hipaa 1616.09l1Organizational.16-09.l hipaa-1616.09l1Organizational.16-09.l 1616.09l1Organizational.16-09.l 1616.09l1Organizational.16-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL hipaa 1617.09l1Organizational.23-09.l hipaa-1617.09l1Organizational.23-09.l 1617.09l1Organizational.23-09.l 1617.09l1Organizational.23-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance hipaa 1617.09l1Organizational.23-09.l hipaa-1617.09l1Organizational.23-09.l 1617.09l1Organizational.23-09.l 1617.09l1Organizational.23-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance hipaa 1617.09l1Organizational.23-09.l hipaa-1617.09l1Organizational.23-09.l 1617.09l1Organizational.23-09.l 1617.09l1Organizational.23-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL hipaa 1618.09l1Organizational.45-09.l hipaa-1618.09l1Organizational.45-09.l 1618.09l1Organizational.45-09.l 1618.09l1Organizational.45-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance hipaa 1618.09l1Organizational.45-09.l hipaa-1618.09l1Organizational.45-09.l 1618.09l1Organizational.45-09.l 1618.09l1Organizational.45-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance hipaa 1618.09l1Organizational.45-09.l hipaa-1618.09l1Organizational.45-09.l 1618.09l1Organizational.45-09.l 1618.09l1Organizational.45-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance hipaa 1618.09l1Organizational.45-09.l hipaa-1618.09l1Organizational.45-09.l 1618.09l1Organizational.45-09.l 1618.09l1Organizational.45-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
245fe58b-96f8-9f1e-48c5-7f49903f66fd Establish alternate storage site that facilitates recovery operations Regulatory Compliance hipaa 1618.09l1Organizational.45-09.l hipaa-1618.09l1Organizational.45-09.l 1618.09l1Organizational.45-09.l 1618.09l1Organizational.45-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance hipaa 1618.09l1Organizational.45-09.l hipaa-1618.09l1Organizational.45-09.l 1618.09l1Organizational.45-09.l 1618.09l1Organizational.45-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance hipaa 1618.09l1Organizational.45-09.l hipaa-1618.09l1Organizational.45-09.l 1618.09l1Organizational.45-09.l 1618.09l1Organizational.45-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL hipaa 1619.09l1Organizational.7-09.l hipaa-1619.09l1Organizational.7-09.l 1619.09l1Organizational.7-09.l 1619.09l1Organizational.7-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers Regulatory Compliance hipaa 1619.09l1Organizational.7-09.l hipaa-1619.09l1Organizational.7-09.l 1619.09l1Organizational.7-09.l 1619.09l1Organizational.7-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance hipaa 1620.09l1Organizational.8-09.l hipaa-1620.09l1Organizational.8-09.l 1620.09l1Organizational.8-09.l 1620.09l1Organizational.8-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance hipaa 1620.09l1Organizational.8-09.l hipaa-1620.09l1Organizational.8-09.l 1620.09l1Organizational.8-09.l 1620.09l1Organizational.8-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance hipaa 1620.09l1Organizational.8-09.l hipaa-1620.09l1Organizational.8-09.l 1620.09l1Organizational.8-09.l 1620.09l1Organizational.8-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup hipaa 1620.09l1Organizational.8-09.l hipaa-1620.09l1Organizational.8-09.l 1620.09l1Organizational.8-09.l 1620.09l1Organizational.8-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance hipaa 1620.09l1Organizational.8-09.l hipaa-1620.09l1Organizational.8-09.l 1620.09l1Organizational.8-09.l 1620.09l1Organizational.8-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance hipaa 1621.09l2Organizational.1-09.l hipaa-1621.09l2Organizational.1-09.l 1621.09l2Organizational.1-09.l 1621.09l2Organizational.1-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL hipaa 1621.09l2Organizational.1-09.l hipaa-1621.09l2Organizational.1-09.l 1621.09l2Organizational.1-09.l 1621.09l2Organizational.1-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance hipaa 1621.09l2Organizational.1-09.l hipaa-1621.09l2Organizational.1-09.l 1621.09l2Organizational.1-09.l 1621.09l2Organizational.1-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site Regulatory Compliance hipaa 1622.09l2Organizational.23-09.l hipaa-1622.09l2Organizational.23-09.l 1622.09l2Organizational.23-09.l 1622.09l2Organizational.23-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance hipaa 1622.09l2Organizational.23-09.l hipaa-1622.09l2Organizational.23-09.l 1622.09l2Organizational.23-09.l 1622.09l2Organizational.23-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL hipaa 1622.09l2Organizational.23-09.l hipaa-1622.09l2Organizational.23-09.l 1622.09l2Organizational.23-09.l 1622.09l2Organizational.23-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance hipaa 1622.09l2Organizational.23-09.l hipaa-1622.09l2Organizational.23-09.l 1622.09l2Organizational.23-09.l 1622.09l2Organizational.23-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL hipaa 1623.09l2Organizational.4-09.l hipaa-1623.09l2Organizational.4-09.l 1623.09l2Organizational.4-09.l 1623.09l2Organizational.4-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance hipaa 1623.09l2Organizational.4-09.l hipaa-1623.09l2Organizational.4-09.l 1623.09l2Organizational.4-09.l 1623.09l2Organizational.4-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance hipaa 1623.09l2Organizational.4-09.l hipaa-1623.09l2Organizational.4-09.l 1623.09l2Organizational.4-09.l 1623.09l2Organizational.4-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance hipaa 1624.09l3Organizational.12-09.l hipaa-1624.09l3Organizational.12-09.l 1624.09l3Organizational.12-09.l 1624.09l3Organizational.12-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance hipaa 1624.09l3Organizational.12-09.l hipaa-1624.09l3Organizational.12-09.l 1624.09l3Organizational.12-09.l 1624.09l3Organizational.12-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL hipaa 1624.09l3Organizational.12-09.l hipaa-1624.09l3Organizational.12-09.l 1624.09l3Organizational.12-09.l 1624.09l3Organizational.12-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance hipaa 1625.09l3Organizational.34-09.l hipaa-1625.09l3Organizational.34-09.l 1625.09l3Organizational.34-09.l 1625.09l3Organizational.34-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup hipaa 1625.09l3Organizational.34-09.l hipaa-1625.09l3Organizational.34-09.l 1625.09l3Organizational.34-09.l 1625.09l3Organizational.34-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance hipaa 1626.09l3Organizational.5-09.l hipaa-1626.09l3Organizational.5-09.l 1626.09l3Organizational.5-09.l 1626.09l3Organizational.5-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL hipaa 1626.09l3Organizational.5-09.l hipaa-1626.09l3Organizational.5-09.l 1626.09l3Organizational.5-09.l 1626.09l3Organizational.5-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance hipaa 1627.09l3Organizational.6-09.l hipaa-1627.09l3Organizational.6-09.l 1627.09l3Organizational.6-09.l 1627.09l3Organizational.6-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL hipaa 1627.09l3Organizational.6-09.l hipaa-1627.09l3Organizational.6-09.l 1627.09l3Organizational.6-09.l 1627.09l3Organizational.6-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance hipaa 1634.12b1Organizational.1-12.b hipaa-1634.12b1Organizational.1-12.b 1634.12b1Organizational.1-12.b 1634.12b1Organizational.1-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures Regulatory Compliance hipaa 1634.12b1Organizational.1-12.b hipaa-1634.12b1Organizational.1-12.b 1634.12b1Organizational.1-12.b 1634.12b1Organizational.1-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance hipaa 1634.12b1Organizational.1-12.b hipaa-1634.12b1Organizational.1-12.b 1634.12b1Organizational.1-12.b 1634.12b1Organizational.1-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute hipaa 1634.12b1Organizational.1-12.b hipaa-1634.12b1Organizational.1-12.b 1634.12b1Organizational.1-12.b 1634.12b1Organizational.1-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance hipaa 1634.12b1Organizational.1-12.b hipaa-1634.12b1Organizational.1-12.b 1634.12b1Organizational.1-12.b 1634.12b1Organizational.1-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cb8841d4-9d13-7292-1d06-ba4d68384681 Perform a business impact assessment and application criticality assessment Regulatory Compliance hipaa 1635.12b1Organizational.2-12.b hipaa-1635.12b1Organizational.2-12.b 1635.12b1Organizational.2-12.b 1635.12b1Organizational.2-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance hipaa 1635.12b1Organizational.2-12.b hipaa-1635.12b1Organizational.2-12.b 1635.12b1Organizational.2-12.b 1635.12b1Organizational.2-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault hipaa 1635.12b1Organizational.2-12.b hipaa-1635.12b1Organizational.2-12.b 1635.12b1Organizational.2-12.b 1635.12b1Organizational.2-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault hipaa 1635.12b1Organizational.2-12.b hipaa-1635.12b1Organizational.2-12.b 1635.12b1Organizational.2-12.b 1635.12b1Organizational.2-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance hipaa 1635.12b1Organizational.2-12.b hipaa-1635.12b1Organizational.2-12.b 1635.12b1Organizational.2-12.b 1635.12b1Organizational.2-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance hipaa 1635.12b1Organizational.2-12.b hipaa-1635.12b1Organizational.2-12.b 1635.12b1Organizational.2-12.b 1635.12b1Organizational.2-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cb8841d4-9d13-7292-1d06-ba4d68384681 Perform a business impact assessment and application criticality assessment Regulatory Compliance hipaa 1636.12b2Organizational.1-12.b hipaa-1636.12b2Organizational.1-12.b 1636.12b2Organizational.1-12.b 1636.12b2Organizational.1-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance hipaa 1636.12b2Organizational.1-12.b hipaa-1636.12b2Organizational.1-12.b 1636.12b2Organizational.1-12.b 1636.12b2Organizational.1-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance hipaa 1636.12b2Organizational.1-12.b hipaa-1636.12b2Organizational.1-12.b 1636.12b2Organizational.1-12.b 1636.12b2Organizational.1-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance hipaa 1637.12b2Organizational.2-12.b hipaa-1637.12b2Organizational.2-12.b 1637.12b2Organizational.2-12.b 1637.12b2Organizational.2-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance hipaa 1637.12b2Organizational.2-12.b hipaa-1637.12b2Organizational.2-12.b 1637.12b2Organizational.2-12.b 1637.12b2Organizational.2-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance hipaa 1637.12b2Organizational.2-12.b hipaa-1637.12b2Organizational.2-12.b 1637.12b2Organizational.2-12.b 1637.12b2Organizational.2-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance hipaa 1637.12b2Organizational.2-12.b hipaa-1637.12b2Organizational.2-12.b 1637.12b2Organizational.2-12.b 1637.12b2Organizational.2-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance hipaa 1637.12b2Organizational.2-12.b hipaa-1637.12b2Organizational.2-12.b 1637.12b2Organizational.2-12.b 1637.12b2Organizational.2-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration hipaa 1637.12b2Organizational.2-12.b hipaa-1637.12b2Organizational.2-12.b 1637.12b2Organizational.2-12.b 1637.12b2Organizational.2-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance hipaa 1637.12b2Organizational.2-12.b hipaa-1637.12b2Organizational.2-12.b 1637.12b2Organizational.2-12.b 1637.12b2Organizational.2-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance hipaa 1637.12b2Organizational.2-12.b hipaa-1637.12b2Organizational.2-12.b 1637.12b2Organizational.2-12.b 1637.12b2Organizational.2-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance hipaa 1638.12b2Organizational.345-12.b hipaa-1638.12b2Organizational.345-12.b 1638.12b2Organizational.345-12.b 1638.12b2Organizational.345-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance hipaa 1638.12b2Organizational.345-12.b hipaa-1638.12b2Organizational.345-12.b 1638.12b2Organizational.345-12.b 1638.12b2Organizational.345-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance hipaa 1638.12b2Organizational.345-12.b hipaa-1638.12b2Organizational.345-12.b 1638.12b2Organizational.345-12.b 1638.12b2Organizational.345-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33602e78-35e3-4f06-17fb-13dd887448e4 Conduct capacity planning Regulatory Compliance hipaa 1638.12b2Organizational.345-12.b hipaa-1638.12b2Organizational.345-12.b 1638.12b2Organizational.345-12.b 1638.12b2Organizational.345-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute hipaa 1638.12b2Organizational.345-12.b hipaa-1638.12b2Organizational.345-12.b 1638.12b2Organizational.345-12.b 1638.12b2Organizational.345-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance hipaa 1666.12d1Organizational.1235-12.d hipaa-1666.12d1Organizational.1235-12.d 1666.12d1Organizational.1235-12.d 1666.12d1Organizational.1235-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance hipaa 1666.12d1Organizational.1235-12.d hipaa-1666.12d1Organizational.1235-12.d 1666.12d1Organizational.1235-12.d 1666.12d1Organizational.1235-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance hipaa 1666.12d1Organizational.1235-12.d hipaa-1666.12d1Organizational.1235-12.d 1666.12d1Organizational.1235-12.d 1666.12d1Organizational.1235-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance hipaa 1666.12d1Organizational.1235-12.d hipaa-1666.12d1Organizational.1235-12.d 1666.12d1Organizational.1235-12.d 1666.12d1Organizational.1235-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance hipaa 1667.12d1Organizational.4-12.d hipaa-1667.12d1Organizational.4-12.d 1667.12d1Organizational.4-12.d 1667.12d1Organizational.4-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance hipaa 1667.12d1Organizational.4-12.d hipaa-1667.12d1Organizational.4-12.d 1667.12d1Organizational.4-12.d 1667.12d1Organizational.4-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance hipaa 1667.12d1Organizational.4-12.d hipaa-1667.12d1Organizational.4-12.d 1667.12d1Organizational.4-12.d 1667.12d1Organizational.4-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan Regulatory Compliance hipaa 1667.12d1Organizational.4-12.d hipaa-1667.12d1Organizational.4-12.d 1667.12d1Organizational.4-12.d 1667.12d1Organizational.4-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance hipaa 1668.12d1Organizational.67-12.d hipaa-1668.12d1Organizational.67-12.d 1668.12d1Organizational.67-12.d 1668.12d1Organizational.67-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance hipaa 1668.12d1Organizational.67-12.d hipaa-1668.12d1Organizational.67-12.d 1668.12d1Organizational.67-12.d 1668.12d1Organizational.67-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance hipaa 1668.12d1Organizational.67-12.d hipaa-1668.12d1Organizational.67-12.d 1668.12d1Organizational.67-12.d 1668.12d1Organizational.67-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance hipaa 1668.12d1Organizational.67-12.d hipaa-1668.12d1Organizational.67-12.d 1668.12d1Organizational.67-12.d 1668.12d1Organizational.67-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance hipaa 1669.12d1Organizational.8-12.d hipaa-1669.12d1Organizational.8-12.d 1669.12d1Organizational.8-12.d 1669.12d1Organizational.8-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance hipaa 1669.12d1Organizational.8-12.d hipaa-1669.12d1Organizational.8-12.d 1669.12d1Organizational.8-12.d 1669.12d1Organizational.8-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance hipaa 1669.12d1Organizational.8-12.d hipaa-1669.12d1Organizational.8-12.d 1669.12d1Organizational.8-12.d 1669.12d1Organizational.8-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
58a51cde-008b-1a5d-61b5-d95849770677 Test the business continuity and disaster recovery plan Regulatory Compliance hipaa 1669.12d1Organizational.8-12.d hipaa-1669.12d1Organizational.8-12.d 1669.12d1Organizational.8-12.d 1669.12d1Organizational.8-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cb8841d4-9d13-7292-1d06-ba4d68384681 Perform a business impact assessment and application criticality assessment Regulatory Compliance hipaa 1669.12d1Organizational.8-12.d hipaa-1669.12d1Organizational.8-12.d 1669.12d1Organizational.8-12.d 1669.12d1Organizational.8-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance hipaa 1669.12d1Organizational.8-12.d hipaa-1669.12d1Organizational.8-12.d 1669.12d1Organizational.8-12.d 1669.12d1Organizational.8-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance hipaa 1670.12d2Organizational.1-12.d hipaa-1670.12d2Organizational.1-12.d 1670.12d2Organizational.1-12.d 1670.12d2Organizational.1-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance hipaa 1671.12d2Organizational.2-12.d hipaa-1671.12d2Organizational.2-12.d 1671.12d2Organizational.2-12.d 1671.12d2Organizational.2-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance hipaa 1671.12d2Organizational.2-12.d hipaa-1671.12d2Organizational.2-12.d 1671.12d2Organizational.2-12.d 1671.12d2Organizational.2-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance hipaa 1671.12d2Organizational.2-12.d hipaa-1671.12d2Organizational.2-12.d 1671.12d2Organizational.2-12.d 1671.12d2Organizational.2-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance hipaa 1672.12d2Organizational.3-12.d hipaa-1672.12d2Organizational.3-12.d 1672.12d2Organizational.3-12.d 1672.12d2Organizational.3-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance hipaa 1672.12d2Organizational.3-12.d hipaa-1672.12d2Organizational.3-12.d 1672.12d2Organizational.3-12.d 1672.12d2Organizational.3-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance hipaa 1672.12d2Organizational.3-12.d hipaa-1672.12d2Organizational.3-12.d 1672.12d2Organizational.3-12.d 1672.12d2Organizational.3-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance hipaa 1672.12d2Organizational.3-12.d hipaa-1672.12d2Organizational.3-12.d 1672.12d2Organizational.3-12.d 1672.12d2Organizational.3-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance hipaa 1672.12d2Organizational.3-12.d hipaa-1672.12d2Organizational.3-12.d 1672.12d2Organizational.3-12.d 1672.12d2Organizational.3-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup hipaa 1699.09l1Organizational.10-09.l hipaa-1699.09l1Organizational.10-09.l 1699.09l1Organizational.10 - 09.l Workforce members roles and responsibilities in the data backup process are identified and communicated to the workforce; in particular, Bring Your Own Device (BYOD) users are required to perform backups of organizational and/or client data on their devices. HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance hipaa 1704.03b1Organizational.12-03.b hipaa-1704.03b1Organizational.12-03.b 1704.03b1Organizational.12-03.b 1704.03b1Organizational.12-03.b 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance hipaa 1704.03b1Organizational.12-03.b hipaa-1704.03b1Organizational.12-03.b 1704.03b1Organizational.12-03.b 1704.03b1Organizational.12-03.b 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance hipaa 1705.03b2Organizational.12-03.b hipaa-1705.03b2Organizational.12-03.b 1705.03b2Organizational.12-03.b 1705.03b2Organizational.12-03.b 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance hipaa 1705.03b2Organizational.12-03.b hipaa-1705.03b2Organizational.12-03.b 1705.03b2Organizational.12-03.b 1705.03b2Organizational.12-03.b 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance hipaa 1707.03c1Organizational.12-03.c hipaa-1707.03c1Organizational.12-03.c 1707.03c1Organizational.12-03.c 1707.03c1Organizational.12-03.c 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance hipaa 1708.03c2Organizational.12-03.c hipaa-1708.03c2Organizational.12-03.c 1708.03c2Organizational.12-03.c 1708.03c2Organizational.12-03.c 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance hipaa 1708.03c2Organizational.12-03.c hipaa-1708.03c2Organizational.12-03.c 1708.03c2Organizational.12-03.c 1708.03c2Organizational.12-03.c 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance hipaa 17100.10a3Organizational.5 hipaa-17100.10a3Organizational.5 17100.10a3Organizational.5 17100.10a3Organizational.5 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance hipaa 17100.10a3Organizational.5 hipaa-17100.10a3Organizational.5 17100.10a3Organizational.5 17100.10a3Organizational.5 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance hipaa 17100.10a3Organizational.5 hipaa-17100.10a3Organizational.5 17100.10a3Organizational.5 17100.10a3Organizational.5 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance hipaa 17100.10a3Organizational.5 hipaa-17100.10a3Organizational.5 17100.10a3Organizational.5 17100.10a3Organizational.5 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance hipaa 17100.10a3Organizational.5 hipaa-17100.10a3Organizational.5 17100.10a3Organizational.5 17100.10a3Organizational.5 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance hipaa 17100.10a3Organizational.5 hipaa-17100.10a3Organizational.5 17100.10a3Organizational.5 17100.10a3Organizational.5 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance hipaa 17100.10a3Organizational.5 hipaa-17100.10a3Organizational.5 17100.10a3Organizational.5 17100.10a3Organizational.5 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance hipaa 17100.10a3Organizational.5 hipaa-17100.10a3Organizational.5 17100.10a3Organizational.5 17100.10a3Organizational.5 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
22a02c9a-49e4-5dc9-0d14-eb35ad717154 Obtain design and implementation information for the security controls Regulatory Compliance hipaa 17101.10a3Organizational.6-10.a hipaa-17101.10a3Organizational.6-10.a 17101.10a3Organizational.6-10.a 17101.10a3Organizational.6-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance hipaa 17101.10a3Organizational.6-10.a hipaa-17101.10a3Organizational.6-10.a 17101.10a3Organizational.6-10.a 17101.10a3Organizational.6-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance hipaa 17101.10a3Organizational.6-10.a hipaa-17101.10a3Organizational.6-10.a 17101.10a3Organizational.6-10.a 17101.10a3Organizational.6-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance hipaa 17101.10a3Organizational.6-10.a hipaa-17101.10a3Organizational.6-10.a 17101.10a3Organizational.6-10.a 17101.10a3Organizational.6-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance hipaa 17101.10a3Organizational.6-10.a hipaa-17101.10a3Organizational.6-10.a 17101.10a3Organizational.6-10.a 17101.10a3Organizational.6-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance hipaa 17101.10a3Organizational.6-10.a hipaa-17101.10a3Organizational.6-10.a 17101.10a3Organizational.6-10.a 17101.10a3Organizational.6-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
44b71aa8-099d-8b97-1557-0e853ec38e0d Obtain functional properties of security controls Regulatory Compliance hipaa 17101.10a3Organizational.6-10.a hipaa-17101.10a3Organizational.6-10.a 17101.10a3Organizational.6-10.a 17101.10a3Organizational.6-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance hipaa 17120.10a3Organizational.5-10.a hipaa-17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance hipaa 17120.10a3Organizational.5-10.a hipaa-17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance hipaa 17120.10a3Organizational.5-10.a hipaa-17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance hipaa 17120.10a3Organizational.5-10.a hipaa-17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
92b94485-1c49-3350-9ada-dffe94f08e87 Obtain approvals for acquisitions and outsourcing Regulatory Compliance hipaa 17120.10a3Organizational.5-10.a hipaa-17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance hipaa 17120.10a3Organizational.5-10.a hipaa-17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance hipaa 17120.10a3Organizational.5-10.a hipaa-17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance hipaa 17120.10a3Organizational.5-10.a hipaa-17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance hipaa 17120.10a3Organizational.5-10.a hipaa-17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance hipaa 17120.10a3Organizational.5-10.a hipaa-17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance hipaa 17126.03c1System.6-03.c hipaa-17126.03c1System.6-03.c 17126.03c1System.6-03.c 17126.03c1System.6-03.c 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance hipaa 17126.03c1System.6-03.c hipaa-17126.03c1System.6-03.c 17126.03c1System.6-03.c 17126.03c1System.6-03.c 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance hipaa 17126.03c1System.6-03.c hipaa-17126.03c1System.6-03.c 17126.03c1System.6-03.c 17126.03c1System.6-03.c 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6b32f80-a133-7600-301e-398d688e7e0c Evaluate and review PII holdings regularly Regulatory Compliance hipaa 1713.03c1Organizational.3-03.c hipaa-1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79c75b38-334b-1a69-65e0-a9d929a42f75 Document the legal basis for processing personal information Regulatory Compliance hipaa 1713.03c1Organizational.3-03.c hipaa-1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0a24f5dc-8c40-94a7-7aee-bb7cd4781d37 Issue guidelines for ensuring data quality and integrity Regulatory Compliance hipaa 1713.03c1Organizational.3-03.c hipaa-1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance hipaa 1713.03c1Organizational.3-03.c hipaa-1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance hipaa 1713.03c1Organizational.3-03.c hipaa-1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8b1da407-5e60-5037-612e-2caa1b590719 Record disclosures of PII to third parties Regulatory Compliance hipaa 1713.03c1Organizational.3-03.c hipaa-1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8019d788-713d-90a1-5570-dac5052f517d Train staff on PII sharing and its consequences Regulatory Compliance hipaa 1713.03c1Organizational.3-03.c hipaa-1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
52375c01-4d4c-7acc-3aa4-5b3d53a047ec Define the duties of processors Regulatory Compliance hipaa 1713.03c1Organizational.3-03.c hipaa-1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance hipaa 1713.03c1Organizational.3-03.c hipaa-1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance hipaa 1733.03d1Organizational.1-03.d hipaa-1733.03d1Organizational.1-03.d 1733.03d1Organizational.1-03.d 1733.03d1Organizational.1-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance hipaa 1733.03d1Organizational.1-03.d hipaa-1733.03d1Organizational.1-03.d 1733.03d1Organizational.1-03.d 1733.03d1Organizational.1-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance hipaa 1733.03d1Organizational.1-03.d hipaa-1733.03d1Organizational.1-03.d 1733.03d1Organizational.1-03.d 1733.03d1Organizational.1-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance hipaa 1734.03d2Organizational.1-03.d hipaa-1734.03d2Organizational.1-03.d 1734.03d2Organizational.1-03.d 1734.03d2Organizational.1-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance hipaa 1734.03d2Organizational.1-03.d hipaa-1734.03d2Organizational.1-03.d 1734.03d2Organizational.1-03.d 1734.03d2Organizational.1-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance hipaa 1734.03d2Organizational.1-03.d hipaa-1734.03d2Organizational.1-03.d 1734.03d2Organizational.1-03.d 1734.03d2Organizational.1-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance hipaa 1734.03d2Organizational.1-03.d hipaa-1734.03d2Organizational.1-03.d 1734.03d2Organizational.1-03.d 1734.03d2Organizational.1-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance hipaa 1734.03d2Organizational.1-03.d hipaa-1734.03d2Organizational.1-03.d 1734.03d2Organizational.1-03.d 1734.03d2Organizational.1-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance hipaa 1734.03d2Organizational.1-03.d hipaa-1734.03d2Organizational.1-03.d 1734.03d2Organizational.1-03.d 1734.03d2Organizational.1-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance hipaa 1734.03d2Organizational.1-03.d hipaa-1734.03d2Organizational.1-03.d 1734.03d2Organizational.1-03.d 1734.03d2Organizational.1-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance hipaa 1734.03d2Organizational.1-03.d hipaa-1734.03d2Organizational.1-03.d 1734.03d2Organizational.1-03.d 1734.03d2Organizational.1-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance hipaa 1735.03d2Organizational.23-03.d hipaa-1735.03d2Organizational.23-03.d 1735.03d2Organizational.23-03.d 1735.03d2Organizational.23-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance hipaa 1735.03d2Organizational.23-03.d hipaa-1735.03d2Organizational.23-03.d 1735.03d2Organizational.23-03.d 1735.03d2Organizational.23-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance hipaa 1735.03d2Organizational.23-03.d hipaa-1735.03d2Organizational.23-03.d 1735.03d2Organizational.23-03.d 1735.03d2Organizational.23-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance hipaa 1735.03d2Organizational.23-03.d hipaa-1735.03d2Organizational.23-03.d 1735.03d2Organizational.23-03.d 1735.03d2Organizational.23-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance hipaa 1735.03d2Organizational.23-03.d hipaa-1735.03d2Organizational.23-03.d 1735.03d2Organizational.23-03.d 1735.03d2Organizational.23-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance hipaa 1735.03d2Organizational.23-03.d hipaa-1735.03d2Organizational.23-03.d 1735.03d2Organizational.23-03.d 1735.03d2Organizational.23-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance hipaa 1735.03d2Organizational.23-03.d hipaa-1735.03d2Organizational.23-03.d 1735.03d2Organizational.23-03.d 1735.03d2Organizational.23-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance hipaa 1735.03d2Organizational.23-03.d hipaa-1735.03d2Organizational.23-03.d 1735.03d2Organizational.23-03.d 1735.03d2Organizational.23-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance hipaa 1736.03d2Organizational.4-03.d hipaa-1736.03d2Organizational.4-03.d 1736.03d2Organizational.4-03.d 1736.03d2Organizational.4-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance hipaa 1737.03d2Organizational.5-03.d hipaa-1737.03d2Organizational.5-03.d 1737.03d2Organizational.5-03.d 1737.03d2Organizational.5-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance hipaa 1737.03d2Organizational.5-03.d hipaa-1737.03d2Organizational.5-03.d 1737.03d2Organizational.5-03.d 1737.03d2Organizational.5-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance hipaa 1737.03d2Organizational.5-03.d hipaa-1737.03d2Organizational.5-03.d 1737.03d2Organizational.5-03.d 1737.03d2Organizational.5-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance hipaa 1737.03d2Organizational.5-03.d hipaa-1737.03d2Organizational.5-03.d 1737.03d2Organizational.5-03.d 1737.03d2Organizational.5-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance hipaa 1780.10a1Organizational.1-10.a hipaa-1780.10a1Organizational.1-10.a 1780.10a1Organizational.1-10.a 1780.10a1Organizational.1-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance hipaa 1780.10a1Organizational.1-10.a hipaa-1780.10a1Organizational.1-10.a 1780.10a1Organizational.1-10.a 1780.10a1Organizational.1-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance hipaa 1780.10a1Organizational.1-10.a hipaa-1780.10a1Organizational.1-10.a 1780.10a1Organizational.1-10.a 1780.10a1Organizational.1-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance hipaa 1781.10a1Organizational.23-10.a hipaa-1781.10a1Organizational.23-10.a 1781.10a1Organizational.23-10.a 1781.10a1Organizational.23-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e7422f08-65b4-50e4-3779-d793156e0079 Develop a concept of operations (CONOPS) Regulatory Compliance hipaa 1781.10a1Organizational.23-10.a hipaa-1781.10a1Organizational.23-10.a 1781.10a1Organizational.23-10.a 1781.10a1Organizational.23-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance hipaa 1781.10a1Organizational.23-10.a hipaa-1781.10a1Organizational.23-10.a 1781.10a1Organizational.23-10.a 1781.10a1Organizational.23-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance hipaa 1781.10a1Organizational.23-10.a hipaa-1781.10a1Organizational.23-10.a 1781.10a1Organizational.23-10.a 1781.10a1Organizational.23-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance hipaa 1782.10a1Organizational.4-10.a hipaa-1782.10a1Organizational.4-10.a 1782.10a1Organizational.4-10.a 1782.10a1Organizational.4-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance hipaa 1782.10a1Organizational.4-10.a hipaa-1782.10a1Organizational.4-10.a 1782.10a1Organizational.4-10.a 1782.10a1Organizational.4-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance hipaa 1782.10a1Organizational.4-10.a hipaa-1782.10a1Organizational.4-10.a 1782.10a1Organizational.4-10.a 1782.10a1Organizational.4-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance hipaa 1782.10a1Organizational.4-10.a hipaa-1782.10a1Organizational.4-10.a 1782.10a1Organizational.4-10.a 1782.10a1Organizational.4-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance hipaa 1782.10a1Organizational.4-10.a hipaa-1782.10a1Organizational.4-10.a 1782.10a1Organizational.4-10.a 1782.10a1Organizational.4-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance hipaa 1782.10a1Organizational.4-10.a hipaa-1782.10a1Organizational.4-10.a 1782.10a1Organizational.4-10.a 1782.10a1Organizational.4-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance hipaa 1783.10a1Organizational.56-10.a hipaa-1783.10a1Organizational.56-10.a 1783.10a1Organizational.56-10.a 1783.10a1Organizational.56-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance hipaa 1783.10a1Organizational.56-10.a hipaa-1783.10a1Organizational.56-10.a 1783.10a1Organizational.56-10.a 1783.10a1Organizational.56-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance hipaa 1783.10a1Organizational.56-10.a hipaa-1783.10a1Organizational.56-10.a 1783.10a1Organizational.56-10.a 1783.10a1Organizational.56-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance hipaa 1783.10a1Organizational.56-10.a hipaa-1783.10a1Organizational.56-10.a 1783.10a1Organizational.56-10.a 1783.10a1Organizational.56-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance hipaa 1783.10a1Organizational.56-10.a hipaa-1783.10a1Organizational.56-10.a 1783.10a1Organizational.56-10.a 1783.10a1Organizational.56-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance hipaa 1783.10a1Organizational.56-10.a hipaa-1783.10a1Organizational.56-10.a 1783.10a1Organizational.56-10.a 1783.10a1Organizational.56-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance hipaa 1783.10a1Organizational.56-10.a hipaa-1783.10a1Organizational.56-10.a 1783.10a1Organizational.56-10.a 1783.10a1Organizational.56-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance hipaa 1783.10a1Organizational.56-10.a hipaa-1783.10a1Organizational.56-10.a 1783.10a1Organizational.56-10.a 1783.10a1Organizational.56-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8b333332-6efd-7c0d-5a9f-d1eb95105214 Employ FIPS 201-approved technology for PIV Regulatory Compliance hipaa 1784.10a1Organizational.7-10.a hipaa-1784.10a1Organizational.7-10.a 1784.10a1Organizational.7-10.a 1784.10a1Organizational.7-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3e37c891-840c-3eb4-78d2-e2e0bb5063e0 Require developers to describe accurate security functionality Regulatory Compliance hipaa 1785.10a1Organizational.8-10.a hipaa-1785.10a1Organizational.8-10.a 1785.10a1Organizational.8-10.a 1785.10a1Organizational.8-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance hipaa 1785.10a1Organizational.8-10.a hipaa-1785.10a1Organizational.8-10.a 1785.10a1Organizational.8-10.a 1785.10a1Organizational.8-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance hipaa 1785.10a1Organizational.8-10.a hipaa-1785.10a1Organizational.8-10.a 1785.10a1Organizational.8-10.a 1785.10a1Organizational.8-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance hipaa 1785.10a1Organizational.8-10.a hipaa-1785.10a1Organizational.8-10.a 1785.10a1Organizational.8-10.a 1785.10a1Organizational.8-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2 Create alternative actions for identified anomalies Regulatory Compliance hipaa 1785.10a1Organizational.8-10.a hipaa-1785.10a1Organizational.8-10.a 1785.10a1Organizational.8-10.a 1785.10a1Organizational.8-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance hipaa 1786.10a1Organizational.9-10.a hipaa-1786.10a1Organizational.9-10.a 1786.10a1Organizational.9-10.a 1786.10a1Organizational.9-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance hipaa 1786.10a1Organizational.9-10.a hipaa-1786.10a1Organizational.9-10.a 1786.10a1Organizational.9-10.a 1786.10a1Organizational.9-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance hipaa 1786.10a1Organizational.9-10.a hipaa-1786.10a1Organizational.9-10.a 1786.10a1Organizational.9-10.a 1786.10a1Organizational.9-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f6da5cca-5795-60ff-49e1-4972567815fe Require developer to identify SDLC ports, protocols, and services Regulatory Compliance hipaa 1786.10a1Organizational.9-10.a hipaa-1786.10a1Organizational.9-10.a 1786.10a1Organizational.9-10.a 1786.10a1Organizational.9-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance hipaa 1787.10a2Organizational.1-10.a hipaa-1787.10a2Organizational.1-10.a 1787.10a2Organizational.1-10.a 1787.10a2Organizational.1-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b9d45adb-471b-56a5-64d2-5b241f126174 Automate privacy controls Regulatory Compliance hipaa 1787.10a2Organizational.1-10.a hipaa-1787.10a2Organizational.1-10.a 1787.10a2Organizational.1-10.a 1787.10a2Organizational.1-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
34738025-5925-51f9-1081-f2d0060133ed Information security and personal data protection Regulatory Compliance hipaa 1787.10a2Organizational.1-10.a hipaa-1787.10a2Organizational.1-10.a 1787.10a2Organizational.1-10.a 1787.10a2Organizational.1-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance hipaa 1787.10a2Organizational.1-10.a hipaa-1787.10a2Organizational.1-10.a 1787.10a2Organizational.1-10.a 1787.10a2Organizational.1-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance hipaa 1787.10a2Organizational.1-10.a hipaa-1787.10a2Organizational.1-10.a 1787.10a2Organizational.1-10.a 1787.10a2Organizational.1-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance hipaa 1788.10a2Organizational.2-10.a hipaa-1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance hipaa 1788.10a2Organizational.2-10.a hipaa-1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance hipaa 1788.10a2Organizational.2-10.a hipaa-1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance hipaa 1788.10a2Organizational.2-10.a hipaa-1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance hipaa 1788.10a2Organizational.2-10.a hipaa-1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance hipaa 1788.10a2Organizational.2-10.a hipaa-1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance hipaa 1788.10a2Organizational.2-10.a hipaa-1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance hipaa 1788.10a2Organizational.2-10.a hipaa-1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance hipaa 1788.10a2Organizational.2-10.a hipaa-1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance hipaa 1789.10a2Organizational.3-10.a hipaa-1789.10a2Organizational.3-10.a 1789.10a2Organizational.3-10.a 1789.10a2Organizational.3-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance hipaa 1789.10a2Organizational.3-10.a hipaa-1789.10a2Organizational.3-10.a 1789.10a2Organizational.3-10.a 1789.10a2Organizational.3-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance hipaa 1789.10a2Organizational.3-10.a hipaa-1789.10a2Organizational.3-10.a 1789.10a2Organizational.3-10.a 1789.10a2Organizational.3-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e7422f08-65b4-50e4-3779-d793156e0079 Develop a concept of operations (CONOPS) Regulatory Compliance hipaa 1789.10a2Organizational.3-10.a hipaa-1789.10a2Organizational.3-10.a 1789.10a2Organizational.3-10.a 1789.10a2Organizational.3-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance hipaa 1790.10a2Organizational.45-10.a hipaa-1790.10a2Organizational.45-10.a 1790.10a2Organizational.45-10.a 1790.10a2Organizational.45-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 Review development process, standards and tools Regulatory Compliance hipaa 1790.10a2Organizational.45-10.a hipaa-1790.10a2Organizational.45-10.a 1790.10a2Organizational.45-10.a 1790.10a2Organizational.45-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance hipaa 1790.10a2Organizational.45-10.a hipaa-1790.10a2Organizational.45-10.a 1790.10a2Organizational.45-10.a 1790.10a2Organizational.45-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance hipaa 1790.10a2Organizational.45-10.a hipaa-1790.10a2Organizational.45-10.a 1790.10a2Organizational.45-10.a 1790.10a2Organizational.45-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ced291b8-1d3d-7e27-40cf-829e9dd523c8 Review and update the information security architecture Regulatory Compliance hipaa 1790.10a2Organizational.45-10.a hipaa-1790.10a2Organizational.45-10.a 1790.10a2Organizational.45-10.a 1790.10a2Organizational.45-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e7422f08-65b4-50e4-3779-d793156e0079 Develop a concept of operations (CONOPS) Regulatory Compliance hipaa 1790.10a2Organizational.45-10.a hipaa-1790.10a2Organizational.45-10.a 1790.10a2Organizational.45-10.a 1790.10a2Organizational.45-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance hipaa 1791.10a2Organizational.6-10.a hipaa-1791.10a2Organizational.6-10.a 1791.10a2Organizational.6-10.a 1791.10a2Organizational.6-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers Regulatory Compliance hipaa 1791.10a2Organizational.6-10.a hipaa-1791.10a2Organizational.6-10.a 1791.10a2Organizational.6-10.a 1791.10a2Organizational.6-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance hipaa 1791.10a2Organizational.6-10.a hipaa-1791.10a2Organizational.6-10.a 1791.10a2Organizational.6-10.a 1791.10a2Organizational.6-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance hipaa 1791.10a2Organizational.6-10.a hipaa-1791.10a2Organizational.6-10.a 1791.10a2Organizational.6-10.a 1791.10a2Organizational.6-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a90c4d44-7fac-8e02-6d5b-0d92046b20e6 Automate flaw remediation Regulatory Compliance hipaa 1791.10a2Organizational.6-10.a hipaa-1791.10a2Organizational.6-10.a 1791.10a2Organizational.6-10.a 1791.10a2Organizational.6-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance hipaa 1792.10a2Organizational.7814-10.a hipaa-1792.10a2Organizational.7814-10.a 1792.10a2Organizational.7814-10.a 1792.10a2Organizational.7814-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance hipaa 1792.10a2Organizational.7814-10.a hipaa-1792.10a2Organizational.7814-10.a 1792.10a2Organizational.7814-10.a 1792.10a2Organizational.7814-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance hipaa 1792.10a2Organizational.7814-10.a hipaa-1792.10a2Organizational.7814-10.a 1792.10a2Organizational.7814-10.a 1792.10a2Organizational.7814-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance hipaa 1792.10a2Organizational.7814-10.a hipaa-1792.10a2Organizational.7814-10.a 1792.10a2Organizational.7814-10.a 1792.10a2Organizational.7814-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance hipaa 1793.10a2Organizational.91011-10.a hipaa-1793.10a2Organizational.91011-10.a 1793.10a2Organizational.91011-10.a 1793.10a2Organizational.91011-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance hipaa 1793.10a2Organizational.91011-10.a hipaa-1793.10a2Organizational.91011-10.a 1793.10a2Organizational.91011-10.a 1793.10a2Organizational.91011-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance hipaa 1793.10a2Organizational.91011-10.a hipaa-1793.10a2Organizational.91011-10.a 1793.10a2Organizational.91011-10.a 1793.10a2Organizational.91011-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance hipaa 1793.10a2Organizational.91011-10.a hipaa-1793.10a2Organizational.91011-10.a 1793.10a2Organizational.91011-10.a 1793.10a2Organizational.91011-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance hipaa 1793.10a2Organizational.91011-10.a hipaa-1793.10a2Organizational.91011-10.a 1793.10a2Organizational.91011-10.a 1793.10a2Organizational.91011-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance hipaa 1793.10a2Organizational.91011-10.a hipaa-1793.10a2Organizational.91011-10.a 1793.10a2Organizational.91011-10.a 1793.10a2Organizational.91011-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f8a63511-66f1-503f-196d-d6217ee0823a Require developers to produce evidence of security assessment plan execution Regulatory Compliance hipaa 1794.10a2Organizational.12-10.a hipaa-1794.10a2Organizational.12-10.a 1794.10a2Organizational.12-10.a 1794.10a2Organizational.12-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance hipaa 1795.10a2Organizational.13-10.a hipaa-1795.10a2Organizational.13-10.a 1795.10a2Organizational.13-10.a 1795.10a2Organizational.13-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance hipaa 1795.10a2Organizational.13-10.a hipaa-1795.10a2Organizational.13-10.a 1795.10a2Organizational.13-10.a 1795.10a2Organizational.13-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance hipaa 1795.10a2Organizational.13-10.a hipaa-1795.10a2Organizational.13-10.a 1795.10a2Organizational.13-10.a 1795.10a2Organizational.13-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance hipaa 1795.10a2Organizational.13-10.a hipaa-1795.10a2Organizational.13-10.a 1795.10a2Organizational.13-10.a 1795.10a2Organizational.13-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f8a63511-66f1-503f-196d-d6217ee0823a Require developers to produce evidence of security assessment plan execution Regulatory Compliance hipaa 1795.10a2Organizational.13-10.a hipaa-1795.10a2Organizational.13-10.a 1795.10a2Organizational.13-10.a 1795.10a2Organizational.13-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance hipaa 1796.10a2Organizational.15-10.a hipaa-1796.10a2Organizational.15-10.a 1796.10a2Organizational.15-10.a 1796.10a2Organizational.15-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance hipaa 1796.10a2Organizational.15-10.a hipaa-1796.10a2Organizational.15-10.a 1796.10a2Organizational.15-10.a 1796.10a2Organizational.15-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance hipaa 1796.10a2Organizational.15-10.a hipaa-1796.10a2Organizational.15-10.a 1796.10a2Organizational.15-10.a 1796.10a2Organizational.15-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3054c74b-9b45-2581-56cf-053a1a716c39 Accept assessment results Regulatory Compliance hipaa 1796.10a2Organizational.15-10.a hipaa-1796.10a2Organizational.15-10.a 1796.10a2Organizational.15-10.a 1796.10a2Organizational.15-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance hipaa 1796.10a2Organizational.15-10.a hipaa-1796.10a2Organizational.15-10.a 1796.10a2Organizational.15-10.a 1796.10a2Organizational.15-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b65c5d8e-9043-9612-2c17-65f231d763bb Employ independent assessors to conduct security control assessments Regulatory Compliance hipaa 1796.10a2Organizational.15-10.a hipaa-1796.10a2Organizational.15-10.a 1796.10a2Organizational.15-10.a 1796.10a2Organizational.15-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e7422f08-65b4-50e4-3779-d793156e0079 Develop a concept of operations (CONOPS) Regulatory Compliance hipaa 1797.10a3Organizational.1-10.a hipaa-1797.10a3Organizational.1-10.a 1797.10a3Organizational.1-10.a 1797.10a3Organizational.1-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3e37c891-840c-3eb4-78d2-e2e0bb5063e0 Require developers to describe accurate security functionality Regulatory Compliance hipaa 1797.10a3Organizational.1-10.a hipaa-1797.10a3Organizational.1-10.a 1797.10a3Organizational.1-10.a 1797.10a3Organizational.1-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f131c8c5-a54a-4888-1efc-158928924bc1 Require developers to build security architecture Regulatory Compliance hipaa 1797.10a3Organizational.1-10.a hipaa-1797.10a3Organizational.1-10.a 1797.10a3Organizational.1-10.a 1797.10a3Organizational.1-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7a114735-a420-057d-a651-9a73cd0416ef Require developers to provide unified security protection approach Regulatory Compliance hipaa 1797.10a3Organizational.1-10.a hipaa-1797.10a3Organizational.1-10.a 1797.10a3Organizational.1-10.a 1797.10a3Organizational.1-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57adc919-9dca-817c-8197-64d812070316 Develop an enterprise architecture Regulatory Compliance hipaa 1797.10a3Organizational.1-10.a hipaa-1797.10a3Organizational.1-10.a 1797.10a3Organizational.1-10.a 1797.10a3Organizational.1-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f131c8c5-a54a-4888-1efc-158928924bc1 Require developers to build security architecture Regulatory Compliance hipaa 1798.10a3Organizational.2-10.a hipaa-1798.10a3Organizational.2-10.a 1798.10a3Organizational.2-10.a 1798.10a3Organizational.2-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ced291b8-1d3d-7e27-40cf-829e9dd523c8 Review and update the information security architecture Regulatory Compliance hipaa 1798.10a3Organizational.2-10.a hipaa-1798.10a3Organizational.2-10.a 1798.10a3Organizational.2-10.a 1798.10a3Organizational.2-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e7422f08-65b4-50e4-3779-d793156e0079 Develop a concept of operations (CONOPS) Regulatory Compliance hipaa 1798.10a3Organizational.2-10.a hipaa-1798.10a3Organizational.2-10.a 1798.10a3Organizational.2-10.a 1798.10a3Organizational.2-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57adc919-9dca-817c-8197-64d812070316 Develop an enterprise architecture Regulatory Compliance hipaa 1798.10a3Organizational.2-10.a hipaa-1798.10a3Organizational.2-10.a 1798.10a3Organizational.2-10.a 1798.10a3Organizational.2-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3e37c891-840c-3eb4-78d2-e2e0bb5063e0 Require developers to describe accurate security functionality Regulatory Compliance hipaa 1799.10a3Organizational.34-10.a hipaa-1799.10a3Organizational.34-10.a 1799.10a3Organizational.34-10.a 1799.10a3Organizational.34-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f131c8c5-a54a-4888-1efc-158928924bc1 Require developers to build security architecture Regulatory Compliance hipaa 1799.10a3Organizational.34-10.a hipaa-1799.10a3Organizational.34-10.a 1799.10a3Organizational.34-10.a 1799.10a3Organizational.34-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7a114735-a420-057d-a651-9a73cd0416ef Require developers to provide unified security protection approach Regulatory Compliance hipaa 1799.10a3Organizational.34-10.a hipaa-1799.10a3Organizational.34-10.a 1799.10a3Organizational.34-10.a 1799.10a3Organizational.34-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57adc919-9dca-817c-8197-64d812070316 Develop an enterprise architecture Regulatory Compliance hipaa 1799.10a3Organizational.34-10.a hipaa-1799.10a3Organizational.34-10.a 1799.10a3Organizational.34-10.a 1799.10a3Organizational.34-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ced291b8-1d3d-7e27-40cf-829e9dd523c8 Review and update the information security architecture Regulatory Compliance hipaa 1799.10a3Organizational.34-10.a hipaa-1799.10a3Organizational.34-10.a 1799.10a3Organizational.34-10.a 1799.10a3Organizational.34-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e7422f08-65b4-50e4-3779-d793156e0079 Develop a concept of operations (CONOPS) Regulatory Compliance hipaa 1799.10a3Organizational.34-10.a hipaa-1799.10a3Organizational.34-10.a 1799.10a3Organizational.34-10.a 1799.10a3Organizational.34-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance hipaa 1801.08b1Organizational.124-08.b hipaa-1801.08b1Organizational.124-08.b 1801.08b1Organizational.124-08.b 1801.08b1Organizational.124-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance hipaa 1801.08b1Organizational.124-08.b hipaa-1801.08b1Organizational.124-08.b 1801.08b1Organizational.124-08.b 1801.08b1Organizational.124-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance hipaa 1801.08b1Organizational.124-08.b hipaa-1801.08b1Organizational.124-08.b 1801.08b1Organizational.124-08.b 1801.08b1Organizational.124-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance hipaa 1802.08b1Organizational.3-08.b hipaa-1802.08b1Organizational.3-08.b 1802.08b1Organizational.3-08.b 1802.08b1Organizational.3-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
74041cfe-3f87-1d17-79ec-34ca5f895542 Produce complete records of remote maintenance activities Regulatory Compliance hipaa 1803.08b1Organizational.5-08.b hipaa-1803.08b1Organizational.5-08.b 1803.08b1Organizational.5-08.b 1803.08b1Organizational.5-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance hipaa 1803.08b1Organizational.5-08.b hipaa-1803.08b1Organizational.5-08.b 1803.08b1Organizational.5-08.b 1803.08b1Organizational.5-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b8587fce-138f-86e8-33a3-c60768bf1da6 Automate remote maintenance activities Regulatory Compliance hipaa 1803.08b1Organizational.5-08.b hipaa-1803.08b1Organizational.5-08.b 1803.08b1Organizational.5-08.b 1803.08b1Organizational.5-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance hipaa 1804.08b2Organizational.12-08.b hipaa-1804.08b2Organizational.12-08.b 1804.08b2Organizational.12-08.b 1804.08b2Organizational.12-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance hipaa 1804.08b2Organizational.12-08.b hipaa-1804.08b2Organizational.12-08.b 1804.08b2Organizational.12-08.b 1804.08b2Organizational.12-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance hipaa 1805.08b2Organizational.3-08.b hipaa-1805.08b2Organizational.3-08.b 1805.08b2Organizational.3-08.b 1805.08b2Organizational.3-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance hipaa 1806.08b2Organizational.4-08.b hipaa-1806.08b2Organizational.4-08.b 1806.08b2Organizational.4-08.b 1806.08b2Organizational.4-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance hipaa 1807.08b2Organizational.56-08.b hipaa-1807.08b2Organizational.56-08.b 1807.08b2Organizational.56-08.b 1807.08b2Organizational.56-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance hipaa 1808.08b2Organizational.7-08.b hipaa-1808.08b2Organizational.7-08.b 1808.08b2Organizational.7-08.b 1808.08b2Organizational.7-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance hipaa 1808.08b2Organizational.7-08.b hipaa-1808.08b2Organizational.7-08.b 1808.08b2Organizational.7-08.b 1808.08b2Organizational.7-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance hipaa 1808.08b2Organizational.7-08.b hipaa-1808.08b2Organizational.7-08.b 1808.08b2Organizational.7-08.b 1808.08b2Organizational.7-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance hipaa 1808.08b2Organizational.7-08.b hipaa-1808.08b2Organizational.7-08.b 1808.08b2Organizational.7-08.b 1808.08b2Organizational.7-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance hipaa 1808.08b2Organizational.7-08.b hipaa-1808.08b2Organizational.7-08.b 1808.08b2Organizational.7-08.b 1808.08b2Organizational.7-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance hipaa 1808.08b2Organizational.7-08.b hipaa-1808.08b2Organizational.7-08.b 1808.08b2Organizational.7-08.b 1808.08b2Organizational.7-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance hipaa 1808.08b2Organizational.7-08.b hipaa-1808.08b2Organizational.7-08.b 1808.08b2Organizational.7-08.b 1808.08b2Organizational.7-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance hipaa 1810.08b3Organizational.2-08.b hipaa-1810.08b3Organizational.2-08.b 1810.08b3Organizational.2-08.b 1810.08b3Organizational.2-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance hipaa 18108.08j1Organizational.1-08.j hipaa-18108.08j1Organizational.1-08.j 18108.08j1Organizational.1-08.j 18108.08j1Organizational.1-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance hipaa 18108.08j1Organizational.1-08.j hipaa-18108.08j1Organizational.1-08.j 18108.08j1Organizational.1-08.j 18108.08j1Organizational.1-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d Manage maintenance personnel Regulatory Compliance hipaa 18109.08j1Organizational.4-08.j hipaa-18109.08j1Organizational.4-08.j 18109.08j1Organizational.4-08.j 18109.08j1Organizational.4-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7a489c62-242c-5db9-74df-c073056d6fa3 Designate personnel to supervise unauthorized maintenance activities Regulatory Compliance hipaa 18109.08j1Organizational.4-08.j hipaa-18109.08j1Organizational.4-08.j 18109.08j1Organizational.4-08.j 18109.08j1Organizational.4-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance hipaa 18109.08j1Organizational.4-08.j hipaa-18109.08j1Organizational.4-08.j 18109.08j1Organizational.4-08.j 18109.08j1Organizational.4-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4ce91e4e-6dab-3c46-011a-aa14ae1561bf Maintain list of authorized remote maintenance personnel Regulatory Compliance hipaa 18109.08j1Organizational.4-08.j hipaa-18109.08j1Organizational.4-08.j 18109.08j1Organizational.4-08.j 18109.08j1Organizational.4-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance hipaa 1811.08b3Organizational.3-08.b hipaa-1811.08b3Organizational.3-08.b 1811.08b3Organizational.3-08.b 1811.08b3Organizational.3-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance hipaa 1811.08b3Organizational.3-08.b hipaa-1811.08b3Organizational.3-08.b 1811.08b3Organizational.3-08.b 1811.08b3Organizational.3-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance hipaa 1811.08b3Organizational.3-08.b hipaa-1811.08b3Organizational.3-08.b 1811.08b3Organizational.3-08.b 1811.08b3Organizational.3-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance hipaa 1811.08b3Organizational.3-08.b hipaa-1811.08b3Organizational.3-08.b 1811.08b3Organizational.3-08.b 1811.08b3Organizational.3-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5bac5fb7-7735-357b-767d-02264bfe5c3b Perform all non-local maintenance Regulatory Compliance hipaa 18110.08j1Organizational.5-08.j hipaa-18110.08j1Organizational.5-08.j 18110.08j1Organizational.5-08.j 18110.08j1Organizational.5-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10c3a1b1-29b0-a2d5-8f4c-a284b0f07830 Implement cryptographic mechanisms Regulatory Compliance hipaa 18110.08j1Organizational.5-08.j hipaa-18110.08j1Organizational.5-08.j 18110.08j1Organizational.5-08.j 18110.08j1Organizational.5-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance hipaa 18110.08j1Organizational.5-08.j hipaa-18110.08j1Organizational.5-08.j 18110.08j1Organizational.5-08.j 18110.08j1Organizational.5-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance hipaa 18110.08j1Organizational.5-08.j hipaa-18110.08j1Organizational.5-08.j 18110.08j1Organizational.5-08.j 18110.08j1Organizational.5-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eb598832-4bcc-658d-4381-3ecbe17b9866 Provide timely maintenance support Regulatory Compliance hipaa 18111.08j1Organizational.6-08.j hipaa-18111.08j1Organizational.6-08.j 18111.08j1Organizational.6-08.j 18111.08j1Organizational.6-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance hipaa 18112.08j3Organizational.4-08.j hipaa-18112.08j3Organizational.4-08.j 18112.08j3Organizational.4-08.j 18112.08j3Organizational.4-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance hipaa 18112.08j3Organizational.4-08.j hipaa-18112.08j3Organizational.4-08.j 18112.08j3Organizational.4-08.j 18112.08j3Organizational.4-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance hipaa 18112.08j3Organizational.4-08.j hipaa-18112.08j3Organizational.4-08.j 18112.08j3Organizational.4-08.j 18112.08j3Organizational.4-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance hipaa 1812.08b3Organizational.46-08.b hipaa-1812.08b3Organizational.46-08.b 1812.08b3Organizational.46-08.b 1812.08b3Organizational.46-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls Regulatory Compliance hipaa 1812.08b3Organizational.46-08.b hipaa-1812.08b3Organizational.46-08.b 1812.08b3Organizational.46-08.b 1812.08b3Organizational.46-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance hipaa 1812.08b3Organizational.46-08.b hipaa-1812.08b3Organizational.46-08.b 1812.08b3Organizational.46-08.b 1812.08b3Organizational.46-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance hipaa 18127.08l1Organizational.3-08.l hipaa-18127.08l1Organizational.3-08.l 18127.08l1Organizational.3-08.l 18127.08l1Organizational.3-08.l 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance hipaa 1813.08b3Organizational.56-08.b hipaa-1813.08b3Organizational.56-08.b 1813.08b3Organizational.56-08.b 1813.08b3Organizational.56-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance hipaa 1813.08b3Organizational.56-08.b hipaa-1813.08b3Organizational.56-08.b 1813.08b3Organizational.56-08.b 1813.08b3Organizational.56-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance hipaa 1813.08b3Organizational.56-08.b hipaa-1813.08b3Organizational.56-08.b 1813.08b3Organizational.56-08.b 1813.08b3Organizational.56-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance hipaa 1813.08b3Organizational.56-08.b hipaa-1813.08b3Organizational.56-08.b 1813.08b3Organizational.56-08.b 1813.08b3Organizational.56-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance hipaa 18130.09p1Organizational.24-09.p hipaa-18130.09p1Organizational.24-09.p 18130.09p1Organizational.24-09.p 18130.09p1Organizational.24-09.p 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance hipaa 1814.08d1Organizational.12-08.d hipaa-1814.08d1Organizational.12-08.d 1814.08d1Organizational.12-08.d 1814.08d1Organizational.12-08.d 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance hipaa 1814.08d1Organizational.12-08.d hipaa-1814.08d1Organizational.12-08.d 1814.08d1Organizational.12-08.d 1814.08d1Organizational.12-08.d 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c2eabc28-1e5c-78a2-a712-7cc176c44c07 Implement a penetration testing methodology Regulatory Compliance hipaa 1814.08d1Organizational.12-08.d hipaa-1814.08d1Organizational.12-08.d 1814.08d1Organizational.12-08.d 1814.08d1Organizational.12-08.d 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance hipaa 18145.08b3Organizational.7-08.b hipaa-18145.08b3Organizational.7-08.b 18145.08b3Organizational.7-08.b 18145.08b3Organizational.7-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance hipaa 18145.08b3Organizational.7-08.b hipaa-18145.08b3Organizational.7-08.b 18145.08b3Organizational.7-08.b 18145.08b3Organizational.7-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance hipaa 18146.08b3Organizational.8-08.b hipaa-18146.08b3Organizational.8-08.b 18146.08b3Organizational.8-08.b 18146.08b3Organizational.8-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance hipaa 18146.08b3Organizational.8-08.b hipaa-18146.08b3Organizational.8-08.b 18146.08b3Organizational.8-08.b 18146.08b3Organizational.8-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance hipaa 18146.08b3Organizational.8-08.b hipaa-18146.08b3Organizational.8-08.b 18146.08b3Organizational.8-08.b 18146.08b3Organizational.8-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance hipaa 18146.08b3Organizational.8-08.b hipaa-18146.08b3Organizational.8-08.b 18146.08b3Organizational.8-08.b 18146.08b3Organizational.8-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance hipaa 1815.08d2Organizational.123-08.d hipaa-1815.08d2Organizational.123-08.d 1815.08d2Organizational.123-08.d 1815.08d2Organizational.123-08.d 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance hipaa 1815.08d2Organizational.123-08.d hipaa-1815.08d2Organizational.123-08.d 1815.08d2Organizational.123-08.d 1815.08d2Organizational.123-08.d 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c2eabc28-1e5c-78a2-a712-7cc176c44c07 Implement a penetration testing methodology Regulatory Compliance hipaa 1815.08d2Organizational.123-08.d hipaa-1815.08d2Organizational.123-08.d 1815.08d2Organizational.123-08.d 1815.08d2Organizational.123-08.d 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance hipaa 1816.08d2Organizational.4-08.d hipaa-1816.08d2Organizational.4-08.d 1816.08d2Organizational.4-08.d 1816.08d2Organizational.4-08.d 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance hipaa 1816.08d2Organizational.4-08.d hipaa-1816.08d2Organizational.4-08.d 1816.08d2Organizational.4-08.d 1816.08d2Organizational.4-08.d 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance hipaa 1816.08d2Organizational.4-08.d hipaa-1816.08d2Organizational.4-08.d 1816.08d2Organizational.4-08.d 1816.08d2Organizational.4-08.d 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance hipaa 1816.08d2Organizational.4-08.d hipaa-1816.08d2Organizational.4-08.d 1816.08d2Organizational.4-08.d 1816.08d2Organizational.4-08.d 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance hipaa 1817.08d3Organizational.12-08.d hipaa-1817.08d3Organizational.12-08.d 1817.08d3Organizational.12-08.d 1817.08d3Organizational.12-08.d 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance hipaa 1818.08d3Organizational.3-08.d hipaa-1818.08d3Organizational.3-08.d 1818.08d3Organizational.3-08.d 1818.08d3Organizational.3-08.d 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c2eabc28-1e5c-78a2-a712-7cc176c44c07 Implement a penetration testing methodology Regulatory Compliance hipaa 1818.08d3Organizational.3-08.d hipaa-1818.08d3Organizational.3-08.d 1818.08d3Organizational.3-08.d 1818.08d3Organizational.3-08.d 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance hipaa 1818.08d3Organizational.3-08.d hipaa-1818.08d3Organizational.3-08.d 1818.08d3Organizational.3-08.d 1818.08d3Organizational.3-08.d 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4ce91e4e-6dab-3c46-011a-aa14ae1561bf Maintain list of authorized remote maintenance personnel Regulatory Compliance hipaa 1819.08j1Organizational.23-08.j hipaa-1819.08j1Organizational.23-08.j 1819.08j1Organizational.23-08.j 1819.08j1Organizational.23-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance hipaa 1819.08j1Organizational.23-08.j hipaa-1819.08j1Organizational.23-08.j 1819.08j1Organizational.23-08.j 1819.08j1Organizational.23-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance hipaa 1819.08j1Organizational.23-08.j hipaa-1819.08j1Organizational.23-08.j 1819.08j1Organizational.23-08.j 1819.08j1Organizational.23-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7a489c62-242c-5db9-74df-c073056d6fa3 Designate personnel to supervise unauthorized maintenance activities Regulatory Compliance hipaa 1819.08j1Organizational.23-08.j hipaa-1819.08j1Organizational.23-08.j 1819.08j1Organizational.23-08.j 1819.08j1Organizational.23-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d Manage maintenance personnel Regulatory Compliance hipaa 1819.08j1Organizational.23-08.j hipaa-1819.08j1Organizational.23-08.j 1819.08j1Organizational.23-08.j 1819.08j1Organizational.23-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b8587fce-138f-86e8-33a3-c60768bf1da6 Automate remote maintenance activities Regulatory Compliance hipaa 1819.08j1Organizational.23-08.j hipaa-1819.08j1Organizational.23-08.j 1819.08j1Organizational.23-08.j 1819.08j1Organizational.23-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
74041cfe-3f87-1d17-79ec-34ca5f895542 Produce complete records of remote maintenance activities Regulatory Compliance hipaa 1819.08j1Organizational.23-08.j hipaa-1819.08j1Organizational.23-08.j 1819.08j1Organizational.23-08.j 1819.08j1Organizational.23-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance hipaa 1820.08j2Organizational.1-08.j hipaa-1820.08j2Organizational.1-08.j 1820.08j2Organizational.1-08.j 1820.08j2Organizational.1-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance hipaa 1820.08j2Organizational.1-08.j hipaa-1820.08j2Organizational.1-08.j 1820.08j2Organizational.1-08.j 1820.08j2Organizational.1-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance hipaa 1821.08j2Organizational.3-08.j hipaa-1821.08j2Organizational.3-08.j 1821.08j2Organizational.3-08.j 1821.08j2Organizational.3-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b8587fce-138f-86e8-33a3-c60768bf1da6 Automate remote maintenance activities Regulatory Compliance hipaa 1821.08j2Organizational.3-08.j hipaa-1821.08j2Organizational.3-08.j 1821.08j2Organizational.3-08.j 1821.08j2Organizational.3-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
74041cfe-3f87-1d17-79ec-34ca5f895542 Produce complete records of remote maintenance activities Regulatory Compliance hipaa 1821.08j2Organizational.3-08.j hipaa-1821.08j2Organizational.3-08.j 1821.08j2Organizational.3-08.j 1821.08j2Organizational.3-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance hipaa 1821.08j2Organizational.3-08.j hipaa-1821.08j2Organizational.3-08.j 1821.08j2Organizational.3-08.j 1821.08j2Organizational.3-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b8587fce-138f-86e8-33a3-c60768bf1da6 Automate remote maintenance activities Regulatory Compliance hipaa 1822.08j2Organizational.2-08.j hipaa-1822.08j2Organizational.2-08.j 1822.08j2Organizational.2-08.j 1822.08j2Organizational.2-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance hipaa 1822.08j2Organizational.2-08.j hipaa-1822.08j2Organizational.2-08.j 1822.08j2Organizational.2-08.j 1822.08j2Organizational.2-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
74041cfe-3f87-1d17-79ec-34ca5f895542 Produce complete records of remote maintenance activities Regulatory Compliance hipaa 1822.08j2Organizational.2-08.j hipaa-1822.08j2Organizational.2-08.j 1822.08j2Organizational.2-08.j 1822.08j2Organizational.2-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance hipaa 1822.08j2Organizational.2-08.j hipaa-1822.08j2Organizational.2-08.j 1822.08j2Organizational.2-08.j 1822.08j2Organizational.2-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance hipaa 1823.08j3Organizational.12-08.j hipaa-1823.08j3Organizational.12-08.j 1823.08j3Organizational.12-08.j 1823.08j3Organizational.12-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance hipaa 1823.08j3Organizational.12-08.j hipaa-1823.08j3Organizational.12-08.j 1823.08j3Organizational.12-08.j 1823.08j3Organizational.12-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance hipaa 1824.08j3Organizational.3-08.j hipaa-1824.08j3Organizational.3-08.j 1824.08j3Organizational.3-08.j 1824.08j3Organizational.3-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance hipaa 1824.08j3Organizational.3-08.j hipaa-1824.08j3Organizational.3-08.j 1824.08j3Organizational.3-08.j 1824.08j3Organizational.3-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance hipaa 1826.09p1Organizational.1-09.p hipaa-1826.09p1Organizational.1-09.p 1826.09p1Organizational.1-09.p 1826.09p1Organizational.1-09.p 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance hipaa 1826.09p1Organizational.1-09.p hipaa-1826.09p1Organizational.1-09.p 1826.09p1Organizational.1-09.p 1826.09p1Organizational.1-09.p 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance hipaa 1826.09p1Organizational.1-09.p hipaa-1826.09p1Organizational.1-09.p 1826.09p1Organizational.1-09.p 1826.09p1Organizational.1-09.p 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance hipaa 1844.08b1Organizational.6-08.b hipaa-1844.08b1Organizational.6-08.b 1844.08b1Organizational.6-08.b 1844.08b1Organizational.6-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance hipaa 1845.08b1Organizational.7-08.b hipaa-1845.08b1Organizational.7-08.b 1845.08b1Organizational.7-08.b 1845.08b1Organizational.7-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance hipaa 1845.08b1Organizational.7-08.b hipaa-1845.08b1Organizational.7-08.b 1845.08b1Organizational.7-08.b 1845.08b1Organizational.7-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance hipaa 1845.08b1Organizational.7-08.b hipaa-1845.08b1Organizational.7-08.b 1845.08b1Organizational.7-08.b 1845.08b1Organizational.7-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance hipaa 1845.08b1Organizational.7-08.b hipaa-1845.08b1Organizational.7-08.b 1845.08b1Organizational.7-08.b 1845.08b1Organizational.7-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance hipaa 1846.08b2Organizational.8-08.b hipaa-1846.08b2Organizational.8-08.b 1846.08b2Organizational.8-08.b 1846.08b2Organizational.8-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance hipaa 1847.08b2Organizational.910-08.b hipaa-1847.08b2Organizational.910-08.b 1847.08b2Organizational.910-08.b 1847.08b2Organizational.910-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance hipaa 1847.08b2Organizational.910-08.b hipaa-1847.08b2Organizational.910-08.b 1847.08b2Organizational.910-08.b 1847.08b2Organizational.910-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance hipaa 1848.08b2Organizational.11-08.b hipaa-1848.08b2Organizational.11-08.b 1848.08b2Organizational.11-08.b 1848.08b2Organizational.11-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance hipaa 1862.08d1Organizational.3-08.d hipaa-1862.08d1Organizational.3-08.d 1862.08d1Organizational.3-08.d 1862.08d1Organizational.3-08.d 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c2eabc28-1e5c-78a2-a712-7cc176c44c07 Implement a penetration testing methodology Regulatory Compliance hipaa 1862.08d1Organizational.3-08.d hipaa-1862.08d1Organizational.3-08.d 1862.08d1Organizational.3-08.d 1862.08d1Organizational.3-08.d 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance hipaa 1862.08d3Organizational.3 hipaa-1862.08d3Organizational.3 1862.08d3Organizational.3 1862.08d3Organizational.3 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c2eabc28-1e5c-78a2-a712-7cc176c44c07 Implement a penetration testing methodology Regulatory Compliance hipaa 1862.08d3Organizational.3 hipaa-1862.08d3Organizational.3 1862.08d3Organizational.3 1862.08d3Organizational.3 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance hipaa 1892.01l1Organizational.1 hipaa-1892.01l1Organizational.1 1892.01l1Organizational.1 1892.01l1Organizational.1 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance hipaa 1892.01l1Organizational.1 hipaa-1892.01l1Organizational.1 1892.01l1Organizational.1 1892.01l1Organizational.1 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance hipaa 1901.06d1Organizational.1-06.d hipaa-1901.06d1Organizational.1-06.d 1901.06d1Organizational.1-06.d 1901.06d1Organizational.1-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance hipaa 1901.06d1Organizational.1-06.d hipaa-1901.06d1Organizational.1-06.d 1901.06d1Organizational.1-06.d 1901.06d1Organizational.1-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4e400494-53a5-5147-6f4d-718b539c7394 Manage compliance activities Regulatory Compliance hipaa 1901.06d1Organizational.1-06.d hipaa-1901.06d1Organizational.1-06.d 1901.06d1Organizational.1-06.d 1901.06d1Organizational.1-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance hipaa 1902.06d1Organizational.2-06.d hipaa-1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance hipaa 1902.06d1Organizational.2-06.d hipaa-1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8b1da407-5e60-5037-612e-2caa1b590719 Record disclosures of PII to third parties Regulatory Compliance hipaa 1902.06d1Organizational.2-06.d hipaa-1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0bbfd658-93ab-6f5e-1e19-3c1c1da62d01 Keep accurate accounting of disclosures of information Regulatory Compliance hipaa 1902.06d1Organizational.2-06.d hipaa-1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance hipaa 1902.06d1Organizational.2-06.d hipaa-1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
75b9db50-7906-2351-98ae-0458218609e5 Retain accounting of disclosures of information Regulatory Compliance hipaa 1902.06d1Organizational.2-06.d hipaa-1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d4f70530-19a2-2a85-6e0c-0c3c465e3325 Make accounting of disclosures available upon request Regulatory Compliance hipaa 1902.06d1Organizational.2-06.d hipaa-1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance hipaa 1902.06d1Organizational.2-06.d hipaa-1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ee67c031-57fc-53d0-0cca-96c4c04345e8 Document and distribute a privacy policy Regulatory Compliance hipaa 1902.06d1Organizational.2-06.d hipaa-1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
52375c01-4d4c-7acc-3aa4-5b3d53a047ec Define the duties of processors Regulatory Compliance hipaa 1902.06d1Organizational.2-06.d hipaa-1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8019d788-713d-90a1-5570-dac5052f517d Train staff on PII sharing and its consequences Regulatory Compliance hipaa 1902.06d1Organizational.2-06.d hipaa-1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance hipaa 1903.06d1Organizational.3456711-06.d hipaa-1903.06d1Organizational.3456711-06.d 1903.06d1Organizational.3456711-06.d 1903.06d1Organizational.3456711-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance hipaa 1903.06d1Organizational.3456711-06.d hipaa-1903.06d1Organizational.3456711-06.d 1903.06d1Organizational.3456711-06.d 1903.06d1Organizational.3456711-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance hipaa 1903.06d1Organizational.3456711-06.d hipaa-1903.06d1Organizational.3456711-06.d 1903.06d1Organizational.3456711-06.d 1903.06d1Organizational.3456711-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance hipaa 1903.06d1Organizational.3456711-06.d hipaa-1903.06d1Organizational.3456711-06.d 1903.06d1Organizational.3456711-06.d 1903.06d1Organizational.3456711-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance hipaa 1903.06d1Organizational.3456711-06.d hipaa-1903.06d1Organizational.3456711-06.d 1903.06d1Organizational.3456711-06.d 1903.06d1Organizational.3456711-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance hipaa 1904.06.d2Organizational.1-06.d hipaa-1904.06.d2Organizational.1-06.d 1904.06.d2Organizational.1-06.d 1904.06.d2Organizational.1-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance hipaa 1904.06.d2Organizational.1-06.d hipaa-1904.06.d2Organizational.1-06.d 1904.06.d2Organizational.1-06.d 1904.06.d2Organizational.1-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance hipaa 1904.06.d2Organizational.1-06.d hipaa-1904.06.d2Organizational.1-06.d 1904.06.d2Organizational.1-06.d 1904.06.d2Organizational.1-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f3c17714-8ce7-357f-4af2-a0baa63a063f Make SORNs available publicly Regulatory Compliance hipaa 1906.06.c1Organizational.2-06.c hipaa-1906.06.c1Organizational.2-06.c 1906.06.c1Organizational.2-06.c 1906.06.c1Organizational.2-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
95eb7d09-9937-5df9-11d9-20317e3f60df Provide formal notice to individuals Regulatory Compliance hipaa 1906.06.c1Organizational.2-06.c hipaa-1906.06.c1Organizational.2-06.c 1906.06.c1Organizational.2-06.c 1906.06.c1Organizational.2-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
898a5781-2254-5a37-34c7-d78ea7c20d55 Publish SORNs for systems containing PII Regulatory Compliance hipaa 1906.06.c1Organizational.2-06.c hipaa-1906.06.c1Organizational.2-06.c 1906.06.c1Organizational.2-06.c 1906.06.c1Organizational.2-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5023a9e7-8e64-2db6-31dc-7bce27f796af Provide privacy notice to the public and to individuals Regulatory Compliance hipaa 1906.06.c1Organizational.2-06.c hipaa-1906.06.c1Organizational.2-06.c 1906.06.c1Organizational.2-06.c 1906.06.c1Organizational.2-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
898a5781-2254-5a37-34c7-d78ea7c20d55 Publish SORNs for systems containing PII Regulatory Compliance hipaa 1907.06.c1Organizational.3-06.c hipaa-1907.06.c1Organizational.3-06.c 1907.06.c1Organizational.3-06.c 1907.06.c1Organizational.3-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3bd4e0af-7cbb-a3ec-4918-056a3c017ae2 Keep SORNs updated Regulatory Compliance hipaa 1907.06.c1Organizational.3-06.c hipaa-1907.06.c1Organizational.3-06.c 1907.06.c1Organizational.3-06.c 1907.06.c1Organizational.3-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f3c17714-8ce7-357f-4af2-a0baa63a063f Make SORNs available publicly Regulatory Compliance hipaa 1907.06.c1Organizational.3-06.c hipaa-1907.06.c1Organizational.3-06.c 1907.06.c1Organizational.3-06.c 1907.06.c1Organizational.3-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
95eb7d09-9937-5df9-11d9-20317e3f60df Provide formal notice to individuals Regulatory Compliance hipaa 1907.06.c1Organizational.3-06.c hipaa-1907.06.c1Organizational.3-06.c 1907.06.c1Organizational.3-06.c 1907.06.c1Organizational.3-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance hipaa 1908.06.c1Organizational.4-06.c hipaa-1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance hipaa 1908.06.c1Organizational.4-06.c hipaa-1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance hipaa 1908.06.c1Organizational.4-06.c hipaa-1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance hipaa 1908.06.c1Organizational.4-06.c hipaa-1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance hipaa 1908.06.c1Organizational.4-06.c hipaa-1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
898a5781-2254-5a37-34c7-d78ea7c20d55 Publish SORNs for systems containing PII Regulatory Compliance hipaa 1908.06.c1Organizational.4-06.c hipaa-1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance hipaa 1908.06.c1Organizational.4-06.c hipaa-1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
95eb7d09-9937-5df9-11d9-20317e3f60df Provide formal notice to individuals Regulatory Compliance hipaa 1908.06.c1Organizational.4-06.c hipaa-1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance hipaa 1908.06.c1Organizational.4-06.c hipaa-1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f3c17714-8ce7-357f-4af2-a0baa63a063f Make SORNs available publicly Regulatory Compliance hipaa 1908.06.c1Organizational.4-06.c hipaa-1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3bd4e0af-7cbb-a3ec-4918-056a3c017ae2 Keep SORNs updated Regulatory Compliance hipaa 1908.06.c1Organizational.4-06.c hipaa-1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
94c842e3-8098-38f9-6d3f-8872b790527d Remove or redact any PII Regulatory Compliance hipaa 1911.06d1Organizational.13-06.d hipaa-1911.06d1Organizational.13-06.d 1911.06d1Organizational.13-06.d 1911.06d1Organizational.13-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance hipaa 1911.06d1Organizational.13-06.d hipaa-1911.06d1Organizational.13-06.d 1911.06d1Organizational.13-06.d 1911.06d1Organizational.13-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6b32f80-a133-7600-301e-398d688e7e0c Evaluate and review PII holdings regularly Regulatory Compliance hipaa 1911.06d1Organizational.13-06.d hipaa-1911.06d1Organizational.13-06.d 1911.06d1Organizational.13-06.d 1911.06d1Organizational.13-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance hipaa 1911.06d1Organizational.13-06.d hipaa-1911.06d1Organizational.13-06.d 1911.06d1Organizational.13-06.d 1911.06d1Organizational.13-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79c75b38-334b-1a69-65e0-a9d929a42f75 Document the legal basis for processing personal information Regulatory Compliance hipaa 1911.06d1Organizational.13-06.d hipaa-1911.06d1Organizational.13-06.d 1911.06d1Organizational.13-06.d 1911.06d1Organizational.13-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance hipaa 19134.05j1Organizational.5-05.j hipaa-19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance hipaa 19134.05j1Organizational.5-05.j hipaa-19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information Regulatory Compliance hipaa 19134.05j1Organizational.5-05.j hipaa-19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b5244f81-6cab-3188-2412-179162294996 Review publicly accessible content for nonpublic information Regulatory Compliance hipaa 19134.05j1Organizational.5-05.j hipaa-19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9e3c505e-7aeb-2096-3417-b132242731fc Review content prior to posting publicly accessible information Regulatory Compliance hipaa 19134.05j1Organizational.5-05.j hipaa-19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
34738025-5925-51f9-1081-f2d0060133ed Information security and personal data protection Regulatory Compliance hipaa 19134.05j1Organizational.5-05.j hipaa-19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance hipaa 19134.05j1Organizational.5-05.j hipaa-19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance hipaa 19134.05j1Organizational.5-05.j hipaa-19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance hipaa 19134.05j1Organizational.5-05.j hipaa-19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance hipaa 19134.05j1Organizational.5-05.j hipaa-19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b4512986-80f5-1656-0c58-08866bd2673a Designate authorized personnel to post publicly accessible information Regulatory Compliance hipaa 19134.05j1Organizational.5-05.j hipaa-19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4e400494-53a5-5147-6f4d-718b539c7394 Manage compliance activities Regulatory Compliance hipaa 19134.05j1Organizational.5-05.j hipaa-19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance hipaa 19141.06c1Organizational.7-06.c hipaa-19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance hipaa 19141.06c1Organizational.7-06.c hipaa-19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance hipaa 19141.06c1Organizational.7-06.c hipaa-19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance hipaa 19141.06c1Organizational.7-06.c hipaa-19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ba02d0a0-566a-25dc-73f1-101c726a19c5 Implement transaction based recovery Regulatory Compliance hipaa 19141.06c1Organizational.7-06.c hipaa-19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance hipaa 19141.06c1Organizational.7-06.c hipaa-19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance hipaa 19141.06c1Organizational.7-06.c hipaa-19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance hipaa 19141.06c1Organizational.7-06.c hipaa-19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance hipaa 19141.06c1Organizational.7-06.c hipaa-19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance hipaa 19141.06c1Organizational.7-06.c hipaa-19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance hipaa 19142.06c1Organizational.8-06.c hipaa-19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance hipaa 19142.06c1Organizational.8-06.c hipaa-19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance hipaa 19142.06c1Organizational.8-06.c hipaa-19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance hipaa 19142.06c1Organizational.8-06.c hipaa-19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance hipaa 19142.06c1Organizational.8-06.c hipaa-19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance hipaa 19142.06c1Organizational.8-06.c hipaa-19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance hipaa 19142.06c1Organizational.8-06.c hipaa-19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance hipaa 19142.06c1Organizational.8-06.c hipaa-19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance hipaa 19142.06c1Organizational.8-06.c hipaa-19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance hipaa 19143.06c1Organizational.9-06.c hipaa-19143.06c1Organizational.9-06.c 19143.06c1Organizational.9-06.c 19143.06c1Organizational.9-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
93fa357f-2e38-22a9-5138-8cc5124e1923 Categorize information Regulatory Compliance hipaa 19143.06c1Organizational.9-06.c hipaa-19143.06c1Organizational.9-06.c 19143.06c1Organizational.9-06.c 19143.06c1Organizational.9-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance hipaa 19143.06c1Organizational.9-06.c hipaa-19143.06c1Organizational.9-06.c 19143.06c1Organizational.9-06.c 19143.06c1Organizational.9-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance hipaa 19143.06c1Organizational.9-06.c hipaa-19143.06c1Organizational.9-06.c 19143.06c1Organizational.9-06.c 19143.06c1Organizational.9-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c79c3e5-5f7b-a48a-5c7b-8c158bc01115 Ensure security categorization is approved Regulatory Compliance hipaa 19143.06c1Organizational.9-06.c hipaa-19143.06c1Organizational.9-06.c 19143.06c1Organizational.9-06.c 19143.06c1Organizational.9-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
11ba0508-58a8-44de-5f3a-9e05d80571da Develop business classification schemes Regulatory Compliance hipaa 19143.06c1Organizational.9-06.c hipaa-19143.06c1Organizational.9-06.c 19143.06c1Organizational.9-06.c 19143.06c1Organizational.9-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance hipaa 19144.06c2Organizational.1-06.c hipaa-19144.06c2Organizational.1-06.c 19144.06c2Organizational.1-06.c 19144.06c2Organizational.1-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance hipaa 19144.06c2Organizational.1-06.c hipaa-19144.06c2Organizational.1-06.c 19144.06c2Organizational.1-06.c 19144.06c2Organizational.1-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance hipaa 19144.06c2Organizational.1-06.c hipaa-19144.06c2Organizational.1-06.c 19144.06c2Organizational.1-06.c 19144.06c2Organizational.1-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance hipaa 19144.06c2Organizational.1-06.c hipaa-19144.06c2Organizational.1-06.c 19144.06c2Organizational.1-06.c 19144.06c2Organizational.1-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance hipaa 19144.06c2Organizational.1-06.c hipaa-19144.06c2Organizational.1-06.c 19144.06c2Organizational.1-06.c 19144.06c2Organizational.1-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance hipaa 19144.06c2Organizational.1-06.c hipaa-19144.06c2Organizational.1-06.c 19144.06c2Organizational.1-06.c 19144.06c2Organizational.1-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance hipaa 19144.06c2Organizational.1-06.c hipaa-19144.06c2Organizational.1-06.c 19144.06c2Organizational.1-06.c 19144.06c2Organizational.1-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance hipaa 19145.06c2Organizational.2-06.c hipaa-19145.06c2Organizational.2-06.c 19145.06c2Organizational.2-06.c 19145.06c2Organizational.2-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance hipaa 19145.06c2Organizational.2-06.c hipaa-19145.06c2Organizational.2-06.c 19145.06c2Organizational.2-06.c 19145.06c2Organizational.2-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance hipaa 19145.06c2Organizational.2-06.c hipaa-19145.06c2Organizational.2-06.c 19145.06c2Organizational.2-06.c 19145.06c2Organizational.2-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance hipaa 19145.06c2Organizational.2-06.c hipaa-19145.06c2Organizational.2-06.c 19145.06c2Organizational.2-06.c 19145.06c2Organizational.2-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance hipaa 19145.06c2Organizational.2-06.c hipaa-19145.06c2Organizational.2-06.c 19145.06c2Organizational.2-06.c 19145.06c2Organizational.2-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance hipaa 19145.06c2Organizational.2-06.c hipaa-19145.06c2Organizational.2-06.c 19145.06c2Organizational.2-06.c 19145.06c2Organizational.2-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance hipaa 19145.06c2Organizational.2-06.c hipaa-19145.06c2Organizational.2-06.c 19145.06c2Organizational.2-06.c 19145.06c2Organizational.2-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance hipaa 19145.06c2Organizational.2-06.c hipaa-19145.06c2Organizational.2-06.c 19145.06c2Organizational.2-06.c 19145.06c2Organizational.2-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance hipaa 19242.06d1Organizational.14-06.d hipaa-19242.06d1Organizational.14-06.d 19242.06d1Organizational.14-06.d 19242.06d1Organizational.14-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79c75b38-334b-1a69-65e0-a9d929a42f75 Document the legal basis for processing personal information Regulatory Compliance hipaa 19242.06d1Organizational.14-06.d hipaa-19242.06d1Organizational.14-06.d 19242.06d1Organizational.14-06.d 19242.06d1Organizational.14-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6b32f80-a133-7600-301e-398d688e7e0c Evaluate and review PII holdings regularly Regulatory Compliance hipaa 19242.06d1Organizational.14-06.d hipaa-19242.06d1Organizational.14-06.d 19242.06d1Organizational.14-06.d 19242.06d1Organizational.14-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
94c842e3-8098-38f9-6d3f-8872b790527d Remove or redact any PII Regulatory Compliance hipaa 19242.06d1Organizational.14-06.d hipaa-19242.06d1Organizational.14-06.d 19242.06d1Organizational.14-06.d 19242.06d1Organizational.14-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance hipaa 19243.06d1Organizational.15-06.d hipaa-19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance hipaa 19243.06d1Organizational.15-06.d hipaa-19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79c75b38-334b-1a69-65e0-a9d929a42f75 Document the legal basis for processing personal information Regulatory Compliance hipaa 19243.06d1Organizational.15-06.d hipaa-19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6b32f80-a133-7600-301e-398d688e7e0c Evaluate and review PII holdings regularly Regulatory Compliance hipaa 19243.06d1Organizational.15-06.d hipaa-19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
34738025-5925-51f9-1081-f2d0060133ed Information security and personal data protection Regulatory Compliance hipaa 19243.06d1Organizational.15-06.d hipaa-19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance hipaa 19243.06d1Organizational.15-06.d hipaa-19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance hipaa 19243.06d1Organizational.15-06.d hipaa-19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
94c842e3-8098-38f9-6d3f-8872b790527d Remove or redact any PII Regulatory Compliance hipaa 19243.06d1Organizational.15-06.d hipaa-19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b9d45adb-471b-56a5-64d2-5b241f126174 Automate privacy controls Regulatory Compliance hipaa 19243.06d1Organizational.15-06.d hipaa-19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6b32f80-a133-7600-301e-398d688e7e0c Evaluate and review PII holdings regularly Regulatory Compliance hipaa 19245.06d2Organizational.2-06.d hipaa-19245.06d2Organizational.2-06.d 19245.06d2Organizational.2-06.d 19245.06d2Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8bb40df9-23e4-4175-5db3-8dba86349b73 Confirm quality and integrity of PII Regulatory Compliance hipaa 19245.06d2Organizational.2-06.d hipaa-19245.06d2Organizational.2-06.d 19245.06d2Organizational.2-06.d 19245.06d2Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cdcb825f-a0fb-31f9-29c1-ab566718499a Publish Computer Matching Agreements on public website Regulatory Compliance hipaa 19245.06d2Organizational.2-06.d hipaa-19245.06d2Organizational.2-06.d 19245.06d2Organizational.2-06.d 19245.06d2Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance hipaa 19245.06d2Organizational.2-06.d hipaa-19245.06d2Organizational.2-06.d 19245.06d2Organizational.2-06.d 19245.06d2Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0a24f5dc-8c40-94a7-7aee-bb7cd4781d37 Issue guidelines for ensuring data quality and integrity Regulatory Compliance hipaa 19245.06d2Organizational.2-06.d hipaa-19245.06d2Organizational.2-06.d 19245.06d2Organizational.2-06.d 19245.06d2Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79c75b38-334b-1a69-65e0-a9d929a42f75 Document the legal basis for processing personal information Regulatory Compliance hipaa 19245.06d2Organizational.2-06.d hipaa-19245.06d2Organizational.2-06.d 19245.06d2Organizational.2-06.d 19245.06d2Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance hipaa 19245.06d2Organizational.2-06.d hipaa-19245.06d2Organizational.2-06.d 19245.06d2Organizational.2-06.d 19245.06d2Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration HITRUST_CSF_v11.3 01.c HITRUST_CSF_v11.3_01.c HITRUST CSF v11.3 01.c Control privileged access to information systems and services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB HITRUST_CSF_v11.3 01.i HITRUST_CSF_v11.3_01.i HITRUST CSF v11.3 01.i Implement role based access to internal and external network services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service HITRUST_CSF_v11.3 01.i HITRUST_CSF_v11.3_01.i HITRUST CSF v11.3 01.i Implement role based access to internal and external network services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration HITRUST_CSF_v11.3 01.i HITRUST_CSF_v11.3_01.i HITRUST CSF v11.3 01.i Implement role based access to internal and external network services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration HITRUST_CSF_v11.3 01.i HITRUST_CSF_v11.3_01.i HITRUST CSF v11.3 01.i Implement role based access to internal and external network services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL HITRUST_CSF_v11.3 01.i HITRUST_CSF_v11.3_01.i HITRUST CSF v11.3 01.i Implement role based access to internal and external network services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services HITRUST_CSF_v11.3 01.i HITRUST_CSF_v11.3_01.i HITRUST CSF v11.3 01.i Implement role based access to internal and external network services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network HITRUST_CSF_v11.3 01.i HITRUST_CSF_v11.3_01.i HITRUST CSF v11.3 01.i Implement role based access to internal and external network services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup HITRUST_CSF_v11.3 01.i HITRUST_CSF_v11.3_01.i HITRUST CSF v11.3 01.i Implement role based access to internal and external network services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage HITRUST_CSF_v11.3 01.i HITRUST_CSF_v11.3_01.i HITRUST CSF v11.3 01.i Implement role based access to internal and external network services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery HITRUST_CSF_v11.3 01.i HITRUST_CSF_v11.3_01.i HITRUST CSF v11.3 01.i Implement role based access to internal and external network services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network HITRUST_CSF_v11.3 01.i HITRUST_CSF_v11.3_01.i HITRUST CSF v11.3 01.i Implement role based access to internal and external network services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup HITRUST_CSF_v11.3 01.j HITRUST_CSF_v11.3_01.j HITRUST CSF v11.3 01.j Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network HITRUST_CSF_v11.3 01.j HITRUST_CSF_v11.3_01.j HITRUST CSF v11.3 01.j Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery HITRUST_CSF_v11.3 01.j HITRUST_CSF_v11.3_01.j HITRUST CSF v11.3 01.j Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network HITRUST_CSF_v11.3 01.j HITRUST_CSF_v11.3_01.j HITRUST CSF v11.3 01.j Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage HITRUST_CSF_v11.3 01.j HITRUST_CSF_v11.3_01.j HITRUST CSF v11.3 01.j Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network HITRUST_CSF_v11.3 01.j HITRUST_CSF_v11.3_01.j HITRUST CSF v11.3 01.j Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service HITRUST_CSF_v11.3 01.j HITRUST_CSF_v11.3_01.j HITRUST CSF v11.3 01.j Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB HITRUST_CSF_v11.3 01.j HITRUST_CSF_v11.3_01.j HITRUST CSF v11.3 01.j Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services HITRUST_CSF_v11.3 01.j HITRUST_CSF_v11.3_01.j HITRUST CSF v11.3 01.j Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration HITRUST_CSF_v11.3 01.j HITRUST_CSF_v11.3_01.j HITRUST CSF v11.3 01.j Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache HITRUST_CSF_v11.3 01.j HITRUST_CSF_v11.3_01.j HITRUST CSF v11.3 01.j Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute HITRUST_CSF_v11.3 01.j HITRUST_CSF_v11.3_01.j HITRUST CSF v11.3 01.j Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL HITRUST_CSF_v11.3 01.j HITRUST_CSF_v11.3_01.j HITRUST CSF v11.3 01.j Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL HITRUST_CSF_v11.3 01.j HITRUST_CSF_v11.3_01.j HITRUST CSF v11.3 01.j Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration HITRUST_CSF_v11.3 01.j HITRUST_CSF_v11.3_01.j HITRUST CSF v11.3 01.j Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL HITRUST_CSF_v11.3 01.j HITRUST_CSF_v11.3_01.j HITRUST CSF v11.3 01.j Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration HITRUST_CSF_v11.3 01.l HITRUST_CSF_v11.3_01.l HITRUST CSF v11.3 01.l Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes HITRUST_CSF_v11.3 01.l HITRUST_CSF_v11.3_01.l HITRUST CSF v11.3 01.l Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service HITRUST_CSF_v11.3 01.l HITRUST_CSF_v11.3_01.l HITRUST CSF v11.3 01.l Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration HITRUST_CSF_v11.3 01.l HITRUST_CSF_v11.3_01.l HITRUST CSF v11.3 01.l Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes HITRUST_CSF_v11.3 01.l HITRUST_CSF_v11.3_01.l HITRUST CSF v11.3 01.l Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes HITRUST_CSF_v11.3 01.l HITRUST_CSF_v11.3_01.l HITRUST CSF v11.3 01.l Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes HITRUST_CSF_v11.3 01.l HITRUST_CSF_v11.3_01.l HITRUST CSF v11.3 01.l Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes HITRUST_CSF_v11.3 01.l HITRUST_CSF_v11.3_01.l HITRUST CSF v11.3 01.l Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration HITRUST_CSF_v11.3 01.l HITRUST_CSF_v11.3_01.l HITRUST CSF v11.3 01.l Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network HITRUST_CSF_v11.3 01.l HITRUST_CSF_v11.3_01.l HITRUST CSF v11.3 01.l Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL HITRUST_CSF_v11.3 01.l HITRUST_CSF_v11.3_01.l HITRUST CSF v11.3 01.l Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network HITRUST_CSF_v11.3 01.l HITRUST_CSF_v11.3_01.l HITRUST CSF v11.3 01.l Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center HITRUST_CSF_v11.3 01.l HITRUST_CSF_v11.3_01.l HITRUST CSF v11.3 01.l Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration HITRUST_CSF_v11.3 01.l HITRUST_CSF_v11.3_01.l HITRUST CSF v11.3 01.l Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration HITRUST_CSF_v11.3 01.l HITRUST_CSF_v11.3_01.l HITRUST CSF v11.3 01.l Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration HITRUST_CSF_v11.3 01.l HITRUST_CSF_v11.3_01.l HITRUST CSF v11.3 01.l Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center HITRUST_CSF_v11.3 01.l HITRUST_CSF_v11.3_01.l HITRUST CSF v11.3 01.l Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network HITRUST_CSF_v11.3 01.l HITRUST_CSF_v11.3_01.l HITRUST CSF v11.3 01.l Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network HITRUST_CSF_v11.3 01.l HITRUST_CSF_v11.3_01.l HITRUST CSF v11.3 01.l Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center HITRUST_CSF_v11.3 01.l HITRUST_CSF_v11.3_01.l HITRUST CSF v11.3 01.l Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL HITRUST_CSF_v11.3 01.l HITRUST_CSF_v11.3_01.l HITRUST CSF v11.3 01.l Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration HITRUST_CSF_v11.3 01.l HITRUST_CSF_v11.3_01.l HITRUST CSF v11.3 01.l Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center HITRUST_CSF_v11.3 01.l HITRUST_CSF_v11.3_01.l HITRUST CSF v11.3 01.l Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network HITRUST_CSF_v11.3 01.l HITRUST_CSF_v11.3_01.l HITRUST CSF v11.3 01.l Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration HITRUST_CSF_v11.3 01.l HITRUST_CSF_v11.3_01.l HITRUST CSF v11.3 01.l Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration HITRUST_CSF_v11.3 01.l HITRUST_CSF_v11.3_01.l HITRUST CSF v11.3 01.l Prevent unauthorized access to networked services. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network HITRUST_CSF_v11.3 01.m HITRUST_CSF_v11.3_01.m HITRUST CSF v11.3 01.m Ensure segregation in networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
35f9c03a-cc27-418e-9c0c-539ff999d010 Gateway subnets should not be configured with a network security group Network HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
f1776c76-f58c-4245-a8d0-2b207198dc8b Virtual networks should use specified virtual network gateway Network HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup HITRUST_CSF_v11.3 01.n HITRUST_CSF_v11.3_01.n HITRUST CSF v11.3 01.n Prevent unauthorised access to shared networks. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup HITRUST_CSF_v11.3 01.o HITRUST_CSF_v11.3_01.o HITRUST CSF v11.3 01.o Implement network routing controls to prevent breach of the access control policy of business applications. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service HITRUST_CSF_v11.3 01.q HITRUST_CSF_v11.3_01.q HITRUST CSF v11.3 01.q Prevent unauthorized access to operating systems and implement authentication technique to verify user. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration HITRUST_CSF_v11.3 01.q HITRUST_CSF_v11.3_01.q HITRUST CSF v11.3 01.q Prevent unauthorized access to operating systems and implement authentication technique to verify user. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL HITRUST_CSF_v11.3 01.q HITRUST_CSF_v11.3_01.q HITRUST CSF v11.3 01.q Prevent unauthorized access to operating systems and implement authentication technique to verify user. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration HITRUST_CSF_v11.3 01.q HITRUST_CSF_v11.3_01.q HITRUST CSF v11.3 01.q Prevent unauthorized access to operating systems and implement authentication technique to verify user. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub HITRUST_CSF_v11.3 01.q HITRUST_CSF_v11.3_01.q HITRUST CSF v11.3 01.q Prevent unauthorized access to operating systems and implement authentication technique to verify user. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault HITRUST_CSF_v11.3 01.q HITRUST_CSF_v11.3_01.q HITRUST CSF v11.3 01.q Prevent unauthorized access to operating systems and implement authentication technique to verify user. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network HITRUST_CSF_v11.3 01.q HITRUST_CSF_v11.3_01.q HITRUST CSF v11.3 01.q Prevent unauthorized access to operating systems and implement authentication technique to verify user. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute HITRUST_CSF_v11.3 01.q HITRUST_CSF_v11.3_01.q HITRUST CSF v11.3 01.q Prevent unauthorized access to operating systems and implement authentication technique to verify user. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration HITRUST_CSF_v11.3 01.q HITRUST_CSF_v11.3_01.q HITRUST CSF v11.3 01.q Prevent unauthorized access to operating systems and implement authentication technique to verify user. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes HITRUST_CSF_v11.3 01.q HITRUST_CSF_v11.3_01.q HITRUST CSF v11.3 01.q Prevent unauthorized access to operating systems and implement authentication technique to verify user. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center HITRUST_CSF_v11.3 01.q HITRUST_CSF_v11.3_01.q HITRUST CSF v11.3 01.q Prevent unauthorized access to operating systems and implement authentication technique to verify user. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault HITRUST_CSF_v11.3 01.q HITRUST_CSF_v11.3_01.q HITRUST CSF v11.3 01.q Prevent unauthorized access to operating systems and implement authentication technique to verify user. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center HITRUST_CSF_v11.3 01.q HITRUST_CSF_v11.3_01.q HITRUST CSF v11.3 01.q Prevent unauthorized access to operating systems and implement authentication technique to verify user. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse HITRUST_CSF_v11.3 01.q HITRUST_CSF_v11.3_01.q HITRUST CSF v11.3 01.q Prevent unauthorized access to operating systems and implement authentication technique to verify user. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center HITRUST_CSF_v11.3 01.q HITRUST_CSF_v11.3_01.q HITRUST CSF v11.3 01.q Prevent unauthorized access to operating systems and implement authentication technique to verify user. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL HITRUST_CSF_v11.3 01.q HITRUST_CSF_v11.3_01.q HITRUST CSF v11.3 01.q Prevent unauthorized access to operating systems and implement authentication technique to verify user. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL HITRUST_CSF_v11.3 01.q HITRUST_CSF_v11.3_01.q HITRUST CSF v11.3 01.q Prevent unauthorized access to operating systems and implement authentication technique to verify user. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL HITRUST_CSF_v11.3 01.q HITRUST_CSF_v11.3_01.q HITRUST CSF v11.3 01.q Prevent unauthorized access to operating systems and implement authentication technique to verify user. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration HITRUST_CSF_v11.3 01.q HITRUST_CSF_v11.3_01.q HITRUST CSF v11.3 01.q Prevent unauthorized access to operating systems and implement authentication technique to verify user. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning HITRUST_CSF_v11.3 01.q HITRUST_CSF_v11.3_01.q HITRUST CSF v11.3 01.q Prevent unauthorized access to operating systems and implement authentication technique to verify user. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration HITRUST_CSF_v11.3 01.q HITRUST_CSF_v11.3_01.q HITRUST CSF v11.3 01.q Prevent unauthorized access to operating systems and implement authentication technique to verify user. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration HITRUST_CSF_v11.3 01.q HITRUST_CSF_v11.3_01.q HITRUST CSF v11.3 01.q Prevent unauthorized access to operating systems and implement authentication technique to verify user. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage HITRUST_CSF_v11.3 01.q HITRUST_CSF_v11.3_01.q HITRUST CSF v11.3 01.q Prevent unauthorized access to operating systems and implement authentication technique to verify user. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration HITRUST_CSF_v11.3 01.q HITRUST_CSF_v11.3_01.q HITRUST CSF v11.3 01.q Prevent unauthorized access to operating systems and implement authentication technique to verify user. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration HITRUST_CSF_v11.3 01.q HITRUST_CSF_v11.3_01.q HITRUST CSF v11.3 01.q Prevent unauthorized access to operating systems and implement authentication technique to verify user. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault HITRUST_CSF_v11.3 01.q HITRUST_CSF_v11.3_01.q HITRUST CSF v11.3 01.q Prevent unauthorized access to operating systems and implement authentication technique to verify user. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB HITRUST_CSF_v11.3 01.q HITRUST_CSF_v11.3_01.q HITRUST CSF v11.3 01.q Prevent unauthorized access to operating systems and implement authentication technique to verify user. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration HITRUST_CSF_v11.3 01.q HITRUST_CSF_v11.3_01.q HITRUST CSF v11.3 01.q Prevent unauthorized access to operating systems and implement authentication technique to verify user. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service HITRUST_CSF_v11.3 01.q HITRUST_CSF_v11.3_01.q HITRUST CSF v11.3 01.q Prevent unauthorized access to operating systems and implement authentication technique to verify user. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration HITRUST_CSF_v11.3 01.q HITRUST_CSF_v11.3_01.q HITRUST CSF v11.3 01.q Prevent unauthorized access to operating systems and implement authentication technique to verify user. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration HITRUST_CSF_v11.3 01.t HITRUST_CSF_v11.3_01.t HITRUST CSF v11.3 01.t Implement automatic sign-out of inactive sessions. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup HITRUST_CSF_v11.3 06.c HITRUST_CSF_v11.3_06.c HITRUST CSF v11.3 06.c Prevent loss, destruction and falsification of important records in accordance with statutory, regulatory, contractual, and business requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage HITRUST_CSF_v11.3 06.c HITRUST_CSF_v11.3_06.c HITRUST CSF v11.3 06.c Prevent loss, destruction and falsification of important records in accordance with statutory, regulatory, contractual, and business requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR HITRUST_CSF_v11.3 06.c HITRUST_CSF_v11.3_06.c HITRUST CSF v11.3 06.c Prevent loss, destruction and falsification of important records in accordance with statutory, regulatory, contractual, and business requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center HITRUST_CSF_v11.3 06.c HITRUST_CSF_v11.3_06.c HITRUST CSF v11.3 06.c Prevent loss, destruction and falsification of important records in accordance with statutory, regulatory, contractual, and business requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute HITRUST_CSF_v11.3 06.c HITRUST_CSF_v11.3_06.c HITRUST CSF v11.3 06.c Prevent loss, destruction and falsification of important records in accordance with statutory, regulatory, contractual, and business requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer HITRUST_CSF_v11.3 06.c HITRUST_CSF_v11.3_06.c HITRUST CSF v11.3 06.c Prevent loss, destruction and falsification of important records in accordance with statutory, regulatory, contractual, and business requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring HITRUST_CSF_v11.3 06.c HITRUST_CSF_v11.3_06.c HITRUST CSF v11.3 06.c Prevent loss, destruction and falsification of important records in accordance with statutory, regulatory, contractual, and business requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
ca88aadc-6e2b-416c-9de2-5a0f01d1693f Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration HITRUST_CSF_v11.3 06.c HITRUST_CSF_v11.3_06.c HITRUST CSF v11.3 06.c Prevent loss, destruction and falsification of important records in accordance with statutory, regulatory, contractual, and business requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault HITRUST_CSF_v11.3 06.c HITRUST_CSF_v11.3_06.c HITRUST CSF v11.3 06.c Prevent loss, destruction and falsification of important records in accordance with statutory, regulatory, contractual, and business requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault HITRUST_CSF_v11.3 06.c HITRUST_CSF_v11.3_06.c HITRUST CSF v11.3 06.c Prevent loss, destruction and falsification of important records in accordance with statutory, regulatory, contractual, and business requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics HITRUST_CSF_v11.3 06.c HITRUST_CSF_v11.3_06.c HITRUST CSF v11.3 06.c Prevent loss, destruction and falsification of important records in accordance with statutory, regulatory, contractual, and business requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer HITRUST_CSF_v11.3 06.c HITRUST_CSF_v11.3_06.c HITRUST CSF v11.3 06.c Prevent loss, destruction and falsification of important records in accordance with statutory, regulatory, contractual, and business requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute HITRUST_CSF_v11.3 06.c HITRUST_CSF_v11.3_06.c HITRUST CSF v11.3 06.c Prevent loss, destruction and falsification of important records in accordance with statutory, regulatory, contractual, and business requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services HITRUST_CSF_v11.3 06.c HITRUST_CSF_v11.3_06.c HITRUST CSF v11.3 06.c Prevent loss, destruction and falsification of important records in accordance with statutory, regulatory, contractual, and business requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance HITRUST_CSF_v11.3 06.c HITRUST_CSF_v11.3_06.c HITRUST CSF v11.3 06.c Prevent loss, destruction and falsification of important records in accordance with statutory, regulatory, contractual, and business requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL HITRUST_CSF_v11.3 06.c HITRUST_CSF_v11.3_06.c HITRUST CSF v11.3 06.c Prevent loss, destruction and falsification of important records in accordance with statutory, regulatory, contractual, and business requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL HITRUST_CSF_v11.3 06.c HITRUST_CSF_v11.3_06.c HITRUST CSF v11.3 06.c Prevent loss, destruction and falsification of important records in accordance with statutory, regulatory, contractual, and business requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration HITRUST_CSF_v11.3 06.c HITRUST_CSF_v11.3_06.c HITRUST CSF v11.3 06.c Prevent loss, destruction and falsification of important records in accordance with statutory, regulatory, contractual, and business requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things HITRUST_CSF_v11.3 06.c HITRUST_CSF_v11.3_06.c HITRUST CSF v11.3 06.c Prevent loss, destruction and falsification of important records in accordance with statutory, regulatory, contractual, and business requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL HITRUST_CSF_v11.3 06.c HITRUST_CSF_v11.3_06.c HITRUST CSF v11.3 06.c Prevent loss, destruction and falsification of important records in accordance with statutory, regulatory, contractual, and business requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration HITRUST_CSF_v11.3 06.c HITRUST_CSF_v11.3_06.c HITRUST CSF v11.3 06.c Prevent loss, destruction and falsification of important records in accordance with statutory, regulatory, contractual, and business requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL HITRUST_CSF_v11.3 06.c HITRUST_CSF_v11.3_06.c HITRUST CSF v11.3 06.c Prevent loss, destruction and falsification of important records in accordance with statutory, regulatory, contractual, and business requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL HITRUST_CSF_v11.3 06.c HITRUST_CSF_v11.3_06.c HITRUST CSF v11.3 06.c Prevent loss, destruction and falsification of important records in accordance with statutory, regulatory, contractual, and business requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation HITRUST_CSF_v11.3 06.c HITRUST_CSF_v11.3_06.c HITRUST CSF v11.3 06.c Prevent loss, destruction and falsification of important records in accordance with statutory, regulatory, contractual, and business requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage HITRUST_CSF_v11.3 06.c HITRUST_CSF_v11.3_06.c HITRUST CSF v11.3 06.c Prevent loss, destruction and falsification of important records in accordance with statutory, regulatory, contractual, and business requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration HITRUST_CSF_v11.3 06.c HITRUST_CSF_v11.3_06.c HITRUST CSF v11.3 06.c Prevent loss, destruction and falsification of important records in accordance with statutory, regulatory, contractual, and business requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring HITRUST_CSF_v11.3 06.h HITRUST_CSF_v11.3_06.h HITRUST CSF v11.3 06.h Ensure compliance with security implementation standards by regular checking of information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute HITRUST_CSF_v11.3 06.h HITRUST_CSF_v11.3_06.h HITRUST CSF v11.3 06.h Ensure compliance with security implementation standards by regular checking of information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring HITRUST_CSF_v11.3 06.h HITRUST_CSF_v11.3_06.h HITRUST CSF v11.3 06.h Ensure compliance with security implementation standards by regular checking of information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring HITRUST_CSF_v11.3 06.h HITRUST_CSF_v11.3_06.h HITRUST CSF v11.3 06.h Ensure compliance with security implementation standards by regular checking of information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center HITRUST_CSF_v11.3 06.h HITRUST_CSF_v11.3_06.h HITRUST CSF v11.3 06.h Ensure compliance with security implementation standards by regular checking of information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network HITRUST_CSF_v11.3 06.h HITRUST_CSF_v11.3_06.h HITRUST CSF v11.3 06.h Ensure compliance with security implementation standards by regular checking of information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning HITRUST_CSF_v11.3 09.aa HITRUST_CSF_v11.3_09.aa HITRUST CSF v11.3 09.aa Ensure information security events are monitored and recorded to detect unauthorized information processing activities in compliance with all relevant legal requirements. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d46c275d-1680-448d-b2ec-e495a3b6cc89 Kubernetes cluster services should only use allowed external IPs Kubernetes HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities Kubernetes HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
56fd377d-098c-4f02-8406-81eb055902b8 IP firewall rules on Azure Synapse workspaces should be removed Synapse HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache HITRUST_CSF_v11.3 09.ab HITRUST_CSF_v11.3_09.ab HITRUST CSF v11.3 09.ab Establish procedures for monitoring use of information processing systems and facilities to check for use and effectiveness of implemented controls. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center HITRUST_CSF_v11.3 09.ac HITRUST_CSF_v11.3_09.ac HITRUST CSF v11.3 09.ac Protect logging systems and log information against tampering and unauthorized access. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring HITRUST_CSF_v11.3 09.ac HITRUST_CSF_v11.3_09.ac HITRUST CSF v11.3 09.ac Protect logging systems and log information against tampering and unauthorized access. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring HITRUST_CSF_v11.3 09.ac HITRUST_CSF_v11.3_09.ac HITRUST CSF v11.3 09.ac Protect logging systems and log information against tampering and unauthorized access. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring HITRUST_CSF_v11.3 09.ac HITRUST_CSF_v11.3_09.ac HITRUST CSF v11.3 09.ac Protect logging systems and log information against tampering and unauthorized access. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring HITRUST_CSF_v11.3 09.h HITRUST_CSF_v11.3_09.h HITRUST CSF v11.3 09.h Ensure that systems meet the businesses current and projected needs to minimize failures. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network HITRUST_CSF_v11.3 09.h HITRUST_CSF_v11.3_09.h HITRUST CSF v11.3 09.h Ensure that systems meet the businesses current and projected needs to minimize failures. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network HITRUST_CSF_v11.3 09.h HITRUST_CSF_v11.3_09.h HITRUST CSF v11.3 09.h Ensure that systems meet the businesses current and projected needs to minimize failures. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network HITRUST_CSF_v11.3 09.h HITRUST_CSF_v11.3_09.h HITRUST CSF v11.3 09.h Ensure that systems meet the businesses current and projected needs to minimize failures. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL HITRUST_CSF_v11.3 09.j HITRUST_CSF_v11.3_09.j HITRUST CSF v11.3 09.j Ensure that integrity of information and software is protected from malicious or unauthorized code HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL HITRUST_CSF_v11.3 09.l HITRUST_CSF_v11.3_09.l HITRUST CSF v11.3 09.l Ensure the maintenance, integrity, and availability of organizational information. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault HITRUST_CSF_v11.3 09.l HITRUST_CSF_v11.3_09.l HITRUST CSF v11.3 09.l Ensure the maintenance, integrity, and availability of organizational information. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup HITRUST_CSF_v11.3 09.l HITRUST_CSF_v11.3_09.l HITRUST CSF v11.3 09.l Ensure the maintenance, integrity, and availability of organizational information. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance HITRUST_CSF_v11.3 09.l HITRUST_CSF_v11.3_09.l HITRUST CSF v11.3 09.l Ensure the maintenance, integrity, and availability of organizational information. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL HITRUST_CSF_v11.3 09.l HITRUST_CSF_v11.3_09.l HITRUST CSF v11.3 09.l Ensure the maintenance, integrity, and availability of organizational information. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL HITRUST_CSF_v11.3 09.l HITRUST_CSF_v11.3_09.l HITRUST CSF v11.3 09.l Ensure the maintenance, integrity, and availability of organizational information. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL HITRUST_CSF_v11.3 09.l HITRUST_CSF_v11.3_09.l HITRUST CSF v11.3 09.l Ensure the maintenance, integrity, and availability of organizational information. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network HITRUST_CSF_v11.3 09.m HITRUST_CSF_v11.3_09.m HITRUST CSF v11.3 09.m Ensure the protection of information in networks and protection of the supporting network infrastructure. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network HITRUST_CSF_v11.3 09.m HITRUST_CSF_v11.3_09.m HITRUST CSF v11.3 09.m Ensure the protection of information in networks and protection of the supporting network infrastructure. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration HITRUST_CSF_v11.3 09.m HITRUST_CSF_v11.3_09.m HITRUST CSF v11.3 09.m Ensure the protection of information in networks and protection of the supporting network infrastructure. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration HITRUST_CSF_v11.3 09.m HITRUST_CSF_v11.3_09.m HITRUST CSF v11.3 09.m Ensure the protection of information in networks and protection of the supporting network infrastructure. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network HITRUST_CSF_v11.3 09.m HITRUST_CSF_v11.3_09.m HITRUST CSF v11.3 09.m Ensure the protection of information in networks and protection of the supporting network infrastructure. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes HITRUST_CSF_v11.3 09.m HITRUST_CSF_v11.3_09.m HITRUST CSF v11.3 09.m Ensure the protection of information in networks and protection of the supporting network infrastructure. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes HITRUST_CSF_v11.3 09.m HITRUST_CSF_v11.3_09.m HITRUST CSF v11.3 09.m Ensure the protection of information in networks and protection of the supporting network infrastructure. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration HITRUST_CSF_v11.3 09.m HITRUST_CSF_v11.3_09.m HITRUST CSF v11.3 09.m Ensure the protection of information in networks and protection of the supporting network infrastructure. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration HITRUST_CSF_v11.3 09.m HITRUST_CSF_v11.3_09.m HITRUST CSF v11.3 09.m Ensure the protection of information in networks and protection of the supporting network infrastructure. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes HITRUST_CSF_v11.3 09.m HITRUST_CSF_v11.3_09.m HITRUST CSF v11.3 09.m Ensure the protection of information in networks and protection of the supporting network infrastructure. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service HITRUST_CSF_v11.3 09.m HITRUST_CSF_v11.3_09.m HITRUST CSF v11.3 09.m Ensure the protection of information in networks and protection of the supporting network infrastructure. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes HITRUST_CSF_v11.3 09.m HITRUST_CSF_v11.3_09.m HITRUST CSF v11.3 09.m Ensure the protection of information in networks and protection of the supporting network infrastructure. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL HITRUST_CSF_v11.3 09.m HITRUST_CSF_v11.3_09.m HITRUST CSF v11.3 09.m Ensure the protection of information in networks and protection of the supporting network infrastructure. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service HITRUST_CSF_v11.3 09.m HITRUST_CSF_v11.3_09.m HITRUST CSF v11.3 09.m Ensure the protection of information in networks and protection of the supporting network infrastructure. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration HITRUST_CSF_v11.3 09.m HITRUST_CSF_v11.3_09.m HITRUST CSF v11.3 09.m Ensure the protection of information in networks and protection of the supporting network infrastructure. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL HITRUST_CSF_v11.3 09.m HITRUST_CSF_v11.3_09.m HITRUST CSF v11.3 09.m Ensure the protection of information in networks and protection of the supporting network infrastructure. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL HITRUST_CSF_v11.3 09.m HITRUST_CSF_v11.3_09.m HITRUST CSF v11.3 09.m Ensure the protection of information in networks and protection of the supporting network infrastructure. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes HITRUST_CSF_v11.3 09.m HITRUST_CSF_v11.3_09.m HITRUST CSF v11.3 09.m Ensure the protection of information in networks and protection of the supporting network infrastructure. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center HITRUST_CSF_v11.3 09.m HITRUST_CSF_v11.3_09.m HITRUST CSF v11.3 09.m Ensure the protection of information in networks and protection of the supporting network infrastructure. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network HITRUST_CSF_v11.3 09.m HITRUST_CSF_v11.3_09.m HITRUST CSF v11.3 09.m Ensure the protection of information in networks and protection of the supporting network infrastructure. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL HITRUST_CSF_v11.3 09.m HITRUST_CSF_v11.3_09.m HITRUST CSF v11.3 09.m Ensure the protection of information in networks and protection of the supporting network infrastructure. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration HITRUST_CSF_v11.3 09.m HITRUST_CSF_v11.3_09.m HITRUST CSF v11.3 09.m Ensure the protection of information in networks and protection of the supporting network infrastructure. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center HITRUST_CSF_v11.3 09.m HITRUST_CSF_v11.3_09.m HITRUST CSF v11.3 09.m Ensure the protection of information in networks and protection of the supporting network infrastructure. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL HITRUST_CSF_v11.3 09.m HITRUST_CSF_v11.3_09.m HITRUST CSF v11.3 09.m Ensure the protection of information in networks and protection of the supporting network infrastructure. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities Kubernetes HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d46c275d-1680-448d-b2ec-e495a3b6cc89 Kubernetes cluster services should only use allowed external IPs Kubernetes HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
56fd377d-098c-4f02-8406-81eb055902b8 IP firewall rules on Azure Synapse workspaces should be removed Synapse HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB HITRUST_CSF_v11.3 09.w HITRUST_CSF_v11.3_09.w HITRUST CSF v11.3 09.w Develop and implement policies and procedures, to protect information associated with the interconnection of business information systems. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault HITRUST_CSF_v11.3 10.c HITRUST_CSF_v11.3_10.c HITRUST CSF v11.3 10.c Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault HITRUST_CSF_v11.3 10.g HITRUST_CSF_v11.3_10.g HITRUST CSF v11.3 10.g Ensure key management's support to the organization’s use of cryptographic techniques. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
ab6a902f-9493-453b-928d-62c30b11b5a6 Function apps should have Client Certificates (Incoming client certificates) enabled App Service HITRUST_CSF_v11.3 10.g HITRUST_CSF_v11.3_10.g HITRUST CSF v11.3 10.g Ensure key management's support to the organization’s use of cryptographic techniques. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things HITRUST_CSF_v11.3 10.g HITRUST_CSF_v11.3_10.g HITRUST CSF v11.3 10.g Ensure key management's support to the organization’s use of cryptographic techniques. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute HITRUST_CSF_v11.3 10.g HITRUST_CSF_v11.3_10.g HITRUST CSF v11.3 10.g Ensure key management's support to the organization’s use of cryptographic techniques. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault HITRUST_CSF_v11.3 10.g HITRUST_CSF_v11.3_10.g HITRUST CSF v11.3 10.g Ensure key management's support to the organization’s use of cryptographic techniques. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault HITRUST_CSF_v11.3 10.g HITRUST_CSF_v11.3_10.g HITRUST CSF v11.3 10.g Ensure key management's support to the organization’s use of cryptographic techniques. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center HITRUST_CSF_v11.3 10.g HITRUST_CSF_v11.3_10.g HITRUST CSF v11.3 10.g Ensure key management's support to the organization’s use of cryptographic techniques. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration HITRUST_CSF_v11.3 10.h HITRUST_CSF_v11.3_10.h HITRUST CSF v11.3 10.h Ensure the security of system files, access to system files and program source code shall be controlled, and IT projects and support activities conducted in a secure manner. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration HITRUST_CSF_v11.3 10.h HITRUST_CSF_v11.3_10.h HITRUST CSF v11.3 10.h Ensure the security of system files, access to system files and program source code shall be controlled, and IT projects and support activities conducted in a secure manner. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center HITRUST_CSF_v11.3 10.h HITRUST_CSF_v11.3_10.h HITRUST CSF v11.3 10.h Ensure the security of system files, access to system files and program source code shall be controlled, and IT projects and support activities conducted in a secure manner. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network HITRUST_CSF_v11.3 10.j HITRUST_CSF_v11.3_10.j HITRUST CSF v11.3 10.j Ensure restriction on access to program source code. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1dc2fc00-2245-4143-99f4-874c937f13ef Azure API Management platform version should be stv2 API Management HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
6b2122c1-8120-4ff5-801b-17625a355590 Azure Arc enabled Kubernetes clusters should have the Azure Policy extension installed Kubernetes HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration HITRUST_CSF_v11.3 10.k HITRUST_CSF_v11.3_10.k HITRUST CSF v11.3 10.k Ensure the security of application system software and information through the development process, project and support environments shall be strictly controlled. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration HITRUST_CSF_v11.3 10.m HITRUST_CSF_v11.3_10.m HITRUST CSF v11.3 10.m Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring HITRUST_CSF_v11.3 11.a HITRUST_CSF_v11.3_11.a HITRUST CSF v11.3 11.a Ensure information security events and weaknesses associated with information systems are handled in a manner allowing timely corrective action to be taken. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault HITRUST_CSF_v11.3 11.a HITRUST_CSF_v11.3_11.a HITRUST CSF v11.3 11.a Ensure information security events and weaknesses associated with information systems are handled in a manner allowing timely corrective action to be taken. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center HITRUST_CSF_v11.3 11.a HITRUST_CSF_v11.3_11.a HITRUST CSF v11.3 11.a Ensure information security events and weaknesses associated with information systems are handled in a manner allowing timely corrective action to be taken. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring HITRUST_CSF_v11.3 11.a HITRUST_CSF_v11.3_11.a HITRUST CSF v11.3 11.a Ensure information security events and weaknesses associated with information systems are handled in a manner allowing timely corrective action to be taken. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center HITRUST_CSF_v11.3 11.a HITRUST_CSF_v11.3_11.a HITRUST CSF v11.3 11.a Ensure information security events and weaknesses associated with information systems are handled in a manner allowing timely corrective action to be taken. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring HITRUST_CSF_v11.3 11.a HITRUST_CSF_v11.3_11.a HITRUST CSF v11.3 11.a Ensure information security events and weaknesses associated with information systems are handled in a manner allowing timely corrective action to be taken. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring HITRUST_CSF_v11.3 11.a HITRUST_CSF_v11.3_11.a HITRUST CSF v11.3 11.a Ensure information security events and weaknesses associated with information systems are handled in a manner allowing timely corrective action to be taken. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring HITRUST_CSF_v11.3 11.a HITRUST_CSF_v11.3_11.a HITRUST CSF v11.3 11.a Ensure information security events and weaknesses associated with information systems are handled in a manner allowing timely corrective action to be taken. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration HITRUST_CSF_v11.3 11.a HITRUST_CSF_v11.3_11.a HITRUST CSF v11.3 11.a Ensure information security events and weaknesses associated with information systems are handled in a manner allowing timely corrective action to be taken. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration HITRUST_CSF_v11.3 11.a HITRUST_CSF_v11.3_11.a HITRUST CSF v11.3 11.a Ensure information security events and weaknesses associated with information systems are handled in a manner allowing timely corrective action to be taken. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring HITRUST_CSF_v11.3 11.a HITRUST_CSF_v11.3_11.a HITRUST CSF v11.3 11.a Ensure information security events and weaknesses associated with information systems are handled in a manner allowing timely corrective action to be taken. HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration HITRUST_CSF_v11.3 2.1.1 HITRUST_CSF_v11.3_2.1.1 404 not found HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration HITRUST_CSF_v11.3 3.2.8 HITRUST_CSF_v11.3_3.2.8 404 not found HITRUST CSF v11.3 (e0d47b75-5d99-442a-9d60-07f2595ab095)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service IRS_1075_9.3 .1.12 IRS_1075_9.3.1.12 IRS 1075 9.3.1.12 Remote Access (AC-17) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service IRS_1075_9.3 .1.12 IRS_1075_9.3.1.12 IRS 1075 9.3.1.12 Remote Access (AC-17) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration IRS_1075_9.3 .1.12 IRS_1075_9.3.1.12 IRS 1075 9.3.1.12 Remote Access (AC-17) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration IRS_1075_9.3 .1.12 IRS_1075_9.3.1.12 IRS 1075 9.3.1.12 Remote Access (AC-17) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration IRS_1075_9.3 .1.12 IRS_1075_9.3.1.12 IRS 1075 9.3.1.12 Remote Access (AC-17) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage IRS_1075_9.3 .1.12 IRS_1075_9.3.1.12 IRS 1075 9.3.1.12 Remote Access (AC-17) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration IRS_1075_9.3 .1.12 IRS_1075_9.3.1.12 IRS 1075 9.3.1.12 Remote Access (AC-17) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center IRS_1075_9.3 .1.2 IRS_1075_9.3.1.2 IRS 1075 9.3.1.2 Account Management (AC-2) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center IRS_1075_9.3 .1.2 IRS_1075_9.3.1.2 IRS 1075 9.3.1.2 Account Management (AC-2) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center IRS_1075_9.3 .1.2 IRS_1075_9.3.1.2 IRS 1075 9.3.1.2 Account Management (AC-2) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center IRS_1075_9.3 .1.2 IRS_1075_9.3.1.2 IRS 1075 9.3.1.2 Account Management (AC-2) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center IRS_1075_9.3 .1.2 IRS_1075_9.3.1.2 IRS 1075 9.3.1.2 Account Management (AC-2) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center IRS_1075_9.3 .1.2 IRS_1075_9.3.1.2 IRS 1075 9.3.1.2 Account Management (AC-2) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric IRS_1075_9.3 .1.2 IRS_1075_9.3.1.2 IRS 1075 9.3.1.2 Account Management (AC-2) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General IRS_1075_9.3 .1.2 IRS_1075_9.3.1.2 IRS 1075 9.3.1.2 Account Management (AC-2) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL IRS_1075_9.3 .1.2 IRS_1075_9.3.1.2 IRS 1075 9.3.1.2 Account Management (AC-2) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service IRS_1075_9.3 .1.4 IRS_1075_9.3.1.4 IRS 1075 9.3.1.4 Information Flow Enforcement (AC-4) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration IRS_1075_9.3 .1.5 IRS_1075_9.3.1.5 IRS 1075 9.3.1.5 Separation of Duties (AC-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration IRS_1075_9.3 .1.5 IRS_1075_9.3.1.5 IRS 1075 9.3.1.5 Separation of Duties (AC-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration IRS_1075_9.3 .1.5 IRS_1075_9.3.1.5 IRS 1075 9.3.1.5 Separation of Duties (AC-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration IRS_1075_9.3 .1.5 IRS_1075_9.3.1.5 IRS 1075 9.3.1.5 Separation of Duties (AC-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration IRS_1075_9.3 .1.5 IRS_1075_9.3.1.5 IRS 1075 9.3.1.5 Separation of Duties (AC-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center IRS_1075_9.3 .1.5 IRS_1075_9.3.1.5 IRS 1075 9.3.1.5 Separation of Duties (AC-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center IRS_1075_9.3 .1.5 IRS_1075_9.3.1.5 IRS 1075 9.3.1.5 Separation of Duties (AC-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration IRS_1075_9.3 .1.6 IRS_1075_9.3.1.6 IRS 1075 9.3.1.6 Least Privilege (AC-6) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration IRS_1075_9.3 .1.6 IRS_1075_9.3.1.6 IRS 1075 9.3.1.6 Least Privilege (AC-6) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center IRS_1075_9.3 .1.6 IRS_1075_9.3.1.6 IRS 1075 9.3.1.6 Least Privilege (AC-6) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center IRS_1075_9.3 .1.6 IRS_1075_9.3.1.6 IRS 1075 9.3.1.6 Least Privilege (AC-6) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration IRS_1075_9.3 .1.6 IRS_1075_9.3.1.6 IRS 1075 9.3.1.6 Least Privilege (AC-6) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration IRS_1075_9.3 .1.6 IRS_1075_9.3.1.6 IRS 1075 9.3.1.6 Least Privilege (AC-6) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration IRS_1075_9.3 .1.6 IRS_1075_9.3.1.6 IRS 1075 9.3.1.6 Least Privilege (AC-6) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center IRS_1075_9.3 .14.3 IRS_1075_9.3.14.3 IRS 1075 9.3.14.3 Vulnerability Scanning (RA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center IRS_1075_9.3 .14.3 IRS_1075_9.3.14.3 IRS 1075 9.3.14.3 Vulnerability Scanning (RA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL IRS_1075_9.3 .14.3 IRS_1075_9.3.14.3 IRS 1075 9.3.14.3 Vulnerability Scanning (RA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL IRS_1075_9.3 .14.3 IRS_1075_9.3.14.3 IRS 1075 9.3.14.3 Vulnerability Scanning (RA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL IRS_1075_9.3 .16.15 IRS_1075_9.3.16.15 IRS 1075 9.3.16.15 Protection of Information at Rest (SC-28) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL IRS_1075_9.3 .16.15 IRS_1075_9.3.16.15 IRS 1075 9.3.16.15 Protection of Information at Rest (SC-28) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL IRS_1075_9.3 .16.15 IRS_1075_9.3.16.15 IRS 1075 9.3.16.15 Protection of Information at Rest (SC-28) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center IRS_1075_9.3 .16.4 IRS_1075_9.3.16.4 IRS 1075 9.3.16.4 Denial of Service Protection (SC-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center IRS_1075_9.3 .16.5 IRS_1075_9.3.16.5 IRS 1075 9.3.16.5 Boundary Protection (SC-7) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage IRS_1075_9.3 .16.5 IRS_1075_9.3.16.5 IRS 1075 9.3.16.5 Boundary Protection (SC-7) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration IRS_1075_9.3 .16.6 IRS_1075_9.3.16.6 IRS 1075 9.3.16.6 Transmission Confidentiality and Integrity (SC-8) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage IRS_1075_9.3 .16.6 IRS_1075_9.3.16.6 IRS 1075 9.3.16.6 Transmission Confidentiality and Integrity (SC-8) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache IRS_1075_9.3 .16.6 IRS_1075_9.3.16.6 IRS 1075 9.3.16.6 Transmission Confidentiality and Integrity (SC-8) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service IRS_1075_9.3 .16.6 IRS_1075_9.3.16.6 IRS 1075 9.3.16.6 Transmission Confidentiality and Integrity (SC-8) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service IRS_1075_9.3 .16.6 IRS_1075_9.3.16.6 IRS 1075 9.3.16.6 Transmission Confidentiality and Integrity (SC-8) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration IRS_1075_9.3 .16.6 IRS_1075_9.3.16.6 IRS 1075 9.3.16.6 Transmission Confidentiality and Integrity (SC-8) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration IRS_1075_9.3 .16.6 IRS_1075_9.3.16.6 IRS 1075 9.3.16.6 Transmission Confidentiality and Integrity (SC-8) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration IRS_1075_9.3 .16.6 IRS_1075_9.3.16.6 IRS 1075 9.3.16.6 Transmission Confidentiality and Integrity (SC-8) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center IRS_1075_9.3 .17.2 IRS_1075_9.3.17.2 IRS 1075 9.3.17.2 Flaw Remediation (SI-2) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center IRS_1075_9.3 .17.2 IRS_1075_9.3.17.2 IRS 1075 9.3.17.2 Flaw Remediation (SI-2) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL IRS_1075_9.3 .17.4 IRS_1075_9.3.17.4 IRS 1075 9.3.17.4 Information System Monitoring (SI-4) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring IRS_1075_9.3 .17.4 IRS_1075_9.3.17.4 IRS 1075 9.3.17.4 Information System Monitoring (SI-4) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL IRS_1075_9.3 .17.4 IRS_1075_9.3.17.4 IRS 1075 9.3.17.4 Information System Monitoring (SI-4) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring IRS_1075_9.3 .17.4 IRS_1075_9.3.17.4 IRS 1075 9.3.17.4 Information System Monitoring (SI-4) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring IRS_1075_9.3 .17.4 IRS_1075_9.3.17.4 IRS 1075 9.3.17.4 Information System Monitoring (SI-4) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL IRS_1075_9.3 .3.11 IRS_1075_9.3.3.11 IRS 1075 9.3.3.11 Audit Generation (AU-12) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL IRS_1075_9.3 .3.11 IRS_1075_9.3.3.11 IRS 1075 9.3.3.11 Audit Generation (AU-12) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL IRS_1075_9.3 .3.11 IRS_1075_9.3.3.11 IRS 1075 9.3.3.11 Audit Generation (AU-12) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring IRS_1075_9.3 .3.11 IRS_1075_9.3.3.11 IRS 1075 9.3.3.11 Audit Generation (AU-12) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring IRS_1075_9.3 .3.11 IRS_1075_9.3.3.11 IRS 1075 9.3.3.11 Audit Generation (AU-12) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring IRS_1075_9.3 .3.11 IRS_1075_9.3.3.11 IRS 1075 9.3.3.11 Audit Generation (AU-12) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring IRS_1075_9.3 .3.11 IRS_1075_9.3.3.11 IRS 1075 9.3.3.11 Audit Generation (AU-12) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring IRS_1075_9.3 .3.3 IRS_1075_9.3.3.3 IRS 1075 9.3.3.3 Content of Audit Records (AU-3) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring IRS_1075_9.3 .3.3 IRS_1075_9.3.3.3 IRS 1075 9.3.3.3 Content of Audit Records (AU-3) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring IRS_1075_9.3 .3.3 IRS_1075_9.3.3.3 IRS 1075 9.3.3.3 Content of Audit Records (AU-3) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring IRS_1075_9.3 .3.5 IRS_1075_9.3.3.5 IRS 1075 9.3.3.5 Response to Audit Processing Failures (AU-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL IRS_1075_9.3 .3.5 IRS_1075_9.3.3.5 IRS 1075 9.3.3.5 Response to Audit Processing Failures (AU-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL IRS_1075_9.3 .3.5 IRS_1075_9.3.3.5 IRS 1075 9.3.3.5 Response to Audit Processing Failures (AU-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL IRS_1075_9.3 .3.5 IRS_1075_9.3.3.5 IRS 1075 9.3.3.5 Response to Audit Processing Failures (AU-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring IRS_1075_9.3 .3.6 IRS_1075_9.3.3.6 IRS 1075 9.3.3.6 Audit Review, Analysis, and Reporting (AU-6) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring IRS_1075_9.3 .3.6 IRS_1075_9.3.3.6 IRS 1075 9.3.3.6 Audit Review, Analysis, and Reporting (AU-6) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring IRS_1075_9.3 .3.6 IRS_1075_9.3.3.6 IRS 1075 9.3.3.6 Audit Review, Analysis, and Reporting (AU-6) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute IRS_1075_9.3 .6.6 IRS_1075_9.3.6.6 IRS 1075 9.3.6.6 Alternate Processing Site (CP-7) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration IRS_1075_9.3 .7.5 IRS_1075_9.3.7.5 IRS 1075 9.3.7.5 Authenticator Management (IA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration IRS_1075_9.3 .7.5 IRS_1075_9.3.7.5 IRS 1075 9.3.7.5 Authenticator Management (IA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration IRS_1075_9.3 .7.5 IRS_1075_9.3.7.5 IRS 1075 9.3.7.5 Authenticator Management (IA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration IRS_1075_9.3 .7.5 IRS_1075_9.3.7.5 IRS 1075 9.3.7.5 Authenticator Management (IA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
237b38db-ca4d-4259-9e47-7882441ca2c0 Audit Windows machines that do not have the minimum password age set to specified number of days Guest Configuration IRS_1075_9.3 .7.5 IRS_1075_9.3.7.5 IRS 1075 9.3.7.5 Authenticator Management (IA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration IRS_1075_9.3 .7.5 IRS_1075_9.3.7.5 IRS 1075 9.3.7.5 Authenticator Management (IA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration IRS_1075_9.3 .7.5 IRS_1075_9.3.7.5 IRS 1075 9.3.7.5 Authenticator Management (IA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration IRS_1075_9.3 .7.5 IRS_1075_9.3.7.5 IRS 1075 9.3.7.5 Authenticator Management (IA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration IRS_1075_9.3 .7.5 IRS_1075_9.3.7.5 IRS 1075 9.3.7.5 Authenticator Management (IA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration IRS_1075_9.3 .7.5 IRS_1075_9.3.7.5 IRS 1075 9.3.7.5 Authenticator Management (IA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration IRS_1075_9.3 .7.5 IRS_1075_9.3.7.5 IRS 1075 9.3.7.5 Authenticator Management (IA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration IRS_1075_9.3 .7.5 IRS_1075_9.3.7.5 IRS 1075 9.3.7.5 Authenticator Management (IA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center ISO_IEC_27001_2022 10.2 ISO_IEC_27001_2022_10.2 ISO IEC 27001 2022 10.2 Nonconformity and corrective action ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center ISO_IEC_27001_2022 10.2 ISO_IEC_27001_2022_10.2 ISO IEC 27001 2022 10.2 Nonconformity and corrective action ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center ISO_IEC_27001_2022 10.2 ISO_IEC_27001_2022_10.2 ISO IEC 27001 2022 10.2 Nonconformity and corrective action ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center ISO_IEC_27001_2022 10.2 ISO_IEC_27001_2022_10.2 ISO IEC 27001 2022 10.2 Nonconformity and corrective action ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center ISO_IEC_27001_2022 10.2 ISO_IEC_27001_2022_10.2 ISO IEC 27001 2022 10.2 Nonconformity and corrective action ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center ISO_IEC_27001_2022 10.2 ISO_IEC_27001_2022_10.2 ISO IEC 27001 2022 10.2 Nonconformity and corrective action ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center ISO_IEC_27001_2022 10.2 ISO_IEC_27001_2022_10.2 ISO IEC 27001 2022 10.2 Nonconformity and corrective action ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center ISO_IEC_27001_2022 10.2 ISO_IEC_27001_2022_10.2 ISO IEC 27001 2022 10.2 Nonconformity and corrective action ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center ISO_IEC_27001_2022 10.2 ISO_IEC_27001_2022_10.2 ISO IEC 27001 2022 10.2 Nonconformity and corrective action ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center ISO_IEC_27001_2022 10.2 ISO_IEC_27001_2022_10.2 ISO IEC 27001 2022 10.2 Nonconformity and corrective action ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL ISO_IEC_27001_2022 10.2 ISO_IEC_27001_2022_10.2 ISO IEC 27001 2022 10.2 Nonconformity and corrective action ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes ISO_IEC_27001_2022 10.2 ISO_IEC_27001_2022_10.2 ISO IEC 27001 2022 10.2 Nonconformity and corrective action ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center ISO_IEC_27001_2022 10.2 ISO_IEC_27001_2022_10.2 ISO IEC 27001 2022 10.2 Nonconformity and corrective action ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center ISO_IEC_27001_2022 10.2 ISO_IEC_27001_2022_10.2 ISO IEC 27001 2022 10.2 Nonconformity and corrective action ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring ISO_IEC_27001_2022 10.2 ISO_IEC_27001_2022_10.2 ISO IEC 27001 2022 10.2 Nonconformity and corrective action ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center ISO_IEC_27001_2022 10.2 ISO_IEC_27001_2022_10.2 ISO IEC 27001 2022 10.2 Nonconformity and corrective action ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center ISO_IEC_27001_2022 10.2 ISO_IEC_27001_2022_10.2 ISO IEC 27001 2022 10.2 Nonconformity and corrective action ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center ISO_IEC_27001_2022 10.2 ISO_IEC_27001_2022_10.2 ISO IEC 27001 2022 10.2 Nonconformity and corrective action ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring ISO_IEC_27001_2022 6.1.2 ISO_IEC_27001_2022_6.1.2 ISO IEC 27001 2022 6.1.2 Information security risk assessment ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring ISO_IEC_27001_2022 6.1.3 ISO_IEC_27001_2022_6.1.3 ISO IEC 27001 2022 6.1.3 Information security risk treatment ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring ISO_IEC_27001_2022 6.2 ISO_IEC_27001_2022_6.2 ISO IEC 27001 2022 6.2 Information security objectives and planning to achieve them ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center ISO_IEC_27001_2022 6.3 ISO_IEC_27001_2022_6.3 ISO IEC 27001 2022 6.3 Planning of changes ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center ISO_IEC_27001_2022 6.3 ISO_IEC_27001_2022_6.3 ISO IEC 27001 2022 6.3 Planning of changes ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center ISO_IEC_27001_2022 7.5.3 ISO_IEC_27001_2022_7.5.3 ISO IEC 27001 2022 7.5.3 Control of documented information ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration ISO_IEC_27001_2022 7.5.3 ISO_IEC_27001_2022_7.5.3 ISO IEC 27001 2022 7.5.3 Control of documented information ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics ISO_IEC_27001_2022 7.5.3 ISO_IEC_27001_2022_7.5.3 ISO IEC 27001 2022 7.5.3 Control of documented information ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute ISO_IEC_27001_2022 7.5.3 ISO_IEC_27001_2022_7.5.3 ISO IEC 27001 2022 7.5.3 Control of documented information ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center ISO_IEC_27001_2022 7.5.3 ISO_IEC_27001_2022_7.5.3 ISO IEC 27001 2022 7.5.3 Control of documented information ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute ISO_IEC_27001_2022 7.5.3 ISO_IEC_27001_2022_7.5.3 ISO IEC 27001 2022 7.5.3 Control of documented information ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL ISO_IEC_27001_2022 7.5.3 ISO_IEC_27001_2022_7.5.3 ISO IEC 27001 2022 7.5.3 Control of documented information ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes ISO_IEC_27001_2022 7.5.3 ISO_IEC_27001_2022_7.5.3 ISO IEC 27001 2022 7.5.3 Control of documented information ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center ISO_IEC_27001_2022 7.5.3 ISO_IEC_27001_2022_7.5.3 ISO IEC 27001 2022 7.5.3 Control of documented information ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance ISO_IEC_27001_2022 7.5.3 ISO_IEC_27001_2022_7.5.3 ISO IEC 27001 2022 7.5.3 Control of documented information ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage ISO_IEC_27001_2022 7.5.3 ISO_IEC_27001_2022_7.5.3 ISO IEC 27001 2022 7.5.3 Control of documented information ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center ISO_IEC_27001_2022 7.5.3 ISO_IEC_27001_2022_7.5.3 ISO IEC 27001 2022 7.5.3 Control of documented information ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL ISO_IEC_27001_2022 7.5.3 ISO_IEC_27001_2022_7.5.3 ISO IEC 27001 2022 7.5.3 Control of documented information ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center ISO_IEC_27001_2022 7.5.3 ISO_IEC_27001_2022_7.5.3 ISO IEC 27001 2022 7.5.3 Control of documented information ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL ISO_IEC_27001_2022 7.5.3 ISO_IEC_27001_2022_7.5.3 ISO IEC 27001 2022 7.5.3 Control of documented information ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
ca88aadc-6e2b-416c-9de2-5a0f01d1693f Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration ISO_IEC_27001_2022 7.5.3 ISO_IEC_27001_2022_7.5.3 ISO IEC 27001 2022 7.5.3 Control of documented information ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer ISO_IEC_27001_2022 7.5.3 ISO_IEC_27001_2022_7.5.3 ISO IEC 27001 2022 7.5.3 Control of documented information ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL ISO_IEC_27001_2022 7.5.3 ISO_IEC_27001_2022_7.5.3 ISO IEC 27001 2022 7.5.3 Control of documented information ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration ISO_IEC_27001_2022 7.5.3 ISO_IEC_27001_2022_7.5.3 ISO IEC 27001 2022 7.5.3 Control of documented information ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center ISO_IEC_27001_2022 7.5.3 ISO_IEC_27001_2022_7.5.3 ISO IEC 27001 2022 7.5.3 Control of documented information ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer ISO_IEC_27001_2022 7.5.3 ISO_IEC_27001_2022_7.5.3 ISO IEC 27001 2022 7.5.3 Control of documented information ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center ISO_IEC_27001_2022 7.5.3 ISO_IEC_27001_2022_7.5.3 ISO IEC 27001 2022 7.5.3 Control of documented information ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage ISO_IEC_27001_2022 7.5.3 ISO_IEC_27001_2022_7.5.3 ISO IEC 27001 2022 7.5.3 Control of documented information ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation ISO_IEC_27001_2022 7.5.3 ISO_IEC_27001_2022_7.5.3 ISO IEC 27001 2022 7.5.3 Control of documented information ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR ISO_IEC_27001_2022 7.5.3 ISO_IEC_27001_2022_7.5.3 ISO IEC 27001 2022 7.5.3 Control of documented information ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center ISO_IEC_27001_2022 7.5.3 ISO_IEC_27001_2022_7.5.3 ISO IEC 27001 2022 7.5.3 Control of documented information ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center ISO_IEC_27001_2022 7.5.3 ISO_IEC_27001_2022_7.5.3 ISO IEC 27001 2022 7.5.3 Control of documented information ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center ISO_IEC_27001_2022 7.5.3 ISO_IEC_27001_2022_7.5.3 ISO IEC 27001 2022 7.5.3 Control of documented information ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center ISO_IEC_27001_2022 7.5.3 ISO_IEC_27001_2022_7.5.3 ISO IEC 27001 2022 7.5.3 Control of documented information ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center ISO_IEC_27001_2022 7.5.3 ISO_IEC_27001_2022_7.5.3 ISO IEC 27001 2022 7.5.3 Control of documented information ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center ISO_IEC_27001_2022 7.5.3 ISO_IEC_27001_2022_7.5.3 ISO IEC 27001 2022 7.5.3 Control of documented information ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center ISO_IEC_27001_2022 7.5.3 ISO_IEC_27001_2022_7.5.3 ISO IEC 27001 2022 7.5.3 Control of documented information ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center ISO_IEC_27001_2022 8.1 ISO_IEC_27001_2022_8.1 ISO IEC 27001 2022 8.1 Operational planning and control ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center ISO_IEC_27001_2022 8.1 ISO_IEC_27001_2022_8.1 ISO IEC 27001 2022 8.1 Operational planning and control ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring ISO_IEC_27001_2022 8.2 ISO_IEC_27001_2022_8.2 ISO IEC 27001 2022 8.2 Information security risk assessment ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring ISO_IEC_27001_2022 8.3 ISO_IEC_27001_2022_8.3 ISO IEC 27001 2022 8.3 Information security risk treatment ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center ISO_IEC_27001_2022 9.1 ISO_IEC_27001_2022_9.1 ISO IEC 27001 2022 9.1 Monitoring, measurement, analysis and evaluation ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring ISO_IEC_27001_2022 9.2.2 ISO_IEC_27001_2022_9.2.2 ISO IEC 27001 2022 9.2.2 Internal Audit Programme ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center ISO_IEC_27001_2022 9.3.3 ISO_IEC_27001_2022_9.3.3 ISO IEC 27001 2022 9.3.3 Management Review Results ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center ISO_IEC_27001_2022 9.3.3 ISO_IEC_27001_2022_9.3.3 ISO IEC 27001 2022 9.3.3 Management Review Results ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center ISO_IEC_27001_2022 9.3.3 ISO_IEC_27001_2022_9.3.3 ISO IEC 27001 2022 9.3.3 Management Review Results ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center ISO_IEC_27001_2022 9.3.3 ISO_IEC_27001_2022_9.3.3 ISO IEC 27001 2022 9.3.3 Management Review Results ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring ISO_IEC_27001_2022 9.3.3 ISO_IEC_27001_2022_9.3.3 ISO IEC 27001 2022 9.3.3 Management Review Results ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center ISO_IEC_27001_2022 9.3.3 ISO_IEC_27001_2022_9.3.3 ISO IEC 27001 2022 9.3.3 Management Review Results ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center ISO_IEC_27001_2022 9.3.3 ISO_IEC_27001_2022_9.3.3 ISO IEC 27001 2022 9.3.3 Management Review Results ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center ISO_IEC_27001_2022 9.3.3 ISO_IEC_27001_2022_9.3.3 ISO IEC 27001 2022 9.3.3 Management Review Results ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center ISO_IEC_27001_2022 9.3.3 ISO_IEC_27001_2022_9.3.3 ISO IEC 27001 2022 9.3.3 Management Review Results ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center ISO_IEC_27001_2022 9.3.3 ISO_IEC_27001_2022_9.3.3 ISO IEC 27001 2022 9.3.3 Management Review Results ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center ISO_IEC_27001_2022 9.3.3 ISO_IEC_27001_2022_9.3.3 ISO IEC 27001 2022 9.3.3 Management Review Results ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center ISO_IEC_27001_2022 9.3.3 ISO_IEC_27001_2022_9.3.3 ISO IEC 27001 2022 9.3.3 Management Review Results ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center ISO_IEC_27001_2022 9.3.3 ISO_IEC_27001_2022_9.3.3 ISO IEC 27001 2022 9.3.3 Management Review Results ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL ISO_IEC_27001_2022 9.3.3 ISO_IEC_27001_2022_9.3.3 ISO IEC 27001 2022 9.3.3 Management Review Results ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes ISO_IEC_27001_2022 9.3.3 ISO_IEC_27001_2022_9.3.3 ISO IEC 27001 2022 9.3.3 Management Review Results ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center ISO_IEC_27001_2022 9.3.3 ISO_IEC_27001_2022_9.3.3 ISO IEC 27001 2022 9.3.3 Management Review Results ISO/IEC 27001 2022 (5e4ff661-23bf-42fa-8e3a-309a55091cc7)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service ISO_IEC_27002_2022 5.1 ISO_IEC_27002_2022_5.1 ISO IEC 27002 2022 5.1 Policies for information security ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities Kubernetes ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
d46c275d-1680-448d-b2ec-e495a3b6cc89 Kubernetes cluster services should only use allowed external IPs Kubernetes ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
56fd377d-098c-4f02-8406-81eb055902b8 IP firewall rules on Azure Synapse workspaces should be removed Synapse ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB ISO_IEC_27002_2022 5.14 ISO_IEC_27002_2022_5.14 ISO IEC 27002 2022 5.14 Information transfer ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network ISO_IEC_27002_2022 5.15 ISO_IEC_27002_2022_5.15 ISO IEC 27002 2022 5.15 Access control ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration ISO_IEC_27002_2022 5.15 ISO_IEC_27002_2022_5.15 ISO IEC 27002 2022 5.15 Access control ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub ISO_IEC_27002_2022 5.15 ISO_IEC_27002_2022_5.15 ISO IEC 27002 2022 5.15 Access control ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault ISO_IEC_27002_2022 5.15 ISO_IEC_27002_2022_5.15 ISO IEC 27002 2022 5.15 Access control ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB ISO_IEC_27002_2022 5.17 ISO_IEC_27002_2022_5.17 ISO IEC 27002 2022 5.17 Authentication information ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL ISO_IEC_27002_2022 5.17 ISO_IEC_27002_2022_5.17 ISO IEC 27002 2022 5.17 Authentication information ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration ISO_IEC_27002_2022 5.17 ISO_IEC_27002_2022_5.17 ISO IEC 27002 2022 5.17 Authentication information ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service ISO_IEC_27002_2022 5.17 ISO_IEC_27002_2022_5.17 ISO IEC 27002 2022 5.17 Authentication information ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration ISO_IEC_27002_2022 5.18 ISO_IEC_27002_2022_5.18 ISO IEC 27002 2022 5.18 Access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage ISO_IEC_27002_2022 5.18 ISO_IEC_27002_2022_5.18 ISO IEC 27002 2022 5.18 Access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub ISO_IEC_27002_2022 5.18 ISO_IEC_27002_2022_5.18 ISO IEC 27002 2022 5.18 Access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration ISO_IEC_27002_2022 5.18 ISO_IEC_27002_2022_5.18 ISO IEC 27002 2022 5.18 Access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration ISO_IEC_27002_2022 5.18 ISO_IEC_27002_2022_5.18 ISO IEC 27002 2022 5.18 Access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub ISO_IEC_27002_2022 5.18 ISO_IEC_27002_2022_5.18 ISO IEC 27002 2022 5.18 Access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning ISO_IEC_27002_2022 5.18 ISO_IEC_27002_2022_5.18 ISO IEC 27002 2022 5.18 Access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration ISO_IEC_27002_2022 5.18 ISO_IEC_27002_2022_5.18 ISO IEC 27002 2022 5.18 Access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration ISO_IEC_27002_2022 5.18 ISO_IEC_27002_2022_5.18 ISO IEC 27002 2022 5.18 Access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center ISO_IEC_27002_2022 5.18 ISO_IEC_27002_2022_5.18 ISO IEC 27002 2022 5.18 Access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault ISO_IEC_27002_2022 5.18 ISO_IEC_27002_2022_5.18 ISO IEC 27002 2022 5.18 Access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service ISO_IEC_27002_2022 5.18 ISO_IEC_27002_2022_5.18 ISO IEC 27002 2022 5.18 Access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration ISO_IEC_27002_2022 5.18 ISO_IEC_27002_2022_5.18 ISO IEC 27002 2022 5.18 Access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL ISO_IEC_27002_2022 5.18 ISO_IEC_27002_2022_5.18 ISO IEC 27002 2022 5.18 Access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration ISO_IEC_27002_2022 5.18 ISO_IEC_27002_2022_5.18 ISO IEC 27002 2022 5.18 Access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration ISO_IEC_27002_2022 5.18 ISO_IEC_27002_2022_5.18 ISO IEC 27002 2022 5.18 Access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration ISO_IEC_27002_2022 5.18 ISO_IEC_27002_2022_5.18 ISO IEC 27002 2022 5.18 Access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault ISO_IEC_27002_2022 5.18 ISO_IEC_27002_2022_5.18 ISO IEC 27002 2022 5.18 Access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB ISO_IEC_27002_2022 5.18 ISO_IEC_27002_2022_5.18 ISO IEC 27002 2022 5.18 Access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault ISO_IEC_27002_2022 5.18 ISO_IEC_27002_2022_5.18 ISO IEC 27002 2022 5.18 Access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center ISO_IEC_27002_2022 5.24 ISO_IEC_27002_2022_5.24 ISO IEC 27002 2022 5.24 Information security incident management planning and preparation ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center ISO_IEC_27002_2022 5.26 ISO_IEC_27002_2022_5.26 ISO IEC 27002 2022 5.26 Response to information security incidents ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center ISO_IEC_27002_2022 5.5 ISO_IEC_27002_2022_5.5 ISO IEC 27002 2022 5.5 Contact with authorities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL ISO_IEC_27002_2022 5.5 ISO_IEC_27002_2022_5.5 ISO IEC 27002 2022 5.5 Contact with authorities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center ISO_IEC_27002_2022 5.5 ISO_IEC_27002_2022_5.5 ISO IEC 27002 2022 5.5 Contact with authorities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center ISO_IEC_27002_2022 5.5 ISO_IEC_27002_2022_5.5 ISO IEC 27002 2022 5.5 Contact with authorities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center ISO_IEC_27002_2022 5.5 ISO_IEC_27002_2022_5.5 ISO IEC 27002 2022 5.5 Contact with authorities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center ISO_IEC_27002_2022 5.5 ISO_IEC_27002_2022_5.5 ISO IEC 27002 2022 5.5 Contact with authorities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center ISO_IEC_27002_2022 5.5 ISO_IEC_27002_2022_5.5 ISO IEC 27002 2022 5.5 Contact with authorities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center ISO_IEC_27002_2022 5.5 ISO_IEC_27002_2022_5.5 ISO IEC 27002 2022 5.5 Contact with authorities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL ISO_IEC_27002_2022 5.5 ISO_IEC_27002_2022_5.5 ISO IEC 27002 2022 5.5 Contact with authorities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center ISO_IEC_27002_2022 5.5 ISO_IEC_27002_2022_5.5 ISO IEC 27002 2022 5.5 Contact with authorities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center ISO_IEC_27002_2022 5.5 ISO_IEC_27002_2022_5.5 ISO IEC 27002 2022 5.5 Contact with authorities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center ISO_IEC_27002_2022 5.5 ISO_IEC_27002_2022_5.5 ISO IEC 27002 2022 5.5 Contact with authorities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center ISO_IEC_27002_2022 5.5 ISO_IEC_27002_2022_5.5 ISO IEC 27002 2022 5.5 Contact with authorities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute ISO_IEC_27002_2022 5.9 ISO_IEC_27002_2022_5.9 ISO IEC 27002 2022 5.9 Inventory of information and other associated assets ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring ISO_IEC_27002_2022 5.9 ISO_IEC_27002_2022_5.9 ISO IEC 27002 2022 5.9 Inventory of information and other associated assets ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
ebb67efd-3c46-49b0-adfe-5599eb944998 Audit Windows machines that don't have the specified applications installed Guest Configuration ISO_IEC_27002_2022 5.9 ISO_IEC_27002_2022_5.9 ISO IEC 27002 2022 5.9 Inventory of information and other associated assets ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network ISO_IEC_27002_2022 5.9 ISO_IEC_27002_2022_5.9 ISO IEC 27002 2022 5.9 Inventory of information and other associated assets ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center ISO_IEC_27002_2022 5.9 ISO_IEC_27002_2022_5.9 ISO IEC 27002 2022 5.9 Inventory of information and other associated assets ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring ISO_IEC_27002_2022 5.9 ISO_IEC_27002_2022_5.9 ISO IEC 27002 2022 5.9 Inventory of information and other associated assets ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring ISO_IEC_27002_2022 5.9 ISO_IEC_27002_2022_5.9 ISO IEC 27002 2022 5.9 Inventory of information and other associated assets ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network ISO_IEC_27002_2022 6.7 ISO_IEC_27002_2022_6.7 ISO IEC 27002 2022 6.7 Remote working ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services ISO_IEC_27002_2022 6.7 ISO_IEC_27002_2022_6.7 ISO IEC 27002 2022 6.7 Remote working ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage ISO_IEC_27002_2022 6.7 ISO_IEC_27002_2022_6.7 ISO IEC 27002 2022 6.7 Remote working ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network ISO_IEC_27002_2022 6.7 ISO_IEC_27002_2022_6.7 ISO IEC 27002 2022 6.7 Remote working ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery ISO_IEC_27002_2022 6.7 ISO_IEC_27002_2022_6.7 ISO IEC 27002 2022 6.7 Remote working ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service ISO_IEC_27002_2022 6.7 ISO_IEC_27002_2022_6.7 ISO IEC 27002 2022 6.7 Remote working ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration ISO_IEC_27002_2022 6.7 ISO_IEC_27002_2022_6.7 ISO IEC 27002 2022 6.7 Remote working ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB ISO_IEC_27002_2022 6.7 ISO_IEC_27002_2022_6.7 ISO IEC 27002 2022 6.7 Remote working ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup ISO_IEC_27002_2022 6.7 ISO_IEC_27002_2022_6.7 ISO IEC 27002 2022 6.7 Remote working ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL ISO_IEC_27002_2022 6.7 ISO_IEC_27002_2022_6.7 ISO IEC 27002 2022 6.7 Remote working ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration ISO_IEC_27002_2022 6.7 ISO_IEC_27002_2022_6.7 ISO IEC 27002 2022 6.7 Remote working ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault ISO_IEC_27002_2022 7.14 ISO_IEC_27002_2022_7.14 ISO IEC 27002 2022 7.14 Secure disposal or re-use of equipment ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault ISO_IEC_27002_2022 8.15 ISO_IEC_27002_2022_8.15 ISO IEC 27002 2022 8.15 Logging ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics ISO_IEC_27002_2022 8.15 ISO_IEC_27002_2022_8.15 ISO IEC 27002 2022 8.15 Logging ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration ISO_IEC_27002_2022 8.15 ISO_IEC_27002_2022_8.15 ISO IEC 27002 2022 8.15 Logging ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring ISO_IEC_27002_2022 8.15 ISO_IEC_27002_2022_8.15 ISO IEC 27002 2022 8.15 Logging ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration ISO_IEC_27002_2022 8.15 ISO_IEC_27002_2022_8.15 ISO IEC 27002 2022 8.15 Logging ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB ISO_IEC_27002_2022 8.15 ISO_IEC_27002_2022_8.15 ISO IEC 27002 2022 8.15 Logging ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning ISO_IEC_27002_2022 8.15 ISO_IEC_27002_2022_8.15 ISO IEC 27002 2022 8.15 Logging ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus ISO_IEC_27002_2022 8.15 ISO_IEC_27002_2022_8.15 ISO IEC 27002 2022 8.15 Logging ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring ISO_IEC_27002_2022 8.15 ISO_IEC_27002_2022_8.15 ISO IEC 27002 2022 8.15 Logging ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring ISO_IEC_27002_2022 8.15 ISO_IEC_27002_2022_8.15 ISO IEC 27002 2022 8.15 Logging ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring ISO_IEC_27002_2022 8.15 ISO_IEC_27002_2022_8.15 ISO IEC 27002 2022 8.15 Logging ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring ISO_IEC_27002_2022 8.15 ISO_IEC_27002_2022_8.15 ISO IEC 27002 2022 8.15 Logging ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake ISO_IEC_27002_2022 8.15 ISO_IEC_27002_2022_8.15 ISO IEC 27002 2022 8.15 Logging ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes ISO_IEC_27002_2022 8.15 ISO_IEC_27002_2022_8.15 ISO IEC 27002 2022 8.15 Logging ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake ISO_IEC_27002_2022 8.15 ISO_IEC_27002_2022_8.15 ISO IEC 27002 2022 8.15 Logging ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration ISO_IEC_27002_2022 8.15 ISO_IEC_27002_2022_8.15 ISO IEC 27002 2022 8.15 Logging ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring ISO_IEC_27002_2022 8.15 ISO_IEC_27002_2022_8.15 ISO IEC 27002 2022 8.15 Logging ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub ISO_IEC_27002_2022 8.15 ISO_IEC_27002_2022_8.15 ISO IEC 27002 2022 8.15 Logging ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL ISO_IEC_27002_2022 8.15 ISO_IEC_27002_2022_8.15 ISO IEC 27002 2022 8.15 Logging ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault ISO_IEC_27002_2022 8.15 ISO_IEC_27002_2022_8.15 ISO IEC 27002 2022 8.15 Logging ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring ISO_IEC_27002_2022 8.15 ISO_IEC_27002_2022_8.15 ISO IEC 27002 2022 8.15 Logging ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things ISO_IEC_27002_2022 8.15 ISO_IEC_27002_2022_8.15 ISO IEC 27002 2022 8.15 Logging ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring ISO_IEC_27002_2022 8.15 ISO_IEC_27002_2022_8.15 ISO IEC 27002 2022 8.15 Logging ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring ISO_IEC_27002_2022 8.15 ISO_IEC_27002_2022_8.15 ISO IEC 27002 2022 8.15 Logging ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center ISO_IEC_27002_2022 8.15 ISO_IEC_27002_2022_8.15 ISO IEC 27002 2022 8.15 Logging ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache ISO_IEC_27002_2022 8.15 ISO_IEC_27002_2022_8.15 ISO IEC 27002 2022 8.15 Logging ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General ISO_IEC_27002_2022 8.15 ISO_IEC_27002_2022_8.15 ISO IEC 27002 2022 8.15 Logging ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration ISO_IEC_27002_2022 8.15 ISO_IEC_27002_2022_8.15 ISO IEC 27002 2022 8.15 Logging ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring ISO_IEC_27002_2022 8.15 ISO_IEC_27002_2022_8.15 ISO IEC 27002 2022 8.15 Logging ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps ISO_IEC_27002_2022 8.15 ISO_IEC_27002_2022_8.15 ISO IEC 27002 2022 8.15 Logging ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center ISO_IEC_27002_2022 8.16 ISO_IEC_27002_2022_8.16 ISO IEC 27002 2022 8.16 Monitoring activities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring ISO_IEC_27002_2022 8.16 ISO_IEC_27002_2022_8.16 ISO IEC 27002 2022 8.16 Monitoring activities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center ISO_IEC_27002_2022 8.16 ISO_IEC_27002_2022_8.16 ISO IEC 27002 2022 8.16 Monitoring activities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center ISO_IEC_27002_2022 8.16 ISO_IEC_27002_2022_8.16 ISO IEC 27002 2022 8.16 Monitoring activities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes ISO_IEC_27002_2022 8.16 ISO_IEC_27002_2022_8.16 ISO IEC 27002 2022 8.16 Monitoring activities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center ISO_IEC_27002_2022 8.16 ISO_IEC_27002_2022_8.16 ISO IEC 27002 2022 8.16 Monitoring activities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring ISO_IEC_27002_2022 8.16 ISO_IEC_27002_2022_8.16 ISO IEC 27002 2022 8.16 Monitoring activities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network ISO_IEC_27002_2022 8.16 ISO_IEC_27002_2022_8.16 ISO IEC 27002 2022 8.16 Monitoring activities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network ISO_IEC_27002_2022 8.16 ISO_IEC_27002_2022_8.16 ISO IEC 27002 2022 8.16 Monitoring activities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center ISO_IEC_27002_2022 8.16 ISO_IEC_27002_2022_8.16 ISO IEC 27002 2022 8.16 Monitoring activities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring ISO_IEC_27002_2022 8.16 ISO_IEC_27002_2022_8.16 ISO IEC 27002 2022 8.16 Monitoring activities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes ISO_IEC_27002_2022 8.16 ISO_IEC_27002_2022_8.16 ISO IEC 27002 2022 8.16 Monitoring activities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring ISO_IEC_27002_2022 8.16 ISO_IEC_27002_2022_8.16 ISO IEC 27002 2022 8.16 Monitoring activities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center ISO_IEC_27002_2022 8.16 ISO_IEC_27002_2022_8.16 ISO IEC 27002 2022 8.16 Monitoring activities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL ISO_IEC_27002_2022 8.16 ISO_IEC_27002_2022_8.16 ISO IEC 27002 2022 8.16 Monitoring activities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center ISO_IEC_27002_2022 8.16 ISO_IEC_27002_2022_8.16 ISO IEC 27002 2022 8.16 Monitoring activities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring ISO_IEC_27002_2022 8.16 ISO_IEC_27002_2022_8.16 ISO IEC 27002 2022 8.16 Monitoring activities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring ISO_IEC_27002_2022 8.16 ISO_IEC_27002_2022_8.16 ISO IEC 27002 2022 8.16 Monitoring activities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring ISO_IEC_27002_2022 8.16 ISO_IEC_27002_2022_8.16 ISO IEC 27002 2022 8.16 Monitoring activities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration ISO_IEC_27002_2022 8.19 ISO_IEC_27002_2022_8.19 ISO IEC 27002 2022 8.19 Installation of software on operational systems ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB ISO_IEC_27002_2022 8.2 ISO_IEC_27002_2022_8.2 ISO IEC 27002 2022 8.2 Privileged access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes ISO_IEC_27002_2022 8.2 ISO_IEC_27002_2022_8.2 ISO IEC 27002 2022 8.2 Privileged access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL ISO_IEC_27002_2022 8.2 ISO_IEC_27002_2022_8.2 ISO IEC 27002 2022 8.2 Privileged access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management ISO_IEC_27002_2022 8.2 ISO_IEC_27002_2022_8.2 ISO IEC 27002 2022 8.2 Privileged access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub ISO_IEC_27002_2022 8.2 ISO_IEC_27002_2022_8.2 ISO IEC 27002 2022 8.2 Privileged access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration ISO_IEC_27002_2022 8.2 ISO_IEC_27002_2022_8.2 ISO IEC 27002 2022 8.2 Privileged access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring ISO_IEC_27002_2022 8.2 ISO_IEC_27002_2022_8.2 ISO IEC 27002 2022 8.2 Privileged access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute ISO_IEC_27002_2022 8.2 ISO_IEC_27002_2022_8.2 ISO IEC 27002 2022 8.2 Privileged access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus ISO_IEC_27002_2022 8.2 ISO_IEC_27002_2022_8.2 ISO IEC 27002 2022 8.2 Privileged access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes ISO_IEC_27002_2022 8.2 ISO_IEC_27002_2022_8.2 ISO IEC 27002 2022 8.2 Privileged access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL ISO_IEC_27002_2022 8.2 ISO_IEC_27002_2022_8.2 ISO IEC 27002 2022 8.2 Privileged access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring ISO_IEC_27002_2022 8.2 ISO_IEC_27002_2022_8.2 ISO IEC 27002 2022 8.2 Privileged access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault ISO_IEC_27002_2022 8.2 ISO_IEC_27002_2022_8.2 ISO IEC 27002 2022 8.2 Privileged access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning ISO_IEC_27002_2022 8.2 ISO_IEC_27002_2022_8.2 ISO IEC 27002 2022 8.2 Privileged access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network ISO_IEC_27002_2022 8.2 ISO_IEC_27002_2022_8.2 ISO IEC 27002 2022 8.2 Privileged access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL ISO_IEC_27002_2022 8.2 ISO_IEC_27002_2022_8.2 ISO IEC 27002 2022 8.2 Privileged access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL ISO_IEC_27002_2022 8.2 ISO_IEC_27002_2022_8.2 ISO IEC 27002 2022 8.2 Privileged access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service ISO_IEC_27002_2022 8.2 ISO_IEC_27002_2022_8.2 ISO IEC 27002 2022 8.2 Privileged access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center ISO_IEC_27002_2022 8.2 ISO_IEC_27002_2022_8.2 ISO IEC 27002 2022 8.2 Privileged access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring ISO_IEC_27002_2022 8.2 ISO_IEC_27002_2022_8.2 ISO IEC 27002 2022 8.2 Privileged access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL ISO_IEC_27002_2022 8.2 ISO_IEC_27002_2022_8.2 ISO IEC 27002 2022 8.2 Privileged access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL ISO_IEC_27002_2022 8.2 ISO_IEC_27002_2022_8.2 ISO IEC 27002 2022 8.2 Privileged access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub ISO_IEC_27002_2022 8.2 ISO_IEC_27002_2022_8.2 ISO IEC 27002 2022 8.2 Privileged access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes ISO_IEC_27002_2022 8.2 ISO_IEC_27002_2022_8.2 ISO IEC 27002 2022 8.2 Privileged access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache ISO_IEC_27002_2022 8.2 ISO_IEC_27002_2022_8.2 ISO IEC 27002 2022 8.2 Privileged access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration ISO_IEC_27002_2022 8.2 ISO_IEC_27002_2022_8.2 ISO IEC 27002 2022 8.2 Privileged access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage ISO_IEC_27002_2022 8.2 ISO_IEC_27002_2022_8.2 ISO IEC 27002 2022 8.2 Privileged access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR ISO_IEC_27002_2022 8.2 ISO_IEC_27002_2022_8.2 ISO IEC 27002 2022 8.2 Privileged access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch ISO_IEC_27002_2022 8.2 ISO_IEC_27002_2022_8.2 ISO IEC 27002 2022 8.2 Privileged access rights ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center ISO_IEC_27002_2022 8.22 ISO_IEC_27002_2022_8.22 ISO IEC 27002 2022 8.22 Segregation of networks ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage ISO_IEC_27002_2022 8.24 ISO_IEC_27002_2022_8.24 ISO IEC 27002 2022 8.24 Use of cryptography ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance ISO_IEC_27002_2022 8.24 ISO_IEC_27002_2022_8.24 ISO IEC 27002 2022 8.24 Use of cryptography ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration ISO_IEC_27002_2022 8.24 ISO_IEC_27002_2022_8.24 ISO IEC 27002 2022 8.24 Use of cryptography ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation ISO_IEC_27002_2022 8.24 ISO_IEC_27002_2022_8.24 ISO IEC 27002 2022 8.24 Use of cryptography ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute ISO_IEC_27002_2022 8.24 ISO_IEC_27002_2022_8.24 ISO IEC 27002 2022 8.24 Use of cryptography ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault ISO_IEC_27002_2022 8.24 ISO_IEC_27002_2022_8.24 ISO IEC 27002 2022 8.24 Use of cryptography ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault ISO_IEC_27002_2022 8.24 ISO_IEC_27002_2022_8.24 ISO IEC 27002 2022 8.24 Use of cryptography ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute ISO_IEC_27002_2022 8.24 ISO_IEC_27002_2022_8.24 ISO IEC 27002 2022 8.24 Use of cryptography ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL ISO_IEC_27002_2022 8.24 ISO_IEC_27002_2022_8.24 ISO IEC 27002 2022 8.24 Use of cryptography ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics ISO_IEC_27002_2022 8.24 ISO_IEC_27002_2022_8.24 ISO IEC 27002 2022 8.24 Use of cryptography ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage ISO_IEC_27002_2022 8.24 ISO_IEC_27002_2022_8.24 ISO IEC 27002 2022 8.24 Use of cryptography ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault ISO_IEC_27002_2022 8.24 ISO_IEC_27002_2022_8.24 ISO IEC 27002 2022 8.24 Use of cryptography ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL ISO_IEC_27002_2022 8.24 ISO_IEC_27002_2022_8.24 ISO IEC 27002 2022 8.24 Use of cryptography ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things ISO_IEC_27002_2022 8.24 ISO_IEC_27002_2022_8.24 ISO IEC 27002 2022 8.24 Use of cryptography ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network ISO_IEC_27002_2022 8.3 ISO_IEC_27002_2022_8.3 ISO IEC 27002 2022 8.3 Information access restriction ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration ISO_IEC_27002_2022 8.3 ISO_IEC_27002_2022_8.3 ISO IEC 27002 2022 8.3 Information access restriction ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault ISO_IEC_27002_2022 8.3 ISO_IEC_27002_2022_8.3 ISO IEC 27002 2022 8.3 Information access restriction ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub ISO_IEC_27002_2022 8.3 ISO_IEC_27002_2022_8.3 ISO IEC 27002 2022 8.3 Information access restriction ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center ISO_IEC_27002_2022 8.32 ISO_IEC_27002_2022_8.32 ISO IEC 27002 2022 8.32 Change management ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center ISO_IEC_27002_2022 8.32 ISO_IEC_27002_2022_8.32 ISO IEC 27002 2022 8.32 Change management ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center ISO_IEC_27002_2022 8.6 ISO_IEC_27002_2022_8.6 ISO IEC 27002 2022 8.6 Capacity management ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center ISO_IEC_27002_2022 8.6 ISO_IEC_27002_2022_8.6 ISO IEC 27002 2022 8.6 Capacity management ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center ISO_IEC_27002_2022 8.6 ISO_IEC_27002_2022_8.6 ISO IEC 27002 2022 8.6 Capacity management ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center ISO_IEC_27002_2022 8.7 ISO_IEC_27002_2022_8.7 ISO IEC 27002 2022 8.7 Protection against malware ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center ISO_IEC_27002_2022 8.7 ISO_IEC_27002_2022_8.7 ISO IEC 27002 2022 8.7 Protection against malware ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network ISO_IEC_27002_2022 8.7 ISO_IEC_27002_2022_8.7 ISO IEC 27002 2022 8.7 Protection against malware ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center ISO_IEC_27002_2022 8.7 ISO_IEC_27002_2022_8.7 ISO IEC 27002 2022 8.7 Protection against malware ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center ISO_IEC_27002_2022 8.7 ISO_IEC_27002_2022_8.7 ISO IEC 27002 2022 8.7 Protection against malware ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute ISO_IEC_27002_2022 8.7 ISO_IEC_27002_2022_8.7 ISO IEC 27002 2022 8.7 Protection against malware ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center ISO_IEC_27002_2022 8.7 ISO_IEC_27002_2022_8.7 ISO IEC 27002 2022 8.7 Protection against malware ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center ISO_IEC_27002_2022 8.7 ISO_IEC_27002_2022_8.7 ISO IEC 27002 2022 8.7 Protection against malware ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center ISO_IEC_27002_2022 8.7 ISO_IEC_27002_2022_8.7 ISO IEC 27002 2022 8.7 Protection against malware ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes ISO_IEC_27002_2022 8.7 ISO_IEC_27002_2022_8.7 ISO IEC 27002 2022 8.7 Protection against malware ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network ISO_IEC_27002_2022 8.7 ISO_IEC_27002_2022_8.7 ISO IEC 27002 2022 8.7 Protection against malware ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center ISO_IEC_27002_2022 8.7 ISO_IEC_27002_2022_8.7 ISO IEC 27002 2022 8.7 Protection against malware ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center ISO_IEC_27002_2022 8.7 ISO_IEC_27002_2022_8.7 ISO IEC 27002 2022 8.7 Protection against malware ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL ISO_IEC_27002_2022 8.7 ISO_IEC_27002_2022_8.7 ISO IEC 27002 2022 8.7 Protection against malware ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL ISO_IEC_27002_2022 8.7 ISO_IEC_27002_2022_8.7 ISO IEC 27002 2022 8.7 Protection against malware ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute ISO_IEC_27002_2022 8.7 ISO_IEC_27002_2022_8.7 ISO IEC 27002 2022 8.7 Protection against malware ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center ISO_IEC_27002_2022 8.7 ISO_IEC_27002_2022_8.7 ISO IEC 27002 2022 8.7 Protection against malware ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center ISO_IEC_27002_2022 8.7 ISO_IEC_27002_2022_8.7 ISO IEC 27002 2022 8.7 Protection against malware ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes ISO_IEC_27002_2022 8.7 ISO_IEC_27002_2022_8.7 ISO IEC 27002 2022 8.7 Protection against malware ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes ISO_IEC_27002_2022 8.8 ISO_IEC_27002_2022_8.8 ISO IEC 27002 2022 8.8 Management of technical vulnerabilities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center ISO_IEC_27002_2022 8.8 ISO_IEC_27002_2022_8.8 ISO IEC 27002 2022 8.8 Management of technical vulnerabilities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL ISO_IEC_27002_2022 8.8 ISO_IEC_27002_2022_8.8 ISO IEC 27002 2022 8.8 Management of technical vulnerabilities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center ISO_IEC_27002_2022 8.8 ISO_IEC_27002_2022_8.8 ISO IEC 27002 2022 8.8 Management of technical vulnerabilities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center ISO_IEC_27002_2022 8.8 ISO_IEC_27002_2022_8.8 ISO IEC 27002 2022 8.8 Management of technical vulnerabilities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center ISO_IEC_27002_2022 8.8 ISO_IEC_27002_2022_8.8 ISO IEC 27002 2022 8.8 Management of technical vulnerabilities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center ISO_IEC_27002_2022 8.8 ISO_IEC_27002_2022_8.8 ISO IEC 27002 2022 8.8 Management of technical vulnerabilities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center ISO_IEC_27002_2022 8.8 ISO_IEC_27002_2022_8.8 ISO IEC 27002 2022 8.8 Management of technical vulnerabilities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center ISO_IEC_27002_2022 8.8 ISO_IEC_27002_2022_8.8 ISO IEC 27002 2022 8.8 Management of technical vulnerabilities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center ISO_IEC_27002_2022 8.8 ISO_IEC_27002_2022_8.8 ISO IEC 27002 2022 8.8 Management of technical vulnerabilities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center ISO_IEC_27002_2022 8.8 ISO_IEC_27002_2022_8.8 ISO IEC 27002 2022 8.8 Management of technical vulnerabilities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center ISO_IEC_27002_2022 8.8 ISO_IEC_27002_2022_8.8 ISO IEC 27002 2022 8.8 Management of technical vulnerabilities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center ISO_IEC_27002_2022 8.8 ISO_IEC_27002_2022_8.8 ISO IEC 27002 2022 8.8 Management of technical vulnerabilities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL ISO_IEC_27002_2022 8.8 ISO_IEC_27002_2022_8.8 ISO IEC 27002 2022 8.8 Management of technical vulnerabilities ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
1dc2fc00-2245-4143-99f4-874c937f13ef Azure API Management platform version should be stv2 API Management ISO_IEC_27002_2022 8.9 ISO_IEC_27002_2022_8.9 ISO IEC 27002 2022 8.9 Configuration management ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration ISO_IEC_27002_2022 8.9 ISO_IEC_27002_2022_8.9 ISO IEC 27002 2022 8.9 Configuration management ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup ISO_IEC_27002_2022 8.9 ISO_IEC_27002_2022_8.9 ISO IEC 27002 2022 8.9 Configuration management ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network ISO_IEC_27002_2022 8.9 ISO_IEC_27002_2022_8.9 ISO IEC 27002 2022 8.9 Configuration management ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration ISO_IEC_27002_2022 8.9 ISO_IEC_27002_2022_8.9 ISO IEC 27002 2022 8.9 Configuration management ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL ISO_IEC_27002_2022 8.9 ISO_IEC_27002_2022_8.9 ISO IEC 27002 2022 8.9 Configuration management ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service ISO_IEC_27002_2022 8.9 ISO_IEC_27002_2022_8.9 ISO IEC 27002 2022 8.9 Configuration management ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services ISO_IEC_27002_2022 8.9 ISO_IEC_27002_2022_8.9 ISO IEC 27002 2022 8.9 Configuration management ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration ISO_IEC_27002_2022 8.9 ISO_IEC_27002_2022_8.9 ISO IEC 27002 2022 8.9 Configuration management ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute ISO_IEC_27002_2022 8.9 ISO_IEC_27002_2022_8.9 ISO IEC 27002 2022 8.9 Configuration management ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network ISO_IEC_27002_2022 8.9 ISO_IEC_27002_2022_8.9 ISO IEC 27002 2022 8.9 Configuration management ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage ISO_IEC_27002_2022 8.9 ISO_IEC_27002_2022_8.9 ISO IEC 27002 2022 8.9 Configuration management ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center ISO_IEC_27002_2022 8.9 ISO_IEC_27002_2022_8.9 ISO IEC 27002 2022 8.9 Configuration management ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network ISO_IEC_27002_2022 8.9 ISO_IEC_27002_2022_8.9 ISO IEC 27002 2022 8.9 Configuration management ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration ISO_IEC_27002_2022 8.9 ISO_IEC_27002_2022_8.9 ISO IEC 27002 2022 8.9 Configuration management ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service ISO_IEC_27002_2022 8.9 ISO_IEC_27002_2022_8.9 ISO IEC 27002 2022 8.9 Configuration management ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration ISO_IEC_27002_2022 8.9 ISO_IEC_27002_2022_8.9 ISO IEC 27002 2022 8.9 Configuration management ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB ISO_IEC_27002_2022 8.9 ISO_IEC_27002_2022_8.9 ISO IEC 27002 2022 8.9 Configuration management ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes ISO_IEC_27002_2022 8.9 ISO_IEC_27002_2022_8.9 ISO IEC 27002 2022 8.9 Configuration management ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery ISO_IEC_27002_2022 8.9 ISO_IEC_27002_2022_8.9 ISO IEC 27002 2022 8.9 Configuration management ISO/IEC 27002 2022 (e3030e83-88d5-4f23-8734-6577a2c97a32)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer ISO_IEC_27017_2015 10.1.1 ISO_IEC_27017_2015_10.1.1 ISO IEC 27017 2015 10.1.1 Policy on the use of cryptographic controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration ISO_IEC_27017_2015 10.1.1 ISO_IEC_27017_2015_10.1.1 ISO IEC 27017 2015 10.1.1 Policy on the use of cryptographic controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL ISO_IEC_27017_2015 10.1.1 ISO_IEC_27017_2015_10.1.1 ISO IEC 27017 2015 10.1.1 Policy on the use of cryptographic controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration ISO_IEC_27017_2015 10.1.1 ISO_IEC_27017_2015_10.1.1 ISO IEC 27017 2015 10.1.1 Policy on the use of cryptographic controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL ISO_IEC_27017_2015 10.1.1 ISO_IEC_27017_2015_10.1.1 ISO IEC 27017 2015 10.1.1 Policy on the use of cryptographic controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer ISO_IEC_27017_2015 10.1.1 ISO_IEC_27017_2015_10.1.1 ISO IEC 27017 2015 10.1.1 Policy on the use of cryptographic controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance ISO_IEC_27017_2015 10.1.1 ISO_IEC_27017_2015_10.1.1 ISO IEC 27017 2015 10.1.1 Policy on the use of cryptographic controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault ISO_IEC_27017_2015 10.1.1 ISO_IEC_27017_2015_10.1.1 ISO IEC 27017 2015 10.1.1 Policy on the use of cryptographic controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage ISO_IEC_27017_2015 10.1.1 ISO_IEC_27017_2015_10.1.1 ISO IEC 27017 2015 10.1.1 Policy on the use of cryptographic controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute ISO_IEC_27017_2015 10.1.1 ISO_IEC_27017_2015_10.1.1 ISO IEC 27017 2015 10.1.1 Policy on the use of cryptographic controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL ISO_IEC_27017_2015 10.1.1 ISO_IEC_27017_2015_10.1.1 ISO IEC 27017 2015 10.1.1 Policy on the use of cryptographic controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL ISO_IEC_27017_2015 10.1.1 ISO_IEC_27017_2015_10.1.1 ISO IEC 27017 2015 10.1.1 Policy on the use of cryptographic controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center ISO_IEC_27017_2015 10.1.1 ISO_IEC_27017_2015_10.1.1 ISO IEC 27017 2015 10.1.1 Policy on the use of cryptographic controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation ISO_IEC_27017_2015 10.1.1 ISO_IEC_27017_2015_10.1.1 ISO IEC 27017 2015 10.1.1 Policy on the use of cryptographic controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL ISO_IEC_27017_2015 10.1.1 ISO_IEC_27017_2015_10.1.1 ISO IEC 27017 2015 10.1.1 Policy on the use of cryptographic controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault ISO_IEC_27017_2015 10.1.1 ISO_IEC_27017_2015_10.1.1 ISO IEC 27017 2015 10.1.1 Policy on the use of cryptographic controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration ISO_IEC_27017_2015 10.1.1 ISO_IEC_27017_2015_10.1.1 ISO IEC 27017 2015 10.1.1 Policy on the use of cryptographic controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics ISO_IEC_27017_2015 10.1.1 ISO_IEC_27017_2015_10.1.1 ISO IEC 27017 2015 10.1.1 Policy on the use of cryptographic controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute ISO_IEC_27017_2015 10.1.1 ISO_IEC_27017_2015_10.1.1 ISO IEC 27017 2015 10.1.1 Policy on the use of cryptographic controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute ISO_IEC_27017_2015 10.1.2 ISO_IEC_27017_2015_10.1.2 ISO IEC 27017 2015 10.1.2 Key Management ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation ISO_IEC_27017_2015 10.1.2 ISO_IEC_27017_2015_10.1.2 ISO IEC 27017 2015 10.1.2 Key Management ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage ISO_IEC_27017_2015 10.1.2 ISO_IEC_27017_2015_10.1.2 ISO IEC 27017 2015 10.1.2 Key Management ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault ISO_IEC_27017_2015 10.1.2 ISO_IEC_27017_2015_10.1.2 ISO IEC 27017 2015 10.1.2 Key Management ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things ISO_IEC_27017_2015 10.1.2 ISO_IEC_27017_2015_10.1.2 ISO IEC 27017 2015 10.1.2 Key Management ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute ISO_IEC_27017_2015 10.1.2 ISO_IEC_27017_2015_10.1.2 ISO IEC 27017 2015 10.1.2 Key Management ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance ISO_IEC_27017_2015 10.1.2 ISO_IEC_27017_2015_10.1.2 ISO IEC 27017 2015 10.1.2 Key Management ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault ISO_IEC_27017_2015 10.1.2 ISO_IEC_27017_2015_10.1.2 ISO IEC 27017 2015 10.1.2 Key Management ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault ISO_IEC_27017_2015 10.1.2 ISO_IEC_27017_2015_10.1.2 ISO IEC 27017 2015 10.1.2 Key Management ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics ISO_IEC_27017_2015 10.1.2 ISO_IEC_27017_2015_10.1.2 ISO IEC 27017 2015 10.1.2 Key Management ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration ISO_IEC_27017_2015 10.1.2 ISO_IEC_27017_2015_10.1.2 ISO IEC 27017 2015 10.1.2 Key Management ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL ISO_IEC_27017_2015 10.1.2 ISO_IEC_27017_2015_10.1.2 ISO IEC 27017 2015 10.1.2 Key Management ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL ISO_IEC_27017_2015 10.1.2 ISO_IEC_27017_2015_10.1.2 ISO IEC 27017 2015 10.1.2 Key Management ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage ISO_IEC_27017_2015 10.1.2 ISO_IEC_27017_2015_10.1.2 ISO IEC 27017 2015 10.1.2 Key Management ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center ISO_IEC_27017_2015 12.1.2 ISO_IEC_27017_2015_12.1.2 ISO IEC 27017 2015 12.1.2 Change Management ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance ISO_IEC_27017_2015 12.3.1 ISO_IEC_27017_2015_12.3.1 ISO IEC 27017 2015 12.3.1 Information Backup ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance ISO_IEC_27017_2015 12.3.1 ISO_IEC_27017_2015_12.3.1 ISO IEC 27017 2015 12.3.1 Information Backup ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute ISO_IEC_27017_2015 12.3.1 ISO_IEC_27017_2015_12.3.1 ISO IEC 27017 2015 12.3.1 Information Backup ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes ISO_IEC_27017_2015 12.4.1 ISO_IEC_27017_2015_12.4.1 ISO IEC 27017 2015 12.4.1 Event Logging ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake ISO_IEC_27017_2015 12.4.1 ISO_IEC_27017_2015_12.4.1 ISO IEC 27017 2015 12.4.1 Event Logging ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring ISO_IEC_27017_2015 12.4.1 ISO_IEC_27017_2015_12.4.1 ISO IEC 27017 2015 12.4.1 Event Logging ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration ISO_IEC_27017_2015 12.4.1 ISO_IEC_27017_2015_12.4.1 ISO IEC 27017 2015 12.4.1 Event Logging ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring ISO_IEC_27017_2015 12.4.1 ISO_IEC_27017_2015_12.4.1 ISO IEC 27017 2015 12.4.1 Event Logging ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus ISO_IEC_27017_2015 12.4.1 ISO_IEC_27017_2015_12.4.1 ISO IEC 27017 2015 12.4.1 Event Logging ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring ISO_IEC_27017_2015 12.4.1 ISO_IEC_27017_2015_12.4.1 ISO IEC 27017 2015 12.4.1 Event Logging ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring ISO_IEC_27017_2015 12.4.1 ISO_IEC_27017_2015_12.4.1 ISO IEC 27017 2015 12.4.1 Event Logging ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning ISO_IEC_27017_2015 12.4.1 ISO_IEC_27017_2015_12.4.1 ISO IEC 27017 2015 12.4.1 Event Logging ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB ISO_IEC_27017_2015 12.4.1 ISO_IEC_27017_2015_12.4.1 ISO IEC 27017 2015 12.4.1 Event Logging ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics ISO_IEC_27017_2015 12.4.1 ISO_IEC_27017_2015_12.4.1 ISO IEC 27017 2015 12.4.1 Event Logging ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake ISO_IEC_27017_2015 12.4.1 ISO_IEC_27017_2015_12.4.1 ISO IEC 27017 2015 12.4.1 Event Logging ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration ISO_IEC_27017_2015 12.4.1 ISO_IEC_27017_2015_12.4.1 ISO IEC 27017 2015 12.4.1 Event Logging ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration ISO_IEC_27017_2015 12.4.1 ISO_IEC_27017_2015_12.4.1 ISO IEC 27017 2015 12.4.1 Event Logging ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General ISO_IEC_27017_2015 12.4.1 ISO_IEC_27017_2015_12.4.1 ISO IEC 27017 2015 12.4.1 Event Logging ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache ISO_IEC_27017_2015 12.4.1 ISO_IEC_27017_2015_12.4.1 ISO IEC 27017 2015 12.4.1 Event Logging ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring ISO_IEC_27017_2015 12.4.1 ISO_IEC_27017_2015_12.4.1 ISO IEC 27017 2015 12.4.1 Event Logging ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration ISO_IEC_27017_2015 12.4.1 ISO_IEC_27017_2015_12.4.1 ISO IEC 27017 2015 12.4.1 Event Logging ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things ISO_IEC_27017_2015 12.4.1 ISO_IEC_27017_2015_12.4.1 ISO IEC 27017 2015 12.4.1 Event Logging ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring ISO_IEC_27017_2015 12.4.1 ISO_IEC_27017_2015_12.4.1 ISO IEC 27017 2015 12.4.1 Event Logging ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault ISO_IEC_27017_2015 12.4.1 ISO_IEC_27017_2015_12.4.1 ISO IEC 27017 2015 12.4.1 Event Logging ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps ISO_IEC_27017_2015 12.4.1 ISO_IEC_27017_2015_12.4.1 ISO IEC 27017 2015 12.4.1 Event Logging ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL ISO_IEC_27017_2015 12.4.1 ISO_IEC_27017_2015_12.4.1 ISO IEC 27017 2015 12.4.1 Event Logging ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration ISO_IEC_27017_2015 12.4.1 ISO_IEC_27017_2015_12.4.1 ISO IEC 27017 2015 12.4.1 Event Logging ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub ISO_IEC_27017_2015 12.4.1 ISO_IEC_27017_2015_12.4.1 ISO IEC 27017 2015 12.4.1 Event Logging ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage ISO_IEC_27017_2015 12.4.3 ISO_IEC_27017_2015_12.4.3 ISO IEC 27017 2015 12.4.3 Administrator and Operation Logs ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub ISO_IEC_27017_2015 12.4.3 ISO_IEC_27017_2015_12.4.3 ISO IEC 27017 2015 12.4.3 Administrator and Operation Logs ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network ISO_IEC_27017_2015 12.4.3 ISO_IEC_27017_2015_12.4.3 ISO IEC 27017 2015 12.4.3 Administrator and Operation Logs ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management ISO_IEC_27017_2015 12.4.3 ISO_IEC_27017_2015_12.4.3 ISO IEC 27017 2015 12.4.3 Administrator and Operation Logs ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL ISO_IEC_27017_2015 12.4.3 ISO_IEC_27017_2015_12.4.3 ISO IEC 27017 2015 12.4.3 Administrator and Operation Logs ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring ISO_IEC_27017_2015 12.4.3 ISO_IEC_27017_2015_12.4.3 ISO IEC 27017 2015 12.4.3 Administrator and Operation Logs ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL ISO_IEC_27017_2015 12.4.3 ISO_IEC_27017_2015_12.4.3 ISO IEC 27017 2015 12.4.3 Administrator and Operation Logs ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL ISO_IEC_27017_2015 12.4.3 ISO_IEC_27017_2015_12.4.3 ISO IEC 27017 2015 12.4.3 Administrator and Operation Logs ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes ISO_IEC_27017_2015 12.4.3 ISO_IEC_27017_2015_12.4.3 ISO IEC 27017 2015 12.4.3 Administrator and Operation Logs ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub ISO_IEC_27017_2015 12.4.3 ISO_IEC_27017_2015_12.4.3 ISO IEC 27017 2015 12.4.3 Administrator and Operation Logs ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache ISO_IEC_27017_2015 12.4.3 ISO_IEC_27017_2015_12.4.3 ISO IEC 27017 2015 12.4.3 Administrator and Operation Logs ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration ISO_IEC_27017_2015 12.4.3 ISO_IEC_27017_2015_12.4.3 ISO IEC 27017 2015 12.4.3 Administrator and Operation Logs ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB ISO_IEC_27017_2015 12.4.3 ISO_IEC_27017_2015_12.4.3 ISO IEC 27017 2015 12.4.3 Administrator and Operation Logs ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service ISO_IEC_27017_2015 12.4.3 ISO_IEC_27017_2015_12.4.3 ISO IEC 27017 2015 12.4.3 Administrator and Operation Logs ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL ISO_IEC_27017_2015 12.4.3 ISO_IEC_27017_2015_12.4.3 ISO IEC 27017 2015 12.4.3 Administrator and Operation Logs ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes ISO_IEC_27017_2015 12.4.3 ISO_IEC_27017_2015_12.4.3 ISO IEC 27017 2015 12.4.3 Administrator and Operation Logs ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring ISO_IEC_27017_2015 12.4.3 ISO_IEC_27017_2015_12.4.3 ISO IEC 27017 2015 12.4.3 Administrator and Operation Logs ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL ISO_IEC_27017_2015 12.4.3 ISO_IEC_27017_2015_12.4.3 ISO IEC 27017 2015 12.4.3 Administrator and Operation Logs ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration ISO_IEC_27017_2015 12.4.3 ISO_IEC_27017_2015_12.4.3 ISO IEC 27017 2015 12.4.3 Administrator and Operation Logs ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center ISO_IEC_27017_2015 12.4.3 ISO_IEC_27017_2015_12.4.3 ISO IEC 27017 2015 12.4.3 Administrator and Operation Logs ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL ISO_IEC_27017_2015 12.4.3 ISO_IEC_27017_2015_12.4.3 ISO IEC 27017 2015 12.4.3 Administrator and Operation Logs ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch ISO_IEC_27017_2015 12.4.3 ISO_IEC_27017_2015_12.4.3 ISO IEC 27017 2015 12.4.3 Administrator and Operation Logs ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR ISO_IEC_27017_2015 12.4.3 ISO_IEC_27017_2015_12.4.3 ISO IEC 27017 2015 12.4.3 Administrator and Operation Logs ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring ISO_IEC_27017_2015 12.4.3 ISO_IEC_27017_2015_12.4.3 ISO IEC 27017 2015 12.4.3 Administrator and Operation Logs ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus ISO_IEC_27017_2015 12.4.3 ISO_IEC_27017_2015_12.4.3 ISO IEC 27017 2015 12.4.3 Administrator and Operation Logs ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute ISO_IEC_27017_2015 12.4.3 ISO_IEC_27017_2015_12.4.3 ISO IEC 27017 2015 12.4.3 Administrator and Operation Logs ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes ISO_IEC_27017_2015 12.4.3 ISO_IEC_27017_2015_12.4.3 ISO IEC 27017 2015 12.4.3 Administrator and Operation Logs ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning ISO_IEC_27017_2015 12.4.3 ISO_IEC_27017_2015_12.4.3 ISO IEC 27017 2015 12.4.3 Administrator and Operation Logs ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network ISO_IEC_27017_2015 13.1.3 ISO_IEC_27017_2015_13.1.3 ISO IEC 27017 2015 13.1.3 Segregation in Networks ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center ISO_IEC_27017_2015 16.1.1 ISO_IEC_27017_2015_16.1.1 ISO IEC 27017 2015 16.1.1 Responsibilities and Procedures ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB ISO_IEC_27017_2015 16.1.2 ISO_IEC_27017_2015_16.1.2 ISO IEC 27017 2015 16.1.2 Reporting Information Security Events ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL ISO_IEC_27017_2015 18.1.3 ISO_IEC_27017_2015_18.1.3 ISO IEC 27017 2015 18.1.3 Protection of Records ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL ISO_IEC_27017_2015 18.1.3 ISO_IEC_27017_2015_18.1.3 ISO IEC 27017 2015 18.1.3 Protection of Records ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage ISO_IEC_27017_2015 18.1.3 ISO_IEC_27017_2015_18.1.3 ISO IEC 27017 2015 18.1.3 Protection of Records ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR ISO_IEC_27017_2015 18.1.3 ISO_IEC_27017_2015_18.1.3 ISO IEC 27017 2015 18.1.3 Protection of Records ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage ISO_IEC_27017_2015 18.1.3 ISO_IEC_27017_2015_18.1.3 ISO IEC 27017 2015 18.1.3 Protection of Records ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL ISO_IEC_27017_2015 18.1.3 ISO_IEC_27017_2015_18.1.3 ISO IEC 27017 2015 18.1.3 Protection of Records ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration ISO_IEC_27017_2015 18.1.3 ISO_IEC_27017_2015_18.1.3 ISO IEC 27017 2015 18.1.3 Protection of Records ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance ISO_IEC_27017_2015 18.1.3 ISO_IEC_27017_2015_18.1.3 ISO IEC 27017 2015 18.1.3 Protection of Records ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics ISO_IEC_27017_2015 18.1.3 ISO_IEC_27017_2015_18.1.3 ISO IEC 27017 2015 18.1.3 Protection of Records ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute ISO_IEC_27017_2015 18.1.3 ISO_IEC_27017_2015_18.1.3 ISO IEC 27017 2015 18.1.3 Protection of Records ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
ca88aadc-6e2b-416c-9de2-5a0f01d1693f Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration ISO_IEC_27017_2015 18.1.3 ISO_IEC_27017_2015_18.1.3 ISO IEC 27017 2015 18.1.3 Protection of Records ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation ISO_IEC_27017_2015 18.1.3 ISO_IEC_27017_2015_18.1.3 ISO IEC 27017 2015 18.1.3 Protection of Records ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer ISO_IEC_27017_2015 18.1.3 ISO_IEC_27017_2015_18.1.3 ISO IEC 27017 2015 18.1.3 Protection of Records ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center ISO_IEC_27017_2015 18.1.3 ISO_IEC_27017_2015_18.1.3 ISO IEC 27017 2015 18.1.3 Protection of Records ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration ISO_IEC_27017_2015 18.1.3 ISO_IEC_27017_2015_18.1.3 ISO IEC 27017 2015 18.1.3 Protection of Records ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute ISO_IEC_27017_2015 18.1.3 ISO_IEC_27017_2015_18.1.3 ISO IEC 27017 2015 18.1.3 Protection of Records ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer ISO_IEC_27017_2015 18.1.3 ISO_IEC_27017_2015_18.1.3 ISO IEC 27017 2015 18.1.3 Protection of Records ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL ISO_IEC_27017_2015 18.1.5 ISO_IEC_27017_2015_18.1.5 ISO IEC 27017 2015 18.1.5 Regulation of Cryptographic Controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration ISO_IEC_27017_2015 18.1.5 ISO_IEC_27017_2015_18.1.5 ISO IEC 27017 2015 18.1.5 Regulation of Cryptographic Controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault ISO_IEC_27017_2015 18.1.5 ISO_IEC_27017_2015_18.1.5 ISO IEC 27017 2015 18.1.5 Regulation of Cryptographic Controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration ISO_IEC_27017_2015 18.1.5 ISO_IEC_27017_2015_18.1.5 ISO IEC 27017 2015 18.1.5 Regulation of Cryptographic Controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation ISO_IEC_27017_2015 18.1.5 ISO_IEC_27017_2015_18.1.5 ISO IEC 27017 2015 18.1.5 Regulation of Cryptographic Controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL ISO_IEC_27017_2015 18.1.5 ISO_IEC_27017_2015_18.1.5 ISO IEC 27017 2015 18.1.5 Regulation of Cryptographic Controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL ISO_IEC_27017_2015 18.1.5 ISO_IEC_27017_2015_18.1.5 ISO IEC 27017 2015 18.1.5 Regulation of Cryptographic Controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL ISO_IEC_27017_2015 18.1.5 ISO_IEC_27017_2015_18.1.5 ISO IEC 27017 2015 18.1.5 Regulation of Cryptographic Controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center ISO_IEC_27017_2015 18.1.5 ISO_IEC_27017_2015_18.1.5 ISO IEC 27017 2015 18.1.5 Regulation of Cryptographic Controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault ISO_IEC_27017_2015 18.1.5 ISO_IEC_27017_2015_18.1.5 ISO IEC 27017 2015 18.1.5 Regulation of Cryptographic Controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration ISO_IEC_27017_2015 18.1.5 ISO_IEC_27017_2015_18.1.5 ISO IEC 27017 2015 18.1.5 Regulation of Cryptographic Controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL ISO_IEC_27017_2015 18.1.5 ISO_IEC_27017_2015_18.1.5 ISO IEC 27017 2015 18.1.5 Regulation of Cryptographic Controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute ISO_IEC_27017_2015 18.1.5 ISO_IEC_27017_2015_18.1.5 ISO IEC 27017 2015 18.1.5 Regulation of Cryptographic Controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute ISO_IEC_27017_2015 18.1.5 ISO_IEC_27017_2015_18.1.5 ISO IEC 27017 2015 18.1.5 Regulation of Cryptographic Controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance ISO_IEC_27017_2015 18.1.5 ISO_IEC_27017_2015_18.1.5 ISO IEC 27017 2015 18.1.5 Regulation of Cryptographic Controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer ISO_IEC_27017_2015 18.1.5 ISO_IEC_27017_2015_18.1.5 ISO IEC 27017 2015 18.1.5 Regulation of Cryptographic Controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage ISO_IEC_27017_2015 18.1.5 ISO_IEC_27017_2015_18.1.5 ISO IEC 27017 2015 18.1.5 Regulation of Cryptographic Controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics ISO_IEC_27017_2015 18.1.5 ISO_IEC_27017_2015_18.1.5 ISO IEC 27017 2015 18.1.5 Regulation of Cryptographic Controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer ISO_IEC_27017_2015 18.1.5 ISO_IEC_27017_2015_18.1.5 ISO IEC 27017 2015 18.1.5 Regulation of Cryptographic Controls ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network ISO_IEC_27017_2015 8.1.1 ISO_IEC_27017_2015_8.1.1 ISO IEC 27017 2015 8.1.1 Inventory of Assets ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center ISO_IEC_27017_2015 8.1.1 ISO_IEC_27017_2015_8.1.1 ISO IEC 27017 2015 8.1.1 Inventory of Assets ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring ISO_IEC_27017_2015 8.1.1 ISO_IEC_27017_2015_8.1.1 ISO IEC 27017 2015 8.1.1 Inventory of Assets ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring ISO_IEC_27017_2015 8.1.1 ISO_IEC_27017_2015_8.1.1 ISO IEC 27017 2015 8.1.1 Inventory of Assets ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute ISO_IEC_27017_2015 8.1.1 ISO_IEC_27017_2015_8.1.1 ISO IEC 27017 2015 8.1.1 Inventory of Assets ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring ISO_IEC_27017_2015 8.1.1 ISO_IEC_27017_2015_8.1.1 ISO IEC 27017 2015 8.1.1 Inventory of Assets ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
ebb67efd-3c46-49b0-adfe-5599eb944998 Audit Windows machines that don't have the specified applications installed Guest Configuration ISO_IEC_27017_2015 8.1.1 ISO_IEC_27017_2015_8.1.1 ISO IEC 27017 2015 8.1.1 Inventory of Assets ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network ISO_IEC_27017_2015 9.2.3 ISO_IEC_27017_2015_9.2.3 ISO IEC 27017 2015 9.2.3 Management of privileged access rights ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB ISO_IEC_27017_2015 9.2.4 ISO_IEC_27017_2015_9.2.4 ISO IEC 27017 2015 9.2.4 Management of secret authentication information of users ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service ISO_IEC_27017_2015 9.2.4 ISO_IEC_27017_2015_9.2.4 ISO IEC 27017 2015 9.2.4 Management of secret authentication information of users ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration ISO_IEC_27017_2015 9.2.4 ISO_IEC_27017_2015_9.2.4 ISO IEC 27017 2015 9.2.4 Management of secret authentication information of users ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration ISO_IEC_27017_2015 9.2.4 ISO_IEC_27017_2015_9.2.4 ISO IEC 27017 2015 9.2.4 Management of secret authentication information of users ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL ISO_IEC_27017_2015 9.2.4 ISO_IEC_27017_2015_9.2.4 ISO IEC 27017 2015 9.2.4 Management of secret authentication information of users ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service ISO_IEC_27017_2015 9.2.4 ISO_IEC_27017_2015_9.2.4 ISO IEC 27017 2015 9.2.4 Management of secret authentication information of users ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub ISO_IEC_27017_2015 9.4.1 ISO_IEC_27017_2015_9.4.1 ISO IEC 27017 2015 9.4.1 Information access restriction ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration ISO_IEC_27017_2015 Annex_A:_CLD.12.4.5 ISO_IEC_27017_2015_Annex_A:_CLD.12.4.5 404 not found ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring ISO_IEC_27017_2015 Annex_A:_CLD.6.3.1 ISO_IEC_27017_2015_Annex_A:_CLD.6.3.1 404 not found ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring ISO_IEC_27017_2015 Annex_A:_CLD.6.3.1 ISO_IEC_27017_2015_Annex_A:_CLD.6.3.1 404 not found ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration ISO_IEC_27017_2015 Annex_A:_CLD.6.3.1 ISO_IEC_27017_2015_Annex_A:_CLD.6.3.1 404 not found ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration ISO_IEC_27017_2015 Annex_A:_CLD.6.3.1 ISO_IEC_27017_2015_Annex_A:_CLD.6.3.1 404 not found ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring ISO_IEC_27017_2015 Annex_A:_CLD.6.3.1 ISO_IEC_27017_2015_Annex_A:_CLD.6.3.1 404 not found ISO/IEC 27017 2015 (f48ecfa6-581c-43f9-8141-cd4adc72cf26)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ee67c031-57fc-53d0-0cca-96c4c04345e8 Document and distribute a privacy policy Regulatory Compliance ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
76d66b5c-85e4-93f5-96a5-ebb2fad61dc6 Terminate customer controlled account credentials Regulatory Compliance ISO27001-2013 A.10.1.2 ISO27001-2013_A.10.1.2 ISO 27001:2013 A.10.1.2 Key Management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance ISO27001-2013 A.10.1.2 ISO27001-2013_A.10.1.2 ISO 27001:2013 A.10.1.2 Key Management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance ISO27001-2013 A.10.1.2 ISO27001-2013_A.10.1.2 ISO 27001:2013 A.10.1.2 Key Management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance ISO27001-2013 A.10.1.2 ISO27001-2013_A.10.1.2 ISO 27001:2013 A.10.1.2 Key Management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance ISO27001-2013 A.10.1.2 ISO27001-2013_A.10.1.2 ISO 27001:2013 A.10.1.2 Key Management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance ISO27001-2013 A.10.1.2 ISO27001-2013_A.10.1.2 ISO 27001:2013 A.10.1.2 Key Management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance ISO27001-2013 A.10.1.2 ISO27001-2013_A.10.1.2 ISO 27001:2013 A.10.1.2 Key Management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance ISO27001-2013 A.10.1.2 ISO27001-2013_A.10.1.2 ISO 27001:2013 A.10.1.2 Key Management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance ISO27001-2013 A.10.1.2 ISO27001-2013_A.10.1.2 ISO 27001:2013 A.10.1.2 Key Management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance ISO27001-2013 A.10.1.2 ISO27001-2013_A.10.1.2 ISO 27001:2013 A.10.1.2 Key Management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance ISO27001-2013 A.10.1.2 ISO27001-2013_A.10.1.2 ISO 27001:2013 A.10.1.2 Key Management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.10.1.2 ISO27001-2013_A.10.1.2 ISO 27001:2013 A.10.1.2 Key Management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance ISO27001-2013 A.10.1.2 ISO27001-2013_A.10.1.2 ISO 27001:2013 A.10.1.2 Key Management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance ISO27001-2013 A.10.1.2 ISO27001-2013_A.10.1.2 ISO 27001:2013 A.10.1.2 Key Management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication Regulatory Compliance ISO27001-2013 A.10.1.2 ISO27001-2013_A.10.1.2 ISO 27001:2013 A.10.1.2 Key Management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance ISO27001-2013 A.11.1.1 ISO27001-2013_A.11.1.1 ISO 27001:2013 A.11.1.1 Physical security perimeter ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance ISO27001-2013 A.11.1.1 ISO27001-2013_A.11.1.1 ISO 27001:2013 A.11.1.1 Physical security perimeter ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance ISO27001-2013 A.11.1.1 ISO27001-2013_A.11.1.1 ISO 27001:2013 A.11.1.1 Physical security perimeter ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance ISO27001-2013 A.11.1.1 ISO27001-2013_A.11.1.1 ISO 27001:2013 A.11.1.1 Physical security perimeter ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance ISO27001-2013 A.11.1.1 ISO27001-2013_A.11.1.1 ISO 27001:2013 A.11.1.1 Physical security perimeter ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance ISO27001-2013 A.11.1.1 ISO27001-2013_A.11.1.1 ISO 27001:2013 A.11.1.1 Physical security perimeter ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance ISO27001-2013 A.11.1.1 ISO27001-2013_A.11.1.1 ISO 27001:2013 A.11.1.1 Physical security perimeter ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance ISO27001-2013 A.11.1.1 ISO27001-2013_A.11.1.1 ISO 27001:2013 A.11.1.1 Physical security perimeter ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d Manage maintenance personnel Regulatory Compliance ISO27001-2013 A.11.1.2 ISO27001-2013_A.11.1.2 ISO 27001:2013 A.11.1.2 Physical entry controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7a489c62-242c-5db9-74df-c073056d6fa3 Designate personnel to supervise unauthorized maintenance activities Regulatory Compliance ISO27001-2013 A.11.1.2 ISO27001-2013_A.11.1.2 ISO 27001:2013 A.11.1.2 Physical entry controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance ISO27001-2013 A.11.1.2 ISO27001-2013_A.11.1.2 ISO 27001:2013 A.11.1.2 Physical entry controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance ISO27001-2013 A.11.1.2 ISO27001-2013_A.11.1.2 ISO 27001:2013 A.11.1.2 Physical entry controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance ISO27001-2013 A.11.1.2 ISO27001-2013_A.11.1.2 ISO 27001:2013 A.11.1.2 Physical entry controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance ISO27001-2013 A.11.1.2 ISO27001-2013_A.11.1.2 ISO 27001:2013 A.11.1.2 Physical entry controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance ISO27001-2013 A.11.1.2 ISO27001-2013_A.11.1.2 ISO 27001:2013 A.11.1.2 Physical entry controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance ISO27001-2013 A.11.1.2 ISO27001-2013_A.11.1.2 ISO 27001:2013 A.11.1.2 Physical entry controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4ce91e4e-6dab-3c46-011a-aa14ae1561bf Maintain list of authorized remote maintenance personnel Regulatory Compliance ISO27001-2013 A.11.1.2 ISO27001-2013_A.11.1.2 ISO 27001:2013 A.11.1.2 Physical entry controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance ISO27001-2013 A.11.1.3 ISO27001-2013_A.11.1.3 ISO 27001:2013 A.11.1.3 Securing offices, rooms and facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance ISO27001-2013 A.11.1.3 ISO27001-2013_A.11.1.3 ISO 27001:2013 A.11.1.3 Securing offices, rooms and facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance ISO27001-2013 A.11.1.3 ISO27001-2013_A.11.1.3 ISO 27001:2013 A.11.1.3 Securing offices, rooms and facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance ISO27001-2013 A.11.1.3 ISO27001-2013_A.11.1.3 ISO 27001:2013 A.11.1.3 Securing offices, rooms and facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance ISO27001-2013 A.11.1.3 ISO27001-2013_A.11.1.3 ISO 27001:2013 A.11.1.3 Securing offices, rooms and facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance ISO27001-2013 A.11.1.4 ISO27001-2013_A.11.1.4 ISO 27001:2013 A.11.1.4 Protecting against external and environmental threats ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance ISO27001-2013 A.11.1.4 ISO27001-2013_A.11.1.4 ISO 27001:2013 A.11.1.4 Protecting against external and environmental threats ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site Regulatory Compliance ISO27001-2013 A.11.1.4 ISO27001-2013_A.11.1.4 ISO 27001:2013 A.11.1.4 Protecting against external and environmental threats ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance ISO27001-2013 A.11.1.4 ISO27001-2013_A.11.1.4 ISO 27001:2013 A.11.1.4 Protecting against external and environmental threats ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance ISO27001-2013 A.11.1.4 ISO27001-2013_A.11.1.4 ISO 27001:2013 A.11.1.4 Protecting against external and environmental threats ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance ISO27001-2013 A.11.1.4 ISO27001-2013_A.11.1.4 ISO 27001:2013 A.11.1.4 Protecting against external and environmental threats ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance ISO27001-2013 A.11.1.4 ISO27001-2013_A.11.1.4 ISO 27001:2013 A.11.1.4 Protecting against external and environmental threats ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance ISO27001-2013 A.11.1.4 ISO27001-2013_A.11.1.4 ISO 27001:2013 A.11.1.4 Protecting against external and environmental threats ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance ISO27001-2013 A.11.1.4 ISO27001-2013_A.11.1.4 ISO 27001:2013 A.11.1.4 Protecting against external and environmental threats ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance ISO27001-2013 A.11.1.5 ISO27001-2013_A.11.1.5 ISO 27001:2013 A.11.1.5 Working in secure areas ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance ISO27001-2013 A.11.1.5 ISO27001-2013_A.11.1.5 ISO 27001:2013 A.11.1.5 Working in secure areas ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance ISO27001-2013 A.11.1.5 ISO27001-2013_A.11.1.5 ISO 27001:2013 A.11.1.5 Working in secure areas ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance ISO27001-2013 A.11.1.6 ISO27001-2013_A.11.1.6 ISO 27001:2013 A.11.1.6 Delivering and loading areas ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance ISO27001-2013 A.11.1.6 ISO27001-2013_A.11.1.6 ISO 27001:2013 A.11.1.6 Delivering and loading areas ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance ISO27001-2013 A.11.1.6 ISO27001-2013_A.11.1.6 ISO 27001:2013 A.11.1.6 Delivering and loading areas ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
25a1f840-65d0-900a-43e4-bee253de04de Define requirements for managing assets Regulatory Compliance ISO27001-2013 A.11.1.6 ISO27001-2013_A.11.1.6 ISO 27001:2013 A.11.1.6 Delivering and loading areas ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance ISO27001-2013 A.11.1.6 ISO27001-2013_A.11.1.6 ISO 27001:2013 A.11.1.6 Delivering and loading areas ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance ISO27001-2013 A.11.2.1 ISO27001-2013_A.11.2.1 ISO 27001:2013 A.11.2.1 Equipment sitting and protection ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aa892c0d-2c40-200c-0dd8-eac8c4748ede Employ automatic emergency lighting Regulatory Compliance ISO27001-2013 A.11.2.2 ISO27001-2013_A.11.2.2 ISO 27001:2013 A.11.2.2 Supporting utilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance ISO27001-2013 A.11.2.2 ISO27001-2013_A.11.2.2 ISO 27001:2013 A.11.2.2 Supporting utilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers Regulatory Compliance ISO27001-2013 A.11.2.2 ISO27001-2013_A.11.2.2 ISO 27001:2013 A.11.2.2 Supporting utilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance ISO27001-2013 A.11.2.3 ISO27001-2013_A.11.2.3 ISO 27001:2013 A.11.2.3 Cabling security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance ISO27001-2013 A.11.2.3 ISO27001-2013_A.11.2.3 ISO 27001:2013 A.11.2.3 Cabling security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance ISO27001-2013 A.11.2.3 ISO27001-2013_A.11.2.3 ISO 27001:2013 A.11.2.3 Cabling security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance ISO27001-2013 A.11.2.3 ISO27001-2013_A.11.2.3 ISO 27001:2013 A.11.2.3 Cabling security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance ISO27001-2013 A.11.2.4 ISO27001-2013_A.11.2.4 ISO 27001:2013 A.11.2.4 Equipment maintenance ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb598832-4bcc-658d-4381-3ecbe17b9866 Provide timely maintenance support Regulatory Compliance ISO27001-2013 A.11.2.4 ISO27001-2013_A.11.2.4 ISO 27001:2013 A.11.2.4 Equipment maintenance ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
74041cfe-3f87-1d17-79ec-34ca5f895542 Produce complete records of remote maintenance activities Regulatory Compliance ISO27001-2013 A.11.2.4 ISO27001-2013_A.11.2.4 ISO 27001:2013 A.11.2.4 Equipment maintenance ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b8587fce-138f-86e8-33a3-c60768bf1da6 Automate remote maintenance activities Regulatory Compliance ISO27001-2013 A.11.2.4 ISO27001-2013_A.11.2.4 ISO 27001:2013 A.11.2.4 Equipment maintenance ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance ISO27001-2013 A.11.2.4 ISO27001-2013_A.11.2.4 ISO 27001:2013 A.11.2.4 Equipment maintenance ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance ISO27001-2013 A.11.2.4 ISO27001-2013_A.11.2.4 ISO 27001:2013 A.11.2.4 Equipment maintenance ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance ISO27001-2013 A.11.2.4 ISO27001-2013_A.11.2.4 ISO 27001:2013 A.11.2.4 Equipment maintenance ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance ISO27001-2013 A.11.2.4 ISO27001-2013_A.11.2.4 ISO 27001:2013 A.11.2.4 Equipment maintenance ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance ISO27001-2013 A.11.2.4 ISO27001-2013_A.11.2.4 ISO 27001:2013 A.11.2.4 Equipment maintenance ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance ISO27001-2013 A.11.2.5 ISO27001-2013_A.11.2.5 ISO 27001:2013 A.11.2.5 Removal of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance ISO27001-2013 A.11.2.5 ISO27001-2013_A.11.2.5 ISO 27001:2013 A.11.2.5 Removal of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance ISO27001-2013 A.11.2.5 ISO27001-2013_A.11.2.5 ISO 27001:2013 A.11.2.5 Removal of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance ISO27001-2013 A.11.2.5 ISO27001-2013_A.11.2.5 ISO 27001:2013 A.11.2.5 Removal of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
25a1f840-65d0-900a-43e4-bee253de04de Define requirements for managing assets Regulatory Compliance ISO27001-2013 A.11.2.5 ISO27001-2013_A.11.2.5 ISO 27001:2013 A.11.2.5 Removal of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance ISO27001-2013 A.11.2.5 ISO27001-2013_A.11.2.5 ISO 27001:2013 A.11.2.5 Removal of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance ISO27001-2013 A.11.2.6 ISO27001-2013_A.11.2.6 ISO 27001:2013 A.11.2.6 Security of equipment and assets off-premises ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance ISO27001-2013 A.11.2.6 ISO27001-2013_A.11.2.6 ISO 27001:2013 A.11.2.6 Security of equipment and assets off-premises ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance ISO27001-2013 A.11.2.6 ISO27001-2013_A.11.2.6 ISO 27001:2013 A.11.2.6 Security of equipment and assets off-premises ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance ISO27001-2013 A.11.2.6 ISO27001-2013_A.11.2.6 ISO 27001:2013 A.11.2.6 Security of equipment and assets off-premises ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance ISO27001-2013 A.11.2.6 ISO27001-2013_A.11.2.6 ISO 27001:2013 A.11.2.6 Security of equipment and assets off-premises ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance ISO27001-2013 A.11.2.6 ISO27001-2013_A.11.2.6 ISO 27001:2013 A.11.2.6 Security of equipment and assets off-premises ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance ISO27001-2013 A.11.2.6 ISO27001-2013_A.11.2.6 ISO 27001:2013 A.11.2.6 Security of equipment and assets off-premises ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals Regulatory Compliance ISO27001-2013 A.11.2.6 ISO27001-2013_A.11.2.6 ISO 27001:2013 A.11.2.6 Security of equipment and assets off-premises ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance ISO27001-2013 A.11.2.6 ISO27001-2013_A.11.2.6 ISO 27001:2013 A.11.2.6 Security of equipment and assets off-premises ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return Regulatory Compliance ISO27001-2013 A.11.2.6 ISO27001-2013_A.11.2.6 ISO 27001:2013 A.11.2.6 Security of equipment and assets off-premises ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance ISO27001-2013 A.11.2.7 ISO27001-2013_A.11.2.7 ISO 27001:2013 A.11.2.7 Secure disposal or re-use of equipment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance ISO27001-2013 A.11.2.7 ISO27001-2013_A.11.2.7 ISO 27001:2013 A.11.2.7 Secure disposal or re-use of equipment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance ISO27001-2013 A.11.2.7 ISO27001-2013_A.11.2.7 ISO 27001:2013 A.11.2.7 Secure disposal or re-use of equipment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance ISO27001-2013 A.11.2.7 ISO27001-2013_A.11.2.7 ISO 27001:2013 A.11.2.7 Secure disposal or re-use of equipment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance ISO27001-2013 A.11.2.7 ISO27001-2013_A.11.2.7 ISO 27001:2013 A.11.2.7 Secure disposal or re-use of equipment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance ISO27001-2013 A.11.2.8 ISO27001-2013_A.11.2.8 ISO 27001:2013 A.11.2.8 Unattended user equipment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance ISO27001-2013 A.11.2.8 ISO27001-2013_A.11.2.8 ISO 27001:2013 A.11.2.8 Unattended user equipment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance ISO27001-2013 A.11.2.9 ISO27001-2013_A.11.2.9 ISO 27001:2013 A.11.2.9 Clear desk and clear screen policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance ISO27001-2013 A.11.2.9 ISO27001-2013_A.11.2.9 ISO 27001:2013 A.11.2.9 Clear desk and clear screen policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance ISO27001-2013 A.11.2.9 ISO27001-2013_A.11.2.9 ISO 27001:2013 A.11.2.9 Clear desk and clear screen policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3f1216b0-30ee-1ac9-3899-63eb744e85f5 Obtain Admin documentation Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
be1c34ab-295a-07a6-785c-36f63c1d223e Obtain user security function documentation Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c44a0ea-9b09-4d9c-0e91-f9bee3d05bfb Document customer-defined actions Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
09960521-759e-5d12-086f-4192a72a5e92 Protect administrator and user documentation Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84a01872-5318-049e-061e-d56734183e84 Distribute information system documentation Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance ISO27001-2013 A.12.1.3 ISO27001-2013_A.12.1.3 ISO 27001:2013 A.12.1.3 Capacity management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
33602e78-35e3-4f06-17fb-13dd887448e4 Conduct capacity planning Regulatory Compliance ISO27001-2013 A.12.1.3 ISO27001-2013_A.12.1.3 ISO 27001:2013 A.12.1.3 Capacity management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance ISO27001-2013 A.12.1.4 ISO27001-2013_A.12.1.4 ISO 27001:2013 A.12.1.4 Separation of development, testing and operational environments ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance ISO27001-2013 A.12.1.4 ISO27001-2013_A.12.1.4 ISO 27001:2013 A.12.1.4 Separation of development, testing and operational environments ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cf79f602-1e60-5423-6c0c-e632c2ea1fc0 Implement controls to protect PII Regulatory Compliance ISO27001-2013 A.12.1.4 ISO27001-2013_A.12.1.4 ISO 27001:2013 A.12.1.4 Separation of development, testing and operational environments ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
834b7a4a-83ab-2188-1a26-9c5033d8173b Incorporate security and data privacy practices in research processing Regulatory Compliance ISO27001-2013 A.12.1.4 ISO27001-2013_A.12.1.4 ISO 27001:2013 A.12.1.4 Separation of development, testing and operational environments ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eda0cbb7-6043-05bf-645b-67411f1a59b3 Ensure there are no unencrypted static authenticators Regulatory Compliance ISO27001-2013 A.12.1.4 ISO27001-2013_A.12.1.4 ISO 27001:2013 A.12.1.4 Separation of development, testing and operational environments ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance ISO27001-2013 A.12.1.4 ISO27001-2013_A.12.1.4 ISO 27001:2013 A.12.1.4 Separation of development, testing and operational environments ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance ISO27001-2013 A.12.1.4 ISO27001-2013_A.12.1.4 ISO 27001:2013 A.12.1.4 Separation of development, testing and operational environments ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance ISO27001-2013 A.12.1.4 ISO27001-2013_A.12.1.4 ISO 27001:2013 A.12.1.4 Separation of development, testing and operational environments ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance ISO27001-2013 A.12.1.4 ISO27001-2013_A.12.1.4 ISO 27001:2013 A.12.1.4 Separation of development, testing and operational environments ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance ISO27001-2013 A.12.1.4 ISO27001-2013_A.12.1.4 ISO 27001:2013 A.12.1.4 Separation of development, testing and operational environments ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance ISO27001-2013 A.12.2.1 ISO27001-2013_A.12.2.1 ISO 27001:2013 A.12.2.1 Controls against malware ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance ISO27001-2013 A.12.2.1 ISO27001-2013_A.12.2.1 ISO 27001:2013 A.12.2.1 Controls against malware ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance ISO27001-2013 A.12.2.1 ISO27001-2013_A.12.2.1 ISO 27001:2013 A.12.2.1 Controls against malware ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance ISO27001-2013 A.12.2.1 ISO27001-2013_A.12.2.1 ISO 27001:2013 A.12.2.1 Controls against malware ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance ISO27001-2013 A.12.2.1 ISO27001-2013_A.12.2.1 ISO 27001:2013 A.12.2.1 Controls against malware ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance ISO27001-2013 A.12.2.1 ISO27001-2013_A.12.2.1 ISO 27001:2013 A.12.2.1 Controls against malware ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance ISO27001-2013 A.12.2.1 ISO27001-2013_A.12.2.1 ISO 27001:2013 A.12.2.1 Controls against malware ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance ISO27001-2013 A.12.2.1 ISO27001-2013_A.12.2.1 ISO 27001:2013 A.12.2.1 Controls against malware ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance ISO27001-2013 A.12.2.1 ISO27001-2013_A.12.2.1 ISO 27001:2013 A.12.2.1 Controls against malware ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance ISO27001-2013 A.12.2.1 ISO27001-2013_A.12.2.1 ISO 27001:2013 A.12.2.1 Controls against malware ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance ISO27001-2013 A.12.2.1 ISO27001-2013_A.12.2.1 ISO 27001:2013 A.12.2.1 Controls against malware ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance ISO27001-2013 A.12.2.1 ISO27001-2013_A.12.2.1 ISO 27001:2013 A.12.2.1 Controls against malware ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance ISO27001-2013 A.12.3.1 ISO27001-2013_A.12.3.1 ISO 27001:2013 A.12.3.1 Information backup ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance ISO27001-2013 A.12.3.1 ISO27001-2013_A.12.3.1 ISO 27001:2013 A.12.3.1 Information backup ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance ISO27001-2013 A.12.3.1 ISO27001-2013_A.12.3.1 ISO 27001:2013 A.12.3.1 Information backup ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance ISO27001-2013 A.12.3.1 ISO27001-2013_A.12.3.1 ISO 27001:2013 A.12.3.1 Information backup ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance ISO27001-2013 A.12.3.1 ISO27001-2013_A.12.3.1 ISO 27001:2013 A.12.3.1 Information backup ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance ISO27001-2013 A.12.3.1 ISO27001-2013_A.12.3.1 ISO 27001:2013 A.12.3.1 Information backup ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance ISO27001-2013 A.12.3.1 ISO27001-2013_A.12.3.1 ISO 27001:2013 A.12.3.1 Information backup ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance ISO27001-2013 A.12.3.1 ISO27001-2013_A.12.3.1 ISO 27001:2013 A.12.3.1 Information backup ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance ISO27001-2013 A.12.3.1 ISO27001-2013_A.12.3.1 ISO 27001:2013 A.12.3.1 Information backup ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance ISO27001-2013 A.12.3.1 ISO27001-2013_A.12.3.1 ISO 27001:2013 A.12.3.1 Information backup ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ba02d0a0-566a-25dc-73f1-101c726a19c5 Implement transaction based recovery Regulatory Compliance ISO27001-2013 A.12.3.1 ISO27001-2013_A.12.3.1 ISO 27001:2013 A.12.3.1 Information backup ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance ISO27001-2013 A.12.3.1 ISO27001-2013_A.12.3.1 ISO 27001:2013 A.12.3.1 Information backup ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance ISO27001-2013 A.12.3.1 ISO27001-2013_A.12.3.1 ISO 27001:2013 A.12.3.1 Information backup ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a930f477-9dcb-2113-8aa7-45bb6fc90861 Review and update the events defined in AU-02 Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b8ec9ebb-5b7f-8426-17c1-2bc3fcd54c6e Implement methods for consumer requests Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ad1d562b-a04b-15d3-6770-ed310b601cb5 Publish rules and regulations accessing Privacy Act records Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2c723e8-a1a0-8e38-5cf1-f5a20ffe4f51 Publish access procedures in SORNs Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
79c75b38-334b-1a69-65e0-a9d929a42f75 Document the legal basis for processing personal information Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
07b42fb5-027e-5a3c-4915-9d9ef3020ec7 Discover any indicators of compromise Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7fc1f0da-0050-19bb-3d75-81ae15940df6 Provide monitoring information as needed Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d9af7f88-686a-5a8b-704b-eafdab278977 Obtain legal opinion for monitoring system activities Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c246d146-82b0-301f-32e7-1065dcd248b7 Review changes for any unauthorized changes Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8cd815bf-97e1-5144-0735-11f6ddb50a59 Enforce and audit access restrictions Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8019d788-713d-90a1-5570-dac5052f517d Train staff on PII sharing and its consequences Regulatory Compliance ISO27001-2013 A.12.4.2 ISO27001-2013_A.12.4.2 ISO 27001:2013 A.12.4.2 Protection of log information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
52375c01-4d4c-7acc-3aa4-5b3d53a047ec Define the duties of processors Regulatory Compliance ISO27001-2013 A.12.4.2 ISO27001-2013_A.12.4.2 ISO 27001:2013 A.12.4.2 Protection of log information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8b1da407-5e60-5037-612e-2caa1b590719 Record disclosures of PII to third parties Regulatory Compliance ISO27001-2013 A.12.4.2 ISO27001-2013_A.12.4.2 ISO 27001:2013 A.12.4.2 Protection of log information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance ISO27001-2013 A.12.4.2 ISO27001-2013_A.12.4.2 ISO 27001:2013 A.12.4.2 Protection of log information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance ISO27001-2013 A.12.4.2 ISO27001-2013_A.12.4.2 ISO 27001:2013 A.12.4.2 Protection of log information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance ISO27001-2013 A.12.4.2 ISO27001-2013_A.12.4.2 ISO 27001:2013 A.12.4.2 Protection of log information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance ISO27001-2013 A.12.4.2 ISO27001-2013_A.12.4.2 ISO 27001:2013 A.12.4.2 Protection of log information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance ISO27001-2013 A.12.4.2 ISO27001-2013_A.12.4.2 ISO 27001:2013 A.12.4.2 Protection of log information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7fc1f0da-0050-19bb-3d75-81ae15940df6 Provide monitoring information as needed Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d9af7f88-686a-5a8b-704b-eafdab278977 Obtain legal opinion for monitoring system activities Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
214ea241-010d-8926-44cc-b90a96d52adc Compile Audit records into system wide audit Regulatory Compliance ISO27001-2013 A.12.4.4 ISO27001-2013_A.12.4.4 ISO 27001:2013 A.12.4.4 Clock Synchronization ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring ISO27001-2013 A.12.4.4 ISO27001-2013_A.12.4.4 ISO 27001:2013 A.12.4.4 Clock Synchronization ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring ISO27001-2013 A.12.4.4 ISO27001-2013_A.12.4.4 ISO 27001:2013 A.12.4.4 Clock Synchronization ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring ISO27001-2013 A.12.4.4 ISO27001-2013_A.12.4.4 ISO 27001:2013 A.12.4.4 Clock Synchronization ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring ISO27001-2013 A.12.4.4 ISO27001-2013_A.12.4.4 ISO 27001:2013 A.12.4.4 Clock Synchronization ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring ISO27001-2013 A.12.4.4 ISO27001-2013_A.12.4.4 ISO 27001:2013 A.12.4.4 Clock Synchronization ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL ISO27001-2013 A.12.4.4 ISO27001-2013_A.12.4.4 ISO 27001:2013 A.12.4.4 Clock Synchronization ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1ee4c7eb-480a-0007-77ff-4ba370776266 Use system clocks for audit records Regulatory Compliance ISO27001-2013 A.12.4.4 ISO27001-2013_A.12.4.4 ISO 27001:2013 A.12.4.4 Clock Synchronization ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance ISO27001-2013 A.12.6.1 ISO27001-2013_A.12.6.1 ISO 27001:2013 A.12.6.1 Management of technical vulnerabilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f78fc35e-1268-0bca-a798-afcba9d2330a Select additional testing for security control assessments Regulatory Compliance ISO27001-2013 A.12.6.1 ISO27001-2013_A.12.6.1 ISO 27001:2013 A.12.6.1 Management of technical vulnerabilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance ISO27001-2013 A.12.6.1 ISO27001-2013_A.12.6.1 ISO 27001:2013 A.12.6.1 Management of technical vulnerabilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance ISO27001-2013 A.12.6.1 ISO27001-2013_A.12.6.1 ISO 27001:2013 A.12.6.1 Management of technical vulnerabilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance ISO27001-2013 A.12.6.1 ISO27001-2013_A.12.6.1 ISO 27001:2013 A.12.6.1 Management of technical vulnerabilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center ISO27001-2013 A.12.6.1 ISO27001-2013_A.12.6.1 ISO 27001:2013 A.12.6.1 Management of technical vulnerabilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance ISO27001-2013 A.12.6.1 ISO27001-2013_A.12.6.1 ISO 27001:2013 A.12.6.1 Management of technical vulnerabilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance ISO27001-2013 A.12.6.1 ISO27001-2013_A.12.6.1 ISO 27001:2013 A.12.6.1 Management of technical vulnerabilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance ISO27001-2013 A.12.6.1 ISO27001-2013_A.12.6.1 ISO 27001:2013 A.12.6.1 Management of technical vulnerabilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center ISO27001-2013 A.12.6.1 ISO27001-2013_A.12.6.1 ISO 27001:2013 A.12.6.1 Management of technical vulnerabilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
611ebc63-8600-50b6-a0e3-fef272457132 Employ independent team for penetration testing Regulatory Compliance ISO27001-2013 A.12.7.1 ISO27001-2013_A.12.7.1 ISO 27001:2013 A.12.7.1 Information systems audit controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance ISO27001-2013 A.13.1.2 ISO27001-2013_A.13.1.2 ISO 27001:2013 A.13.1.2 Security of network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance ISO27001-2013 A.13.1.2 ISO27001-2013_A.13.1.2 ISO 27001:2013 A.13.1.2 Security of network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance ISO27001-2013 A.13.1.2 ISO27001-2013_A.13.1.2 ISO 27001:2013 A.13.1.2 Security of network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance ISO27001-2013 A.13.1.2 ISO27001-2013_A.13.1.2 ISO 27001:2013 A.13.1.2 Security of network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance ISO27001-2013 A.13.1.2 ISO27001-2013_A.13.1.2 ISO 27001:2013 A.13.1.2 Security of network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance ISO27001-2013 A.13.1.2 ISO27001-2013_A.13.1.2 ISO 27001:2013 A.13.1.2 Security of network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance ISO27001-2013 A.13.1.2 ISO27001-2013_A.13.1.2 ISO 27001:2013 A.13.1.2 Security of network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance ISO27001-2013 A.13.1.2 ISO27001-2013_A.13.1.2 ISO 27001:2013 A.13.1.2 Security of network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance ISO27001-2013 A.13.1.2 ISO27001-2013_A.13.1.2 ISO 27001:2013 A.13.1.2 Security of network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance ISO27001-2013 A.13.1.2 ISO27001-2013_A.13.1.2 ISO 27001:2013 A.13.1.2 Security of network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance ISO27001-2013 A.13.1.2 ISO27001-2013_A.13.1.2 ISO 27001:2013 A.13.1.2 Security of network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance ISO27001-2013 A.13.1.2 ISO27001-2013_A.13.1.2 ISO 27001:2013 A.13.1.2 Security of network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance ISO27001-2013 A.13.1.2 ISO27001-2013_A.13.1.2 ISO 27001:2013 A.13.1.2 Security of network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance ISO27001-2013 A.13.1.2 ISO27001-2013_A.13.1.2 ISO 27001:2013 A.13.1.2 Security of network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance ISO27001-2013 A.13.1.2 ISO27001-2013_A.13.1.2 ISO 27001:2013 A.13.1.2 Security of network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance ISO27001-2013 A.13.1.2 ISO27001-2013_A.13.1.2 ISO 27001:2013 A.13.1.2 Security of network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
62fa14f0-4cbe-762d-5469-0899a99b98aa Explicitly notify use of collaborative computing devices Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
678ca228-042d-6d8e-a598-c58d5670437d Prohibit remote activation of collaborative computing devices Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance ISO27001-2013 A.13.2.2 ISO27001-2013_A.13.2.2 ISO 27001:2013 A.13.2.2 Agreements on information transfer ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance ISO27001-2013 A.13.2.2 ISO27001-2013_A.13.2.2 ISO 27001:2013 A.13.2.2 Agreements on information transfer ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance ISO27001-2013 A.13.2.2 ISO27001-2013_A.13.2.2 ISO 27001:2013 A.13.2.2 Agreements on information transfer ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance ISO27001-2013 A.13.2.2 ISO27001-2013_A.13.2.2 ISO 27001:2013 A.13.2.2 Agreements on information transfer ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance ISO27001-2013 A.13.2.2 ISO27001-2013_A.13.2.2 ISO 27001:2013 A.13.2.2 Agreements on information transfer ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance ISO27001-2013 A.13.2.2 ISO27001-2013_A.13.2.2 ISO 27001:2013 A.13.2.2 Agreements on information transfer ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance ISO27001-2013 A.13.2.2 ISO27001-2013_A.13.2.2 ISO 27001:2013 A.13.2.2 Agreements on information transfer ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance ISO27001-2013 A.13.2.2 ISO27001-2013_A.13.2.2 ISO 27001:2013 A.13.2.2 Agreements on information transfer ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance ISO27001-2013 A.13.2.2 ISO27001-2013_A.13.2.2 ISO 27001:2013 A.13.2.2 Agreements on information transfer ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance ISO27001-2013 A.13.2.2 ISO27001-2013_A.13.2.2 ISO 27001:2013 A.13.2.2 Agreements on information transfer ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance ISO27001-2013 A.13.2.2 ISO27001-2013_A.13.2.2 ISO 27001:2013 A.13.2.2 Agreements on information transfer ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance ISO27001-2013 A.13.2.3 ISO27001-2013_A.13.2.3 ISO 27001:2013 A.13.2.3 Electronic messaging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance ISO27001-2013 A.13.2.3 ISO27001-2013_A.13.2.3 ISO 27001:2013 A.13.2.3 Electronic messaging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance ISO27001-2013 A.13.2.3 ISO27001-2013_A.13.2.3 ISO 27001:2013 A.13.2.3 Electronic messaging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance ISO27001-2013 A.13.2.3 ISO27001-2013_A.13.2.3 ISO 27001:2013 A.13.2.3 Electronic messaging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance ISO27001-2013 A.13.2.3 ISO27001-2013_A.13.2.3 ISO 27001:2013 A.13.2.3 Electronic messaging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance ISO27001-2013 A.13.2.3 ISO27001-2013_A.13.2.3 ISO 27001:2013 A.13.2.3 Electronic messaging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance ISO27001-2013 A.13.2.3 ISO27001-2013_A.13.2.3 ISO 27001:2013 A.13.2.3 Electronic messaging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance ISO27001-2013 A.13.2.3 ISO27001-2013_A.13.2.3 ISO 27001:2013 A.13.2.3 Electronic messaging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance ISO27001-2013 A.13.2.3 ISO27001-2013_A.13.2.3 ISO 27001:2013 A.13.2.3 Electronic messaging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance ISO27001-2013 A.13.2.3 ISO27001-2013_A.13.2.3 ISO 27001:2013 A.13.2.3 Electronic messaging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3af53f59-979f-24a8-540f-d7cdbc366607 Require users to sign access agreement Regulatory Compliance ISO27001-2013 A.13.2.4 ISO27001-2013_A.13.2.4 ISO 27001:2013 A.13.2.4 Confidentiality or non-disclosure agreements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance ISO27001-2013 A.13.2.4 ISO27001-2013_A.13.2.4 ISO 27001:2013 A.13.2.4 Confidentiality or non-disclosure agreements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance ISO27001-2013 A.13.2.4 ISO27001-2013_A.13.2.4 ISO 27001:2013 A.13.2.4 Confidentiality or non-disclosure agreements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance ISO27001-2013 A.13.2.4 ISO27001-2013_A.13.2.4 ISO 27001:2013 A.13.2.4 Confidentiality or non-disclosure agreements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance ISO27001-2013 A.13.2.4 ISO27001-2013_A.13.2.4 ISO 27001:2013 A.13.2.4 Confidentiality or non-disclosure agreements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e21f91d1-2803-0282-5f2d-26ebc4b170ef Update organizational access agreements Regulatory Compliance ISO27001-2013 A.13.2.4 ISO27001-2013_A.13.2.4 ISO 27001:2013 A.13.2.4 Confidentiality or non-disclosure agreements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e7589f4e-1e8b-72c2-3692-1e14d7f3699f Ensure access agreements are signed or resigned timely Regulatory Compliance ISO27001-2013 A.13.2.4 ISO27001-2013_A.13.2.4 ISO 27001:2013 A.13.2.4 Confidentiality or non-disclosure agreements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance ISO27001-2013 A.13.2.4 ISO27001-2013_A.13.2.4 ISO 27001:2013 A.13.2.4 Confidentiality or non-disclosure agreements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance ISO27001-2013 A.13.2.4 ISO27001-2013_A.13.2.4 ISO 27001:2013 A.13.2.4 Confidentiality or non-disclosure agreements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance ISO27001-2013 A.13.2.4 ISO27001-2013_A.13.2.4 ISO 27001:2013 A.13.2.4 Confidentiality or non-disclosure agreements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance ISO27001-2013 A.13.2.4 ISO27001-2013_A.13.2.4 ISO 27001:2013 A.13.2.4 Confidentiality or non-disclosure agreements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c981fa70-2e58-8141-1457-e7f62ebc2ade Document organizational access agreements Regulatory Compliance ISO27001-2013 A.13.2.4 ISO27001-2013_A.13.2.4 ISO 27001:2013 A.13.2.4 Confidentiality or non-disclosure agreements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance ISO27001-2013 A.13.2.4 ISO27001-2013_A.13.2.4 ISO 27001:2013 A.13.2.4 Confidentiality or non-disclosure agreements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance ISO27001-2013 A.13.2.4 ISO27001-2013_A.13.2.4 ISO 27001:2013 A.13.2.4 Confidentiality or non-disclosure agreements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ced291b8-1d3d-7e27-40cf-829e9dd523c8 Review and update the information security architecture Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 Review development process, standards and tools Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e7422f08-65b4-50e4-3779-d793156e0079 Develop a concept of operations (CONOPS) Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7a114735-a420-057d-a651-9a73cd0416ef Require developers to provide unified security protection approach Regulatory Compliance ISO27001-2013 A.14.2.1 ISO27001-2013_A.14.2.1 ISO 27001:2013 A.14.2.1 Secure development policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3e37c891-840c-3eb4-78d2-e2e0bb5063e0 Require developers to describe accurate security functionality Regulatory Compliance ISO27001-2013 A.14.2.1 ISO27001-2013_A.14.2.1 ISO 27001:2013 A.14.2.1 Secure development policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance ISO27001-2013 A.14.2.1 ISO27001-2013_A.14.2.1 ISO 27001:2013 A.14.2.1 Secure development policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance ISO27001-2013 A.14.2.1 ISO27001-2013_A.14.2.1 ISO 27001:2013 A.14.2.1 Secure development policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance ISO27001-2013 A.14.2.1 ISO27001-2013_A.14.2.1 ISO 27001:2013 A.14.2.1 Secure development policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f131c8c5-a54a-4888-1efc-158928924bc1 Require developers to build security architecture Regulatory Compliance ISO27001-2013 A.14.2.1 ISO27001-2013_A.14.2.1 ISO 27001:2013 A.14.2.1 Secure development policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 Review development process, standards and tools Regulatory Compliance ISO27001-2013 A.14.2.1 ISO27001-2013_A.14.2.1 ISO 27001:2013 A.14.2.1 Secure development policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8b1f29eb-1b22-4217-5337-9207cb55231e Perform information input validation Regulatory Compliance ISO27001-2013 A.14.2.5 ISO27001-2013_A.14.2.5 ISO 27001:2013 A.14.2.5 Secure system engineering principles ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 Review development process, standards and tools Regulatory Compliance ISO27001-2013 A.14.2.5 ISO27001-2013_A.14.2.5 ISO 27001:2013 A.14.2.5 Secure system engineering principles ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f131c8c5-a54a-4888-1efc-158928924bc1 Require developers to build security architecture Regulatory Compliance ISO27001-2013 A.14.2.5 ISO27001-2013_A.14.2.5 ISO 27001:2013 A.14.2.5 Secure system engineering principles ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7a114735-a420-057d-a651-9a73cd0416ef Require developers to provide unified security protection approach Regulatory Compliance ISO27001-2013 A.14.2.5 ISO27001-2013_A.14.2.5 ISO 27001:2013 A.14.2.5 Secure system engineering principles ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3e37c891-840c-3eb4-78d2-e2e0bb5063e0 Require developers to describe accurate security functionality Regulatory Compliance ISO27001-2013 A.14.2.5 ISO27001-2013_A.14.2.5 ISO 27001:2013 A.14.2.5 Secure system engineering principles ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance ISO27001-2013 A.14.2.6 ISO27001-2013_A.14.2.6 ISO 27001:2013 A.14.2.6 Secure development environment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance ISO27001-2013 A.14.2.6 ISO27001-2013_A.14.2.6 ISO 27001:2013 A.14.2.6 Secure development environment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance ISO27001-2013 A.14.2.6 ISO27001-2013_A.14.2.6 ISO 27001:2013 A.14.2.6 Secure development environment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance ISO27001-2013 A.14.2.6 ISO27001-2013_A.14.2.6 ISO 27001:2013 A.14.2.6 Secure development environment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance ISO27001-2013 A.14.2.6 ISO27001-2013_A.14.2.6 ISO 27001:2013 A.14.2.6 Secure development environment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance ISO27001-2013 A.14.2.6 ISO27001-2013_A.14.2.6 ISO 27001:2013 A.14.2.6 Secure development environment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance ISO27001-2013 A.14.2.6 ISO27001-2013_A.14.2.6 ISO 27001:2013 A.14.2.6 Secure development environment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance ISO27001-2013 A.14.2.6 ISO27001-2013_A.14.2.6 ISO 27001:2013 A.14.2.6 Secure development environment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance ISO27001-2013 A.14.2.6 ISO27001-2013_A.14.2.6 ISO 27001:2013 A.14.2.6 Secure development environment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance ISO27001-2013 A.14.2.6 ISO27001-2013_A.14.2.6 ISO 27001:2013 A.14.2.6 Secure development environment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f8a63511-66f1-503f-196d-d6217ee0823a Require developers to produce evidence of security assessment plan execution Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f8a63511-66f1-503f-196d-d6217ee0823a Require developers to produce evidence of security assessment plan execution Regulatory Compliance ISO27001-2013 A.14.2.8 ISO27001-2013_A.14.2.8 ISO 27001:2013 A.14.2.8 System security testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance ISO27001-2013 A.14.2.8 ISO27001-2013_A.14.2.8 ISO 27001:2013 A.14.2.8 System security testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance ISO27001-2013 A.14.2.8 ISO27001-2013_A.14.2.8 ISO 27001:2013 A.14.2.8 System security testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance ISO27001-2013 A.14.2.8 ISO27001-2013_A.14.2.8 ISO 27001:2013 A.14.2.8 System security testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance ISO27001-2013 A.14.2.8 ISO27001-2013_A.14.2.8 ISO 27001:2013 A.14.2.8 System security testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance ISO27001-2013 A.14.2.8 ISO27001-2013_A.14.2.8 ISO 27001:2013 A.14.2.8 System security testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eda0cbb7-6043-05bf-645b-67411f1a59b3 Ensure there are no unencrypted static authenticators Regulatory Compliance ISO27001-2013 A.14.2.8 ISO27001-2013_A.14.2.8 ISO 27001:2013 A.14.2.8 System security testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance ISO27001-2013 A.14.2.8 ISO27001-2013_A.14.2.8 ISO 27001:2013 A.14.2.8 System security testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance ISO27001-2013 A.14.2.9 ISO27001-2013_A.14.2.9 ISO 27001:2013 A.14.2.9 System acceptance testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.2.9 ISO27001-2013_A.14.2.9 ISO 27001:2013 A.14.2.9 System acceptance testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance ISO27001-2013 A.14.2.9 ISO27001-2013_A.14.2.9 ISO 27001:2013 A.14.2.9 System acceptance testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance ISO27001-2013 A.14.2.9 ISO27001-2013_A.14.2.9 ISO 27001:2013 A.14.2.9 System acceptance testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance ISO27001-2013 A.14.2.9 ISO27001-2013_A.14.2.9 ISO 27001:2013 A.14.2.9 System acceptance testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance ISO27001-2013 A.14.2.9 ISO27001-2013_A.14.2.9 ISO 27001:2013 A.14.2.9 System acceptance testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.2.9 ISO27001-2013_A.14.2.9 ISO 27001:2013 A.14.2.9 System acceptance testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.2.9 ISO27001-2013_A.14.2.9 ISO 27001:2013 A.14.2.9 System acceptance testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.2.9 ISO27001-2013_A.14.2.9 ISO 27001:2013 A.14.2.9 System acceptance testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0716f0f5-4955-2ccb-8d5e-c6be14d57c0f Ensure resources are authorized Regulatory Compliance ISO27001-2013 A.14.2.9 ISO27001-2013_A.14.2.9 ISO 27001:2013 A.14.2.9 System acceptance testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e29a8f1b-149b-2fa3-969d-ebee1baa9472 Assign an authorizing official (AO) Regulatory Compliance ISO27001-2013 A.14.2.9 ISO27001-2013_A.14.2.9 ISO 27001:2013 A.14.2.9 System acceptance testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.2.9 ISO27001-2013_A.14.2.9 ISO 27001:2013 A.14.2.9 System acceptance testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eda0cbb7-6043-05bf-645b-67411f1a59b3 Ensure there are no unencrypted static authenticators Regulatory Compliance ISO27001-2013 A.14.2.9 ISO27001-2013_A.14.2.9 ISO 27001:2013 A.14.2.9 System acceptance testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.2.9 ISO27001-2013_A.14.2.9 ISO 27001:2013 A.14.2.9 System acceptance testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance ISO27001-2013 A.14.3.1 ISO27001-2013_A.14.3.1 ISO 27001:2013 A.14.3.1 Protection of test data ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance ISO27001-2013 A.14.3.1 ISO27001-2013_A.14.3.1 ISO 27001:2013 A.14.3.1 Protection of test data ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance ISO27001-2013 A.14.3.1 ISO27001-2013_A.14.3.1 ISO 27001:2013 A.14.3.1 Protection of test data ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance ISO27001-2013 A.14.3.1 ISO27001-2013_A.14.3.1 ISO 27001:2013 A.14.3.1 Protection of test data ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eda0cbb7-6043-05bf-645b-67411f1a59b3 Ensure there are no unencrypted static authenticators Regulatory Compliance ISO27001-2013 A.14.3.1 ISO27001-2013_A.14.3.1 ISO 27001:2013 A.14.3.1 Protection of test data ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance ISO27001-2013 A.14.3.1 ISO27001-2013_A.14.3.1 ISO 27001:2013 A.14.3.1 Protection of test data ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance ISO27001-2013 A.14.3.1 ISO27001-2013_A.14.3.1 ISO 27001:2013 A.14.3.1 Protection of test data ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance ISO27001-2013 A.14.3.1 ISO27001-2013_A.14.3.1 ISO 27001:2013 A.14.3.1 Protection of test data ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance ISO27001-2013 A.14.3.1 ISO27001-2013_A.14.3.1 ISO 27001:2013 A.14.3.1 Protection of test data ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance ISO27001-2013 A.14.3.1 ISO27001-2013_A.14.3.1 ISO 27001:2013 A.14.3.1 Protection of test data ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance ISO27001-2013 A.14.3.1 ISO27001-2013_A.14.3.1 ISO 27001:2013 A.14.3.1 Protection of test data ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance ISO27001-2013 A.15.1.1 ISO27001-2013_A.15.1.1 ISO 27001:2013 A.15.1.1 Information security policy for supplier relationships ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance ISO27001-2013 A.15.1.1 ISO27001-2013_A.15.1.1 ISO 27001:2013 A.15.1.1 Information security policy for supplier relationships ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance ISO27001-2013 A.15.1.1 ISO27001-2013_A.15.1.1 ISO 27001:2013 A.15.1.1 Information security policy for supplier relationships ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance ISO27001-2013 A.15.1.1 ISO27001-2013_A.15.1.1 ISO 27001:2013 A.15.1.1 Information security policy for supplier relationships ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance ISO27001-2013 A.15.1.1 ISO27001-2013_A.15.1.1 ISO 27001:2013 A.15.1.1 Information security policy for supplier relationships ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance ISO27001-2013 A.15.1.1 ISO27001-2013_A.15.1.1 ISO 27001:2013 A.15.1.1 Information security policy for supplier relationships ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance ISO27001-2013 A.15.1.3 ISO27001-2013_A.15.1.3 ISO 27001:2013 A.15.1.3 Information and communication technology supply chain ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance ISO27001-2013 A.15.1.3 ISO27001-2013_A.15.1.3 ISO 27001:2013 A.15.1.3 Information and communication technology supply chain ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance ISO27001-2013 A.15.1.3 ISO27001-2013_A.15.1.3 ISO 27001:2013 A.15.1.3 Information and communication technology supply chain ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance ISO27001-2013 A.15.1.3 ISO27001-2013_A.15.1.3 ISO 27001:2013 A.15.1.3 Information and communication technology supply chain ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance ISO27001-2013 A.15.2.1 ISO27001-2013_A.15.2.1 ISO 27001:2013 A.15.2.1 Monitoring and review of supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance ISO27001-2013 A.15.2.1 ISO27001-2013_A.15.2.1 ISO 27001:2013 A.15.2.1 Monitoring and review of supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance ISO27001-2013 A.15.2.1 ISO27001-2013_A.15.2.1 ISO 27001:2013 A.15.2.1 Monitoring and review of supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance ISO27001-2013 A.15.2.1 ISO27001-2013_A.15.2.1 ISO 27001:2013 A.15.2.1 Monitoring and review of supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.15.2.2 ISO27001-2013_A.15.2.2 ISO 27001:2013 A.15.2.2 Managing changes to supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.15.2.2 ISO27001-2013_A.15.2.2 ISO 27001:2013 A.15.2.2 Managing changes to supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance ISO27001-2013 A.15.2.2 ISO27001-2013_A.15.2.2 ISO 27001:2013 A.15.2.2 Managing changes to supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance ISO27001-2013 A.15.2.2 ISO27001-2013_A.15.2.2 ISO 27001:2013 A.15.2.2 Managing changes to supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance ISO27001-2013 A.15.2.2 ISO27001-2013_A.15.2.2 ISO 27001:2013 A.15.2.2 Managing changes to supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.15.2.2 ISO27001-2013_A.15.2.2 ISO 27001:2013 A.15.2.2 Managing changes to supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance ISO27001-2013 A.15.2.2 ISO27001-2013_A.15.2.2 ISO 27001:2013 A.15.2.2 Managing changes to supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance ISO27001-2013 A.15.2.2 ISO27001-2013_A.15.2.2 ISO 27001:2013 A.15.2.2 Managing changes to supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance ISO27001-2013 A.15.2.2 ISO27001-2013_A.15.2.2 ISO 27001:2013 A.15.2.2 Managing changes to supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance ISO27001-2013 A.15.2.2 ISO27001-2013_A.15.2.2 ISO 27001:2013 A.15.2.2 Managing changes to supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance ISO27001-2013 A.15.2.2 ISO27001-2013_A.15.2.2 ISO 27001:2013 A.15.2.2 Managing changes to supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance ISO27001-2013 A.15.2.2 ISO27001-2013_A.15.2.2 ISO 27001:2013 A.15.2.2 Managing changes to supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance ISO27001-2013 A.15.2.2 ISO27001-2013_A.15.2.2 ISO 27001:2013 A.15.2.2 Managing changes to supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance ISO27001-2013 A.15.2.2 ISO27001-2013_A.15.2.2 ISO 27001:2013 A.15.2.2 Managing changes to supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance ISO27001-2013 A.15.2.2 ISO27001-2013_A.15.2.2 ISO 27001:2013 A.15.2.2 Managing changes to supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance ISO27001-2013 A.16.1.1 ISO27001-2013_A.16.1.1 ISO 27001:2013 A.16.1.1 Responsibilities and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance ISO27001-2013 A.16.1.1 ISO27001-2013_A.16.1.1 ISO 27001:2013 A.16.1.1 Responsibilities and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance ISO27001-2013 A.16.1.1 ISO27001-2013_A.16.1.1 ISO 27001:2013 A.16.1.1 Responsibilities and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records Regulatory Compliance ISO27001-2013 A.16.1.1 ISO27001-2013_A.16.1.1 ISO 27001:2013 A.16.1.1 Responsibilities and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance ISO27001-2013 A.16.1.1 ISO27001-2013_A.16.1.1 ISO 27001:2013 A.16.1.1 Responsibilities and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance ISO27001-2013 A.16.1.1 ISO27001-2013_A.16.1.1 ISO 27001:2013 A.16.1.1 Responsibilities and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance ISO27001-2013 A.16.1.1 ISO27001-2013_A.16.1.1 ISO 27001:2013 A.16.1.1 Responsibilities and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance ISO27001-2013 A.16.1.2 ISO27001-2013_A.16.1.2 ISO 27001:2013 A.16.1.2 Reporting information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance ISO27001-2013 A.16.1.2 ISO27001-2013_A.16.1.2 ISO 27001:2013 A.16.1.2 Reporting information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance ISO27001-2013 A.16.1.2 ISO27001-2013_A.16.1.2 ISO 27001:2013 A.16.1.2 Reporting information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance ISO27001-2013 A.16.1.2 ISO27001-2013_A.16.1.2 ISO 27001:2013 A.16.1.2 Reporting information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance ISO27001-2013 A.16.1.2 ISO27001-2013_A.16.1.2 ISO 27001:2013 A.16.1.2 Reporting information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance ISO27001-2013 A.16.1.2 ISO27001-2013_A.16.1.2 ISO 27001:2013 A.16.1.2 Reporting information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e4054c0e-1184-09e6-4c5e-701e0bc90f81 Report atypical behavior of user accounts Regulatory Compliance ISO27001-2013 A.16.1.2 ISO27001-2013_A.16.1.2 ISO 27001:2013 A.16.1.2 Reporting information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance ISO27001-2013 A.16.1.2 ISO27001-2013_A.16.1.2 ISO 27001:2013 A.16.1.2 Reporting information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance ISO27001-2013 A.16.1.2 ISO27001-2013_A.16.1.2 ISO 27001:2013 A.16.1.2 Reporting information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance ISO27001-2013 A.16.1.2 ISO27001-2013_A.16.1.2 ISO 27001:2013 A.16.1.2 Reporting information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance ISO27001-2013 A.16.1.2 ISO27001-2013_A.16.1.2 ISO 27001:2013 A.16.1.2 Reporting information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance ISO27001-2013 A.16.1.2 ISO27001-2013_A.16.1.2 ISO 27001:2013 A.16.1.2 Reporting information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance ISO27001-2013 A.16.1.2 ISO27001-2013_A.16.1.2 ISO 27001:2013 A.16.1.2 Reporting information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance ISO27001-2013 A.16.1.2 ISO27001-2013_A.16.1.2 ISO 27001:2013 A.16.1.2 Reporting information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance ISO27001-2013 A.16.1.3 ISO27001-2013_A.16.1.3 ISO 27001:2013 A.16.1.3 Reporting information security weaknesses ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance ISO27001-2013 A.16.1.3 ISO27001-2013_A.16.1.3 ISO 27001:2013 A.16.1.3 Reporting information security weaknesses ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e4054c0e-1184-09e6-4c5e-701e0bc90f81 Report atypical behavior of user accounts Regulatory Compliance ISO27001-2013 A.16.1.3 ISO27001-2013_A.16.1.3 ISO 27001:2013 A.16.1.3 Reporting information security weaknesses ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance ISO27001-2013 A.16.1.3 ISO27001-2013_A.16.1.3 ISO 27001:2013 A.16.1.3 Reporting information security weaknesses ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e4054c0e-1184-09e6-4c5e-701e0bc90f81 Report atypical behavior of user accounts Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance ISO27001-2013 A.16.1.5 ISO27001-2013_A.16.1.5 ISO 27001:2013 A.16.1.5 Response to information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance ISO27001-2013 A.16.1.5 ISO27001-2013_A.16.1.5 ISO 27001:2013 A.16.1.5 Response to information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance ISO27001-2013 A.16.1.5 ISO27001-2013_A.16.1.5 ISO 27001:2013 A.16.1.5 Response to information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance ISO27001-2013 A.16.1.5 ISO27001-2013_A.16.1.5 ISO 27001:2013 A.16.1.5 Response to information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance ISO27001-2013 A.16.1.5 ISO27001-2013_A.16.1.5 ISO 27001:2013 A.16.1.5 Response to information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance ISO27001-2013 A.16.1.5 ISO27001-2013_A.16.1.5 ISO 27001:2013 A.16.1.5 Response to information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance ISO27001-2013 A.16.1.5 ISO27001-2013_A.16.1.5 ISO 27001:2013 A.16.1.5 Response to information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e4054c0e-1184-09e6-4c5e-701e0bc90f81 Report atypical behavior of user accounts Regulatory Compliance ISO27001-2013 A.16.1.5 ISO27001-2013_A.16.1.5 ISO 27001:2013 A.16.1.5 Response to information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance ISO27001-2013 A.16.1.5 ISO27001-2013_A.16.1.5 ISO 27001:2013 A.16.1.5 Response to information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance ISO27001-2013 A.16.1.5 ISO27001-2013_A.16.1.5 ISO 27001:2013 A.16.1.5 Response to information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance ISO27001-2013 A.16.1.5 ISO27001-2013_A.16.1.5 ISO 27001:2013 A.16.1.5 Response to information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance ISO27001-2013 A.16.1.5 ISO27001-2013_A.16.1.5 ISO 27001:2013 A.16.1.5 Response to information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance ISO27001-2013 A.16.1.6 ISO27001-2013_A.16.1.6 ISO 27001:2013 A.16.1.6 Learning from information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance ISO27001-2013 A.16.1.6 ISO27001-2013_A.16.1.6 ISO 27001:2013 A.16.1.6 Learning from information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance ISO27001-2013 A.16.1.6 ISO27001-2013_A.16.1.6 ISO 27001:2013 A.16.1.6 Learning from information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance ISO27001-2013 A.16.1.6 ISO27001-2013_A.16.1.6 ISO 27001:2013 A.16.1.6 Learning from information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance ISO27001-2013 A.16.1.6 ISO27001-2013_A.16.1.6 ISO 27001:2013 A.16.1.6 Learning from information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance ISO27001-2013 A.16.1.6 ISO27001-2013_A.16.1.6 ISO 27001:2013 A.16.1.6 Learning from information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance ISO27001-2013 A.16.1.6 ISO27001-2013_A.16.1.6 ISO 27001:2013 A.16.1.6 Learning from information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance ISO27001-2013 A.16.1.6 ISO27001-2013_A.16.1.6 ISO 27001:2013 A.16.1.6 Learning from information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance ISO27001-2013 A.16.1.6 ISO27001-2013_A.16.1.6 ISO 27001:2013 A.16.1.6 Learning from information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e4054c0e-1184-09e6-4c5e-701e0bc90f81 Report atypical behavior of user accounts Regulatory Compliance ISO27001-2013 A.16.1.6 ISO27001-2013_A.16.1.6 ISO 27001:2013 A.16.1.6 Learning from information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
07b42fb5-027e-5a3c-4915-9d9ef3020ec7 Discover any indicators of compromise Regulatory Compliance ISO27001-2013 A.16.1.6 ISO27001-2013_A.16.1.6 ISO 27001:2013 A.16.1.6 Learning from information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance ISO27001-2013 A.16.1.6 ISO27001-2013_A.16.1.6 ISO 27001:2013 A.16.1.6 Learning from information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance ISO27001-2013 A.16.1.6 ISO27001-2013_A.16.1.6 ISO 27001:2013 A.16.1.6 Learning from information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance ISO27001-2013 A.16.1.7 ISO27001-2013_A.16.1.7 ISO 27001:2013 A.16.1.7 Collection of evidence ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance ISO27001-2013 A.16.1.7 ISO27001-2013_A.16.1.7 ISO 27001:2013 A.16.1.7 Collection of evidence ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance ISO27001-2013 A.16.1.7 ISO27001-2013_A.16.1.7 ISO 27001:2013 A.16.1.7 Collection of evidence ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance ISO27001-2013 A.16.1.7 ISO27001-2013_A.16.1.7 ISO 27001:2013 A.16.1.7 Collection of evidence ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance ISO27001-2013 A.16.1.7 ISO27001-2013_A.16.1.7 ISO 27001:2013 A.16.1.7 Collection of evidence ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance ISO27001-2013 A.16.1.7 ISO27001-2013_A.16.1.7 ISO 27001:2013 A.16.1.7 Collection of evidence ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e4054c0e-1184-09e6-4c5e-701e0bc90f81 Report atypical behavior of user accounts Regulatory Compliance ISO27001-2013 A.16.1.7 ISO27001-2013_A.16.1.7 ISO 27001:2013 A.16.1.7 Collection of evidence ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance ISO27001-2013 A.17.1.1 ISO27001-2013_A.17.1.1 ISO 27001:2013 A.17.1.1 Planning information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan Regulatory Compliance ISO27001-2013 A.17.1.1 ISO27001-2013_A.17.1.1 ISO 27001:2013 A.17.1.1 Planning information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance ISO27001-2013 A.17.1.1 ISO27001-2013_A.17.1.1 ISO 27001:2013 A.17.1.1 Planning information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance ISO27001-2013 A.17.1.1 ISO27001-2013_A.17.1.1 ISO 27001:2013 A.17.1.1 Planning information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance ISO27001-2013 A.17.1.1 ISO27001-2013_A.17.1.1 ISO 27001:2013 A.17.1.1 Planning information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
91a54089-2d69-0f56-62dc-b6371a1671c0 Resume all mission and business functions Regulatory Compliance ISO27001-2013 A.17.1.1 ISO27001-2013_A.17.1.1 ISO 27001:2013 A.17.1.1 Planning information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures Regulatory Compliance ISO27001-2013 A.17.1.1 ISO27001-2013_A.17.1.1 ISO 27001:2013 A.17.1.1 Planning information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance ISO27001-2013 A.17.1.1 ISO27001-2013_A.17.1.1 ISO 27001:2013 A.17.1.1 Planning information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance ISO27001-2013 A.17.1.1 ISO27001-2013_A.17.1.1 ISO 27001:2013 A.17.1.1 Planning information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance ISO27001-2013 A.17.1.1 ISO27001-2013_A.17.1.1 ISO 27001:2013 A.17.1.1 Planning information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance ISO27001-2013 A.17.1.1 ISO27001-2013_A.17.1.1 ISO 27001:2013 A.17.1.1 Planning information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f33c3238-11d2-508c-877c-4262ec1132e1 Recover and reconstitute resources after any disruption Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ba02d0a0-566a-25dc-73f1-101c726a19c5 Implement transaction based recovery Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
91a54089-2d69-0f56-62dc-b6371a1671c0 Resume all mission and business functions Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
58a51cde-008b-1a5d-61b5-d95849770677 Test the business continuity and disaster recovery plan Regulatory Compliance ISO27001-2013 A.17.1.3 ISO27001-2013_A.17.1.3 ISO 27001:2013 A.17.1.3 Verify, review and evaluate information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8bfdbaa6-6824-3fec-9b06-7961bf7389a6 Initiate contingency plan testing corrective actions Regulatory Compliance ISO27001-2013 A.17.1.3 ISO27001-2013_A.17.1.3 ISO 27001:2013 A.17.1.3 Verify, review and evaluate information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5d3abfea-a130-1208-29c0-e57de80aa6b0 Review the results of contingency plan testing Regulatory Compliance ISO27001-2013 A.17.1.3 ISO27001-2013_A.17.1.3 ISO 27001:2013 A.17.1.3 Verify, review and evaluate information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
91a54089-2d69-0f56-62dc-b6371a1671c0 Resume all mission and business functions Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2e7a98c9-219f-0d58-38dc-d69038224442 Protect the information security program plan Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
77cc89bb-774f-48d7-8a84-fb8c322c3000 Track software license usage Regulatory Compliance ISO27001-2013 A.18.1.2 ISO27001-2013_A.18.1.2 ISO 27001:2013 A.18.1.2 Intellectual property rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
725164e5-3b21-1ec2-7e42-14f077862841 Require compliance with intellectual property rights Regulatory Compliance ISO27001-2013 A.18.1.2 ISO27001-2013_A.18.1.2 ISO 27001:2013 A.18.1.2 Intellectual property rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance ISO27001-2013 A.18.1.3 ISO27001-2013_A.18.1.3 ISO 27001:2013 A.18.1.3 Protection of records ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance ISO27001-2013 A.18.1.3 ISO27001-2013_A.18.1.3 ISO 27001:2013 A.18.1.3 Protection of records ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance ISO27001-2013 A.18.1.3 ISO27001-2013_A.18.1.3 ISO 27001:2013 A.18.1.3 Protection of records ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance ISO27001-2013 A.18.1.3 ISO27001-2013_A.18.1.3 ISO 27001:2013 A.18.1.3 Protection of records ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance ISO27001-2013 A.18.1.3 ISO27001-2013_A.18.1.3 ISO 27001:2013 A.18.1.3 Protection of records ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance ISO27001-2013 A.18.1.3 ISO27001-2013_A.18.1.3 ISO 27001:2013 A.18.1.3 Protection of records ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.3 ISO27001-2013_A.18.1.3 ISO 27001:2013 A.18.1.3 Protection of records ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance ISO27001-2013 A.18.1.3 ISO27001-2013_A.18.1.3 ISO 27001:2013 A.18.1.3 Protection of records ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ba02d0a0-566a-25dc-73f1-101c726a19c5 Implement transaction based recovery Regulatory Compliance ISO27001-2013 A.18.1.3 ISO27001-2013_A.18.1.3 ISO 27001:2013 A.18.1.3 Protection of records ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance ISO27001-2013 A.18.1.3 ISO27001-2013_A.18.1.3 ISO 27001:2013 A.18.1.3 Protection of records ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance ISO27001-2013 A.18.1.3 ISO27001-2013_A.18.1.3 ISO 27001:2013 A.18.1.3 Protection of records ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance ISO27001-2013 A.18.1.3 ISO27001-2013_A.18.1.3 ISO 27001:2013 A.18.1.3 Protection of records ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance ISO27001-2013 A.18.1.3 ISO27001-2013_A.18.1.3 ISO 27001:2013 A.18.1.3 Protection of records ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance ISO27001-2013 A.18.1.3 ISO27001-2013_A.18.1.3 ISO 27001:2013 A.18.1.3 Protection of records ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance ISO27001-2013 A.18.1.3 ISO27001-2013_A.18.1.3 ISO 27001:2013 A.18.1.3 Protection of records ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance ISO27001-2013 A.18.1.4 ISO27001-2013_A.18.1.4 ISO 27001:2013 A.18.1.4 Privacy and protection of personally identifiable information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance ISO27001-2013 A.18.1.4 ISO27001-2013_A.18.1.4 ISO 27001:2013 A.18.1.4 Privacy and protection of personally identifiable information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance ISO27001-2013 A.18.1.4 ISO27001-2013_A.18.1.4 ISO 27001:2013 A.18.1.4 Privacy and protection of personally identifiable information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance ISO27001-2013 A.18.1.4 ISO27001-2013_A.18.1.4 ISO 27001:2013 A.18.1.4 Privacy and protection of personally identifiable information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4e400494-53a5-5147-6f4d-718b539c7394 Manage compliance activities Regulatory Compliance ISO27001-2013 A.18.1.4 ISO27001-2013_A.18.1.4 ISO 27001:2013 A.18.1.4 Privacy and protection of personally identifiable information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance ISO27001-2013 A.18.1.4 ISO27001-2013_A.18.1.4 ISO 27001:2013 A.18.1.4 Privacy and protection of personally identifiable information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance ISO27001-2013 A.18.1.5 ISO27001-2013_A.18.1.5 ISO 27001:2013 A.18.1.5 Regulation of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance ISO27001-2013 A.18.1.5 ISO27001-2013_A.18.1.5 ISO 27001:2013 A.18.1.5 Regulation of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance ISO27001-2013 A.18.2.1 ISO27001-2013_A.18.2.1 ISO 27001:2013 A.18.2.1 Independent review of information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
611ebc63-8600-50b6-a0e3-fef272457132 Employ independent team for penetration testing Regulatory Compliance ISO27001-2013 A.18.2.1 ISO27001-2013_A.18.2.1 ISO 27001:2013 A.18.2.1 Independent review of information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2e7a98c9-219f-0d58-38dc-d69038224442 Protect the information security program plan Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance ISO27001-2013 A.18.2.3 ISO27001-2013_A.18.2.3 ISO 27001:2013 A.18.2.3 Technical compliance review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance ISO27001-2013 A.18.2.3 ISO27001-2013_A.18.2.3 ISO 27001:2013 A.18.2.3 Technical compliance review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance ISO27001-2013 A.18.2.3 ISO27001-2013_A.18.2.3 ISO 27001:2013 A.18.2.3 Technical compliance review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance ISO27001-2013 A.18.2.3 ISO27001-2013_A.18.2.3 ISO 27001:2013 A.18.2.3 Technical compliance review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
611ebc63-8600-50b6-a0e3-fef272457132 Employ independent team for penetration testing Regulatory Compliance ISO27001-2013 A.18.2.3 ISO27001-2013_A.18.2.3 ISO 27001:2013 A.18.2.3 Technical compliance review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f8d141b7-4e21-62a6-6608-c79336e36bc9 Establish privacy requirements for contractors and service providers Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2e7a98c9-219f-0d58-38dc-d69038224442 Protect the information security program plan Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4e400494-53a5-5147-6f4d-718b539c7394 Manage compliance activities Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2e7a98c9-219f-0d58-38dc-d69038224442 Protect the information security program plan Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1beb1269-62ee-32cd-21ad-43d6c9750eb6 Ensure privacy program information is publicly available Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eab4450d-9e5c-4f38-0656-2ff8c78c83f3 Document and implement privacy complaint procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8b077bff-516f-3983-6c42-c86e9a11868b Designate individuals to fulfill specific roles and responsibilities Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6baae474-434f-2e91-7163-a72df30c4847 Manage security state of information systems Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afd5d60a-48d2-8073-1ec2-6687e22f2ddd Require notification of third-party personnel transfer or termination Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
91a54089-2d69-0f56-62dc-b6371a1671c0 Resume all mission and business functions Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
836f8406-3b8a-11bb-12cb-6c7fa0765668 Develop configuration item identification plan Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2e7a98c9-219f-0d58-38dc-d69038224442 Protect the information security program plan Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
874a6f2e-2098-53bc-3a16-20dcdc425a7e Create configuration plan protection Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center ISO27001-2013 A.6.1.2 ISO27001-2013_A.6.1.2 ISO 27001:2013 A.6.1.2 Segregation of Duties ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance ISO27001-2013 A.6.1.2 ISO27001-2013_A.6.1.2 ISO 27001:2013 A.6.1.2 Segregation of Duties ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance ISO27001-2013 A.6.1.2 ISO27001-2013_A.6.1.2 ISO 27001:2013 A.6.1.2 Segregation of Duties ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance ISO27001-2013 A.6.1.2 ISO27001-2013_A.6.1.2 ISO 27001:2013 A.6.1.2 Segregation of Duties ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center ISO27001-2013 A.6.1.2 ISO27001-2013_A.6.1.2 ISO 27001:2013 A.6.1.2 Segregation of Duties ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5269d7e4-3768-501d-7e46-66c56c15622c Manage contacts for authorities and special interest groups Regulatory Compliance ISO27001-2013 A.6.1.3 ISO27001-2013_A.6.1.3 ISO 27001:2013 A.6.1.3 Contact with authorities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance ISO27001-2013 A.6.1.3 ISO27001-2013_A.6.1.3 ISO 27001:2013 A.6.1.3 Contact with authorities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Disseminate security alerts to personnel Regulatory Compliance ISO27001-2013 A.6.1.4 ISO27001-2013_A.6.1.4 ISO 27001:2013 A.6.1.4 Contact with special interest groups ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b0e3035d-6366-2e37-796e-8bcab9c649e6 Establish a threat intelligence program Regulatory Compliance ISO27001-2013 A.6.1.4 ISO27001-2013_A.6.1.4 ISO 27001:2013 A.6.1.4 Contact with special interest groups ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
171e377b-5224-4a97-1eaa-62a3b5231dac Generate internal security alerts Regulatory Compliance ISO27001-2013 A.6.1.4 ISO27001-2013_A.6.1.4 ISO 27001:2013 A.6.1.4 Contact with special interest groups ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance ISO27001-2013 A.6.1.4 ISO27001-2013_A.6.1.4 ISO 27001:2013 A.6.1.4 Contact with special interest groups ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
26d178a4-9261-6f04-a100-47ed85314c6e Implement security directives Regulatory Compliance ISO27001-2013 A.6.1.4 ISO27001-2013_A.6.1.4 ISO 27001:2013 A.6.1.4 Contact with special interest groups ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5269d7e4-3768-501d-7e46-66c56c15622c Manage contacts for authorities and special interest groups Regulatory Compliance ISO27001-2013 A.6.1.4 ISO27001-2013_A.6.1.4 ISO 27001:2013 A.6.1.4 Contact with special interest groups ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 Review development process, standards and tools Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
90a156a6-49ed-18d1-1052-69aac27c05cd Allocate resources in determining information system requirements Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ab02bb73-4ce1-89dd-3905-d93042809ba0 Align business objectives and IT goals Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
06af77de-02ca-0f3e-838a-a9420fe466f5 Establish a discrete line item in budgeting documentation Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance ISO27001-2013 A.6.2.1 ISO27001-2013_A.6.2.1 ISO 27001:2013 A.6.2.1 Mobile device policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance ISO27001-2013 A.6.2.1 ISO27001-2013_A.6.2.1 ISO 27001:2013 A.6.2.1 Mobile device policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance ISO27001-2013 A.6.2.1 ISO27001-2013_A.6.2.1 ISO 27001:2013 A.6.2.1 Mobile device policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance ISO27001-2013 A.6.2.1 ISO27001-2013_A.6.2.1 ISO 27001:2013 A.6.2.1 Mobile device policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance ISO27001-2013 A.6.2.1 ISO27001-2013_A.6.2.1 ISO 27001:2013 A.6.2.1 Mobile device policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance ISO27001-2013 A.6.2.1 ISO27001-2013_A.6.2.1 ISO 27001:2013 A.6.2.1 Mobile device policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance ISO27001-2013 A.6.2.1 ISO27001-2013_A.6.2.1 ISO 27001:2013 A.6.2.1 Mobile device policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance ISO27001-2013 A.6.2.1 ISO27001-2013_A.6.2.1 ISO 27001:2013 A.6.2.1 Mobile device policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance ISO27001-2013 A.6.2.1 ISO27001-2013_A.6.2.1 ISO 27001:2013 A.6.2.1 Mobile device policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance ISO27001-2013 A.6.2.1 ISO27001-2013_A.6.2.1 ISO 27001:2013 A.6.2.1 Mobile device policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance ISO27001-2013 A.6.2.1 ISO27001-2013_A.6.2.1 ISO 27001:2013 A.6.2.1 Mobile device policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance ISO27001-2013 A.6.2.1 ISO27001-2013_A.6.2.1 ISO 27001:2013 A.6.2.1 Mobile device policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance ISO27001-2013 A.6.2.1 ISO27001-2013_A.6.2.1 ISO 27001:2013 A.6.2.1 Mobile device policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance ISO27001-2013 A.6.2.2 ISO27001-2013_A.6.2.2 ISO 27001:2013 A.6.2.2 Teleworking ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance ISO27001-2013 A.6.2.2 ISO27001-2013_A.6.2.2 ISO 27001:2013 A.6.2.2 Teleworking ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance ISO27001-2013 A.6.2.2 ISO27001-2013_A.6.2.2 ISO 27001:2013 A.6.2.2 Teleworking ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance ISO27001-2013 A.6.2.2 ISO27001-2013_A.6.2.2 ISO 27001:2013 A.6.2.2 Teleworking ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance ISO27001-2013 A.6.2.2 ISO27001-2013_A.6.2.2 ISO 27001:2013 A.6.2.2 Teleworking ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance ISO27001-2013 A.6.2.2 ISO27001-2013_A.6.2.2 ISO 27001:2013 A.6.2.2 Teleworking ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance ISO27001-2013 A.6.2.2 ISO27001-2013_A.6.2.2 ISO 27001:2013 A.6.2.2 Teleworking ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance ISO27001-2013 A.6.2.2 ISO27001-2013_A.6.2.2 ISO 27001:2013 A.6.2.2 Teleworking ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance ISO27001-2013 A.6.2.2 ISO27001-2013_A.6.2.2 ISO 27001:2013 A.6.2.2 Teleworking ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance ISO27001-2013 A.6.2.2 ISO27001-2013_A.6.2.2 ISO 27001:2013 A.6.2.2 Teleworking ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance ISO27001-2013 A.6.2.2 ISO27001-2013_A.6.2.2 ISO 27001:2013 A.6.2.2 Teleworking ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance ISO27001-2013 A.6.2.2 ISO27001-2013_A.6.2.2 ISO 27001:2013 A.6.2.2 Teleworking ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance ISO27001-2013 A.6.2.2 ISO27001-2013_A.6.2.2 ISO 27001:2013 A.6.2.2 Teleworking ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance ISO27001-2013 A.6.2.2 ISO27001-2013_A.6.2.2 ISO 27001:2013 A.6.2.2 Teleworking ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance ISO27001-2013 A.6.2.2 ISO27001-2013_A.6.2.2 ISO 27001:2013 A.6.2.2 Teleworking ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance ISO27001-2013 A.6.2.2 ISO27001-2013_A.6.2.2 ISO 27001:2013 A.6.2.2 Teleworking ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6aeb800-0b19-944d-92dc-59b893722329 Rescreen individuals at a defined frequency Regulatory Compliance ISO27001-2013 A.7.1.1 ISO27001-2013_A.7.1.1 ISO 27001:2013 A.7.1.1 Screening ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c42f19c9-5d88-92da-0742-371a0ea03126 Clear personnel with access to classified information Regulatory Compliance ISO27001-2013 A.7.1.1 ISO27001-2013_A.7.1.1 ISO 27001:2013 A.7.1.1 Screening ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e0c480bf-0d68-a42d-4cbb-b60f851f8716 Implement personnel screening Regulatory Compliance ISO27001-2013 A.7.1.1 ISO27001-2013_A.7.1.1 ISO 27001:2013 A.7.1.1 Screening ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e21f91d1-2803-0282-5f2d-26ebc4b170ef Update organizational access agreements Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3af53f59-979f-24a8-540f-d7cdbc366607 Require users to sign access agreement Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e7589f4e-1e8b-72c2-3692-1e14d7f3699f Ensure access agreements are signed or resigned timely Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c981fa70-2e58-8141-1457-e7f62ebc2ade Document organizational access agreements Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1beb1269-62ee-32cd-21ad-43d6c9750eb6 Ensure privacy program information is publicly available Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c981fa70-2e58-8141-1457-e7f62ebc2ade Document organizational access agreements Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3af53f59-979f-24a8-540f-d7cdbc366607 Require users to sign access agreement Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e21f91d1-2803-0282-5f2d-26ebc4b170ef Update organizational access agreements Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e7589f4e-1e8b-72c2-3692-1e14d7f3699f Ensure access agreements are signed or resigned timely Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afd5d60a-48d2-8073-1ec2-6687e22f2ddd Require notification of third-party personnel transfer or termination Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance ISO27001-2013 A.7.2.2 ISO27001-2013_A.7.2.2 ISO 27001:2013 A.7.2.2 Information security awareness, education and training ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance ISO27001-2013 A.7.2.2 ISO27001-2013_A.7.2.2 ISO 27001:2013 A.7.2.2 Information security awareness, education and training ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance ISO27001-2013 A.7.2.2 ISO27001-2013_A.7.2.2 ISO 27001:2013 A.7.2.2 Information security awareness, education and training ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance ISO27001-2013 A.7.2.2 ISO27001-2013_A.7.2.2 ISO 27001:2013 A.7.2.2 Information security awareness, education and training ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information Regulatory Compliance ISO27001-2013 A.7.2.2 ISO27001-2013_A.7.2.2 ISO 27001:2013 A.7.2.2 Information security awareness, education and training ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance ISO27001-2013 A.7.2.2 ISO27001-2013_A.7.2.2 ISO 27001:2013 A.7.2.2 Information security awareness, education and training ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance ISO27001-2013 A.7.2.2 ISO27001-2013_A.7.2.2 ISO 27001:2013 A.7.2.2 Information security awareness, education and training ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance ISO27001-2013 A.7.2.2 ISO27001-2013_A.7.2.2 ISO 27001:2013 A.7.2.2 Information security awareness, education and training ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c8aa992d-76b7-7ca0-07b3-31a58d773fa9 Employ automated training environment Regulatory Compliance ISO27001-2013 A.7.2.2 ISO27001-2013_A.7.2.2 ISO 27001:2013 A.7.2.2 Information security awareness, education and training ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance ISO27001-2013 A.7.2.2 ISO27001-2013_A.7.2.2 ISO 27001:2013 A.7.2.2 Information security awareness, education and training ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance ISO27001-2013 A.7.2.2 ISO27001-2013_A.7.2.2 ISO 27001:2013 A.7.2.2 Information security awareness, education and training ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3153d9c0-2584-14d3-362d-578b01358aeb Retain training records Regulatory Compliance ISO27001-2013 A.7.2.2 ISO27001-2013_A.7.2.2 ISO 27001:2013 A.7.2.2 Information security awareness, education and training ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance ISO27001-2013 A.7.2.2 ISO27001-2013_A.7.2.2 ISO 27001:2013 A.7.2.2 Information security awareness, education and training ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance ISO27001-2013 A.7.2.2 ISO27001-2013_A.7.2.2 ISO 27001:2013 A.7.2.2 Information security awareness, education and training ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b544f797-a73b-1be3-6d01-6b1a085376bc Establish information security workforce development and improvement program Regulatory Compliance ISO27001-2013 A.7.2.2 ISO27001-2013_A.7.2.2 ISO 27001:2013 A.7.2.2 Information security awareness, education and training ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions Regulatory Compliance ISO27001-2013 A.7.2.3 ISO27001-2013_A.7.2.3 ISO 27001:2013 A.7.2.3 Disciplinary process ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process Regulatory Compliance ISO27001-2013 A.7.2.3 ISO27001-2013_A.7.2.3 ISO 27001:2013 A.7.2.3 Disciplinary process ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance ISO27001-2013 A.7.3.1 ISO27001-2013_A.7.3.1 ISO 27001:2013 A.7.3.1 Termination or change of employment responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance ISO27001-2013 A.7.3.1 ISO27001-2013_A.7.3.1 ISO 27001:2013 A.7.3.1 Termination or change of employment responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance ISO27001-2013 A.7.3.1 ISO27001-2013_A.7.3.1 ISO 27001:2013 A.7.3.1 Termination or change of employment responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance ISO27001-2013 A.7.3.1 ISO27001-2013_A.7.3.1 ISO 27001:2013 A.7.3.1 Termination or change of employment responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance ISO27001-2013 A.7.3.1 ISO27001-2013_A.7.3.1 ISO 27001:2013 A.7.3.1 Termination or change of employment responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance ISO27001-2013 A.7.3.1 ISO27001-2013_A.7.3.1 ISO 27001:2013 A.7.3.1 Termination or change of employment responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance ISO27001-2013 A.7.3.1 ISO27001-2013_A.7.3.1 ISO 27001:2013 A.7.3.1 Termination or change of employment responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance ISO27001-2013 A.7.3.1 ISO27001-2013_A.7.3.1 ISO 27001:2013 A.7.3.1 Termination or change of employment responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance ISO27001-2013 A.8.1.1 ISO27001-2013_A.8.1.1 ISO 27001:2013 A.8.1.1 Inventory of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance ISO27001-2013 A.8.1.1 ISO27001-2013_A.8.1.1 ISO 27001:2013 A.8.1.1 Inventory of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance ISO27001-2013 A.8.1.2 ISO27001-2013_A.8.1.2 ISO 27001:2013 A.8.1.2 Ownership of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance ISO27001-2013 A.8.1.2 ISO27001-2013_A.8.1.2 ISO 27001:2013 A.8.1.2 Ownership of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance ISO27001-2013 A.8.1.2 ISO27001-2013_A.8.1.2 ISO 27001:2013 A.8.1.2 Ownership of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance ISO27001-2013 A.8.1.2 ISO27001-2013_A.8.1.2 ISO 27001:2013 A.8.1.2 Ownership of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance ISO27001-2013 A.8.1.2 ISO27001-2013_A.8.1.2 ISO 27001:2013 A.8.1.2 Ownership of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance ISO27001-2013 A.8.1.2 ISO27001-2013_A.8.1.2 ISO 27001:2013 A.8.1.2 Ownership of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance ISO27001-2013 A.8.1.2 ISO27001-2013_A.8.1.2 ISO 27001:2013 A.8.1.2 Ownership of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance ISO27001-2013 A.8.1.3 ISO27001-2013_A.8.1.3 ISO 27001:2013 A.8.1.3 Acceptable use of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance ISO27001-2013 A.8.1.3 ISO27001-2013_A.8.1.3 ISO 27001:2013 A.8.1.3 Acceptable use of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance ISO27001-2013 A.8.1.4 ISO27001-2013_A.8.1.4 ISO 27001:2013 A.8.1.4 Return of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance ISO27001-2013 A.8.1.4 ISO27001-2013_A.8.1.4 ISO 27001:2013 A.8.1.4 Return of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance ISO27001-2013 A.8.1.4 ISO27001-2013_A.8.1.4 ISO 27001:2013 A.8.1.4 Return of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance ISO27001-2013 A.8.1.4 ISO27001-2013_A.8.1.4 ISO 27001:2013 A.8.1.4 Return of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance ISO27001-2013 A.8.1.4 ISO27001-2013_A.8.1.4 ISO 27001:2013 A.8.1.4 Return of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance ISO27001-2013 A.8.1.4 ISO27001-2013_A.8.1.4 ISO 27001:2013 A.8.1.4 Return of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance ISO27001-2013 A.8.1.4 ISO27001-2013_A.8.1.4 ISO 27001:2013 A.8.1.4 Return of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance ISO27001-2013 A.8.1.4 ISO27001-2013_A.8.1.4 ISO 27001:2013 A.8.1.4 Return of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
11ba0508-58a8-44de-5f3a-9e05d80571da Develop business classification schemes Regulatory Compliance ISO27001-2013 A.8.2.1 ISO27001-2013_A.8.2.1 ISO 27001:2013 A.8.2.1 Classification of information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6c79c3e5-5f7b-a48a-5c7b-8c158bc01115 Ensure security categorization is approved Regulatory Compliance ISO27001-2013 A.8.2.1 ISO27001-2013_A.8.2.1 ISO 27001:2013 A.8.2.1 Classification of information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center ISO27001-2013 A.8.2.1 ISO27001-2013_A.8.2.1 ISO 27001:2013 A.8.2.1 Classification of information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
93fa357f-2e38-22a9-5138-8cc5124e1923 Categorize information Regulatory Compliance ISO27001-2013 A.8.2.1 ISO27001-2013_A.8.2.1 ISO 27001:2013 A.8.2.1 Classification of information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance ISO27001-2013 A.8.2.1 ISO27001-2013_A.8.2.1 ISO 27001:2013 A.8.2.1 Classification of information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance ISO27001-2013 A.8.2.2 ISO27001-2013_A.8.2.2 ISO 27001:2013 A.8.2.2 Labelling of information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance ISO27001-2013 A.8.2.2 ISO27001-2013_A.8.2.2 ISO 27001:2013 A.8.2.2 Labelling of information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance ISO27001-2013 A.8.2.2 ISO27001-2013_A.8.2.2 ISO 27001:2013 A.8.2.2 Labelling of information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance ISO27001-2013 A.8.2.2 ISO27001-2013_A.8.2.2 ISO 27001:2013 A.8.2.2 Labelling of information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
25a1f840-65d0-900a-43e4-bee253de04de Define requirements for managing assets Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance ISO27001-2013 A.8.3.1 ISO27001-2013_A.8.3.1 ISO 27001:2013 A.8.3.1 Management of removable media ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance ISO27001-2013 A.8.3.1 ISO27001-2013_A.8.3.1 ISO 27001:2013 A.8.3.1 Management of removable media ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance ISO27001-2013 A.8.3.1 ISO27001-2013_A.8.3.1 ISO 27001:2013 A.8.3.1 Management of removable media ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance ISO27001-2013 A.8.3.1 ISO27001-2013_A.8.3.1 ISO 27001:2013 A.8.3.1 Management of removable media ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance ISO27001-2013 A.8.3.1 ISO27001-2013_A.8.3.1 ISO 27001:2013 A.8.3.1 Management of removable media ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance ISO27001-2013 A.8.3.1 ISO27001-2013_A.8.3.1 ISO 27001:2013 A.8.3.1 Management of removable media ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance ISO27001-2013 A.8.3.2 ISO27001-2013_A.8.3.2 ISO 27001:2013 A.8.3.2 Disposal of media ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance ISO27001-2013 A.8.3.2 ISO27001-2013_A.8.3.2 ISO 27001:2013 A.8.3.2 Disposal of media ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance ISO27001-2013 A.8.3.3 ISO27001-2013_A.8.3.3 ISO 27001:2013 A.8.3.3 Physical media transfer ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance ISO27001-2013 A.8.3.3 ISO27001-2013_A.8.3.3 ISO 27001:2013 A.8.3.3 Physical media transfer ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance ISO27001-2013 A.9.1.1 ISO27001-2013_A.9.1.1 ISO 27001:2013 A.9.1.1 Access control policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance ISO27001-2013 A.9.1.1 ISO27001-2013_A.9.1.1 ISO 27001:2013 A.9.1.1 Access control policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance ISO27001-2013 A.9.1.1 ISO27001-2013_A.9.1.1 ISO 27001:2013 A.9.1.1 Access control policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance ISO27001-2013 A.9.1.1 ISO27001-2013_A.9.1.1 ISO 27001:2013 A.9.1.1 Access control policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f29b17a4-0df2-8a50-058a-8570f9979d28 Assign system identifiers Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4781e5fd-76b8-7d34-6df3-a0a7fca47665 Prevent identifier reuse for the defined time period Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges Regulatory Compliance ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges Regulatory Compliance ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance ISO27001-2013 A.9.3.1 ISO27001-2013_A.9.3.1 ISO 27001:2013 A.9.3.1 Use of secret authentication information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance ISO27001-2013 A.9.3.1 ISO27001-2013_A.9.3.1 ISO 27001:2013 A.9.3.1 Use of secret authentication information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance ISO27001-2013 A.9.3.1 ISO27001-2013_A.9.3.1 ISO 27001:2013 A.9.3.1 Use of secret authentication information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance ISO27001-2013 A.9.3.1 ISO27001-2013_A.9.3.1 ISO 27001:2013 A.9.3.1 Use of secret authentication information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance ISO27001-2013 A.9.3.1 ISO27001-2013_A.9.3.1 ISO 27001:2013 A.9.3.1 Use of secret authentication information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance ISO27001-2013 A.9.3.1 ISO27001-2013_A.9.3.1 ISO 27001:2013 A.9.3.1 Use of secret authentication information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance ISO27001-2013 A.9.3.1 ISO27001-2013_A.9.3.1 ISO 27001:2013 A.9.3.1 Use of secret authentication information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance ISO27001-2013 A.9.3.1 ISO27001-2013_A.9.3.1 ISO 27001:2013 A.9.3.1 Use of secret authentication information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance ISO27001-2013 A.9.3.1 ISO27001-2013_A.9.3.1 ISO 27001:2013 A.9.3.1 Use of secret authentication information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
76d66b5c-85e4-93f5-96a5-ebb2fad61dc6 Terminate customer controlled account credentials Regulatory Compliance ISO27001-2013 A.9.3.1 ISO27001-2013_A.9.3.1 ISO 27001:2013 A.9.3.1 Use of secret authentication information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance ISO27001-2013 A.9.3.1 ISO27001-2013_A.9.3.1 ISO 27001:2013 A.9.3.1 Use of secret authentication information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance ISO27001-2013 A.9.3.1 ISO27001-2013_A.9.3.1 ISO 27001:2013 A.9.3.1 Use of secret authentication information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.9.3.1 ISO27001-2013_A.9.3.1 ISO 27001:2013 A.9.3.1 Use of secret authentication information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance ISO27001-2013 A.9.3.1 ISO27001-2013_A.9.3.1 ISO 27001:2013 A.9.3.1 Use of secret authentication information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance ISO27001-2013 A.9.3.1 ISO27001-2013_A.9.3.1 ISO 27001:2013 A.9.3.1 Use of secret authentication information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance ISO27001-2013 A.9.4.1 ISO27001-2013_A.9.4.1 ISO 27001:2013 A.9.4.1 Information access restriction ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance ISO27001-2013 A.9.4.1 ISO27001-2013_A.9.4.1 ISO 27001:2013 A.9.4.1 Information access restriction ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance ISO27001-2013 A.9.4.1 ISO27001-2013_A.9.4.1 ISO 27001:2013 A.9.4.1 Information access restriction ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance ISO27001-2013 A.9.4.1 ISO27001-2013_A.9.4.1 ISO 27001:2013 A.9.4.1 Information access restriction ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance ISO27001-2013 A.9.4.1 ISO27001-2013_A.9.4.1 ISO 27001:2013 A.9.4.1 Information access restriction ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance ISO27001-2013 A.9.4.1 ISO27001-2013_A.9.4.1 ISO 27001:2013 A.9.4.1 Information access restriction ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance ISO27001-2013 A.9.4.1 ISO27001-2013_A.9.4.1 ISO 27001:2013 A.9.4.1 Information access restriction ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance ISO27001-2013 A.9.4.1 ISO27001-2013_A.9.4.1 ISO 27001:2013 A.9.4.1 Information access restriction ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance ISO27001-2013 A.9.4.1 ISO27001-2013_A.9.4.1 ISO 27001:2013 A.9.4.1 Information access restriction ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance ISO27001-2013 A.9.4.1 ISO27001-2013_A.9.4.1 ISO 27001:2013 A.9.4.1 Information access restriction ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance ISO27001-2013 A.9.4.1 ISO27001-2013_A.9.4.1 ISO 27001:2013 A.9.4.1 Information access restriction ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Secure log-on procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Secure log-on procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Secure log-on procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Secure log-on procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Secure log-on procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
20762f1e-85fb-31b0-a600-e833633f10fe Reveal error messages Regulatory Compliance ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Secure log-on procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication Regulatory Compliance ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Secure log-on procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1ff03f2a-974b-3272-34f2-f6cd51420b30 Obscure feedback information during authentication process Regulatory Compliance ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Secure log-on procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Secure log-on procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b4409bff-2287-8407-05fd-c73175a68302 Enforce a limit of consecutive failed login attempts Regulatory Compliance ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Secure log-on procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Secure log-on procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices Regulatory Compliance ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Secure log-on procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Secure log-on procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c2cb4658-44dc-9d11-3dad-7c6802dd5ba3 Generate error messages Regulatory Compliance ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Secure log-on procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
237b38db-ca4d-4259-9e47-7882441ca2c0 Audit Windows machines that do not have the minimum password age set to specified number of days Guest Configuration ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance ISO27001-2013 A.9.4.4 ISO27001-2013_A.9.4.4 ISO 27001:2013 A.9.4.4 Use of privileged utility programs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance ISO27001-2013 A.9.4.4 ISO27001-2013_A.9.4.4 ISO 27001:2013 A.9.4.4 Use of privileged utility programs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance ISO27001-2013 A.9.4.4 ISO27001-2013_A.9.4.4 ISO 27001:2013 A.9.4.4 Use of privileged utility programs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance ISO27001-2013 A.9.4.4 ISO27001-2013_A.9.4.4 ISO 27001:2013 A.9.4.4 Use of privileged utility programs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance ISO27001-2013 A.9.4.4 ISO27001-2013_A.9.4.4 ISO 27001:2013 A.9.4.4 Use of privileged utility programs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance ISO27001-2013 A.9.4.4 ISO27001-2013_A.9.4.4 ISO 27001:2013 A.9.4.4 Use of privileged utility programs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance ISO27001-2013 A.9.4.4 ISO27001-2013_A.9.4.4 ISO 27001:2013 A.9.4.4 Use of privileged utility programs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance ISO27001-2013 A.9.4.4 ISO27001-2013_A.9.4.4 ISO 27001:2013 A.9.4.4 Use of privileged utility programs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance ISO27001-2013 A.9.4.4 ISO27001-2013_A.9.4.4 ISO 27001:2013 A.9.4.4 Use of privileged utility programs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance ISO27001-2013 A.9.4.5 ISO27001-2013_A.9.4.5 ISO 27001:2013 A.9.4.5 Access control to program source code ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance ISO27001-2013 A.9.4.5 ISO27001-2013_A.9.4.5 ISO 27001:2013 A.9.4.5 Access control to program source code ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance ISO27001-2013 A.9.4.5 ISO27001-2013_A.9.4.5 ISO 27001:2013 A.9.4.5 Access control to program source code ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance ISO27001-2013 A.9.4.5 ISO27001-2013_A.9.4.5 ISO 27001:2013 A.9.4.5 Access control to program source code ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance ISO27001-2013 A.9.4.5 ISO27001-2013_A.9.4.5 ISO 27001:2013 A.9.4.5 Access control to program source code ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance ISO27001-2013 A.9.4.5 ISO27001-2013_A.9.4.5 ISO 27001:2013 A.9.4.5 Access control to program source code ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance ISO27001-2013 A.9.4.5 ISO27001-2013_A.9.4.5 ISO 27001:2013 A.9.4.5 Access control to program source code ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance ISO27001-2013 A.9.4.5 ISO27001-2013_A.9.4.5 ISO 27001:2013 A.9.4.5 Access control to program source code ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance ISO27001-2013 A.9.4.5 ISO27001-2013_A.9.4.5 ISO 27001:2013 A.9.4.5 Access control to program source code ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance ISO27001-2013 A.9.4.5 ISO27001-2013_A.9.4.5 ISO 27001:2013 A.9.4.5 Access control to program source code ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance ISO27001-2013 C.10.1.d ISO27001-2013_C.10.1.d ISO 27001:2013 C.10.1.d Nonconformity and corrective action ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance ISO27001-2013 C.10.1.e ISO27001-2013_C.10.1.e ISO 27001:2013 C.10.1.e Nonconformity and corrective action ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance ISO27001-2013 C.10.1.f ISO27001-2013_C.10.1.f ISO 27001:2013 C.10.1.f Nonconformity and corrective action ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance ISO27001-2013 C.10.1.f ISO27001-2013_C.10.1.f ISO 27001:2013 C.10.1.f Nonconformity and corrective action ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance ISO27001-2013 C.10.1.f ISO27001-2013_C.10.1.f ISO 27001:2013 C.10.1.f Nonconformity and corrective action ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance ISO27001-2013 C.10.1.g ISO27001-2013_C.10.1.g ISO 27001:2013 C.10.1.g Nonconformity and corrective action ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance ISO27001-2013 C.10.1.g ISO27001-2013_C.10.1.g ISO 27001:2013 C.10.1.g Nonconformity and corrective action ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance ISO27001-2013 C.10.1.g ISO27001-2013_C.10.1.g ISO 27001:2013 C.10.1.g Nonconformity and corrective action ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance ISO27001-2013 C.4.3.a ISO27001-2013_C.4.3.a ISO 27001:2013 C.4.3.a Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance ISO27001-2013 C.4.3.a ISO27001-2013_C.4.3.a ISO 27001:2013 C.4.3.a Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance ISO27001-2013 C.4.3.a ISO27001-2013_C.4.3.a ISO 27001:2013 C.4.3.a Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance ISO27001-2013 C.4.3.b ISO27001-2013_C.4.3.b ISO 27001:2013 C.4.3.b Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance ISO27001-2013 C.4.3.b ISO27001-2013_C.4.3.b ISO 27001:2013 C.4.3.b Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance ISO27001-2013 C.4.3.b ISO27001-2013_C.4.3.b ISO 27001:2013 C.4.3.b Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f8d141b7-4e21-62a6-6608-c79336e36bc9 Establish privacy requirements for contractors and service providers Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ab02bb73-4ce1-89dd-3905-d93042809ba0 Align business objectives and IT goals Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2d14ff7e-6ff9-838c-0cde-4962ccdb1689 Employ business case to record the resources required Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
464a7d7a-2358-4869-0b49-6d582ca21292 Ensure capital planning and investment requests include necessary resources Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance ISO27001-2013 C.4.4 ISO27001-2013_C.4.4 ISO 27001:2013 C.4.4 Information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance ISO27001-2013 C.4.4 ISO27001-2013_C.4.4 ISO 27001:2013 C.4.4 Information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance ISO27001-2013 C.4.4 ISO27001-2013_C.4.4 ISO 27001:2013 C.4.4 Information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance ISO27001-2013 C.4.4 ISO27001-2013_C.4.4 ISO 27001:2013 C.4.4 Information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance ISO27001-2013 C.4.4 ISO27001-2013_C.4.4 ISO 27001:2013 C.4.4 Information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance ISO27001-2013 C.5.1.a ISO27001-2013_C.5.1.a ISO 27001:2013 C.5.1.a Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance ISO27001-2013 C.5.1.a ISO27001-2013_C.5.1.a ISO 27001:2013 C.5.1.a Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance ISO27001-2013 C.5.1.a ISO27001-2013_C.5.1.a ISO 27001:2013 C.5.1.a Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.a ISO27001-2013_C.5.1.a ISO 27001:2013 C.5.1.a Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance ISO27001-2013 C.5.1.a ISO27001-2013_C.5.1.a ISO 27001:2013 C.5.1.a Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.a ISO27001-2013_C.5.1.a ISO 27001:2013 C.5.1.a Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
464a7d7a-2358-4869-0b49-6d582ca21292 Ensure capital planning and investment requests include necessary resources Regulatory Compliance ISO27001-2013 C.5.1.c ISO27001-2013_C.5.1.c ISO 27001:2013 C.5.1.c Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
06af77de-02ca-0f3e-838a-a9420fe466f5 Establish a discrete line item in budgeting documentation Regulatory Compliance ISO27001-2013 C.5.1.c ISO27001-2013_C.5.1.c ISO 27001:2013 C.5.1.c Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance ISO27001-2013 C.5.1.c ISO27001-2013_C.5.1.c ISO 27001:2013 C.5.1.c Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership Regulatory Compliance ISO27001-2013 C.5.1.c ISO27001-2013_C.5.1.c ISO 27001:2013 C.5.1.c Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources Regulatory Compliance ISO27001-2013 C.5.1.c ISO27001-2013_C.5.1.c ISO 27001:2013 C.5.1.c Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ab02bb73-4ce1-89dd-3905-d93042809ba0 Align business objectives and IT goals Regulatory Compliance ISO27001-2013 C.5.1.c ISO27001-2013_C.5.1.c ISO 27001:2013 C.5.1.c Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
90a156a6-49ed-18d1-1052-69aac27c05cd Allocate resources in determining information system requirements Regulatory Compliance ISO27001-2013 C.5.1.c ISO27001-2013_C.5.1.c ISO 27001:2013 C.5.1.c Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1beb1269-62ee-32cd-21ad-43d6c9750eb6 Ensure privacy program information is publicly available Regulatory Compliance ISO27001-2013 C.5.1.c ISO27001-2013_C.5.1.c ISO 27001:2013 C.5.1.c Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance ISO27001-2013 C.5.1.c ISO27001-2013_C.5.1.c ISO 27001:2013 C.5.1.c Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2d14ff7e-6ff9-838c-0cde-4962ccdb1689 Employ business case to record the resources required Regulatory Compliance ISO27001-2013 C.5.1.c ISO27001-2013_C.5.1.c ISO 27001:2013 C.5.1.c Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance ISO27001-2013 C.5.1.d ISO27001-2013_C.5.1.d ISO 27001:2013 C.5.1.d Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance ISO27001-2013 C.5.1.e ISO27001-2013_C.5.1.e ISO 27001:2013 C.5.1.e Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance ISO27001-2013 C.5.1.e ISO27001-2013_C.5.1.e ISO 27001:2013 C.5.1.e Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39999038-9ef1-602a-158c-ce2367185230 Define performance metrics Regulatory Compliance ISO27001-2013 C.5.1.e ISO27001-2013_C.5.1.e ISO 27001:2013 C.5.1.e Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance ISO27001-2013 C.5.1.f ISO27001-2013_C.5.1.f ISO 27001:2013 C.5.1.f Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources Regulatory Compliance ISO27001-2013 C.5.1.f ISO27001-2013_C.5.1.f ISO 27001:2013 C.5.1.f Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance ISO27001-2013 C.5.1.f ISO27001-2013_C.5.1.f ISO 27001:2013 C.5.1.f Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
90a156a6-49ed-18d1-1052-69aac27c05cd Allocate resources in determining information system requirements Regulatory Compliance ISO27001-2013 C.5.1.f ISO27001-2013_C.5.1.f ISO 27001:2013 C.5.1.f Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2d14ff7e-6ff9-838c-0cde-4962ccdb1689 Employ business case to record the resources required Regulatory Compliance ISO27001-2013 C.5.1.f ISO27001-2013_C.5.1.f ISO 27001:2013 C.5.1.f Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
06af77de-02ca-0f3e-838a-a9420fe466f5 Establish a discrete line item in budgeting documentation Regulatory Compliance ISO27001-2013 C.5.1.f ISO27001-2013_C.5.1.f ISO 27001:2013 C.5.1.f Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ab02bb73-4ce1-89dd-3905-d93042809ba0 Align business objectives and IT goals Regulatory Compliance ISO27001-2013 C.5.1.f ISO27001-2013_C.5.1.f ISO 27001:2013 C.5.1.f Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
464a7d7a-2358-4869-0b49-6d582ca21292 Ensure capital planning and investment requests include necessary resources Regulatory Compliance ISO27001-2013 C.5.1.f ISO27001-2013_C.5.1.f ISO 27001:2013 C.5.1.f Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership Regulatory Compliance ISO27001-2013 C.5.1.f ISO27001-2013_C.5.1.f ISO 27001:2013 C.5.1.f Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance ISO27001-2013 C.5.1.g ISO27001-2013_C.5.1.g ISO 27001:2013 C.5.1.g Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39999038-9ef1-602a-158c-ce2367185230 Define performance metrics Regulatory Compliance ISO27001-2013 C.5.1.g ISO27001-2013_C.5.1.g ISO 27001:2013 C.5.1.g Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance ISO27001-2013 C.5.1.g ISO27001-2013_C.5.1.g ISO 27001:2013 C.5.1.g Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance ISO27001-2013 C.5.1.h ISO27001-2013_C.5.1.h ISO 27001:2013 C.5.1.h Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.a ISO27001-2013_C.5.2.a ISO 27001:2013 C.5.2.a Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance ISO27001-2013 C.5.2.a ISO27001-2013_C.5.2.a ISO 27001:2013 C.5.2.a Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance ISO27001-2013 C.5.2.a ISO27001-2013_C.5.2.a ISO 27001:2013 C.5.2.a Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.a ISO27001-2013_C.5.2.a ISO 27001:2013 C.5.2.a Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance ISO27001-2013 C.5.2.b ISO27001-2013_C.5.2.b ISO 27001:2013 C.5.2.b Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.b ISO27001-2013_C.5.2.b ISO 27001:2013 C.5.2.b Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance ISO27001-2013 C.5.2.b ISO27001-2013_C.5.2.b ISO 27001:2013 C.5.2.b Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.b ISO27001-2013_C.5.2.b ISO 27001:2013 C.5.2.b Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance ISO27001-2013 C.5.2.e ISO27001-2013_C.5.2.e ISO 27001:2013 C.5.2.e Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.e ISO27001-2013_C.5.2.e ISO 27001:2013 C.5.2.e Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance ISO27001-2013 C.5.2.e ISO27001-2013_C.5.2.e ISO 27001:2013 C.5.2.e Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.e ISO27001-2013_C.5.2.e ISO 27001:2013 C.5.2.e Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance ISO27001-2013 C.5.2.f ISO27001-2013_C.5.2.f ISO 27001:2013 C.5.2.f Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance ISO27001-2013 C.5.2.f ISO27001-2013_C.5.2.f ISO 27001:2013 C.5.2.f Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.f ISO27001-2013_C.5.2.f ISO 27001:2013 C.5.2.f Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.f ISO27001-2013_C.5.2.f ISO 27001:2013 C.5.2.f Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance ISO27001-2013 C.5.2.g ISO27001-2013_C.5.2.g ISO 27001:2013 C.5.2.g Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance ISO27001-2013 C.5.3.b ISO27001-2013_C.5.3.b ISO 27001:2013 C.5.3.b Organizational roles, responsibilities and authorities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39999038-9ef1-602a-158c-ce2367185230 Define performance metrics Regulatory Compliance ISO27001-2013 C.5.3.b ISO27001-2013_C.5.3.b ISO 27001:2013 C.5.3.b Organizational roles, responsibilities and authorities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.1.a ISO27001-2013_C.6.1.1.a ISO 27001:2013 C.6.1.1.a General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance ISO27001-2013 C.6.1.1.a ISO27001-2013_C.6.1.1.a ISO 27001:2013 C.6.1.1.a General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.1.a ISO27001-2013_C.6.1.1.a ISO 27001:2013 C.6.1.1.a General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.1.b ISO27001-2013_C.6.1.1.b ISO 27001:2013 C.6.1.1.b General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.1.b ISO27001-2013_C.6.1.1.b ISO 27001:2013 C.6.1.1.b General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance ISO27001-2013 C.6.1.1.b ISO27001-2013_C.6.1.1.b ISO 27001:2013 C.6.1.1.b General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.1.c ISO27001-2013_C.6.1.1.c ISO 27001:2013 C.6.1.1.c General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance ISO27001-2013 C.6.1.1.c ISO27001-2013_C.6.1.1.c ISO 27001:2013 C.6.1.1.c General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.1.c ISO27001-2013_C.6.1.1.c ISO 27001:2013 C.6.1.1.c General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance ISO27001-2013 C.6.1.1.d ISO27001-2013_C.6.1.1.d ISO 27001:2013 C.6.1.1.d General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.1.d ISO27001-2013_C.6.1.1.d ISO 27001:2013 C.6.1.1.d General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.1.d ISO27001-2013_C.6.1.1.d ISO 27001:2013 C.6.1.1.d General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.1.e.1 ISO27001-2013_C.6.1.1.e.1 ISO 27001:2013 C.6.1.1.e.1 General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance ISO27001-2013 C.6.1.1.e.1 ISO27001-2013_C.6.1.1.e.1 ISO 27001:2013 C.6.1.1.e.1 General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.1.e.1 ISO27001-2013_C.6.1.1.e.1 ISO 27001:2013 C.6.1.1.e.1 General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.1.e.2 ISO27001-2013_C.6.1.1.e.2 ISO 27001:2013 C.6.1.1.e.2 General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.1.e.2 ISO27001-2013_C.6.1.1.e.2 ISO 27001:2013 C.6.1.1.e.2 General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance ISO27001-2013 C.6.1.1.e.2 ISO27001-2013_C.6.1.1.e.2 ISO 27001:2013 C.6.1.1.e.2 General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.2.a.1 ISO27001-2013_C.6.1.2.a.1 ISO 27001:2013 C.6.1.2.a.1 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.2.a.1 ISO27001-2013_C.6.1.2.a.1 ISO 27001:2013 C.6.1.2.a.1 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.2.a.2 ISO27001-2013_C.6.1.2.a.2 ISO 27001:2013 C.6.1.2.a.2 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.2.a.2 ISO27001-2013_C.6.1.2.a.2 ISO 27001:2013 C.6.1.2.a.2 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.2.b ISO27001-2013_C.6.1.2.b ISO 27001:2013 C.6.1.2.b Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.2.c.1 ISO27001-2013_C.6.1.2.c.1 ISO 27001:2013 C.6.1.2.c.1 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance ISO27001-2013 C.6.1.2.c.1 ISO27001-2013_C.6.1.2.c.1 ISO 27001:2013 C.6.1.2.c.1 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance ISO27001-2013 C.6.1.2.c.2 ISO27001-2013_C.6.1.2.c.2 ISO 27001:2013 C.6.1.2.c.2 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.2.c.2 ISO27001-2013_C.6.1.2.c.2 ISO 27001:2013 C.6.1.2.c.2 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance ISO27001-2013 C.6.1.2.d.1 ISO27001-2013_C.6.1.2.d.1 ISO 27001:2013 C.6.1.2.d.1 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.2.d.1 ISO27001-2013_C.6.1.2.d.1 ISO 27001:2013 C.6.1.2.d.1 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.2.d.2 ISO27001-2013_C.6.1.2.d.2 ISO 27001:2013 C.6.1.2.d.2 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance ISO27001-2013 C.6.1.2.d.2 ISO27001-2013_C.6.1.2.d.2 ISO 27001:2013 C.6.1.2.d.2 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance ISO27001-2013 C.6.1.2.d.3 ISO27001-2013_C.6.1.2.d.3 ISO 27001:2013 C.6.1.2.d.3 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.2.d.3 ISO27001-2013_C.6.1.2.d.3 ISO 27001:2013 C.6.1.2.d.3 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance ISO27001-2013 C.6.1.2.e.1 ISO27001-2013_C.6.1.2.e.1 ISO 27001:2013 C.6.1.2.e.1 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.2.e.1 ISO27001-2013_C.6.1.2.e.1 ISO 27001:2013 C.6.1.2.e.1 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance ISO27001-2013 C.6.1.2.e.2 ISO27001-2013_C.6.1.2.e.2 ISO 27001:2013 C.6.1.2.e.2 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.2.e.2 ISO27001-2013_C.6.1.2.e.2 ISO 27001:2013 C.6.1.2.e.2 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance ISO27001-2013 C.6.1.3.a ISO27001-2013_C.6.1.3.a ISO 27001:2013 C.6.1.3.a Information security risk treatment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance ISO27001-2013 C.6.1.3.b ISO27001-2013_C.6.1.3.b ISO 27001:2013 C.6.1.3.b Information security risk treatment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance ISO27001-2013 C.6.1.3.c ISO27001-2013_C.6.1.3.c ISO 27001:2013 C.6.1.3.c Information security risk treatment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance ISO27001-2013 C.6.1.3.d ISO27001-2013_C.6.1.3.d ISO 27001:2013 C.6.1.3.d Information security risk treatment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance ISO27001-2013 C.6.1.3.e ISO27001-2013_C.6.1.3.e ISO 27001:2013 C.6.1.3.e Information security risk treatment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance ISO27001-2013 C.6.1.3.f ISO27001-2013_C.6.1.3.f ISO 27001:2013 C.6.1.3.f Information security risk treatment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance ISO27001-2013 C.6.2.e ISO27001-2013_C.6.2.e ISO 27001:2013 C.6.2.e Information security objectives and planning to achieve them ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance ISO27001-2013 C.6.2.e ISO27001-2013_C.6.2.e ISO 27001:2013 C.6.2.e Information security objectives and planning to achieve them ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
06af77de-02ca-0f3e-838a-a9420fe466f5 Establish a discrete line item in budgeting documentation Regulatory Compliance ISO27001-2013 C.7.1 ISO27001-2013_C.7.1 ISO 27001:2013 C.7.1 Resources ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2d14ff7e-6ff9-838c-0cde-4962ccdb1689 Employ business case to record the resources required Regulatory Compliance ISO27001-2013 C.7.1 ISO27001-2013_C.7.1 ISO 27001:2013 C.7.1 Resources ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
464a7d7a-2358-4869-0b49-6d582ca21292 Ensure capital planning and investment requests include necessary resources Regulatory Compliance ISO27001-2013 C.7.1 ISO27001-2013_C.7.1 ISO 27001:2013 C.7.1 Resources ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources Regulatory Compliance ISO27001-2013 C.7.1 ISO27001-2013_C.7.1 ISO 27001:2013 C.7.1 Resources ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership Regulatory Compliance ISO27001-2013 C.7.1 ISO27001-2013_C.7.1 ISO 27001:2013 C.7.1 Resources ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ab02bb73-4ce1-89dd-3905-d93042809ba0 Align business objectives and IT goals Regulatory Compliance ISO27001-2013 C.7.1 ISO27001-2013_C.7.1 ISO 27001:2013 C.7.1 Resources ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
90a156a6-49ed-18d1-1052-69aac27c05cd Allocate resources in determining information system requirements Regulatory Compliance ISO27001-2013 C.7.1 ISO27001-2013_C.7.1 ISO 27001:2013 C.7.1 Resources ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance ISO27001-2013 C.7.2.a ISO27001-2013_C.7.2.a ISO 27001:2013 C.7.2.a Competence ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance ISO27001-2013 C.7.2.a ISO27001-2013_C.7.2.a ISO 27001:2013 C.7.2.a Competence ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance ISO27001-2013 C.7.2.a ISO27001-2013_C.7.2.a ISO 27001:2013 C.7.2.a Competence ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance ISO27001-2013 C.7.2.b ISO27001-2013_C.7.2.b ISO 27001:2013 C.7.2.b Competence ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance ISO27001-2013 C.7.2.c ISO27001-2013_C.7.2.c ISO 27001:2013 C.7.2.c Competence ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3153d9c0-2584-14d3-362d-578b01358aeb Retain training records Regulatory Compliance ISO27001-2013 C.7.2.d ISO27001-2013_C.7.2.d ISO 27001:2013 C.7.2.d Competence ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance ISO27001-2013 C.7.3.a ISO27001-2013_C.7.3.a ISO 27001:2013 C.7.3.a Awareness ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance ISO27001-2013 C.7.3.a ISO27001-2013_C.7.3.a ISO 27001:2013 C.7.3.a Awareness ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance ISO27001-2013 C.7.3.a ISO27001-2013_C.7.3.a ISO 27001:2013 C.7.3.a Awareness ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance ISO27001-2013 C.7.3.b ISO27001-2013_C.7.3.b ISO 27001:2013 C.7.3.b Awareness ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance ISO27001-2013 C.7.3.b ISO27001-2013_C.7.3.b ISO 27001:2013 C.7.3.b Awareness ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance ISO27001-2013 C.7.3.b ISO27001-2013_C.7.3.b ISO 27001:2013 C.7.3.b Awareness ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance ISO27001-2013 C.7.3.c ISO27001-2013_C.7.3.c ISO 27001:2013 C.7.3.c Awareness ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance ISO27001-2013 C.7.3.c ISO27001-2013_C.7.3.c ISO 27001:2013 C.7.3.c Awareness ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance ISO27001-2013 C.7.3.c ISO27001-2013_C.7.3.c ISO 27001:2013 C.7.3.c Awareness ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance ISO27001-2013 C.7.4.a ISO27001-2013_C.7.4.a ISO 27001:2013 C.7.4.a Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b4512986-80f5-1656-0c58-08866bd2673a Designate authorized personnel to post publicly accessible information Regulatory Compliance ISO27001-2013 C.7.4.a ISO27001-2013_C.7.4.a ISO 27001:2013 C.7.4.a Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance ISO27001-2013 C.7.4.a ISO27001-2013_C.7.4.a ISO 27001:2013 C.7.4.a Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance ISO27001-2013 C.7.4.a ISO27001-2013_C.7.4.a ISO 27001:2013 C.7.4.a Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance ISO27001-2013 C.7.4.b ISO27001-2013_C.7.4.b ISO 27001:2013 C.7.4.b Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance ISO27001-2013 C.7.4.b ISO27001-2013_C.7.4.b ISO 27001:2013 C.7.4.b Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b4512986-80f5-1656-0c58-08866bd2673a Designate authorized personnel to post publicly accessible information Regulatory Compliance ISO27001-2013 C.7.4.b ISO27001-2013_C.7.4.b ISO 27001:2013 C.7.4.b Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance ISO27001-2013 C.7.4.b ISO27001-2013_C.7.4.b ISO 27001:2013 C.7.4.b Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance ISO27001-2013 C.7.4.c ISO27001-2013_C.7.4.c ISO 27001:2013 C.7.4.c Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b4512986-80f5-1656-0c58-08866bd2673a Designate authorized personnel to post publicly accessible information Regulatory Compliance ISO27001-2013 C.7.4.c ISO27001-2013_C.7.4.c ISO 27001:2013 C.7.4.c Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance ISO27001-2013 C.7.4.c ISO27001-2013_C.7.4.c ISO 27001:2013 C.7.4.c Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance ISO27001-2013 C.7.4.c ISO27001-2013_C.7.4.c ISO 27001:2013 C.7.4.c Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance ISO27001-2013 C.7.4.d ISO27001-2013_C.7.4.d ISO 27001:2013 C.7.4.d Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance ISO27001-2013 C.7.4.d ISO27001-2013_C.7.4.d ISO 27001:2013 C.7.4.d Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b4512986-80f5-1656-0c58-08866bd2673a Designate authorized personnel to post publicly accessible information Regulatory Compliance ISO27001-2013 C.7.4.d ISO27001-2013_C.7.4.d ISO 27001:2013 C.7.4.d Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance ISO27001-2013 C.7.4.d ISO27001-2013_C.7.4.d ISO 27001:2013 C.7.4.d Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b4512986-80f5-1656-0c58-08866bd2673a Designate authorized personnel to post publicly accessible information Regulatory Compliance ISO27001-2013 C.7.4.e ISO27001-2013_C.7.4.e ISO 27001:2013 C.7.4.e Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance ISO27001-2013 C.7.4.e ISO27001-2013_C.7.4.e ISO 27001:2013 C.7.4.e Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance ISO27001-2013 C.7.4.e ISO27001-2013_C.7.4.e ISO 27001:2013 C.7.4.e Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance ISO27001-2013 C.7.4.e ISO27001-2013_C.7.4.e ISO 27001:2013 C.7.4.e Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance ISO27001-2013 C.7.5.2.c ISO27001-2013_C.7.5.2.c ISO 27001:2013 C.7.5.2.c Creating and updating ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance ISO27001-2013 C.7.5.3.a ISO27001-2013_C.7.5.3.a ISO 27001:2013 C.7.5.3.a Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance ISO27001-2013 C.7.5.3.b ISO27001-2013_C.7.5.3.b ISO 27001:2013 C.7.5.3.b Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance ISO27001-2013 C.7.5.3.b ISO27001-2013_C.7.5.3.b ISO 27001:2013 C.7.5.3.b Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance ISO27001-2013 C.7.5.3.b ISO27001-2013_C.7.5.3.b ISO 27001:2013 C.7.5.3.b Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance ISO27001-2013 C.7.5.3.c ISO27001-2013_C.7.5.3.c ISO 27001:2013 C.7.5.3.c Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance ISO27001-2013 C.7.5.3.d ISO27001-2013_C.7.5.3.d ISO 27001:2013 C.7.5.3.d Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance ISO27001-2013 C.7.5.3.d ISO27001-2013_C.7.5.3.d ISO 27001:2013 C.7.5.3.d Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance ISO27001-2013 C.7.5.3.d ISO27001-2013_C.7.5.3.d ISO 27001:2013 C.7.5.3.d Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance ISO27001-2013 C.7.5.3.e ISO27001-2013_C.7.5.3.e ISO 27001:2013 C.7.5.3.e Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance ISO27001-2013 C.7.5.3.e ISO27001-2013_C.7.5.3.e ISO 27001:2013 C.7.5.3.e Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance ISO27001-2013 C.7.5.3.e ISO27001-2013_C.7.5.3.e ISO 27001:2013 C.7.5.3.e Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance ISO27001-2013 C.7.5.3.f ISO27001-2013_C.7.5.3.f ISO 27001:2013 C.7.5.3.f Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance ISO27001-2013 C.7.5.3.f ISO27001-2013_C.7.5.3.f ISO 27001:2013 C.7.5.3.f Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance ISO27001-2013 C.7.5.3.f ISO27001-2013_C.7.5.3.f ISO 27001:2013 C.7.5.3.f Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance ISO27001-2013 C.7.5.3.f ISO27001-2013_C.7.5.3.f ISO 27001:2013 C.7.5.3.f Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance ISO27001-2013 C.7.5.3.f ISO27001-2013_C.7.5.3.f ISO 27001:2013 C.7.5.3.f Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance ISO27001-2013 C.7.5.3.f ISO27001-2013_C.7.5.3.f ISO 27001:2013 C.7.5.3.f Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance ISO27001-2013 C.7.5.3.f ISO27001-2013_C.7.5.3.f ISO 27001:2013 C.7.5.3.f Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance ISO27001-2013 C.8.2 ISO27001-2013_C.8.2 ISO 27001:2013 C.8.2 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance ISO27001-2013 C.8.2 ISO27001-2013_C.8.2 ISO 27001:2013 C.8.2 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance ISO27001-2013 C.8.2 ISO27001-2013_C.8.2 ISO 27001:2013 C.8.2 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance ISO27001-2013 C.8.3 ISO27001-2013_C.8.3 ISO 27001:2013 C.8.3 Information security risk treatment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance ISO27001-2013 C.8.3 ISO27001-2013_C.8.3 ISO 27001:2013 C.8.3 Information security risk treatment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance ISO27001-2013 C.8.3 ISO27001-2013_C.8.3 ISO 27001:2013 C.8.3 Information security risk treatment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance ISO27001-2013 C.8.3 ISO27001-2013_C.8.3 ISO 27001:2013 C.8.3 Information security risk treatment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance ISO27001-2013 C.9.1.a ISO27001-2013_C.9.1.a ISO 27001:2013 C.9.1.a Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance ISO27001-2013 C.9.1.a ISO27001-2013_C.9.1.a ISO 27001:2013 C.9.1.a Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance ISO27001-2013 C.9.1.a ISO27001-2013_C.9.1.a ISO 27001:2013 C.9.1.a Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance ISO27001-2013 C.9.1.b ISO27001-2013_C.9.1.b ISO 27001:2013 C.9.1.b Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance ISO27001-2013 C.9.1.b ISO27001-2013_C.9.1.b ISO 27001:2013 C.9.1.b Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance ISO27001-2013 C.9.1.b ISO27001-2013_C.9.1.b ISO 27001:2013 C.9.1.b Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance ISO27001-2013 C.9.1.c ISO27001-2013_C.9.1.c ISO 27001:2013 C.9.1.c Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance ISO27001-2013 C.9.1.c ISO27001-2013_C.9.1.c ISO 27001:2013 C.9.1.c Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance ISO27001-2013 C.9.1.c ISO27001-2013_C.9.1.c ISO 27001:2013 C.9.1.c Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance ISO27001-2013 C.9.1.d ISO27001-2013_C.9.1.d ISO 27001:2013 C.9.1.d Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance ISO27001-2013 C.9.1.d ISO27001-2013_C.9.1.d ISO 27001:2013 C.9.1.d Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance ISO27001-2013 C.9.1.d ISO27001-2013_C.9.1.d ISO 27001:2013 C.9.1.d Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance ISO27001-2013 C.9.1.e ISO27001-2013_C.9.1.e ISO 27001:2013 C.9.1.e Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance ISO27001-2013 C.9.1.e ISO27001-2013_C.9.1.e ISO 27001:2013 C.9.1.e Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance ISO27001-2013 C.9.1.e ISO27001-2013_C.9.1.e ISO 27001:2013 C.9.1.e Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance ISO27001-2013 C.9.1.f ISO27001-2013_C.9.1.f ISO 27001:2013 C.9.1.f Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance ISO27001-2013 C.9.1.f ISO27001-2013_C.9.1.f ISO 27001:2013 C.9.1.f Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance ISO27001-2013 C.9.1.f ISO27001-2013_C.9.1.f ISO 27001:2013 C.9.1.f Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance ISO27001-2013 C.9.2.a.1 ISO27001-2013_C.9.2.a.1 ISO 27001:2013 C.9.2.a.1 Internal audit ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance ISO27001-2013 C.9.2.a.2 ISO27001-2013_C.9.2.a.2 ISO 27001:2013 C.9.2.a.2 Internal audit ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance ISO27001-2013 C.9.2.b ISO27001-2013_C.9.2.b ISO 27001:2013 C.9.2.b Internal audit ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance ISO27001-2013 C.9.2.c ISO27001-2013_C.9.2.c ISO 27001:2013 C.9.2.c Internal audit ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance ISO27001-2013 C.9.2.c ISO27001-2013_C.9.2.c ISO 27001:2013 C.9.2.c Internal audit ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance ISO27001-2013 C.9.2.d ISO27001-2013_C.9.2.d ISO 27001:2013 C.9.2.d Internal audit ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance ISO27001-2013 C.9.2.e ISO27001-2013_C.9.2.e ISO 27001:2013 C.9.2.e Internal audit ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de251b09-4a5e-1204-4bef-62ac58d47999 Adjust level of audit review, analysis, and reporting Regulatory Compliance ISO27001-2013 C.9.2.e ISO27001-2013_C.9.2.e ISO 27001:2013 C.9.2.e Internal audit ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance ISO27001-2013 C.9.2.e ISO27001-2013_C.9.2.e ISO 27001:2013 C.9.2.e Internal audit ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance ISO27001-2013 C.9.2.e ISO27001-2013_C.9.2.e ISO 27001:2013 C.9.2.e Internal audit ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b65c5d8e-9043-9612-2c17-65f231d763bb Employ independent assessors to conduct security control assessments Regulatory Compliance ISO27001-2013 C.9.2.e ISO27001-2013_C.9.2.e ISO 27001:2013 C.9.2.e Internal audit ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance ISO27001-2013 C.9.2.f ISO27001-2013_C.9.2.f ISO 27001:2013 C.9.2.f Internal audit ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance ISO27001-2013 C.9.2.g ISO27001-2013_C.9.2.g ISO 27001:2013 C.9.2.g Internal audit ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance ISO27001-2013 C.9.2.g ISO27001-2013_C.9.2.g ISO 27001:2013 C.9.2.g Internal audit ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance ISO27001-2013 C.9.2.g ISO27001-2013_C.9.2.g ISO 27001:2013 C.9.2.g Internal audit ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance ISO27001-2013 C.9.3.a ISO27001-2013_C.9.3.a ISO 27001:2013 C.9.3.a Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance ISO27001-2013 C.9.3.a ISO27001-2013_C.9.3.a ISO 27001:2013 C.9.3.a Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance ISO27001-2013 C.9.3.a ISO27001-2013_C.9.3.a ISO 27001:2013 C.9.3.a Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d93fe1be-13e4-421d-9c21-3158e2fa2667 Implement plans of action and milestones for security program process Regulatory Compliance ISO27001-2013 C.9.3.a ISO27001-2013_C.9.3.a ISO 27001:2013 C.9.3.a Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance ISO27001-2013 C.9.3.a ISO27001-2013_C.9.3.a ISO 27001:2013 C.9.3.a Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance ISO27001-2013 C.9.3.b ISO27001-2013_C.9.3.b ISO 27001:2013 C.9.3.b Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance ISO27001-2013 C.9.3.b ISO27001-2013_C.9.3.b ISO 27001:2013 C.9.3.b Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance ISO27001-2013 C.9.3.b ISO27001-2013_C.9.3.b ISO 27001:2013 C.9.3.b Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance ISO27001-2013 C.9.3.b ISO27001-2013_C.9.3.b ISO 27001:2013 C.9.3.b Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance ISO27001-2013 C.9.3.c.1 ISO27001-2013_C.9.3.c.1 ISO 27001:2013 C.9.3.c.1 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance ISO27001-2013 C.9.3.c.1 ISO27001-2013_C.9.3.c.1 ISO 27001:2013 C.9.3.c.1 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance ISO27001-2013 C.9.3.c.1 ISO27001-2013_C.9.3.c.1 ISO 27001:2013 C.9.3.c.1 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance ISO27001-2013 C.9.3.c.1 ISO27001-2013_C.9.3.c.1 ISO 27001:2013 C.9.3.c.1 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance ISO27001-2013 C.9.3.c.1 ISO27001-2013_C.9.3.c.1 ISO 27001:2013 C.9.3.c.1 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39999038-9ef1-602a-158c-ce2367185230 Define performance metrics Regulatory Compliance ISO27001-2013 C.9.3.c.1 ISO27001-2013_C.9.3.c.1 ISO 27001:2013 C.9.3.c.1 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance ISO27001-2013 C.9.3.c.2 ISO27001-2013_C.9.3.c.2 ISO 27001:2013 C.9.3.c.2 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance ISO27001-2013 C.9.3.c.2 ISO27001-2013_C.9.3.c.2 ISO 27001:2013 C.9.3.c.2 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance ISO27001-2013 C.9.3.c.2 ISO27001-2013_C.9.3.c.2 ISO 27001:2013 C.9.3.c.2 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance ISO27001-2013 C.9.3.c.2 ISO27001-2013_C.9.3.c.2 ISO 27001:2013 C.9.3.c.2 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance ISO27001-2013 C.9.3.c.3 ISO27001-2013_C.9.3.c.3 ISO 27001:2013 C.9.3.c.3 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39999038-9ef1-602a-158c-ce2367185230 Define performance metrics Regulatory Compliance ISO27001-2013 C.9.3.c.3 ISO27001-2013_C.9.3.c.3 ISO 27001:2013 C.9.3.c.3 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance ISO27001-2013 C.9.3.c.3 ISO27001-2013_C.9.3.c.3 ISO 27001:2013 C.9.3.c.3 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance ISO27001-2013 C.9.3.c.3 ISO27001-2013_C.9.3.c.3 ISO 27001:2013 C.9.3.c.3 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance ISO27001-2013 C.9.3.c.4 ISO27001-2013_C.9.3.c.4 ISO 27001:2013 C.9.3.c.4 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39999038-9ef1-602a-158c-ce2367185230 Define performance metrics Regulatory Compliance ISO27001-2013 C.9.3.c.4 ISO27001-2013_C.9.3.c.4 ISO 27001:2013 C.9.3.c.4 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance ISO27001-2013 C.9.3.c.4 ISO27001-2013_C.9.3.c.4 ISO 27001:2013 C.9.3.c.4 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance ISO27001-2013 C.9.3.c.4 ISO27001-2013_C.9.3.c.4 ISO 27001:2013 C.9.3.c.4 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance ISO27001-2013 C.9.3.d ISO27001-2013_C.9.3.d ISO 27001:2013 C.9.3.d Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance ISO27001-2013 C.9.3.d ISO27001-2013_C.9.3.d ISO 27001:2013 C.9.3.d Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance ISO27001-2013 C.9.3.d ISO27001-2013_C.9.3.d ISO 27001:2013 C.9.3.d Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance ISO27001-2013 C.9.3.e ISO27001-2013_C.9.3.e ISO 27001:2013 C.9.3.e Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance ISO27001-2013 C.9.3.e ISO27001-2013_C.9.3.e ISO 27001:2013 C.9.3.e Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance ISO27001-2013 C.9.3.e ISO27001-2013_C.9.3.e ISO 27001:2013 C.9.3.e Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance ISO27001-2013 C.9.3.f ISO27001-2013_C.9.3.f ISO 27001:2013 C.9.3.f Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance ISO27001-2013 C.9.3.f ISO27001-2013_C.9.3.f ISO 27001:2013 C.9.3.f Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance ISO27001-2013 C.9.3.f ISO27001-2013_C.9.3.f ISO 27001:2013 C.9.3.f Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer LGPD_2018_Art. 16 LGPD_2018_Art._16 Brazilian General Data Protection Law (LGPD) 2018 Art. 16 Art. 16. Personal data shall be deleted following the termination of their processing Brazilian General Data Protection Law (LGPD) 2018 (770977b7-fceb-4c16-9d09-b7484fb8eef2)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring LGPD_2018_Art. 16 LGPD_2018_Art._16 Brazilian General Data Protection Law (LGPD) 2018 Art. 16 Art. 16. Personal data shall be deleted following the termination of their processing Brazilian General Data Protection Law (LGPD) 2018 (770977b7-fceb-4c16-9d09-b7484fb8eef2)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer LGPD_2018_Art. 16 LGPD_2018_Art._16 Brazilian General Data Protection Law (LGPD) 2018 Art. 16 Art. 16. Personal data shall be deleted following the termination of their processing Brazilian General Data Protection Law (LGPD) 2018 (770977b7-fceb-4c16-9d09-b7484fb8eef2)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage LGPD_2018_Art. 16 LGPD_2018_Art._16 Brazilian General Data Protection Law (LGPD) 2018 Art. 16 Art. 16. Personal data shall be deleted following the termination of their processing Brazilian General Data Protection Law (LGPD) 2018 (770977b7-fceb-4c16-9d09-b7484fb8eef2)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR LGPD_2018_Art. 16 LGPD_2018_Art._16 Brazilian General Data Protection Law (LGPD) 2018 Art. 16 Art. 16. Personal data shall be deleted following the termination of their processing Brazilian General Data Protection Law (LGPD) 2018 (770977b7-fceb-4c16-9d09-b7484fb8eef2)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage LGPD_2018_Art. 16 LGPD_2018_Art._16 Brazilian General Data Protection Law (LGPD) 2018 Art. 16 Art. 16. Personal data shall be deleted following the termination of their processing Brazilian General Data Protection Law (LGPD) 2018 (770977b7-fceb-4c16-9d09-b7484fb8eef2)
ca88aadc-6e2b-416c-9de2-5a0f01d1693f Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration LGPD_2018_Art. 16 LGPD_2018_Art._16 Brazilian General Data Protection Law (LGPD) 2018 Art. 16 Art. 16. Personal data shall be deleted following the termination of their processing Brazilian General Data Protection Law (LGPD) 2018 (770977b7-fceb-4c16-9d09-b7484fb8eef2)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance LGPD_2018_Art. 16 LGPD_2018_Art._16 Brazilian General Data Protection Law (LGPD) 2018 Art. 16 Art. 16. Personal data shall be deleted following the termination of their processing Brazilian General Data Protection Law (LGPD) 2018 (770977b7-fceb-4c16-9d09-b7484fb8eef2)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL LGPD_2018_Art. 16 LGPD_2018_Art._16 Brazilian General Data Protection Law (LGPD) 2018 Art. 16 Art. 16. Personal data shall be deleted following the termination of their processing Brazilian General Data Protection Law (LGPD) 2018 (770977b7-fceb-4c16-9d09-b7484fb8eef2)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration LGPD_2018_Art. 16 LGPD_2018_Art._16 Brazilian General Data Protection Law (LGPD) 2018 Art. 16 Art. 16. Personal data shall be deleted following the termination of their processing Brazilian General Data Protection Law (LGPD) 2018 (770977b7-fceb-4c16-9d09-b7484fb8eef2)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute LGPD_2018_Art. 16 LGPD_2018_Art._16 Brazilian General Data Protection Law (LGPD) 2018 Art. 16 Art. 16. Personal data shall be deleted following the termination of their processing Brazilian General Data Protection Law (LGPD) 2018 (770977b7-fceb-4c16-9d09-b7484fb8eef2)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration LGPD_2018_Art. 16 LGPD_2018_Art._16 Brazilian General Data Protection Law (LGPD) 2018 Art. 16 Art. 16. Personal data shall be deleted following the termination of their processing Brazilian General Data Protection Law (LGPD) 2018 (770977b7-fceb-4c16-9d09-b7484fb8eef2)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute LGPD_2018_Art. 16 LGPD_2018_Art._16 Brazilian General Data Protection Law (LGPD) 2018 Art. 16 Art. 16. Personal data shall be deleted following the termination of their processing Brazilian General Data Protection Law (LGPD) 2018 (770977b7-fceb-4c16-9d09-b7484fb8eef2)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation LGPD_2018_Art. 16 LGPD_2018_Art._16 Brazilian General Data Protection Law (LGPD) 2018 Art. 16 Art. 16. Personal data shall be deleted following the termination of their processing Brazilian General Data Protection Law (LGPD) 2018 (770977b7-fceb-4c16-9d09-b7484fb8eef2)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL LGPD_2018_Art. 16 LGPD_2018_Art._16 Brazilian General Data Protection Law (LGPD) 2018 Art. 16 Art. 16. Personal data shall be deleted following the termination of their processing Brazilian General Data Protection Law (LGPD) 2018 (770977b7-fceb-4c16-9d09-b7484fb8eef2)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL LGPD_2018_Art. 16 LGPD_2018_Art._16 Brazilian General Data Protection Law (LGPD) 2018 Art. 16 Art. 16. Personal data shall be deleted following the termination of their processing Brazilian General Data Protection Law (LGPD) 2018 (770977b7-fceb-4c16-9d09-b7484fb8eef2)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center LGPD_2018_Art. 16 LGPD_2018_Art._16 Brazilian General Data Protection Law (LGPD) 2018 Art. 16 Art. 16. Personal data shall be deleted following the termination of their processing Brazilian General Data Protection Law (LGPD) 2018 (770977b7-fceb-4c16-9d09-b7484fb8eef2)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics LGPD_2018_Art. 16 LGPD_2018_Art._16 Brazilian General Data Protection Law (LGPD) 2018 Art. 16 Art. 16. Personal data shall be deleted following the termination of their processing Brazilian General Data Protection Law (LGPD) 2018 (770977b7-fceb-4c16-9d09-b7484fb8eef2)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center LGPD_2018_Art. 48 LGPD_2018_Art._48 Brazilian General Data Protection Law (LGPD) 2018 Art. 48 Article 48: Personal Data Security Incidents Brazilian General Data Protection Law (LGPD) 2018 (770977b7-fceb-4c16-9d09-b7484fb8eef2)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5e7e928c-8693-4a23-9bf3-1c77b9a8fe97 Azure Attestation providers should disable public network access Attestation mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
56fd377d-098c-4f02-8406-81eb055902b8 IP firewall rules on Azure Synapse workspaces should be removed Synapse mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2982f36-99f2-4db5-8eff-283140c09693 Storage accounts should disable public network access Storage mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
21a9766a-82a5-4747-abb5-650b6dbba6d0 Azure SignalR Service should disable public network access SignalR mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4598f028-de1f-4694-8751-84dceb5f86b9 Azure Web Application Firewall on Azure Front Door should have request body inspection enabled Network mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
43bc7be6-5e69-4b0d-a2bb-e815557ca673 Public network access on Azure Data Explorer should be disabled Azure Data Explorer mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
425bea59-a659-4cbb-8d31-34499bd030b8 Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service Network mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c14b034-bcb6-4905-94e7-5b8e98a47b65 PostgreSQL server should use a virtual network service endpoint SQL mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ac673a9a-f77d-4846-b2d8-a57f8e1c01dc Configure key vaults to enable firewall Key Vault mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3375856c-3824-4e0e-ae6a-79e011dd4c47 MySQL server should use a virtual network service endpoint SQL mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a06d0189-92e8-4dba-b0c4-08d7669fce7d Configure storage accounts to disable public network access Storage mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e52e8487-4a97-48ac-b3e6-1c3cef45d298 Enable Rate Limit rule to protect against DDoS attacks on Azure Front Door WAF Network mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dfbd9a64-6114-48de-a47d-90574dc2e489 MariaDB server should use a virtual network service endpoint SQL mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
882e19a6-996f-400e-a30f-c090887254f4 Migrate WAF from WAF Config to WAF Policy on Application Gateway Network mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd870362-211d-4cad-9ad9-11e5ea4ebbc1 Public network access should be disabled for IoT Central Internet of Things mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ca85ef9a-741d-461d-8b7a-18c2da82c666 Azure Web Application Firewall on Azure Application Gateway should have request body inspection enabled Network mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
62a3ae95-8169-403e-a2d2-b82141448092 Modify Azure SignalR Service resources to disable public network access SignalR mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0961003e-5a0a-4549-abde-af6a37f2724d [Deprecated]: Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources Security Center mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3153d9c0-2584-14d3-362d-578b01358aeb Retain training records Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b544f797-a73b-1be3-6d01-6b1a085376bc Establish information security workforce development and improvement program Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e4054c0e-1184-09e6-4c5e-701e0bc90f81 Report atypical behavior of user accounts Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c8aa992d-76b7-7ca0-07b3-31a58d773fa9 Employ automated training environment Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91a54089-2d69-0f56-62dc-b6371a1671c0 Resume all mission and business functions Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
11ba0508-58a8-44de-5f3a-9e05d80571da Develop business classification schemes Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6c79c3e5-5f7b-a48a-5c7b-8c158bc01115 Ensure security categorization is approved Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
93fa357f-2e38-22a9-5138-8cc5124e1923 Categorize information Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91a54089-2d69-0f56-62dc-b6371a1671c0 Resume all mission and business functions Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
25a1f840-65d0-900a-43e4-bee253de04de Define requirements for managing assets Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ce91e4e-6dab-3c46-011a-aa14ae1561bf Maintain list of authorized remote maintenance personnel Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d Manage maintenance personnel Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7a489c62-242c-5db9-74df-c073056d6fa3 Designate personnel to supervise unauthorized maintenance activities Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d Manage maintenance personnel Regulatory Compliance mp.if.2 Identification of persons mp.if.2 Identification of persons 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7a489c62-242c-5db9-74df-c073056d6fa3 Designate personnel to supervise unauthorized maintenance activities Regulatory Compliance mp.if.2 Identification of persons mp.if.2 Identification of persons 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ce91e4e-6dab-3c46-011a-aa14ae1561bf Maintain list of authorized remote maintenance personnel Regulatory Compliance mp.if.2 Identification of persons mp.if.2 Identification of persons 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance mp.if.2 Identification of persons mp.if.2 Identification of persons 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance mp.if.2 Identification of persons mp.if.2 Identification of persons 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance mp.if.2 Identification of persons mp.if.2 Identification of persons 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance mp.if.2 Identification of persons mp.if.2 Identification of persons 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance mp.if.2 Identification of persons mp.if.2 Identification of persons 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance mp.if.2 Identification of persons mp.if.2 Identification of persons 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance mp.if.2 Identification of persons mp.if.2 Identification of persons 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance mp.if.2 Identification of persons mp.if.2 Identification of persons 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance mp.if.2 Identification of persons mp.if.2 Identification of persons 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance mp.if.2 Identification of persons mp.if.2 Identification of persons 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa892c0d-2c40-200c-0dd8-eac8c4748ede Employ automatic emergency lighting Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
58a51cde-008b-1a5d-61b5-d95849770677 Test the business continuity and disaster recovery plan Regulatory Compliance mp.if.4 Electrical energy mp.if.4 Electrical energy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa892c0d-2c40-200c-0dd8-eac8c4748ede Employ automatic emergency lighting Regulatory Compliance mp.if.4 Electrical energy mp.if.4 Electrical energy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers Regulatory Compliance mp.if.4 Electrical energy mp.if.4 Electrical energy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8bfdbaa6-6824-3fec-9b06-7961bf7389a6 Initiate contingency plan testing corrective actions Regulatory Compliance mp.if.4 Electrical energy mp.if.4 Electrical energy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance mp.if.4 Electrical energy mp.if.4 Electrical energy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance mp.if.4 Electrical energy mp.if.4 Electrical energy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance mp.if.4 Electrical energy mp.if.4 Electrical energy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5d3abfea-a130-1208-29c0-e57de80aa6b0 Review the results of contingency plan testing Regulatory Compliance mp.if.4 Electrical energy mp.if.4 Electrical energy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site Regulatory Compliance mp.if.5 Fire protection mp.if.5 Fire protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance mp.if.5 Fire protection mp.if.5 Fire protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance mp.if.5 Fire protection mp.if.5 Fire protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance mp.if.5 Fire protection mp.if.5 Fire protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance mp.if.5 Fire protection mp.if.5 Fire protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance mp.if.5 Fire protection mp.if.5 Fire protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance mp.if.5 Fire protection mp.if.5 Fire protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance mp.if.5 Fire protection mp.if.5 Fire protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance mp.if.5 Fire protection mp.if.5 Fire protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance mp.if.5 Fire protection mp.if.5 Fire protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance mp.if.5 Fire protection mp.if.5 Fire protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance mp.if.5 Fire protection mp.if.5 Fire protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance mp.if.5 Fire protection mp.if.5 Fire protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance mp.if.5 Fire protection mp.if.5 Fire protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance mp.if.5 Fire protection mp.if.5 Fire protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance mp.if.5 Fire protection mp.if.5 Fire protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance mp.if.6 Flood protection mp.if.6 Flood protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance mp.if.6 Flood protection mp.if.6 Flood protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance mp.if.6 Flood protection mp.if.6 Flood protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site Regulatory Compliance mp.if.6 Flood protection mp.if.6 Flood protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance mp.if.6 Flood protection mp.if.6 Flood protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance mp.if.6 Flood protection mp.if.6 Flood protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance mp.if.6 Flood protection mp.if.6 Flood protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance mp.if.6 Flood protection mp.if.6 Flood protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance mp.if.6 Flood protection mp.if.6 Flood protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance mp.if.6 Flood protection mp.if.6 Flood protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance mp.if.6 Flood protection mp.if.6 Flood protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance mp.if.6 Flood protection mp.if.6 Flood protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance mp.if.6 Flood protection mp.if.6 Flood protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance mp.if.6 Flood protection mp.if.6 Flood protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance mp.if.6 Flood protection mp.if.6 Flood protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance mp.if.6 Flood protection mp.if.6 Flood protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance mp.if.7 Recording of entries and exits of equipment mp.if.7 Recording of entries and exits of equipment 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance mp.if.7 Recording of entries and exits of equipment mp.if.7 Recording of entries and exits of equipment 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance mp.if.7 Recording of entries and exits of equipment mp.if.7 Recording of entries and exits of equipment 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance mp.if.7 Recording of entries and exits of equipment mp.if.7 Recording of entries and exits of equipment 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance mp.if.7 Recording of entries and exits of equipment mp.if.7 Recording of entries and exits of equipment 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d Manage maintenance personnel Regulatory Compliance mp.if.7 Recording of entries and exits of equipment mp.if.7 Recording of entries and exits of equipment 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7a489c62-242c-5db9-74df-c073056d6fa3 Designate personnel to supervise unauthorized maintenance activities Regulatory Compliance mp.if.7 Recording of entries and exits of equipment mp.if.7 Recording of entries and exits of equipment 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ce91e4e-6dab-3c46-011a-aa14ae1561bf Maintain list of authorized remote maintenance personnel Regulatory Compliance mp.if.7 Recording of entries and exits of equipment mp.if.7 Recording of entries and exits of equipment 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance mp.if.7 Recording of entries and exits of equipment mp.if.7 Recording of entries and exits of equipment 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance mp.if.7 Recording of entries and exits of equipment mp.if.7 Recording of entries and exits of equipment 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance mp.if.7 Recording of entries and exits of equipment mp.if.7 Recording of entries and exits of equipment 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance mp.if.7 Recording of entries and exits of equipment mp.if.7 Recording of entries and exits of equipment 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2e7a98c9-219f-0d58-38dc-d69038224442 Protect the information security program plan Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e400494-53a5-5147-6f4d-718b539c7394 Manage compliance activities Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
11ba0508-58a8-44de-5f3a-9e05d80571da Develop business classification schemes Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
93fa357f-2e38-22a9-5138-8cc5124e1923 Categorize information Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6c79c3e5-5f7b-a48a-5c7b-8c158bc01115 Ensure security categorization is approved Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
678ca228-042d-6d8e-a598-c58d5670437d Prohibit remote activation of collaborative computing devices Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
62fa14f0-4cbe-762d-5469-0899a99b98aa Explicitly notify use of collaborative computing devices Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ee67c031-57fc-53d0-0cca-96c4c04345e8 Document and distribute a privacy policy Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1ee4c7eb-480a-0007-77ff-4ba370776266 Use system clocks for audit records Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
214ea241-010d-8926-44cc-b90a96d52adc Compile Audit records into system wide audit Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance mp.info.5 Clean-up of documents mp.info.5 Clean-up of documents 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance mp.info.5 Clean-up of documents mp.info.5 Clean-up of documents 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance mp.info.5 Clean-up of documents mp.info.5 Clean-up of documents 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance mp.info.5 Clean-up of documents mp.info.5 Clean-up of documents 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2e7a98c9-219f-0d58-38dc-d69038224442 Protect the information security program plan Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83644c87-93dd-49fe-bf9f-6aff8fd0834e Configure backup on virtual machines with a given tag to a new recovery services vault with a default policy Backup mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
09ce66bc-1220-4153-8104-e3f51c936913 Configure backup on virtual machines without a given tag to an existing recovery services vault in the same location Backup mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ba02d0a0-566a-25dc-73f1-101c726a19c5 Implement transaction based recovery Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
25a1f840-65d0-900a-43e4-bee253de04de Define requirements for managing assets Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
958dbd4e-0e20-4385-a082-d3f20c2a6ad8 [Preview]: Configure blob backup for all storage accounts that do not contain a given tag to a backup vault in the same region Backup mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
615b01c4-d565-4f6f-8c6e-d130268e3a1a [Preview]: Configure backup for blobs on storage accounts with a given tag to an existing backup vault in the same region Backup mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91a54089-2d69-0f56-62dc-b6371a1671c0 Resume all mission and business functions Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c42f19c9-5d88-92da-0742-371a0ea03126 Clear personnel with access to classified information Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c981fa70-2e58-8141-1457-e7f62ebc2ade Document organizational access agreements Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e7589f4e-1e8b-72c2-3692-1e14d7f3699f Ensure access agreements are signed or resigned timely Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e21f91d1-2803-0282-5f2d-26ebc4b170ef Update organizational access agreements Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c6aeb800-0b19-944d-92dc-59b893722329 Rescreen individuals at a defined frequency Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3153d9c0-2584-14d3-362d-578b01358aeb Retain training records Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b544f797-a73b-1be3-6d01-6b1a085376bc Establish information security workforce development and improvement program Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c8aa992d-76b7-7ca0-07b3-31a58d773fa9 Employ automated training environment Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3af53f59-979f-24a8-540f-d7cdbc366607 Require users to sign access agreement Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e0c480bf-0d68-a42d-4cbb-b60f851f8716 Implement personnel screening Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1beb1269-62ee-32cd-21ad-43d6c9750eb6 Ensure privacy program information is publicly available Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e21f91d1-2803-0282-5f2d-26ebc4b170ef Update organizational access agreements Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e7589f4e-1e8b-72c2-3692-1e14d7f3699f Ensure access agreements are signed or resigned timely Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c981fa70-2e58-8141-1457-e7f62ebc2ade Document organizational access agreements Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3af53f59-979f-24a8-540f-d7cdbc366607 Require users to sign access agreement Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1beb1269-62ee-32cd-21ad-43d6c9750eb6 Ensure privacy program information is publicly available Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information Regulatory Compliance mp.per.3 Awareness mp.per.3 Awareness 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance mp.per.3 Awareness mp.per.3 Awareness 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3153d9c0-2584-14d3-362d-578b01358aeb Retain training records Regulatory Compliance mp.per.3 Awareness mp.per.3 Awareness 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance mp.per.3 Awareness mp.per.3 Awareness 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance mp.per.3 Awareness mp.per.3 Awareness 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance mp.per.3 Awareness mp.per.3 Awareness 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c8aa992d-76b7-7ca0-07b3-31a58d773fa9 Employ automated training environment Regulatory Compliance mp.per.3 Awareness mp.per.3 Awareness 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance mp.per.3 Awareness mp.per.3 Awareness 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance mp.per.3 Awareness mp.per.3 Awareness 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance mp.per.3 Awareness mp.per.3 Awareness 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance mp.per.3 Awareness mp.per.3 Awareness 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance mp.per.3 Awareness mp.per.3 Awareness 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance mp.per.3 Awareness mp.per.3 Awareness 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance mp.per.3 Awareness mp.per.3 Awareness 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b544f797-a73b-1be3-6d01-6b1a085376bc Establish information security workforce development and improvement program Regulatory Compliance mp.per.3 Awareness mp.per.3 Awareness 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c8aa992d-76b7-7ca0-07b3-31a58d773fa9 Employ automated training environment Regulatory Compliance mp.per.4 Training mp.per.4 Training 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance mp.per.4 Training mp.per.4 Training 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance mp.per.4 Training mp.per.4 Training 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance mp.per.4 Training mp.per.4 Training 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3153d9c0-2584-14d3-362d-578b01358aeb Retain training records Regulatory Compliance mp.per.4 Training mp.per.4 Training 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance mp.per.4 Training mp.per.4 Training 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance mp.per.4 Training mp.per.4 Training 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance mp.per.4 Training mp.per.4 Training 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance mp.per.4 Training mp.per.4 Training 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance mp.per.4 Training mp.per.4 Training 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance mp.per.4 Training mp.per.4 Training 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b544f797-a73b-1be3-6d01-6b1a085376bc Establish information security workforce development and improvement program Regulatory Compliance mp.per.4 Training mp.per.4 Training 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information Regulatory Compliance mp.per.4 Training mp.per.4 Training 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance mp.per.4 Training mp.per.4 Training 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c8aa992d-76b7-7ca0-07b3-31a58d773fa9 Employ automated training environment Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1beb1269-62ee-32cd-21ad-43d6c9750eb6 Ensure privacy program information is publicly available Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b544f797-a73b-1be3-6d01-6b1a085376bc Establish information security workforce development and improvement program Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3153d9c0-2584-14d3-362d-578b01358aeb Retain training records Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e21f91d1-2803-0282-5f2d-26ebc4b170ef Update organizational access agreements Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c981fa70-2e58-8141-1457-e7f62ebc2ade Document organizational access agreements Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3af53f59-979f-24a8-540f-d7cdbc366607 Require users to sign access agreement Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e7589f4e-1e8b-72c2-3692-1e14d7f3699f Ensure access agreements are signed or resigned timely Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f8d141b7-4e21-62a6-6608-c79336e36bc9 Establish privacy requirements for contractors and service providers Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2e7a98c9-219f-0d58-38dc-d69038224442 Protect the information security program plan Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e400494-53a5-5147-6f4d-718b539c7394 Manage compliance activities Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
76d66b5c-85e4-93f5-96a5-ebb2fad61dc6 Terminate customer controlled account credentials Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd906338-3453-47ba-9334-2d654bf845af Azure Front Door Standard or Premium (Plus WAF) should have resource logs enabled Monitoring mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fa98f1b1-1f56-4179-9faf-93ad82f3458f Function app slots should use latest 'HTTP Version' App Service mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e52e8487-4a97-48ac-b3e6-1c3cef45d298 Enable Rate Limit rule to protect against DDoS attacks on Azure Front Door WAF Network mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1b9c0b58-fc7b-42c8-8010-cdfa1d1b8544 Configure Azure Web PubSub Service with private endpoints Web PubSub mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0da6faeb-d6c6-4f6e-9f49-06277493270b Enable logging by category group for Web PubSub Service (microsoft.signalrservice/webpubsub) to Log Analytics Monitoring mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0b026355-49cb-467b-8ac4-f777874e175a Configure Azure Web PubSub Service to use private DNS zones Web PubSub mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d19ae5f1-b303-4b82-9ca8-7682749faf0c Configure a private DNS Zone ID for web_secondary groupID Storage mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ca85ef9a-741d-461d-8b7a-18c2da82c666 Azure Web Application Firewall on Azure Application Gateway should have request body inspection enabled Network mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4598f028-de1f-4694-8751-84dceb5f86b9 Azure Web Application Firewall on Azure Front Door should have request body inspection enabled Network mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
425bea59-a659-4cbb-8d31-34499bd030b8 Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service Network mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c8aa992d-76b7-7ca0-07b3-31a58d773fa9 Employ automated training environment Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b544f797-a73b-1be3-6d01-6b1a085376bc Establish information security workforce development and improvement program Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3153d9c0-2584-14d3-362d-578b01358aeb Retain training records Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cdcb825f-a0fb-31f9-29c1-ab566718499a Publish Computer Matching Agreements on public website Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c3e4fa5d-c0c4-46c4-9a13-bb9b9f0b003f Microsoft Managed Control 1865 - System of Records Notices And Privacy Act Statements | Public Website Publication Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66632c7c-d0b3-4945-a8ae-e5c62cbea386 Microsoft Managed Control 1829 - Data Integrity And Data Integrity Board | Publish Agreements on Website Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ee8a7be2-e9b5-47b9-9d37-d9b141ea78a4 Azure Web PubSub Service should enable diagnostic logs Web PubSub mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bf6af3d2-fbd5-458f-8a40-2556cf539b45 Enable logging by category group for Web PubSub Service (microsoft.signalrservice/webpubsub) to Storage Monitoring mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d Configure Azure Defender for App Service to be enabled Security Center mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bf45113f-264e-4a87-88f9-29ac8a0aca6a Azure Web PubSub Service should disable public network access Web PubSub mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
17f9d984-90c8-43dd-b7a6-76cb694815c1 Configure Azure Web PubSub Service to disable local authentication Web PubSub mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
72d04c29-f87d-4575-9731-419ff16a2757 App Service apps should be injected into a virtual network App Service mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d034ef2-001c-46f6-a47b-e6e4a74ff89b Enable logging by category group for Web PubSub Service (microsoft.signalrservice/webpubsub) to Event Hub Monitoring mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
24b7a1c6-44fe-40cc-a2e6-242d2ef70e98 App Service app slots should be injected into a virtual network App Service mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b66ab71c-582d-4330-adfd-ac162e78691e Azure Web PubSub Service should have local authentication methods disabled Web PubSub mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4dcfb8b5-05cd-4090-a931-2ec29057e1fc App Service app slots should use latest 'HTTP Version' App Service mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
82909236-25f3-46a6-841c-fe1020f95ae1 Azure Web PubSub Service should use a SKU that supports private link Web PubSub mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8a04f872-51e9-4313-97fb-fc1c3543011c Azure Application Gateway should have Resource logs enabled Monitoring mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5b1213e4-06e4-4ccc-81de-4201f2f7131a Configure Azure Web PubSub Service to disable public network access Web PubSub mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8a04f872-51e9-4313-97fb-fc1c35430fd8 Azure Front Door should have Resource logs enabled Monitoring mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9adab2a5-05ba-4fbd-831a-5bf958d04218 Configure a private DNS Zone ID for web groupID Storage mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
752154a7-1e0f-45c6-a880-ac75a7e4f648 Public IP addresses should have resource logs enabled for Azure DDoS Protection Monitoring mp.s.4 Protection against denial of service mp.s.4 Protection against denial of service 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b7306e73-0494-83a2-31f5-280e934a8f70 Develop and document a DDoS response plan Regulatory Compliance mp.s.4 Protection against denial of service mp.s.4 Protection against denial of service 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center mp.s.4 Protection against denial of service mp.s.4 Protection against denial of service 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d Virtual networks should be protected by Azure DDoS Protection Network mp.s.4 Protection against denial of service mp.s.4 Protection against denial of service 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance mp.s.4 Protection against denial of service mp.s.4 Protection against denial of service 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
33602e78-35e3-4f06-17fb-13dd887448e4 Conduct capacity planning Regulatory Compliance mp.s.4 Protection against denial of service mp.s.4 Protection against denial of service 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e52e8487-4a97-48ac-b3e6-1c3cef45d298 Enable Rate Limit rule to protect against DDoS attacks on Azure Front Door WAF Network mp.s.4 Protection against denial of service mp.s.4 Protection against denial of service 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance mp.si.1 Marking mp.si.1 Marking 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance mp.si.1 Marking mp.si.1 Marking 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance mp.si.1 Marking mp.si.1 Marking 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
11ba0508-58a8-44de-5f3a-9e05d80571da Develop business classification schemes Regulatory Compliance mp.si.1 Marking mp.si.1 Marking 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance mp.si.1 Marking mp.si.1 Marking 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
93fa357f-2e38-22a9-5138-8cc5124e1923 Categorize information Regulatory Compliance mp.si.1 Marking mp.si.1 Marking 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6c79c3e5-5f7b-a48a-5c7b-8c158bc01115 Ensure security categorization is approved Regulatory Compliance mp.si.1 Marking mp.si.1 Marking 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ba02d0a0-566a-25dc-73f1-101c726a19c5 Implement transaction based recovery Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ee67c031-57fc-53d0-0cca-96c4c04345e8 Document and distribute a privacy policy Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c8aa992d-76b7-7ca0-07b3-31a58d773fa9 Employ automated training environment Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b544f797-a73b-1be3-6d01-6b1a085376bc Establish information security workforce development and improvement program Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
25a1f840-65d0-900a-43e4-bee253de04de Define requirements for managing assets Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3153d9c0-2584-14d3-362d-578b01358aeb Retain training records Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7a489c62-242c-5db9-74df-c073056d6fa3 Designate personnel to supervise unauthorized maintenance activities Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d Manage maintenance personnel Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ee67c031-57fc-53d0-0cca-96c4c04345e8 Document and distribute a privacy policy Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ce91e4e-6dab-3c46-011a-aa14ae1561bf Maintain list of authorized remote maintenance personnel Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance mp.si.5 Erasure and destruction mp.si.5 Erasure and destruction 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance mp.si.5 Erasure and destruction mp.si.5 Erasure and destruction 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance mp.si.5 Erasure and destruction mp.si.5 Erasure and destruction 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance mp.si.5 Erasure and destruction mp.si.5 Erasure and destruction 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance mp.si.5 Erasure and destruction mp.si.5 Erasure and destruction 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance mp.si.5 Erasure and destruction mp.si.5 Erasure and destruction 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance mp.si.5 Erasure and destruction mp.si.5 Erasure and destruction 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance mp.si.5 Erasure and destruction mp.si.5 Erasure and destruction 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance mp.si.5 Erasure and destruction mp.si.5 Erasure and destruction 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f8a63511-66f1-503f-196d-d6217ee0823a Require developers to produce evidence of security assessment plan execution Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 Review development process, standards and tools Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eda0cbb7-6043-05bf-645b-67411f1a59b3 Ensure there are no unencrypted static authenticators Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3e37c891-840c-3eb4-78d2-e2e0bb5063e0 Require developers to describe accurate security functionality Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7a114735-a420-057d-a651-9a73cd0416ef Require developers to provide unified security protection approach Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8b1f29eb-1b22-4217-5337-9207cb55231e Perform information input validation Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f131c8c5-a54a-4888-1efc-158928924bc1 Require developers to build security architecture Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cf79f602-1e60-5423-6c0c-e632c2ea1fc0 Implement controls to protect PII Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
834b7a4a-83ab-2188-1a26-9c5033d8173b Incorporate security and data privacy practices in research processing Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e29a8f1b-149b-2fa3-969d-ebee1baa9472 Assign an authorizing official (AO) Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0716f0f5-4955-2ccb-8d5e-c6be14d57c0f Ensure resources are authorized Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f78fc35e-1268-0bca-a798-afcba9d2330a Select additional testing for security control assessments Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7238174a-fd10-4ef0-817e-fc820a951d73 Function apps that use Python should use a specified 'Python version' App Service mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cf79f602-1e60-5423-6c0c-e632c2ea1fc0 Implement controls to protect PII Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f8a63511-66f1-503f-196d-d6217ee0823a Require developers to produce evidence of security assessment plan execution Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
834b7a4a-83ab-2188-1a26-9c5033d8173b Incorporate security and data privacy practices in research processing Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eda0cbb7-6043-05bf-645b-67411f1a59b3 Ensure there are no unencrypted static authenticators Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL New_Zealand_ISM 06.2.5.C.01 New_Zealand_ISM_06.2.5.C.01 New_Zealand_ISM_06.2.5.C.01 06.2.5.C.01 Conducting vulnerability assessments New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center New_Zealand_ISM 06.2.5.C.01 New_Zealand_ISM_06.2.5.C.01 New_Zealand_ISM_06.2.5.C.01 06.2.5.C.01 Conducting vulnerability assessments New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL New_Zealand_ISM 06.2.5.C.01 New_Zealand_ISM_06.2.5.C.01 New_Zealand_ISM_06.2.5.C.01 06.2.5.C.01 Conducting vulnerability assessments New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center New_Zealand_ISM 06.2.6.C.01 New_Zealand_ISM_06.2.6.C.01 New_Zealand_ISM_06.2.6.C.01 06.2.6.C.01 Resolving vulnerabilities New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center New_Zealand_ISM 06.2.6.C.01 New_Zealand_ISM_06.2.6.C.01 New_Zealand_ISM_06.2.6.C.01 06.2.6.C.01 Resolving vulnerabilities New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center New_Zealand_ISM 06.2.6.C.01 New_Zealand_ISM_06.2.6.C.01 New_Zealand_ISM_06.2.6.C.01 06.2.6.C.01 Resolving vulnerabilities New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center New_Zealand_ISM 06.2.6.C.01 New_Zealand_ISM_06.2.6.C.01 New_Zealand_ISM_06.2.6.C.01 06.2.6.C.01 Resolving vulnerabilities New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center New_Zealand_ISM 06.2.6.C.01 New_Zealand_ISM_06.2.6.C.01 New_Zealand_ISM_06.2.6.C.01 06.2.6.C.01 Resolving vulnerabilities New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
c9ddb292-b203-4738-aead-18e2716e858f Configure Microsoft Defender for Containers to be enabled Security Center New_Zealand_ISM 06.2.6.C.01 New_Zealand_ISM_06.2.6.C.01 New_Zealand_ISM_06.2.6.C.01 06.2.6.C.01 Resolving vulnerabilities New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute New_Zealand_ISM 06.4.5.C.01 New_Zealand_ISM_06.4.5.C.01 New_Zealand_ISM_06.4.5.C.01 06.4.5.C.01 Availability requirements New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center New_Zealand_ISM 07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 07.1.7.C.02 Preventing and detecting information security incidents New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center New_Zealand_ISM 07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 07.1.7.C.02 Preventing and detecting information security incidents New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center New_Zealand_ISM 07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 07.1.7.C.02 Preventing and detecting information security incidents New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center New_Zealand_ISM 07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 07.1.7.C.02 Preventing and detecting information security incidents New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center New_Zealand_ISM 07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 07.1.7.C.02 Preventing and detecting information security incidents New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center New_Zealand_ISM 07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 07.1.7.C.02 Preventing and detecting information security incidents New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center New_Zealand_ISM 07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 07.1.7.C.02 Preventing and detecting information security incidents New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center New_Zealand_ISM 07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 07.1.7.C.02 Preventing and detecting information security incidents New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL New_Zealand_ISM 07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 07.1.7.C.02 Preventing and detecting information security incidents New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center New_Zealand_ISM 07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 07.1.7.C.02 Preventing and detecting information security incidents New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes New_Zealand_ISM 07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 07.1.7.C.02 Preventing and detecting information security incidents New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center New_Zealand_ISM 07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 07.1.7.C.02 Preventing and detecting information security incidents New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL New_Zealand_ISM 07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 07.1.7.C.02 Preventing and detecting information security incidents New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center New_Zealand_ISM 07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 07.1.7.C.02 Preventing and detecting information security incidents New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center New_Zealand_ISM 07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 07.1.7.C.02 Preventing and detecting information security incidents New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center New_Zealand_ISM 07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 07.1.7.C.02 Preventing and detecting information security incidents New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center New_Zealand_ISM 07.2.22.C.01 New_Zealand_ISM_07.2.22.C.01 New_Zealand_ISM_07.2.22.C.01 07.2.22.C.01 Outsourcing and information security incidents New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center New_Zealand_ISM 07.2.22.C.01 New_Zealand_ISM_07.2.22.C.01 New_Zealand_ISM_07.2.22.C.01 07.2.22.C.01 Outsourcing and information security incidents New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center New_Zealand_ISM 07.2.22.C.01 New_Zealand_ISM_07.2.22.C.01 New_Zealand_ISM_07.2.22.C.01 07.2.22.C.01 Outsourcing and information security incidents New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR New_Zealand_ISM 10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 10.8.35.C.01 Security Architecture New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache New_Zealand_ISM 10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 10.8.35.C.01 Security Architecture New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid New_Zealand_ISM 10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 10.8.35.C.01 Security Architecture New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault New_Zealand_ISM 10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 10.8.35.C.01 Security Architecture New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration New_Zealand_ISM 10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 10.8.35.C.01 Security Architecture New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management New_Zealand_ISM 10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 10.8.35.C.01 Security Architecture New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid New_Zealand_ISM 10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 10.8.35.C.01 Security Architecture New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL New_Zealand_ISM 10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 10.8.35.C.01 Security Architecture New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage New_Zealand_ISM 10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 10.8.35.C.01 Security Architecture New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage New_Zealand_ISM 10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 10.8.35.C.01 Security Architecture New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL New_Zealand_ISM 10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 10.8.35.C.01 Security Architecture New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL New_Zealand_ISM 10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 10.8.35.C.01 Security Architecture New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
0e7849de-b939-4c50-ab48-fc6b0f5eeba2 Azure Databricks Workspaces should disable public network access Azure Databricks New_Zealand_ISM 10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 10.8.35.C.01 Security Architecture New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
258823f2-4595-4b52-b333-cc96192710d8 Azure Databricks Workspaces should use private link Azure Databricks New_Zealand_ISM 10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 10.8.35.C.01 Security Architecture New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL New_Zealand_ISM 10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 10.8.35.C.01 Security Architecture New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL New_Zealand_ISM 10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 10.8.35.C.01 Security Architecture New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning New_Zealand_ISM 10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 10.8.35.C.01 Security Architecture New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB New_Zealand_ISM 10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 10.8.35.C.01 Security Architecture New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
9c25c9e4-ee12-4882-afd2-11fb9d87893f Azure Databricks Workspaces should be in a virtual network Azure Databricks New_Zealand_ISM 10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 10.8.35.C.01 Security Architecture New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL New_Zealand_ISM 10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 10.8.35.C.01 Security Architecture New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management New_Zealand_ISM 10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 10.8.35.C.01 Security Architecture New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder New_Zealand_ISM 10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 10.8.35.C.01 Security Architecture New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch New_Zealand_ISM 10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 10.8.35.C.01 Security Architecture New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
51c1490f-3319-459c-bbbc-7f391bbed753 Azure Databricks Clusters should disable public IP Azure Databricks New_Zealand_ISM 10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 10.8.35.C.01 Security Architecture New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry New_Zealand_ISM 10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 10.8.35.C.01 Security Architecture New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB New_Zealand_ISM 10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 10.8.35.C.01 Security Architecture New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning New_Zealand_ISM 10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 10.8.35.C.01 Security Architecture New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL New_Zealand_ISM 10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 10.8.35.C.01 Security Architecture New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning New_Zealand_ISM 10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 10.8.35.C.01 Security Architecture New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR New_Zealand_ISM 10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 10.8.35.C.01 Security Architecture New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform New_Zealand_ISM 10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 New_Zealand_ISM_10.8.35.C.01 10.8.35.C.01 Security Architecture New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning New_Zealand_ISM 12.4.4.C.02 New_Zealand_ISM_12.4.4.C.02 New_Zealand_ISM_12.4.4.C.02 12.4.4.C.02 Patching vulnerabilities in products New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager New_Zealand_ISM 12.4.4.C.02 New_Zealand_ISM_12.4.4.C.02 New_Zealand_ISM_12.4.4.C.02 12.4.4.C.02 Patching vulnerabilities in products New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center New_Zealand_ISM 14.1.8.C.01 New_Zealand_ISM_14.1.8.C.01 New_Zealand_ISM_14.1.8.C.01 14.1.8.C.01 Developing hardened SOEs New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service New_Zealand_ISM 14.1.8.C.01 New_Zealand_ISM_14.1.8.C.01 New_Zealand_ISM_14.1.8.C.01 14.1.8.C.01 Developing hardened SOEs New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service New_Zealand_ISM 14.1.8.C.01 New_Zealand_ISM_14.1.8.C.01 New_Zealand_ISM_14.1.8.C.01 14.1.8.C.01 Developing hardened SOEs New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes New_Zealand_ISM 14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 14.1.9.C.01 Maintaining hardened SOEs New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes New_Zealand_ISM 14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 14.1.9.C.01 Maintaining hardened SOEs New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities Kubernetes New_Zealand_ISM 14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 14.1.9.C.01 Maintaining hardened SOEs New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes New_Zealand_ISM 14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 14.1.9.C.01 Maintaining hardened SOEs New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes New_Zealand_ISM 14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 14.1.9.C.01 Maintaining hardened SOEs New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes New_Zealand_ISM 14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 14.1.9.C.01 Maintaining hardened SOEs New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes New_Zealand_ISM 14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 14.1.9.C.01 Maintaining hardened SOEs New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center New_Zealand_ISM 14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 14.1.9.C.01 Maintaining hardened SOEs New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes New_Zealand_ISM 14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 14.1.9.C.01 Maintaining hardened SOEs New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes New_Zealand_ISM 14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 14.1.9.C.01 Maintaining hardened SOEs New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center New_Zealand_ISM 14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 14.1.9.C.01 Maintaining hardened SOEs New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute New_Zealand_ISM 14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 14.1.9.C.01 Maintaining hardened SOEs New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute New_Zealand_ISM 14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 14.1.9.C.01 Maintaining hardened SOEs New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center New_Zealand_ISM 14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 14.1.9.C.01 Maintaining hardened SOEs New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration New_Zealand_ISM 14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 14.1.9.C.01 Maintaining hardened SOEs New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center New_Zealand_ISM 14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 14.1.9.C.01 Maintaining hardened SOEs New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service New_Zealand_ISM 14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 14.5.8.C.01 Web applications New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service New_Zealand_ISM 14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 14.5.8.C.01 Web applications New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
5b0bd968-5cb5-4513-8987-27786c6f0df8 App Service app slots should have Client Certificates (Incoming client certificates) enabled App Service New_Zealand_ISM 14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 14.5.8.C.01 Web applications New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
ab6a902f-9493-453b-928d-62c30b11b5a6 Function apps should have Client Certificates (Incoming client certificates) enabled App Service New_Zealand_ISM 14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 14.5.8.C.01 Web applications New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service New_Zealand_ISM 14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 14.5.8.C.01 Web applications New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service New_Zealand_ISM 14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 14.5.8.C.01 Web applications New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service New_Zealand_ISM 14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 14.5.8.C.01 Web applications New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service New_Zealand_ISM 14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 14.5.8.C.01 Web applications New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
7261b898-8a84-4db8-9e04-18527132abb3 App Service apps that use PHP should use a specified 'PHP version' App Service New_Zealand_ISM 14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 14.5.8.C.01 Web applications New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service New_Zealand_ISM 14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 14.5.8.C.01 Web applications New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
7008174a-fd10-4ef0-817e-fc820a951d73 App Service apps that use Python should use a specified 'Python version' App Service New_Zealand_ISM 14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 14.5.8.C.01 Web applications New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
496223c3-ad65-4ecd-878a-bae78737e9ed App Service apps that use Java should use a specified 'Java version' App Service New_Zealand_ISM 14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 14.5.8.C.01 Web applications New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service New_Zealand_ISM 14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 14.5.8.C.01 Web applications New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service New_Zealand_ISM 14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 14.5.8.C.01 Web applications New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service New_Zealand_ISM 14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 14.5.8.C.01 Web applications New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service New_Zealand_ISM 14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 14.5.8.C.01 Web applications New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
7238174a-fd10-4ef0-817e-fc820a951d73 Function apps that use Python should use a specified 'Python version' App Service New_Zealand_ISM 14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 14.5.8.C.01 Web applications New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc Function apps that use Java should use a specified 'Java version' App Service New_Zealand_ISM 14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 14.5.8.C.01 Web applications New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL New_Zealand_ISM 16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 16.1.32.C.01 System user identification New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
6ea81a52-5ca7-4575-9669-eaa910b7edf8 Synapse Workspaces should have Microsoft Entra-only authentication enabled Synapse New_Zealand_ISM 16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 16.1.32.C.01 System user identification New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL New_Zealand_ISM 16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 16.1.32.C.01 System user identification New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse New_Zealand_ISM 16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 16.1.32.C.01 System user identification New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
0c28c3fb-c244-42d5-a9bf-f35f2999577b Azure SQL Managed Instance should have Microsoft Entra-only authentication enabled SQL New_Zealand_ISM 16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 16.1.32.C.01 System user identification New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service New_Zealand_ISM 16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 16.1.32.C.01 System user identification New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
b3a22bc9-66de-45fb-98fa-00f5df42f41a Azure SQL Database should have Microsoft Entra-only authentication enabled SQL New_Zealand_ISM 16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 16.1.32.C.01 System user identification New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage New_Zealand_ISM 16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 16.1.32.C.01 System user identification New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services New_Zealand_ISM 16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 16.1.32.C.01 System user identification New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center New_Zealand_ISM 16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 16.1.32.C.01 System user identification New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL New_Zealand_ISM 16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 16.1.32.C.01 System user identification New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL New_Zealand_ISM 16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 16.1.32.C.01 System user identification New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB New_Zealand_ISM 16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 16.1.32.C.01 System user identification New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
c15dcc82-b93c-4dcb-9332-fbf121685b54 API Management calls to API backends should be authenticated API Management New_Zealand_ISM 16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 16.1.32.C.01 System user identification New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric New_Zealand_ISM 16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 16.1.32.C.01 System user identification New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service New_Zealand_ISM 16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 16.1.32.C.01 System user identification New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning New_Zealand_ISM 16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 16.1.32.C.01 System user identification New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL New_Zealand_ISM 16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 16.1.32.C.01 System user identification New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center New_Zealand_ISM 16.3.5.C.02 New_Zealand_ISM_16.3.5.C.02 New_Zealand_ISM_16.3.5.C.02 16.3.5.C.02 Use of privileged accounts New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center New_Zealand_ISM 16.4.30.C.01 New_Zealand_ISM_16.4.30.C.01 New_Zealand_ISM_16.4.30.C.01 16.4.30.C.01 Policy Creation and Implementation New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center New_Zealand_ISM 16.4.30.C.01 New_Zealand_ISM_16.4.30.C.01 New_Zealand_ISM_16.4.30.C.01 16.4.30.C.01 Policy Creation and Implementation New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center New_Zealand_ISM 16.4.30.C.01 New_Zealand_ISM_16.4.30.C.01 New_Zealand_ISM_16.4.30.C.01 16.4.30.C.01 Policy Creation and Implementation New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center New_Zealand_ISM 16.4.30.C.01 New_Zealand_ISM_16.4.30.C.01 New_Zealand_ISM_16.4.30.C.01 16.4.30.C.01 Policy Creation and Implementation New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center New_Zealand_ISM 16.4.30.C.01 New_Zealand_ISM_16.4.30.C.01 New_Zealand_ISM_16.4.30.C.01 16.4.30.C.01 Policy Creation and Implementation New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center New_Zealand_ISM 16.4.30.C.01 New_Zealand_ISM_16.4.30.C.01 New_Zealand_ISM_16.4.30.C.01 16.4.30.C.01 Policy Creation and Implementation New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL New_Zealand_ISM 16.4.32.C.01 New_Zealand_ISM_16.4.32.C.01 New_Zealand_ISM_16.4.32.C.01 16.4.32.C.01 Strong Authentication process New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
ee7495e7-3ba7-40b6-bfee-c29e22cc75d4 API Management APIs should use only encrypted protocols API Management New_Zealand_ISM 17.1.55.C.03 New_Zealand_ISM_17.1.55.C.03 New_Zealand_ISM_17.1.55.C.03 17.1.55.C.03 Information and Systems Protection New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault New_Zealand_ISM 17.1.58.C.01 New_Zealand_ISM_17.1.58.C.01 New_Zealand_ISM_17.1.58.C.01 17.1.58.C.01 Key Refresh and Retirement New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault New_Zealand_ISM 17.1.58.C.01 New_Zealand_ISM_17.1.58.C.01 New_Zealand_ISM_17.1.58.C.01 17.1.58.C.01 Key Refresh and Retirement New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage New_Zealand_ISM 17.1.58.C.01 New_Zealand_ISM_17.1.58.C.01 New_Zealand_ISM_17.1.58.C.01 17.1.58.C.01 Key Refresh and Retirement New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault New_Zealand_ISM 17.2.19.C.01 New_Zealand_ISM_17.2.19.C.01 New_Zealand_ISM_17.2.19.C.01 17.2.19.C.01 Using DH New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault New_Zealand_ISM 17.2.22.C.01 New_Zealand_ISM_17.2.22.C.01 New_Zealand_ISM_17.2.22.C.01 17.2.22.C.01 Using ECDH New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
cee51871-e572-4576-855c-047c820360f0 Certificates using RSA cryptography should have the specified minimum key size Key Vault New_Zealand_ISM 17.2.24.C.01 New_Zealand_ISM_17.2.24.C.01 New_Zealand_ISM_17.2.24.C.01 17.2.24.C.01 Using RSA New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service New_Zealand_ISM 17.4.16.C.01 New_Zealand_ISM_17.4.16.C.01 New_Zealand_ISM_17.4.16.C.01 17.4.16.C.01 Using TLS New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL New_Zealand_ISM 17.4.16.C.01 New_Zealand_ISM_17.4.16.C.01 New_Zealand_ISM_17.4.16.C.01 17.4.16.C.01 Using TLS New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
fe83a0eb-a853-422d-aac2-1bffd182c5d0 Storage accounts should have the specified minimum TLS version Storage New_Zealand_ISM 17.4.16.C.01 New_Zealand_ISM_17.4.16.C.01 New_Zealand_ISM_17.4.16.C.01 17.4.16.C.01 Using TLS New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration New_Zealand_ISM 17.4.16.C.01 New_Zealand_ISM_17.4.16.C.01 New_Zealand_ISM_17.4.16.C.01 17.4.16.C.01 Using TLS New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service New_Zealand_ISM 17.4.16.C.01 New_Zealand_ISM_17.4.16.C.01 New_Zealand_ISM_17.4.16.C.01 17.4.16.C.01 Using TLS New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center New_Zealand_ISM 17.5.6.C.01 New_Zealand_ISM_17.5.6.C.01 New_Zealand_ISM_17.5.6.C.01 17.5.6.C.01 Using SSH New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration New_Zealand_ISM 17.5.7.C.01 New_Zealand_ISM_17.5.7.C.01 New_Zealand_ISM_17.5.7.C.01 17.5.7.C.01 Authentication mechanisms New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault New_Zealand_ISM 17.9.35.C.01 New_Zealand_ISM_17.9.35.C.01 New_Zealand_ISM_17.9.35.C.01 17.9.35.C.01 Cryptographic system administrator access New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
f1cc7827-022c-473e-836e-5a51cae0b249 API Management secret named values should be stored in Azure Key Vault API Management New_Zealand_ISM 17.9.36.C.02 New_Zealand_ISM_17.9.36.C.02 New_Zealand_ISM_17.9.36.C.02 17.9.36.C.02 Area security and access control New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL New_Zealand_ISM 18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 18.1.13.C.02 Limiting network access New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL New_Zealand_ISM 18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 18.1.13.C.02 Limiting network access New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage New_Zealand_ISM 18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 18.1.13.C.02 Limiting network access New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage New_Zealand_ISM 18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 18.1.13.C.02 Limiting network access New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center New_Zealand_ISM 18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 18.1.13.C.02 Limiting network access New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center New_Zealand_ISM 18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 18.1.13.C.02 Limiting network access New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center New_Zealand_ISM 18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 18.1.13.C.02 Limiting network access New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services New_Zealand_ISM 18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 18.1.13.C.02 Limiting network access New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache New_Zealand_ISM 18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 18.1.13.C.02 Limiting network access New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center New_Zealand_ISM 18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 18.1.13.C.02 Limiting network access New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB New_Zealand_ISM 18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 18.1.13.C.02 Limiting network access New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault New_Zealand_ISM 18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 18.1.13.C.02 Limiting network access New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry New_Zealand_ISM 18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 18.1.13.C.02 Limiting network access New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR New_Zealand_ISM 18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 18.1.13.C.02 Limiting network access New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL New_Zealand_ISM 18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 18.1.13.C.02 Limiting network access New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center New_Zealand_ISM 18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 18.1.13.C.02 Limiting network access New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL New_Zealand_ISM 18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 18.1.13.C.02 Limiting network access New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL New_Zealand_ISM 18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 18.1.13.C.02 Limiting network access New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL New_Zealand_ISM 18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 New_Zealand_ISM_18.1.13.C.02 18.1.13.C.02 Limiting network access New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
5345bb39-67dc-4960-a1bf-427e16b9a0bd Connection throttling should be enabled for PostgreSQL database servers SQL New_Zealand_ISM 18.4.7.C.02 New_Zealand_ISM_18.4.7.C.02 New_Zealand_ISM_18.4.7.C.02 18.4.7.C.02 Intrusion Detection and Prevention strategy (IDS/IPS) New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center New_Zealand_ISM 18.4.7.C.02 New_Zealand_ISM_18.4.7.C.02 New_Zealand_ISM_18.4.7.C.02 18.4.7.C.02 Intrusion Detection and Prevention strategy (IDS/IPS) New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
425bea59-a659-4cbb-8d31-34499bd030b8 Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service Network New_Zealand_ISM 18.4.8.C.01 New_Zealand_ISM_18.4.8.C.01 New_Zealand_ISM_18.4.8.C.01 18.4.8.C.01 IDS/IPSs on gateways New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network New_Zealand_ISM 18.4.8.C.01 New_Zealand_ISM_18.4.8.C.01 New_Zealand_ISM_18.4.8.C.01 18.4.8.C.01 IDS/IPSs on gateways New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus New_Zealand_ISM 18.4.8.C.01 New_Zealand_ISM_18.4.8.C.01 New_Zealand_ISM_18.4.8.C.01 18.4.8.C.01 IDS/IPSs on gateways New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network New_Zealand_ISM 18.4.8.C.01 New_Zealand_ISM_18.4.8.C.01 New_Zealand_ISM_18.4.8.C.01 18.4.8.C.01 IDS/IPSs on gateways New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network New_Zealand_ISM 18.4.8.C.01 New_Zealand_ISM_18.4.8.C.01 New_Zealand_ISM_18.4.8.C.01 18.4.8.C.01 IDS/IPSs on gateways New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
c8acafaf-3d23-44d1-9624-978ef0f8652c API endpoints that are unused should be disabled and removed from the Azure API Management service Security Center New_Zealand_ISM 22.1.24.C.03 New_Zealand_ISM_22.1.24.C.03 New_Zealand_ISM_22.1.24.C.03 22.1.24.C.03 Unauthorised Access New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute New_Zealand_ISM 22.1.24.C.04 New_Zealand_ISM_22.1.24.C.04 New_Zealand_ISM_22.1.24.C.04 22.1.24.C.04 Unauthorised Access New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
92bb331d-ac71-416a-8c91-02f2cb734ce4 API Management calls to API backends should not bypass certificate thumbprint or name validation API Management New_Zealand_ISM 23.4.10.C.01 New_Zealand_ISM_23.4.10.C.01 New_Zealand_ISM_23.4.10.C.01 23.4.10.C.01 Data accessibility New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
b741306c-968e-4b67-b916-5675e5c709f4 API Management direct management endpoint should not be enabled API Management New_Zealand_ISM 23.4.10.C.01 New_Zealand_ISM_23.4.10.C.01 New_Zealand_ISM_23.4.10.C.01 23.4.10.C.01 Data accessibility New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
3aa03346-d8c5-4994-a5bc-7652c2a2aef1 API Management subscriptions should not be scoped to all APIs API Management New_Zealand_ISM 23.4.10.C.01 New_Zealand_ISM_23.4.10.C.01 New_Zealand_ISM_23.4.10.C.01 23.4.10.C.01 Data accessibility New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management New_Zealand_ISM 23.4.10.C.01 New_Zealand_ISM_23.4.10.C.01 New_Zealand_ISM_23.4.10.C.01 23.4.10.C.01 Data accessibility New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation New_Zealand_ISM 23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 23.4.9.C.01 Data protection mechanisms New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning New_Zealand_ISM 23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 23.4.9.C.01 Data protection mechanisms New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL New_Zealand_ISM 23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 23.4.9.C.01 Data protection mechanisms New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage New_Zealand_ISM 23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 23.4.9.C.01 Data protection mechanisms New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL New_Zealand_ISM 23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 23.4.9.C.01 Data protection mechanisms New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL New_Zealand_ISM 23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 23.4.9.C.01 Data protection mechanisms New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric New_Zealand_ISM 23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 23.4.9.C.01 Data protection mechanisms New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
a7ff3161-0087-490a-9ad9-ad6217f4f43a Require encryption on Data Lake Store accounts Data Lake New_Zealand_ISM 23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 23.4.9.C.01 Data protection mechanisms New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB New_Zealand_ISM 23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 23.4.9.C.01 Data protection mechanisms New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault New_Zealand_ISM 23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 23.4.9.C.01 Data protection mechanisms New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL New_Zealand_ISM 23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 23.4.9.C.01 Data protection mechanisms New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault New_Zealand_ISM 23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 23.4.9.C.01 Data protection mechanisms New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault New_Zealand_ISM 23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 23.4.9.C.01 Data protection mechanisms New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer New_Zealand_ISM 23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 23.4.9.C.01 Data protection mechanisms New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry New_Zealand_ISM 23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 23.4.9.C.01 Data protection mechanisms New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Azure AI Services resources should encrypt data at rest with a customer-managed key (CMK) Cognitive Services New_Zealand_ISM 23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 23.4.9.C.01 Data protection mechanisms New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL New_Zealand_ISM 23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 23.4.9.C.01 Data protection mechanisms New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus New_Zealand_ISM 23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 23.5.11.C.01 Logging requirements New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault New_Zealand_ISM 23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 23.5.11.C.01 Logging requirements New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search New_Zealand_ISM 23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 23.5.11.C.01 Logging requirements New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps New_Zealand_ISM 23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 23.5.11.C.01 Logging requirements New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e446 Disconnections should be logged for PostgreSQL database servers. SQL New_Zealand_ISM 23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 23.5.11.C.01 Logging requirements New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes New_Zealand_ISM 23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 23.5.11.C.01 Logging requirements New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things New_Zealand_ISM 23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 23.5.11.C.01 Logging requirements New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub New_Zealand_ISM 23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 23.5.11.C.01 Logging requirements New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake New_Zealand_ISM 23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 23.5.11.C.01 Logging requirements New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL New_Zealand_ISM 23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 23.5.11.C.01 Logging requirements New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
c6283572-73bb-4deb-bf2c-7a2b8f7462cb SQL server-targeted autoprovisioning should be enabled for SQL servers on machines plan Security Center New_Zealand_ISM 23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 23.5.11.C.01 Logging requirements New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning New_Zealand_ISM 23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 23.5.11.C.01 Logging requirements New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service New_Zealand_ISM 23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 23.5.11.C.01 Logging requirements New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General New_Zealand_ISM 23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 23.5.11.C.01 Logging requirements New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch New_Zealand_ISM 23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 23.5.11.C.01 Logging requirements New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics New_Zealand_ISM 23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 23.5.11.C.01 Logging requirements New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL New_Zealand_ISM 23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 23.5.11.C.01 Logging requirements New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake New_Zealand_ISM 23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 23.5.11.C.01 Logging requirements New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e442 Log connections should be enabled for PostgreSQL database servers SQL New_Zealand_ISM 23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 23.5.11.C.01 Logging requirements New Zealand ISM (4f5b1359-4f8e-4d7c-9733-ea47fcde891e)
f82e3639-fa2b-4e06-a786-932d8379b972 Microsoft Managed Control 1705 - Security Alerts & Advisories Regulatory Compliance NIS2 AM._Asset_Management_4 NIS2_AM._Asset_Management_4 NIS2_AM._Asset_Management_4 Supply chain security, including security-related aspects concerning the relationships between each entity and its direct suppliers or service providers [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center NIS2 AM._Asset_Management_4 NIS2_AM._Asset_Management_4 NIS2_AM._Asset_Management_4 Supply chain security, including security-related aspects concerning the relationships between each entity and its direct suppliers or service providers [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center NIS2 AM._Asset_Management_4 NIS2_AM._Asset_Management_4 NIS2_AM._Asset_Management_4 Supply chain security, including security-related aspects concerning the relationships between each entity and its direct suppliers or service providers [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIS2 AM._Asset_Management_4 NIS2_AM._Asset_Management_4 NIS2_AM._Asset_Management_4 Supply chain security, including security-related aspects concerning the relationships between each entity and its direct suppliers or service providers [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center NIS2 AM._Asset_Management_4 NIS2_AM._Asset_Management_4 NIS2_AM._Asset_Management_4 Supply chain security, including security-related aspects concerning the relationships between each entity and its direct suppliers or service providers [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center NIS2 AM._Asset_Management_4 NIS2_AM._Asset_Management_4 NIS2_AM._Asset_Management_4 Supply chain security, including security-related aspects concerning the relationships between each entity and its direct suppliers or service providers [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
68434bd1-e14b-4031-9edb-a4adf5f84a67 Microsoft Managed Control 1377 - Incident Response Assistance | Coordination With External Providers Regulatory Compliance NIS2 AM._Asset_Management_4 NIS2_AM._Asset_Management_4 NIS2_AM._Asset_Management_4 Supply chain security, including security-related aspects concerning the relationships between each entity and its direct suppliers or service providers [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
d922484a-8cfc-4a6b-95a4-77d6a685407f Microsoft Managed Control 1577 - Acquisitions Process | Continuous Monitoring Plan Regulatory Compliance NIS2 AM._Asset_Management_4 NIS2_AM._Asset_Management_4 NIS2_AM._Asset_Management_4 Supply chain security, including security-related aspects concerning the relationships between each entity and its direct suppliers or service providers [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center NIS2 AM._Asset_Management_4 NIS2_AM._Asset_Management_4 NIS2_AM._Asset_Management_4 Supply chain security, including security-related aspects concerning the relationships between each entity and its direct suppliers or service providers [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
804faf7d-b687-40f7-9f74-79e28adf4205 Microsoft Managed Control 1703 - Security Alerts & Advisories Regulatory Compliance NIS2 AM._Asset_Management_4 NIS2_AM._Asset_Management_4 NIS2_AM._Asset_Management_4 Supply chain security, including security-related aspects concerning the relationships between each entity and its direct suppliers or service providers [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
b73b7b3b-677c-4a2a-b949-ad4dc4acd89f Microsoft Managed Control 1608 - Supply Chain Protection Regulatory Compliance NIS2 AM._Asset_Management_4 NIS2_AM._Asset_Management_4 NIS2_AM._Asset_Management_4 Supply chain security, including security-related aspects concerning the relationships between each entity and its direct suppliers or service providers [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
4bb303db-d051-4099-95d2-e3e1428a4d00 [Preview]: ChangeTracking extension should be installed on your Windows virtual machine scale sets Security Center NIS2 AM._Asset_Management_9 NIS2_AM._Asset_Management_9 NIS2_AM._Asset_Management_9 Human resources security, access control policies and asset management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
221aac80-54d8-484b-83d7-24f4feac2ce0 [Preview]: ChangeTracking extension should be installed on your Windows virtual machine Security Center NIS2 AM._Asset_Management_9 NIS2_AM._Asset_Management_9 NIS2_AM._Asset_Management_9 Human resources security, access control policies and asset management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
2ef3cc79-733e-48ed-ab6f-7bf439e9b406 Microsoft Managed Control 1000 - Access Control Policy And Procedures Requirements Regulatory Compliance NIS2 AM._Asset_Management_9 NIS2_AM._Asset_Management_9 NIS2_AM._Asset_Management_9 Human resources security, access control policies and asset management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
f171df5c-921b-41e9-b12b-50801c315475 Microsoft Managed Control 1028 - Information Flow Enforcement Regulatory Compliance NIS2 AM._Asset_Management_9 NIS2_AM._Asset_Management_9 NIS2_AM._Asset_Management_9 Human resources security, access control policies and asset management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIS2 AM._Asset_Management_9 NIS2_AM._Asset_Management_9 NIS2_AM._Asset_Management_9 Human resources security, access control policies and asset management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
4e26f8c3-4bf3-4191-b8fc-d888805101b7 Microsoft Managed Control 1001 - Access Control Policy And Procedures Requirements Regulatory Compliance NIS2 AM._Asset_Management_9 NIS2_AM._Asset_Management_9 NIS2_AM._Asset_Management_9 Human resources security, access control policies and asset management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69 Microsoft Managed Control 1029 - Information Flow Enforcement | Security Policy Filters Regulatory Compliance NIS2 AM._Asset_Management_9 NIS2_AM._Asset_Management_9 NIS2_AM._Asset_Management_9 Human resources security, access control policies and asset management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
05a289ce-6a20-4b75-a0f3-dc8601b6acd0 Microsoft Managed Control 1640 - Transmission Confidentiality And Integrity Regulatory Compliance NIS2 AM._Asset_Management_9 NIS2_AM._Asset_Management_9 NIS2_AM._Asset_Management_9 Human resources security, access control policies and asset management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
791cfc15-6974-42a0-9f4c-2d4b82f4a78c Microsoft Managed Control 1647 - Use of Cryptography Regulatory Compliance NIS2 AM._Asset_Management_9 NIS2_AM._Asset_Management_9 NIS2_AM._Asset_Management_9 Human resources security, access control policies and asset management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c Microsoft Managed Control 1027 - Access Enforcement Regulatory Compliance NIS2 AM._Asset_Management_9 NIS2_AM._Asset_Management_9 NIS2_AM._Asset_Management_9 Human resources security, access control policies and asset management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
6b93a801-fe25-4574-a60d-cb22acffae00 Microsoft Managed Control 1031 - Separation Of Duties Regulatory Compliance NIS2 AM._Asset_Management_9 NIS2_AM._Asset_Management_9 NIS2_AM._Asset_Management_9 Human resources security, access control policies and asset management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
48540f01-fc11-411a-b160-42807c68896e Microsoft Managed Control 1033 - Separation Of Duties Regulatory Compliance NIS2 AM._Asset_Management_9 NIS2_AM._Asset_Management_9 NIS2_AM._Asset_Management_9 Human resources security, access control policies and asset management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
5c5e54f6-0127-44d0-8b61-f31dc8dd6190 Microsoft Managed Control 1067 - Wireless Access Restrictions Regulatory Compliance NIS2 AM._Asset_Management_9 NIS2_AM._Asset_Management_9 NIS2_AM._Asset_Management_9 Human resources security, access control policies and asset management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
27a69937-af92-4198-9b86-08d355c7e59a Microsoft Managed Control 1074 - Access Control for Portable And Mobile Systems Regulatory Compliance NIS2 AM._Asset_Management_9 NIS2_AM._Asset_Management_9 NIS2_AM._Asset_Management_9 Human resources security, access control policies and asset management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
40a2a83b-74f2-4c02-ae65-f460a5d2792a Microsoft Managed Control 1202 - Access Restrictions For Change Regulatory Compliance NIS2 AM._Asset_Management_9 NIS2_AM._Asset_Management_9 NIS2_AM._Asset_Management_9 Human resources security, access control policies and asset management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIS2 AM._Asset_Management_9 NIS2_AM._Asset_Management_9 NIS2_AM._Asset_Management_9 Human resources security, access control policies and asset management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
a7f5e735-d212-4c32-9229-d12bffbc7e00 [Preview]: ChangeTracking extension should be installed on your Windows Arc machine Security Center NIS2 AM._Asset_Management_9 NIS2_AM._Asset_Management_9 NIS2_AM._Asset_Management_9 Human resources security, access control policies and asset management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
e71c1e29-9c76-4532-8c4b-cb0573b0014c [Preview]: ChangeTracking extension should be installed on your Linux virtual machine scale sets Security Center NIS2 AM._Asset_Management_9 NIS2_AM._Asset_Management_9 NIS2_AM._Asset_Management_9 Human resources security, access control policies and asset management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
8893442c-e7cb-4637-bab8-299a5d4ed96a [Preview]: ChangeTracking extension should be installed on your Linux virtual machine Security Center NIS2 AM._Asset_Management_9 NIS2_AM._Asset_Management_9 NIS2_AM._Asset_Management_9 Human resources security, access control policies and asset management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
03752212-103c-4ab8-a306-7e813022ca9d Microsoft Managed Control 1229 - Information System Component Inventory | No Duplicate Accounting Of Components Regulatory Compliance NIS2 AM._Asset_Management_9 NIS2_AM._Asset_Management_9 NIS2_AM._Asset_Management_9 Human resources security, access control policies and asset management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
c722e569-cb52-45f3-a643-836547d016e1 Microsoft Managed Control 1619 - Information In Shared Resources Regulatory Compliance NIS2 AM._Asset_Management_9 NIS2_AM._Asset_Management_9 NIS2_AM._Asset_Management_9 Human resources security, access control policies and asset management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
74520428-3aa8-449c-938d-93f51940759e Microsoft Managed Control 1739 - Information System Inventory Regulatory Compliance NIS2 AM._Asset_Management_9 NIS2_AM._Asset_Management_9 NIS2_AM._Asset_Management_9 Human resources security, access control policies and asset management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center NIS2 AM._Asset_Management_9 NIS2_AM._Asset_Management_9 NIS2_AM._Asset_Management_9 Human resources security, access control policies and asset management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center NIS2 AM._Asset_Management_9 NIS2_AM._Asset_Management_9 NIS2_AM._Asset_Management_9 Human resources security, access control policies and asset management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning NIS2 AM._Asset_Management_9 NIS2_AM._Asset_Management_9 NIS2_AM._Asset_Management_9 Human resources security, access control policies and asset management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
28cfa30b-7f72-47ce-ba3b-eed26c8d2c82 Microsoft Managed Control 1224 - Information System Component Inventory | Updates During Installations / Removals Regulatory Compliance NIS2 AM._Asset_Management_9 NIS2_AM._Asset_Management_9 NIS2_AM._Asset_Management_9 Human resources security, access control policies and asset management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
3aa03346-d8c5-4994-a5bc-7652c2a2aef1 API Management subscriptions should not be scoped to all APIs API Management NIS2 AM._Asset_Management_9 NIS2_AM._Asset_Management_9 NIS2_AM._Asset_Management_9 Human resources security, access control policies and asset management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
fc47609f-4d9b-4aed-806b-446816cc63a3 [Preview]: ChangeTracking extension should be installed on your Linux Arc machine Security Center NIS2 AM._Asset_Management_9 NIS2_AM._Asset_Management_9 NIS2_AM._Asset_Management_9 Human resources security, access control policies and asset management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
398eb61e-8111-40d5-a0c9-003df28f1753 Microsoft Managed Control 1246 - Contingency Plan Regulatory Compliance NIS2 BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 Business continuity and crisis management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592 Microsoft Managed Control 1162 - Continuous Monitoring Regulatory Compliance NIS2 BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 Business continuity and crisis management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
cf3b3293-667a-445e-a722-fa0b0afc0958 Microsoft Managed Control 1242 - Contingency Planning Policy And Procedures Regulatory Compliance NIS2 BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 Business continuity and crisis management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
0afce0b3-dd9f-42bb-af28-1e4284ba8311 Microsoft Managed Control 1253 - Contingency Plan | Resume Essential Missions / Business Functions Regulatory Compliance NIS2 BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 Business continuity and crisis management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
45692294-f074-42bd-ac54-16f1a3c07554 Microsoft Managed Control 1559 - System And Services Acquisition Policy And Procedures Regulatory Compliance NIS2 BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 Business continuity and crisis management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
4116891d-72f7-46ee-911c-8056cc8dcbd5 Microsoft Managed Control 1365 - Incident Handling | Continuity Of Operations Regulatory Compliance NIS2 BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 Business continuity and crisis management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
ca9a4469-d6df-4ab2-a42f-1213c396f0ec Microsoft Managed Control 1243 - Contingency Planning Policy And Procedures Regulatory Compliance NIS2 BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 Business continuity and crisis management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
f3793f5e-937f-44f7-bfba-40647ef3efa0 Microsoft Managed Control 1255 - Contingency Plan | Continue Essential Missions / Business Functions Regulatory Compliance NIS2 BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 Business continuity and crisis management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
f171df5c-921b-41e9-b12b-50801c315475 Microsoft Managed Control 1028 - Information Flow Enforcement Regulatory Compliance NIS2 BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 Business continuity and crisis management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
dd280d4b-50a1-42fb-a479-ece5878acf19 Microsoft Managed Control 1264 - Contingency Plan Testing | Coordinate With Related Plans Regulatory Compliance NIS2 BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 Business continuity and crisis management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
16bfdb59-db38-47a5-88a9-2e9371a638cf Microsoft Managed Control 1684 - Information System Monitoring Regulatory Compliance NIS2 BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 Business continuity and crisis management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
65aeceb5-a59c-4cb1-8d82-9c474be5d431 Microsoft Managed Control 1261 - Contingency Plan Testing Regulatory Compliance NIS2 BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 Business continuity and crisis management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
8c79fee4-88dd-44ce-bbd4-4de88948c4f8 Microsoft Managed Control 1683 - Information System Monitoring Regulatory Compliance NIS2 BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 Business continuity and crisis management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
426c4ac9-ff17-49d0-acd7-a13c157081c0 Microsoft Managed Control 1694 - Information System Monitoring | Analyze Communications Traffic Anomalies Regulatory Compliance NIS2 BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 Business continuity and crisis management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
d461dd50-c8fb-4ccb-93bf-61f53b44e54d Microsoft Managed Control 1742 - Critical Infrastructure Plan Regulatory Compliance NIS2 BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 Business continuity and crisis management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup NIS2 BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 Business continuity and crisis management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
7a87fc7f-301e-49f3-ba2a-4d74f424fa97 Microsoft Managed Control 1687 - Information System Monitoring Regulatory Compliance NIS2 BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 Business continuity and crisis management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL NIS2 BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 Business continuity and crisis management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
49dbe627-2c1e-438c-979e-dd7a39bbf81d Microsoft Managed Control 1294 - Information System Backup | Transfer To Alternate Storage Site Regulatory Compliance NIS2 BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 Business continuity and crisis management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
87f7cd82-2e45-4d0f-9e2f-586b0962d142 Microsoft Managed Control 1293 - Information System Backup | Separate Storage For Critical Information Regulatory Compliance NIS2 BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 Business continuity and crisis management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
8dc459b3-0e77-45af-8d71-cfd8c9654fe2 Microsoft Managed Control 1281 - Telecommunications Services | Priority Of Service Provisions Regulatory Compliance NIS2 BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 Business continuity and crisis management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
4e97ba1d-be5d-4953-8da4-0cccf28f4805 Microsoft Managed Control 1267 - Alternate Storage Site Regulatory Compliance NIS2 BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 Business continuity and crisis management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
e2f8f6c6-dde4-436b-a79d-bc50e129eb3a Microsoft Managed Control 1161 - Continuous Monitoring Regulatory Compliance NIS2 BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 Business continuity and crisis management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL NIS2 BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 Business continuity and crisis management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
a895fbdb-204d-4302-9689-0a59dc42b3d9 Microsoft Managed Control 1295 - Information System Recovery And Reconstitution Regulatory Compliance NIS2 BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 Business continuity and crisis management [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
ef080e67-0d1a-4f76-a0c5-fb9b0358485e Microsoft Managed Control 1089 - Security Awareness Regulatory Compliance NIS2 Cybersecurity_training_7 NIS2_Cybersecurity_training_7 NIS2_Cybersecurity_training_7 Basic cybersecurity hygiene and training [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
2fb740e5-cbc7-4d10-8686-d1bf826652b1 Microsoft Managed Control 1090 - Security Awareness Regulatory Compliance NIS2 Cybersecurity_training_7 NIS2_Cybersecurity_training_7 NIS2_Cybersecurity_training_7 Basic cybersecurity hygiene and training [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
8a29d47b-8604-4667-84ef-90d203fcb305 Microsoft Managed Control 1092 - Security Awareness | Insider Threat Regulatory Compliance NIS2 Cybersecurity_training_7 NIS2_Cybersecurity_training_7 NIS2_Cybersecurity_training_7 Basic cybersecurity hygiene and training [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
7a0bdeeb-15f4-47e8-a1da-9f769f845fdf Microsoft Managed Control 1093 - Role-Based Security Training Regulatory Compliance NIS2 Cybersecurity_training_7 NIS2_Cybersecurity_training_7 NIS2_Cybersecurity_training_7 Basic cybersecurity hygiene and training [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
420c1477-aa43-49d0-bd7e-c4abdd9addff Microsoft Managed Control 1096 - Role-Based Security Training | Practical Exercises Regulatory Compliance NIS2 Cybersecurity_training_7 NIS2_Cybersecurity_training_7 NIS2_Cybersecurity_training_7 Basic cybersecurity hygiene and training [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
cf3e4836-f19e-47eb-a8cd-c3ca150452c0 Microsoft Managed Control 1097 - Role-Based Security Training | Suspicious Communications And Anomalous System Behavior Regulatory Compliance NIS2 Cybersecurity_training_7 NIS2_Cybersecurity_training_7 NIS2_Cybersecurity_training_7 Basic cybersecurity hygiene and training [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
84363adb-dde3-411a-9fc1-36b56737f822 Microsoft Managed Control 1098 - Security Training Records Regulatory Compliance NIS2 Cybersecurity_training_7 NIS2_Cybersecurity_training_7 NIS2_Cybersecurity_training_7 Basic cybersecurity hygiene and training [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
b23bd715-5d1c-4e5c-9759-9cbdf79ded9d Microsoft Managed Control 1091 - Security Awareness Regulatory Compliance NIS2 Cybersecurity_training_7 NIS2_Cybersecurity_training_7 NIS2_Cybersecurity_training_7 Basic cybersecurity hygiene and training [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
74ae9b8e-e7bb-4c9c-992f-c535282f7a2c Microsoft Managed Control 1631 - Boundary Protection | Deny By Default / Allow By Exception Regulatory Compliance NIS2 DP._Data_Protection_8 NIS2_DP._Data_Protection_8 NIS2_DP._Data_Protection_8 Policies and procedures regarding the use of cryptography and, where appropriate, encryption [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric NIS2 DP._Data_Protection_8 NIS2_DP._Data_Protection_8 NIS2_DP._Data_Protection_8 Policies and procedures regarding the use of cryptography and, where appropriate, encryption [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL NIS2 DP._Data_Protection_8 NIS2_DP._Data_Protection_8 NIS2_DP._Data_Protection_8 Policies and procedures regarding the use of cryptography and, where appropriate, encryption [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
4708723f-e099-4af1-bbf9-b6df7642e444 Microsoft Managed Control 1062 - Remote Access | Protection Of Confidentiality / Integrity Using Encryption Regulatory Compliance NIS2 DP._Data_Protection_8 NIS2_DP._Data_Protection_8 NIS2_DP._Data_Protection_8 Policies and procedures regarding the use of cryptography and, where appropriate, encryption [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e Microsoft Managed Control 1635 - Boundary Protection | Host-Based Protection Regulatory Compliance NIS2 DP._Data_Protection_8 NIS2_DP._Data_Protection_8 NIS2_DP._Data_Protection_8 Policies and procedures regarding the use of cryptography and, where appropriate, encryption [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
d3531453-b869-4606-9122-29c1cd6e7ed1 Microsoft Managed Control 1030 - Information Flow Enforcement | Physical / Logical Separation Of Information Flows Regulatory Compliance NIS2 DP._Data_Protection_8 NIS2_DP._Data_Protection_8 NIS2_DP._Data_Protection_8 Policies and procedures regarding the use of cryptography and, where appropriate, encryption [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69 Microsoft Managed Control 1029 - Information Flow Enforcement | Security Policy Filters Regulatory Compliance NIS2 DP._Data_Protection_8 NIS2_DP._Data_Protection_8 NIS2_DP._Data_Protection_8 Policies and procedures regarding the use of cryptography and, where appropriate, encryption [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
2234feec-08c6-4fc9-af78-df0dcc482efd Microsoft Managed Control 1860 - Privacy Notice Regulatory Compliance NIS2 DP._Data_Protection_8 NIS2_DP._Data_Protection_8 NIS2_DP._Data_Protection_8 Policies and procedures regarding the use of cryptography and, where appropriate, encryption [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
f35e02aa-0a55-49f8-8811-8abfa7e6f2c0 Microsoft Managed Control 1615 - System And Communications Protection Policy And Procedures Regulatory Compliance NIS2 DP._Data_Protection_8 NIS2_DP._Data_Protection_8 NIS2_DP._Data_Protection_8 Policies and procedures regarding the use of cryptography and, where appropriate, encryption [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NIS2 DP._Data_Protection_8 NIS2_DP._Data_Protection_8 NIS2_DP._Data_Protection_8 Policies and procedures regarding the use of cryptography and, where appropriate, encryption [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache NIS2 DP._Data_Protection_8 NIS2_DP._Data_Protection_8 NIS2_DP._Data_Protection_8 Policies and procedures regarding the use of cryptography and, where appropriate, encryption [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration NIS2 DP._Data_Protection_8 NIS2_DP._Data_Protection_8 NIS2_DP._Data_Protection_8 Policies and procedures regarding the use of cryptography and, where appropriate, encryption [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation NIS2 DP._Data_Protection_8 NIS2_DP._Data_Protection_8 NIS2_DP._Data_Protection_8 Policies and procedures regarding the use of cryptography and, where appropriate, encryption [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration NIS2 DP._Data_Protection_8 NIS2_DP._Data_Protection_8 NIS2_DP._Data_Protection_8 Policies and procedures regarding the use of cryptography and, where appropriate, encryption [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service NIS2 DP._Data_Protection_8 NIS2_DP._Data_Protection_8 NIS2_DP._Data_Protection_8 Policies and procedures regarding the use of cryptography and, where appropriate, encryption [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
f171df5c-921b-41e9-b12b-50801c315475 Microsoft Managed Control 1028 - Information Flow Enforcement Regulatory Compliance NIS2 DP._Data_Protection_8 NIS2_DP._Data_Protection_8 NIS2_DP._Data_Protection_8 Policies and procedures regarding the use of cryptography and, where appropriate, encryption [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIS2 DP._Data_Protection_8 NIS2_DP._Data_Protection_8 NIS2_DP._Data_Protection_8 Policies and procedures regarding the use of cryptography and, where appropriate, encryption [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service NIS2 DP._Data_Protection_8 NIS2_DP._Data_Protection_8 NIS2_DP._Data_Protection_8 Policies and procedures regarding the use of cryptography and, where appropriate, encryption [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
91c97b44-791e-46e9-bad7-ab7c4949edbb Microsoft Managed Control 1069 - Wireless Access Restrictions | Authentication And Encryption Regulatory Compliance NIS2 DP._Data_Protection_8 NIS2_DP._Data_Protection_8 NIS2_DP._Data_Protection_8 Policies and procedures regarding the use of cryptography and, where appropriate, encryption [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
05a289ce-6a20-4b75-a0f3-dc8601b6acd0 Microsoft Managed Control 1640 - Transmission Confidentiality And Integrity Regulatory Compliance NIS2 DP._Data_Protection_8 NIS2_DP._Data_Protection_8 NIS2_DP._Data_Protection_8 Policies and procedures regarding the use of cryptography and, where appropriate, encryption [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIS2 DP._Data_Protection_8 NIS2_DP._Data_Protection_8 NIS2_DP._Data_Protection_8 Policies and procedures regarding the use of cryptography and, where appropriate, encryption [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
2006457a-48b3-4f7b-8d2e-1532287f9929 Microsoft Managed Control 1616 - System And Communications Protection Policy And Procedures Regulatory Compliance NIS2 DP._Data_Protection_8 NIS2_DP._Data_Protection_8 NIS2_DP._Data_Protection_8 Policies and procedures regarding the use of cryptography and, where appropriate, encryption [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
ecf56554-164d-499a-8d00-206b07c27bed Microsoft Managed Control 1622 - Boundary Protection Regulatory Compliance NIS2 DP._Data_Protection_8 NIS2_DP._Data_Protection_8 NIS2_DP._Data_Protection_8 Policies and procedures regarding the use of cryptography and, where appropriate, encryption [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
d39d4f68-7346-4133-8841-15318a714a24 Microsoft Managed Control 1641 - Transmission Confidentiality And Integrity | Cryptographic Or Alternate Physical Protection Regulatory Compliance NIS2 DP._Data_Protection_8 NIS2_DP._Data_Protection_8 NIS2_DP._Data_Protection_8 Policies and procedures regarding the use of cryptography and, where appropriate, encryption [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
a2cdf6b8-9505-4619-b579-309ba72037ac Microsoft Managed Control 1664 - Protection Of Information At Rest | Cryptographic Protection Regulatory Compliance NIS2 DP._Data_Protection_8 NIS2_DP._Data_Protection_8 NIS2_DP._Data_Protection_8 Policies and procedures regarding the use of cryptography and, where appropriate, encryption [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
afbd0baf-ff1a-4447-a86f-088a97347c0c Microsoft Managed Control 1645 - Cryptographic Key Establishment And Management | Symmetric Keys Regulatory Compliance NIS2 DP._Data_Protection_8 NIS2_DP._Data_Protection_8 NIS2_DP._Data_Protection_8 Policies and procedures regarding the use of cryptography and, where appropriate, encryption [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
6d8d492c-dd7a-46f7-a723-fa66a425b87c Microsoft Managed Control 1643 - Cryptographic Key Establishment And Management Regulatory Compliance NIS2 DP._Data_Protection_8 NIS2_DP._Data_Protection_8 NIS2_DP._Data_Protection_8 Policies and procedures regarding the use of cryptography and, where appropriate, encryption [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
791cfc15-6974-42a0-9f4c-2d4b82f4a78c Microsoft Managed Control 1647 - Use of Cryptography Regulatory Compliance NIS2 DP._Data_Protection_8 NIS2_DP._Data_Protection_8 NIS2_DP._Data_Protection_8 Policies and procedures regarding the use of cryptography and, where appropriate, encryption [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
201d3740-bd16-4baf-b4b8-7cda352228b7 Microsoft Managed Control 1650 - Public Key Infrastructure Certificates Regulatory Compliance NIS2 DP._Data_Protection_8 NIS2_DP._Data_Protection_8 NIS2_DP._Data_Protection_8 Policies and procedures regarding the use of cryptography and, where appropriate, encryption [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
90f01329-a100-43c2-af31-098996135d2b Microsoft Managed Control 1657 - Secure Name / Address Resolution Service (Authoritative Source) Regulatory Compliance NIS2 DP._Data_Protection_8 NIS2_DP._Data_Protection_8 NIS2_DP._Data_Protection_8 Policies and procedures regarding the use of cryptography and, where appropriate, encryption [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
506814fa-b930-4b10-894e-a45b98c40e1a Microsoft Managed Control 1646 - Cryptographic Key Establishment And Management | Asymmetric Keys Regulatory Compliance NIS2 DP._Data_Protection_8 NIS2_DP._Data_Protection_8 NIS2_DP._Data_Protection_8 Policies and procedures regarding the use of cryptography and, where appropriate, encryption [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
60171210-6dde-40af-a144-bf2670518bfa Microsoft Managed Control 1663 - Protection Of Information At Rest Regulatory Compliance NIS2 DP._Data_Protection_8 NIS2_DP._Data_Protection_8 NIS2_DP._Data_Protection_8 Policies and procedures regarding the use of cryptography and, where appropriate, encryption [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
e4df5fb7-58e9-41de-9399-f043c7a931f8 Microsoft Managed Control 1740 - Information Security Measures Of Performance Regulatory Compliance NIS2 ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 Policies and procedures to assess the efficacy of cybersecurity risk management measures [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
4152937a-1a44-401a-a179-04b44ea15f4c Microsoft Managed Control 1733 - Senior Information Security Officer Regulatory Compliance NIS2 ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 Policies and procedures to assess the efficacy of cybersecurity risk management measures [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
f5a44e7d-77a2-474e-b2e3-4e8c42ba514b Microsoft Managed Control 1729 - Information Security Program Plan Regulatory Compliance NIS2 ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 Policies and procedures to assess the efficacy of cybersecurity risk management measures [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
9e61da80-0957-4892-b70c-609d5eaafb6b Microsoft Managed Control 1490 - Security Planning Policy And Procedures Regulatory Compliance NIS2 ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 Policies and procedures to assess the efficacy of cybersecurity risk management measures [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
01524fa8-4555-48ce-ba5f-c3b8dcef5147 Microsoft Managed Control 1142 - Certification, Authorization, Security Assessment Policy And Procedures Regulatory Compliance NIS2 ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 Policies and procedures to assess the efficacy of cybersecurity risk management measures [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
7cb8a3d2-a208-4b6f-95e8-e8f0bb85a7a6 Microsoft Managed Control 1807 - Governance And Privacy Program Regulatory Compliance NIS2 ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 Policies and procedures to assess the efficacy of cybersecurity risk management measures [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance NIS2 ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 Policies and procedures to assess the efficacy of cybersecurity risk management measures [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance NIS2 ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 Policies and procedures to assess the efficacy of cybersecurity risk management measures [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
33602e78-35e3-4f06-17fb-13dd887448e4 Conduct capacity planning Regulatory Compliance NIS2 ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 Policies and procedures to assess the efficacy of cybersecurity risk management measures [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance NIS2 ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 Policies and procedures to assess the efficacy of cybersecurity risk management measures [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance NIS2 ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 Policies and procedures to assess the efficacy of cybersecurity risk management measures [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
f35e02aa-0a55-49f8-8811-8abfa7e6f2c0 Microsoft Managed Control 1615 - System And Communications Protection Policy And Procedures Regulatory Compliance NIS2 ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 Policies and procedures to assess the efficacy of cybersecurity risk management measures [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
42a9a714-8fbb-43ac-b115-ea12d2bd652f Microsoft Managed Control 1174 - Configuration Management Policy And Procedures Regulatory Compliance NIS2 ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 Policies and procedures to assess the efficacy of cybersecurity risk management measures [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
beff0acf-7e67-40b2-b1ca-1a0e8205cf1b Microsoft Managed Control 1152 - System Interconnections Regulatory Compliance NIS2 ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 Policies and procedures to assess the efficacy of cybersecurity risk management measures [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
eab340d0-3d55-4826-a0e5-feebfeb0131d Microsoft Managed Control 1542 - Risk Assessment Regulatory Compliance NIS2 ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 Policies and procedures to assess the efficacy of cybersecurity risk management measures [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance NIS2 ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 Policies and procedures to assess the efficacy of cybersecurity risk management measures [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
b19454ca-0d70-42c0-acf5-ea1c1e5726d1 Microsoft Managed Control 1537 - Risk Assessment Policy And Procedures Regulatory Compliance NIS2 ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 NIS2_ES._Endpoint_Security_6 Policies and procedures to assess the efficacy of cybersecurity risk management measures [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
a29b5d9f-4953-4afe-b560-203a6410b6b4 Microsoft Managed Control 1059 - Remote Access Regulatory Compliance NIS2 IM._Identity_Management_10 NIS2_IM._Identity_Management_10 NIS2_IM._Identity_Management_10 The use of multi-factor authentication [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
283a4e29-69d5-4c94-b99e-29acf003c899 Microsoft Managed Control 1342 - Authenticator Management | Hardware Token-Based Authentication Regulatory Compliance NIS2 IM._Identity_Management_10 NIS2_IM._Identity_Management_10 NIS2_IM._Identity_Management_10 The use of multi-factor authentication [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
c30690a5-7bf3-467f-b0cd-ef5c7c7449cd Microsoft Managed Control 1176 - Baseline Configuration Regulatory Compliance NIS2 IM._Identity_Management_10 NIS2_IM._Identity_Management_10 NIS2_IM._Identity_Management_10 The use of multi-factor authentication [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
1dc784b5-4895-4d27-9d40-a06b032bd1ee Microsoft Managed Control 1298 - Identification And Authentication Policy And Procedures Regulatory Compliance NIS2 IM._Identity_Management_10 NIS2_IM._Identity_Management_10 NIS2_IM._Identity_Management_10 The use of multi-factor authentication [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
99deec7d-5526-472e-b07c-3645a792026a Microsoft Managed Control 1300 - User Identification And Authentication Regulatory Compliance NIS2 IM._Identity_Management_10 NIS2_IM._Identity_Management_10 NIS2_IM._Identity_Management_10 The use of multi-factor authentication [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08 Microsoft Managed Control 1301 - User Identification And Authentication | Network Access To Privileged Accounts Regulatory Compliance NIS2 IM._Identity_Management_10 NIS2_IM._Identity_Management_10 NIS2_IM._Identity_Management_10 The use of multi-factor authentication [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
09828c65-e323-422b-9774-9d5c646124da Microsoft Managed Control 1302 - User Identification And Authentication | Network Access To Non-Privileged Accounts Regulatory Compliance NIS2 IM._Identity_Management_10 NIS2_IM._Identity_Management_10 NIS2_IM._Identity_Management_10 The use of multi-factor authentication [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
80ca0a27-918a-4604-af9e-723a27ee51e8 Microsoft Managed Control 1303 - User Identification And Authentication | Local Access To Privileged Accounts Regulatory Compliance NIS2 IM._Identity_Management_10 NIS2_IM._Identity_Management_10 NIS2_IM._Identity_Management_10 The use of multi-factor authentication [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b Microsoft Managed Control 1304 - User Identification And Authentication | Local Access To Non-Privileged Accounts Regulatory Compliance NIS2 IM._Identity_Management_10 NIS2_IM._Identity_Management_10 NIS2_IM._Identity_Management_10 The use of multi-factor authentication [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
9d9166a8-1722-4b8f-847c-2cf3f2618b3d Microsoft Managed Control 1305 - User Identification And Authentication | Group Authentication Regulatory Compliance NIS2 IM._Identity_Management_10 NIS2_IM._Identity_Management_10 NIS2_IM._Identity_Management_10 The use of multi-factor authentication [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff Microsoft Managed Control 1306 - User Identification And Authentication | Network Access To Privileged Accounts - Replay... Regulatory Compliance NIS2 IM._Identity_Management_10 NIS2_IM._Identity_Management_10 NIS2_IM._Identity_Management_10 The use of multi-factor authentication [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
84e622c8-4bed-417c-84c6-b2fb0dd73682 Microsoft Managed Control 1307 - User Identification And Authentication | Network Access To Non-Privileged Accounts - Replay... Regulatory Compliance NIS2 IM._Identity_Management_10 NIS2_IM._Identity_Management_10 NIS2_IM._Identity_Management_10 The use of multi-factor authentication [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
81817e1c-5347-48dd-965a-40159d008229 Microsoft Managed Control 1308 - User Identification And Authentication | Remote Access - Separate Device Regulatory Compliance NIS2 IM._Identity_Management_10 NIS2_IM._Identity_Management_10 NIS2_IM._Identity_Management_10 The use of multi-factor authentication [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
f355d62b-39a8-4ba3-abf7-90f71cb3b000 Microsoft Managed Control 1309 - User Identification And Authentication | Acceptance Of Piv Credentials Regulatory Compliance NIS2 IM._Identity_Management_10 NIS2_IM._Identity_Management_10 NIS2_IM._Identity_Management_10 The use of multi-factor authentication [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
450d7ede-823d-4931-a99d-57f6a38807dc Microsoft Managed Control 1310 - Device Identification And Authentication Regulatory Compliance NIS2 IM._Identity_Management_10 NIS2_IM._Identity_Management_10 NIS2_IM._Identity_Management_10 The use of multi-factor authentication [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
8877f519-c166-47b7-81b7-8a8eb4ff3775 Microsoft Managed Control 1317 - Authenticator Management Regulatory Compliance NIS2 IM._Identity_Management_10 NIS2_IM._Identity_Management_10 NIS2_IM._Identity_Management_10 The use of multi-factor authentication [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
fced5fda-3bdb-4d73-bfea-0e2c80428b66 Microsoft Managed Control 1318 - Authenticator Management Regulatory Compliance NIS2 IM._Identity_Management_10 NIS2_IM._Identity_Management_10 NIS2_IM._Identity_Management_10 The use of multi-factor authentication [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
66f7ae57-5560-4fc5-85c9-659f204e7a42 Microsoft Managed Control 1319 - Authenticator Management Regulatory Compliance NIS2 IM._Identity_Management_10 NIS2_IM._Identity_Management_10 NIS2_IM._Identity_Management_10 The use of multi-factor authentication [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
03188d8f-1ae5-4fe1-974d-2d7d32ef937d Microsoft Managed Control 1327 - Authenticator Management | Password-Based Authentication Regulatory Compliance NIS2 IM._Identity_Management_10 NIS2_IM._Identity_Management_10 NIS2_IM._Identity_Management_10 The use of multi-factor authentication [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
f5c66fdc-3d02-4034-9db5-ba57802609de Microsoft Managed Control 1328 - Authenticator Management | Password-Based Authentication Regulatory Compliance NIS2 IM._Identity_Management_10 NIS2_IM._Identity_Management_10 NIS2_IM._Identity_Management_10 The use of multi-factor authentication [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
498f6234-3e20-4b6a-a880-cbd646d973bd Microsoft Managed Control 1329 - Authenticator Management | Password-Based Authentication Regulatory Compliance NIS2 IM._Identity_Management_10 NIS2_IM._Identity_Management_10 NIS2_IM._Identity_Management_10 The use of multi-factor authentication [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
f75cedb2-5def-4b31-973e-b69e8c7bd031 Microsoft Managed Control 1330 - Authenticator Management | Password-Based Authentication Regulatory Compliance NIS2 IM._Identity_Management_10 NIS2_IM._Identity_Management_10 NIS2_IM._Identity_Management_10 The use of multi-factor authentication [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
068260be-a5e6-4b0a-a430-cd27071c226a Microsoft Managed Control 1332 - Authenticator Management | Password-Based Authentication Regulatory Compliance NIS2 IM._Identity_Management_10 NIS2_IM._Identity_Management_10 NIS2_IM._Identity_Management_10 The use of multi-factor authentication [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
382016f3-d4ba-4e15-9716-55077ec4dc2a Microsoft Managed Control 1335 - Authenticator Management | Pki-Based Authentication Regulatory Compliance NIS2 IM._Identity_Management_10 NIS2_IM._Identity_Management_10 NIS2_IM._Identity_Management_10 The use of multi-factor authentication [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
463e5220-3f79-4e24-a63f-343e4096cd22 Microsoft Managed Control 1337 - Authenticator Management | In-Person Or Trusted Third-Party Registration Regulatory Compliance NIS2 IM._Identity_Management_10 NIS2_IM._Identity_Management_10 NIS2_IM._Identity_Management_10 The use of multi-factor authentication [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
367ae386-db7f-4167-b672-984ff86277c0 Microsoft Managed Control 1339 - Authenticator Management | Protection Of Authenticators Regulatory Compliance NIS2 IM._Identity_Management_10 NIS2_IM._Identity_Management_10 NIS2_IM._Identity_Management_10 The use of multi-factor authentication [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
34cb7e92-fe4c-4826-b51e-8cd203fa5d35 Microsoft Managed Control 1341 - Authenticator Management | Multiple Information System Accounts Regulatory Compliance NIS2 IM._Identity_Management_10 NIS2_IM._Identity_Management_10 NIS2_IM._Identity_Management_10 The use of multi-factor authentication [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
f86aa129-7c07-4aa4-bbf5-792d93ffd9ea Microsoft Managed Control 1345 - Cryptographic Module Authentication Regulatory Compliance NIS2 IM._Identity_Management_10 NIS2_IM._Identity_Management_10 NIS2_IM._Identity_Management_10 The use of multi-factor authentication [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
78255758-6d45-4bf0-a005-7016bc03b13c Microsoft Managed Control 1057 - Permitted Actions Without Identification Or Authentication Regulatory Compliance NIS2 IM._Identity_Management_10 NIS2_IM._Identity_Management_10 NIS2_IM._Identity_Management_10 The use of multi-factor authentication [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
00379355-8932-4b52-b63a-3bc6daf3451a Microsoft Managed Control 1375 - Incident Response Assistance | Automation Support For Availability Of Information / Support Regulatory Compliance NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
47bc7ea0-7d13-4f7c-a154-b903f7194253 Microsoft Managed Control 1359 - Incident Response Testing | Coordination With Related Plans Regulatory Compliance NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
fd4a2ac8-868a-4702-a345-6c896c3361ce Microsoft Managed Control 1707 - Security Alerts & Advisories | Automated Alerts And Advisories Regulatory Compliance NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
493a95f3-f2e3-47d0-af02-65e6d6decc2f Microsoft Managed Control 1376 - Incident Response Assistance | Coordination With External Providers Regulatory Compliance NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
b083a535-a66a-41ec-ba7f-f9498bf67cde Microsoft Managed Control 1711 - Security Functionality Verification Regulatory Compliance NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
2d5600ed-575a-4723-9ff4-52d694be0a59 Microsoft Managed Control 1856 - Privacy Incident Response Regulatory Compliance NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
fb845c34-808d-4c17-a0ce-85a530e9164b Microsoft Managed Control 1857 - Privacy Incident Response Regulatory Compliance NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
924e1b2d-c502-478f-bfdb-a7e09a0d5c01 Microsoft Managed Control 1370 - Incident Monitoring | Automated Tracking / Data Collection / Analysis Regulatory Compliance NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
18cc35ed-a429-486d-8d59-cb47e87304ed Microsoft Managed Control 1369 - Incident Monitoring Regulatory Compliance NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
465f32da-0ace-4603-8d1b-7be5a3a702de Microsoft Managed Control 1368 - Incident Handling | Correlation With External Organizations Regulatory Compliance NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
435b2547-6374-4f87-b42d-6e8dbe6ae62a Microsoft Managed Control 1367 - Incident Handling | Insider Threats - Specific Capabilities Regulatory Compliance NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
06c45c30-ae44-4f0f-82be-41331da911cc Microsoft Managed Control 1366 - Incident Handling | Information Correlation Regulatory Compliance NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
4116891d-72f7-46ee-911c-8056cc8dcbd5 Microsoft Managed Control 1365 - Incident Handling | Continuity Of Operations Regulatory Compliance NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
4c615c2a-dc83-4dda-8220-abce7b50c9bc Microsoft Managed Control 1364 - Incident Handling | Dynamic Reconfiguration Regulatory Compliance NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
ea3e8156-89a1-45b1-8bd6-938abc79fdfd Microsoft Managed Control 1363 - Incident Handling | Automated Incident Handling Processes Regulatory Compliance NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
5d169442-d6ef-439b-8dca-46c2c3248214 Microsoft Managed Control 1362 - Incident Handling Regulatory Compliance NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
e5368258-9684-4567-8126-269f34e65eab Microsoft Managed Control 1381 - Incident Response Plan Regulatory Compliance NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
97fceb70-6983-42d0-9331-18ad8253184d Microsoft Managed Control 1378 - Incident Response Plan Regulatory Compliance NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
25b96717-c912-4c00-9143-4e487f411726 Microsoft Managed Control 1372 - Incident Reporting Regulatory Compliance NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
cc5c8616-52ef-4e5e-8000-491634ed9249 Microsoft Managed Control 1374 - Incident Response Assistance Regulatory Compliance NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
4cca950f-c3b7-492a-8e8f-ea39663c14f9 Microsoft Managed Control 1373 - Incident Reporting | Automated Reporting Regulatory Compliance NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
21de687c-f15e-4e51-bf8d-f35c8619965b Microsoft Managed Control 1111 - Response To Audit Processing Failures Regulatory Compliance NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
bcfb6683-05e5-4ce6-9723-c3fbe9896bdd Microsoft Managed Control 1351 - Incident Response Policy And Procedures Regulatory Compliance NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
9447f354-2c85-4700-93b3-ecdc6cb6a417 Microsoft Managed Control 1371 - Incident Reporting Regulatory Compliance NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
c785ad59-f78f-44ad-9a7f-d1202318c748 Microsoft Managed Control 1353 - Incident Response Training Regulatory Compliance NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
effbaeef-5bf4-400d-895e-ef8cbc0e64c7 Microsoft Managed Control 1358 - Incident Response Testing Regulatory Compliance NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
938c4981-c2c9-4168-9cd6-972b8675f906 Microsoft Defender for SQL status should be protected for Arc-enabled SQL Servers Security Center NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
be5b05e7-0b82-4ebc-9eda-25e447b1a41e Microsoft Managed Control 1360 - Incident Handling Regulatory Compliance NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
03ed3be1-7276-4452-9a5d-e4168565ac67 Microsoft Managed Control 1361 - Incident Handling Regulatory Compliance NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 Incident handling [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
6e40d9de-2ad4-4cb5-8945-23143326a502 Microsoft Managed Control 1536 - Risk Assessment Policy And Procedures Regulatory Compliance NIS2 LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 Risk analysis & information system security policies [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
d74fdc92-1cb8-4a34-9978-8556425cd14c Microsoft Managed Control 1529 - Third-Party Personnel Security Regulatory Compliance NIS2 LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 Risk analysis & information system security policies [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
7ad5f307-e045-46f7-8214-5bdb7e973737 Microsoft Managed Control 1492 - System Security Plan Regulatory Compliance NIS2 LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 Risk analysis & information system security policies [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
1571dd40-dafc-4ef4-8f55-16eba27efc7b Microsoft Managed Control 1491 - Security Planning Policy And Procedures Regulatory Compliance NIS2 LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 Risk analysis & information system security policies [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
9e61da80-0957-4892-b70c-609d5eaafb6b Microsoft Managed Control 1490 - Security Planning Policy And Procedures Regulatory Compliance NIS2 LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 Risk analysis & information system security policies [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
2ef3cc79-733e-48ed-ab6f-7bf439e9b406 Microsoft Managed Control 1000 - Access Control Policy And Procedures Requirements Regulatory Compliance NIS2 LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 Risk analysis & information system security policies [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
b19454ca-0d70-42c0-acf5-ea1c1e5726d1 Microsoft Managed Control 1537 - Risk Assessment Policy And Procedures Regulatory Compliance NIS2 LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 Risk analysis & information system security policies [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
c1fa9c2f-d439-4ab9-8b83-81fb1934f81d Microsoft Managed Control 1503 - Information Security Architecture Regulatory Compliance NIS2 LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 Risk analysis & information system security policies [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
3f4b171a-a56b-4328-8112-32cf7f947ee1 Microsoft Managed Control 1545 - Risk Assessment Regulatory Compliance NIS2 LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 Risk analysis & information system security policies [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
138ff14d-b687-4faa-a81c-898c91a87fa2 Resource logs in Azure Databricks Workspaces should be enabled Azure Databricks NIS2 LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 Risk analysis & information system security policies [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
70f6af82-7be6-44aa-9b15-8b9231b2e434 Microsoft Managed Control 1541 - Risk Assessment Regulatory Compliance NIS2 LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 Risk analysis & information system security policies [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
43ced7c9-cd53-456b-b0da-2522649a4271 Microsoft Managed Control 1544 - Risk Assessment Regulatory Compliance NIS2 LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 Risk analysis & information system security policies [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
45692294-f074-42bd-ac54-16f1a3c07554 Microsoft Managed Control 1559 - System And Services Acquisition Policy And Procedures Regulatory Compliance NIS2 LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 Risk analysis & information system security policies [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
e29e0915-5c2f-4d09-8806-048b749ad763 Microsoft Managed Control 1560 - System And Services Acquisition Policy And Procedures Regulatory Compliance NIS2 LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 Risk analysis & information system security policies [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
854db8ac-6adf-42a0-bef3-b73f764f40b9 Microsoft Managed Control 1580 - Information System Documentation Regulatory Compliance NIS2 LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 Risk analysis & information system security policies [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
d61880dc-6e38-4f2a-a30c-3406a98f8220 Microsoft Managed Control 1667 - System And Information Integrity Policy And Procedures Regulatory Compliance NIS2 LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 Risk analysis & information system security policies [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
1fa50212-51a9-471b-95cf-3a23410ec9e9 Microsoft Managed Control 1730 - Information Security Program Plan Regulatory Compliance NIS2 LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 Risk analysis & information system security policies [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
eab340d0-3d55-4826-a0e5-feebfeb0131d Microsoft Managed Control 1542 - Risk Assessment Regulatory Compliance NIS2 LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 Risk analysis & information system security policies [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
5fd9ced5-18e8-4c09-91b7-3725680f8ade Microsoft Managed Control 1734 - Information Security Resources Regulatory Compliance NIS2 LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 Risk analysis & information system security policies [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
66a56404-7b65-4e33-b371-28d069172dd4 Microsoft Managed Control 1743 - Risk Management Strategy Regulatory Compliance NIS2 LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 Risk analysis & information system security policies [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
07458826-9325-4481-abaf-bc9ed043459d Microsoft Managed Control 1744 - Risk Management Strategy Regulatory Compliance NIS2 LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 Risk analysis & information system security policies [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
1c0b3710-03dc-450a-a56a-77b85e744f0d Microsoft Managed Control 1749 - Mission/Business Process Definition Regulatory Compliance NIS2 LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 Risk analysis & information system security policies [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
1b4d1c4e-934c-4703-944c-27c82c06bebb Diagnostic logs in Azure AI services resources should be enabled Azure Ai Services NIS2 LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 Risk analysis & information system security policies [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
59a7116d-19fd-49e9-a068-dec4460b97e5 Microsoft Managed Control 1731 - Information Security Program Plan Regulatory Compliance NIS2 LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 Risk analysis & information system security policies [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
c6c43097-8552-4279-8b38-7dcabff781d3 Microsoft Managed Control 1819 - Accounting of Disclosures Regulatory Compliance NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
d39620a4-95c6-4d4f-8aa4-83c0c6a2c640 Microsoft Managed Control 1818 - Accounting of Disclosures Regulatory Compliance NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
8fb0966e-be1d-42c3-baca-60df5c0bcc61 Microsoft Managed Control 1668 - Flaw Remediation Regulatory Compliance NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca Microsoft Managed Control 1606 - Developer Security Testing And Evaluation | Threat And Vulnerability Analyses Regulatory Compliance NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
f751cdb7-fbee-406b-969b-815d367cb9b3 Microsoft Managed Control 1591 - External Information System Services | Identification Of Functions / Ports / Protocols... Regulatory Compliance NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
45b7b644-5f91-498e-9d89-7402532d3645 Microsoft Managed Control 1578 - Acquisitions Process | Functions / Ports / Protocols / Services In Use Regulatory Compliance NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
9e5225fe-cdfb-4fce-9aec-0fe20dd53b62 Microsoft Managed Control 1553 - Vulnerability Scanning | Breadth / Depth Of Coverage Regulatory Compliance NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
65592b16-4367-42c5-a26e-d371be450e17 Microsoft Managed Control 1558 - Vulnerability Scanning | Correlate Scanning Information Regulatory Compliance NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
f475ee0e-f560-4c9b-876b-04a77460a404 Microsoft Managed Control 1706 - Security Alerts & Advisories Regulatory Compliance NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
43684572-e4f1-4642-af35-6b933bc506da Microsoft Managed Control 1552 - Vulnerability Scanning | Update By Frequency / Prior To New Scan / When Identified Regulatory Compliance NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
5bbda922-0172-4095-89e6-5b4a0bf03af7 Microsoft Managed Control 1551 - Vulnerability Scanning | Update Tool Capability Regulatory Compliance NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
3afe6c78-6124-4d95-b85c-eb8c0c9539cb Microsoft Managed Control 1548 - Vulnerability Scanning Regulatory Compliance NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
d6976a08-d969-4df2-bb38-29556c2eb48a Microsoft Managed Control 1549 - Vulnerability Scanning Regulatory Compliance NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
b26f8610-e615-47c2-abd6-c00b2b0b503a Microsoft Managed Control 1009 - Account Management Regulatory Compliance NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
902908fb-25a8-4225-a3a5-5603c80066c9 Microsoft Managed Control 1550 - Vulnerability Scanning Regulatory Compliance NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
8356cfc6-507a-4d20-b818-08038011cd07 Microsoft Managed Control 1008 - Account Management Regulatory Compliance NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
5b626abc-26d4-4e22-9de8-3831818526b1 Microsoft Managed Control 1005 - Account Management Regulatory Compliance NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
c17822dc-736f-4eb4-a97d-e6be662ff835 Microsoft Managed Control 1004 - Account Management Regulatory Compliance NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
4e26f8c3-4bf3-4191-b8fc-d888805101b7 Microsoft Managed Control 1001 - Access Control Policy And Procedures Requirements Regulatory Compliance NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
7e6a54f3-883f-43d5-87c4-172dfd64a1f5 Microsoft Managed Control 1011 - Account Management Regulatory Compliance NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
2ce1ea7e-4038-4e53-82f4-63e8859333c1 Microsoft Managed Control 1546 - Vulnerability Scanning Regulatory Compliance NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52 Microsoft Managed Control 1547 - Vulnerability Scanning Regulatory Compliance NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
f82e3639-fa2b-4e06-a786-932d8379b972 Microsoft Managed Control 1705 - Security Alerts & Advisories Regulatory Compliance NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
784663a8-1eb0-418a-a98c-24d19bc1bb62 Microsoft Managed Control 1010 - Account Management Regulatory Compliance NIS2 PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 NIS2_PV._Posture_and_Vulnerability_Management_5 Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure [Preview]: NIS2 (32ff9e30-4725-4ca7-ba3a-904a7721ee87)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NIST_CSF_v2.0 DE.AE NIST_CSF_v2.0_DE.AE 404 not found NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration NIST_CSF_v2.0 DE.AE_03 NIST_CSF_v2.0_DE.AE_03 NIST CSF v2.0 DE.AE 03 Information is correlated from multiple sources. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring NIST_CSF_v2.0 DE.AE_03 NIST_CSF_v2.0_DE.AE_03 NIST CSF v2.0 DE.AE 03 Information is correlated from multiple sources. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault NIST_CSF_v2.0 DE.AE_03 NIST_CSF_v2.0_DE.AE_03 NIST CSF v2.0 DE.AE 03 Information is correlated from multiple sources. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NIST_CSF_v2.0 DE.AE_03 NIST_CSF_v2.0_DE.AE_03 NIST CSF v2.0 DE.AE 03 Information is correlated from multiple sources. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring NIST_CSF_v2.0 DE.AE_03 NIST_CSF_v2.0_DE.AE_03 NIST CSF v2.0 DE.AE 03 Information is correlated from multiple sources. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache NIST_CSF_v2.0 DE.AE_03 NIST_CSF_v2.0_DE.AE_03 NIST CSF v2.0 DE.AE 03 Information is correlated from multiple sources. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General NIST_CSF_v2.0 DE.AE_03 NIST_CSF_v2.0_DE.AE_03 NIST CSF v2.0 DE.AE 03 Information is correlated from multiple sources. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration NIST_CSF_v2.0 DE.AE_03 NIST_CSF_v2.0_DE.AE_03 NIST CSF v2.0 DE.AE 03 Information is correlated from multiple sources. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring NIST_CSF_v2.0 DE.AE_03 NIST_CSF_v2.0_DE.AE_03 NIST CSF v2.0 DE.AE 03 Information is correlated from multiple sources. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning NIST_CSF_v2.0 DE.AE_03 NIST_CSF_v2.0_DE.AE_03 NIST CSF v2.0 DE.AE 03 Information is correlated from multiple sources. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NIST_CSF_v2.0 DE.AE_03 NIST_CSF_v2.0_DE.AE_03 NIST CSF v2.0 DE.AE 03 Information is correlated from multiple sources. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NIST_CSF_v2.0 DE.AE_03 NIST_CSF_v2.0_DE.AE_03 NIST CSF v2.0 DE.AE 03 Information is correlated from multiple sources. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes NIST_CSF_v2.0 DE.AE_03 NIST_CSF_v2.0_DE.AE_03 NIST CSF v2.0 DE.AE 03 Information is correlated from multiple sources. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring NIST_CSF_v2.0 DE.AE_03 NIST_CSF_v2.0_DE.AE_03 NIST CSF v2.0 DE.AE 03 Information is correlated from multiple sources. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration NIST_CSF_v2.0 DE.AE_03 NIST_CSF_v2.0_DE.AE_03 NIST CSF v2.0 DE.AE 03 Information is correlated from multiple sources. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NIST_CSF_v2.0 DE.AE_03 NIST_CSF_v2.0_DE.AE_03 NIST CSF v2.0 DE.AE 03 Information is correlated from multiple sources. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NIST_CSF_v2.0 DE.AE_03 NIST_CSF_v2.0_DE.AE_03 NIST CSF v2.0 DE.AE 03 Information is correlated from multiple sources. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NIST_CSF_v2.0 DE.AE_03 NIST_CSF_v2.0_DE.AE_03 NIST CSF v2.0 DE.AE 03 Information is correlated from multiple sources. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration NIST_CSF_v2.0 DE.AE_03 NIST_CSF_v2.0_DE.AE_03 NIST CSF v2.0 DE.AE 03 Information is correlated from multiple sources. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NIST_CSF_v2.0 DE.AE_03 NIST_CSF_v2.0_DE.AE_03 NIST CSF v2.0 DE.AE 03 Information is correlated from multiple sources. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NIST_CSF_v2.0 DE.AE_03 NIST_CSF_v2.0_DE.AE_03 NIST CSF v2.0 DE.AE 03 Information is correlated from multiple sources. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NIST_CSF_v2.0 DE.AE_03 NIST_CSF_v2.0_DE.AE_03 NIST CSF v2.0 DE.AE 03 Information is correlated from multiple sources. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NIST_CSF_v2.0 DE.AE_03 NIST_CSF_v2.0_DE.AE_03 NIST CSF v2.0 DE.AE 03 Information is correlated from multiple sources. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring NIST_CSF_v2.0 DE.AE_03 NIST_CSF_v2.0_DE.AE_03 NIST CSF v2.0 DE.AE 03 Information is correlated from multiple sources. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring NIST_CSF_v2.0 DE.AE_03 NIST_CSF_v2.0_DE.AE_03 NIST CSF v2.0 DE.AE 03 Information is correlated from multiple sources. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring NIST_CSF_v2.0 DE.AE_03 NIST_CSF_v2.0_DE.AE_03 NIST CSF v2.0 DE.AE 03 Information is correlated from multiple sources. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_CSF_v2.0 DE.AE_06 NIST_CSF_v2.0_DE.AE_06 NIST CSF v2.0 DE.AE 06 Information on adverse events is provided to authorized staff and tools. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NIST_CSF_v2.0 DE.CM NIST_CSF_v2.0_DE.CM 404 not found NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_CSF_v2.0 DE.CM NIST_CSF_v2.0_DE.CM 404 not found NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center NIST_CSF_v2.0 DE.CM NIST_CSF_v2.0_DE.CM 404 not found NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring NIST_CSF_v2.0 DE.CM NIST_CSF_v2.0_DE.CM 404 not found NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring NIST_CSF_v2.0 DE.CM NIST_CSF_v2.0_DE.CM 404 not found NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring NIST_CSF_v2.0 DE.CM NIST_CSF_v2.0_DE.CM 404 not found NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring NIST_CSF_v2.0 DE.CM NIST_CSF_v2.0_DE.CM 404 not found NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center NIST_CSF_v2.0 DE.CM NIST_CSF_v2.0_DE.CM 404 not found NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center NIST_CSF_v2.0 DE.CM NIST_CSF_v2.0_DE.CM 404 not found NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center NIST_CSF_v2.0 DE.CM NIST_CSF_v2.0_DE.CM 404 not found NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NIST_CSF_v2.0 DE.CM NIST_CSF_v2.0_DE.CM 404 not found NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring NIST_CSF_v2.0 DE.CM NIST_CSF_v2.0_DE.CM 404 not found NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center NIST_CSF_v2.0 DE.CM NIST_CSF_v2.0_DE.CM 404 not found NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes NIST_CSF_v2.0 DE.CM NIST_CSF_v2.0_DE.CM 404 not found NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_CSF_v2.0 DE.CM NIST_CSF_v2.0_DE.CM 404 not found NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center NIST_CSF_v2.0 DE.CM NIST_CSF_v2.0_DE.CM 404 not found NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NIST_CSF_v2.0 DE.CM NIST_CSF_v2.0_DE.CM 404 not found NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network NIST_CSF_v2.0 DE.CM NIST_CSF_v2.0_DE.CM 404 not found NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring NIST_CSF_v2.0 DE.CM NIST_CSF_v2.0_DE.CM 404 not found NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration NIST_CSF_v2.0 DE.CM_03 NIST_CSF_v2.0_DE.CM_03 NIST CSF v2.0 DE.CM 03 Personnel activity and technology usage are monitored to find potentially adverse events. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center NIST_CSF_v2.0 DE.CM_09 NIST_CSF_v2.0_DE.CM_09 NIST CSF v2.0 DE.CM 09 Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center NIST_CSF_v2.0 DE.CM_09 NIST_CSF_v2.0_DE.CM_09 NIST CSF v2.0 DE.CM 09 Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager NIST_CSF_v2.0 DE.CM_09 NIST_CSF_v2.0_DE.CM_09 NIST CSF v2.0 DE.CM 09 Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center NIST_CSF_v2.0 DE.CM_09 NIST_CSF_v2.0_DE.CM_09 NIST CSF v2.0 DE.CM 09 Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center NIST_CSF_v2.0 DE.CM_09 NIST_CSF_v2.0_DE.CM_09 NIST CSF v2.0 DE.CM 09 Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center NIST_CSF_v2.0 DE.CM_09 NIST_CSF_v2.0_DE.CM_09 NIST CSF v2.0 DE.CM 09 Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center NIST_CSF_v2.0 DE.CM_09 NIST_CSF_v2.0_DE.CM_09 NIST CSF v2.0 DE.CM 09 Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL NIST_CSF_v2.0 DE.CM_09 NIST_CSF_v2.0_DE.CM_09 NIST CSF v2.0 DE.CM 09 Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center NIST_CSF_v2.0 DE.CM_09 NIST_CSF_v2.0_DE.CM_09 NIST CSF v2.0 DE.CM 09 Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration NIST_CSF_v2.0 DE.CM_09 NIST_CSF_v2.0_DE.CM_09 NIST CSF v2.0 DE.CM 09 Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning NIST_CSF_v2.0 DE.CM_09 NIST_CSF_v2.0_DE.CM_09 NIST CSF v2.0 DE.CM 09 Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center NIST_CSF_v2.0 DE.CM_09 NIST_CSF_v2.0_DE.CM_09 NIST CSF v2.0 DE.CM 09 Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL NIST_CSF_v2.0 DE.CM_09 NIST_CSF_v2.0_DE.CM_09 NIST CSF v2.0 DE.CM 09 Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse NIST_CSF_v2.0 DE.CM_09 NIST_CSF_v2.0_DE.CM_09 NIST CSF v2.0 DE.CM 09 Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center NIST_CSF_v2.0 DE.CM_09 NIST_CSF_v2.0_DE.CM_09 NIST CSF v2.0 DE.CM 09 Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NIST_CSF_v2.0 DE.CM_09 NIST_CSF_v2.0_DE.CM_09 NIST CSF v2.0 DE.CM 09 Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute NIST_CSF_v2.0 DE.CM_09 NIST_CSF_v2.0_DE.CM_09 NIST CSF v2.0 DE.CM 09 Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NIST_CSF_v2.0 DE.CM_09 NIST_CSF_v2.0_DE.CM_09 NIST CSF v2.0 DE.CM 09 Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NIST_CSF_v2.0 DE.CM_09 NIST_CSF_v2.0_DE.CM_09 NIST CSF v2.0 DE.CM 09 Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_CSF_v2.0 DE.CM_09 NIST_CSF_v2.0_DE.CM_09 NIST CSF v2.0 DE.CM 09 Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_CSF_v2.0 DE.CM_09 NIST_CSF_v2.0_DE.CM_09 NIST CSF v2.0 DE.CM 09 Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center NIST_CSF_v2.0 DE.CM_09 NIST_CSF_v2.0_DE.CM_09 NIST CSF v2.0 DE.CM 09 Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center NIST_CSF_v2.0 DE.CM_09 NIST_CSF_v2.0_DE.CM_09 NIST CSF v2.0 DE.CM 09 Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center NIST_CSF_v2.0 DE.CM_09 NIST_CSF_v2.0_DE.CM_09 NIST CSF v2.0 DE.CM 09 Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NIST_CSF_v2.0 GV.OC_04 NIST_CSF_v2.0_GV.OC_04 NIST CSF v2.0 GV.OC 04 Critical objectives, capabilities, and services that external stakeholders depend on or expect from the organization are understood and communicated. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_CSF_v2.0 GV.SC_07 NIST_CSF_v2.0_GV.SC_07 NIST CSF v2.0 GV.SC 07 The risks posed by a supplier, their products and services, and other third parties are understood, recorded, prioritized, assessed, responded to, and monitored over the course of the relationship. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_CSF_v2.0 GV.SC_07 NIST_CSF_v2.0_GV.SC_07 NIST CSF v2.0 GV.SC 07 The risks posed by a supplier, their products and services, and other third parties are understood, recorded, prioritized, assessed, responded to, and monitored over the course of the relationship. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center NIST_CSF_v2.0 GV.SC_07 NIST_CSF_v2.0_GV.SC_07 NIST CSF v2.0 GV.SC 07 The risks posed by a supplier, their products and services, and other third parties are understood, recorded, prioritized, assessed, responded to, and monitored over the course of the relationship. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_CSF_v2.0 GV.SC_07 NIST_CSF_v2.0_GV.SC_07 NIST CSF v2.0 GV.SC 07 The risks posed by a supplier, their products and services, and other third parties are understood, recorded, prioritized, assessed, responded to, and monitored over the course of the relationship. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center NIST_CSF_v2.0 GV.SC_07 NIST_CSF_v2.0_GV.SC_07 NIST CSF v2.0 GV.SC 07 The risks posed by a supplier, their products and services, and other third parties are understood, recorded, prioritized, assessed, responded to, and monitored over the course of the relationship. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_CSF_v2.0 GV.SC_07 NIST_CSF_v2.0_GV.SC_07 NIST CSF v2.0 GV.SC 07 The risks posed by a supplier, their products and services, and other third parties are understood, recorded, prioritized, assessed, responded to, and monitored over the course of the relationship. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center NIST_CSF_v2.0 GV.SC_07 NIST_CSF_v2.0_GV.SC_07 NIST CSF v2.0 GV.SC 07 The risks posed by a supplier, their products and services, and other third parties are understood, recorded, prioritized, assessed, responded to, and monitored over the course of the relationship. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_CSF_v2.0 GV.SC_07 NIST_CSF_v2.0_GV.SC_07 NIST CSF v2.0 GV.SC 07 The risks posed by a supplier, their products and services, and other third parties are understood, recorded, prioritized, assessed, responded to, and monitored over the course of the relationship. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center NIST_CSF_v2.0 GV.SC_07 NIST_CSF_v2.0_GV.SC_07 NIST CSF v2.0 GV.SC 07 The risks posed by a supplier, their products and services, and other third parties are understood, recorded, prioritized, assessed, responded to, and monitored over the course of the relationship. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_CSF_v2.0 GV.SC_07 NIST_CSF_v2.0_GV.SC_07 NIST CSF v2.0 GV.SC 07 The risks posed by a supplier, their products and services, and other third parties are understood, recorded, prioritized, assessed, responded to, and monitored over the course of the relationship. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center NIST_CSF_v2.0 GV.SC_07 NIST_CSF_v2.0_GV.SC_07 NIST CSF v2.0 GV.SC 07 The risks posed by a supplier, their products and services, and other third parties are understood, recorded, prioritized, assessed, responded to, and monitored over the course of the relationship. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center NIST_CSF_v2.0 GV.SC_07 NIST_CSF_v2.0_GV.SC_07 NIST CSF v2.0 GV.SC 07 The risks posed by a supplier, their products and services, and other third parties are understood, recorded, prioritized, assessed, responded to, and monitored over the course of the relationship. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center NIST_CSF_v2.0 GV.SC_07 NIST_CSF_v2.0_GV.SC_07 NIST CSF v2.0 GV.SC 07 The risks posed by a supplier, their products and services, and other third parties are understood, recorded, prioritized, assessed, responded to, and monitored over the course of the relationship. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_CSF_v2.0 GV.SC_07 NIST_CSF_v2.0_GV.SC_07 NIST CSF v2.0 GV.SC 07 The risks posed by a supplier, their products and services, and other third parties are understood, recorded, prioritized, assessed, responded to, and monitored over the course of the relationship. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_CSF_v2.0 GV.SC_07 NIST_CSF_v2.0_GV.SC_07 NIST CSF v2.0 GV.SC 07 The risks posed by a supplier, their products and services, and other third parties are understood, recorded, prioritized, assessed, responded to, and monitored over the course of the relationship. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center NIST_CSF_v2.0 GV.SC_07 NIST_CSF_v2.0_GV.SC_07 NIST CSF v2.0 GV.SC 07 The risks posed by a supplier, their products and services, and other third parties are understood, recorded, prioritized, assessed, responded to, and monitored over the course of the relationship. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NIST_CSF_v2.0 GV.SC_07 NIST_CSF_v2.0_GV.SC_07 NIST CSF v2.0 GV.SC 07 The risks posed by a supplier, their products and services, and other third parties are understood, recorded, prioritized, assessed, responded to, and monitored over the course of the relationship. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NIST_CSF_v2.0 ID.AM_01 NIST_CSF_v2.0_ID.AM_01 NIST CSF v2.0 ID.AM 01 Inventories of hardware managed by the organization are maintained. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL NIST_CSF_v2.0 ID.RA_01 NIST_CSF_v2.0_ID.RA_01 NIST CSF v2.0 ID.RA 01 Vulnerabilities in assets are identified, validated, and recorded. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL NIST_CSF_v2.0 ID.RA_01 NIST_CSF_v2.0_ID.RA_01 NIST CSF v2.0 ID.RA 01 Vulnerabilities in assets are identified, validated, and recorded. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NIST_CSF_v2.0 ID.RA_07 NIST_CSF_v2.0_ID.RA_07 NIST CSF v2.0 ID.RA 07 Changes and exceptions are managed, assessed for risk impact, recorded, and tracked. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_CSF_v2.0 ID.RA_07 NIST_CSF_v2.0_ID.RA_07 NIST CSF v2.0 ID.RA 07 Changes and exceptions are managed, assessed for risk impact, recorded, and tracked. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NIST_CSF_v2.0 ID.RA_07 NIST_CSF_v2.0_ID.RA_07 NIST CSF v2.0 ID.RA 07 Changes and exceptions are managed, assessed for risk impact, recorded, and tracked. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center NIST_CSF_v2.0 ID.RA_07 NIST_CSF_v2.0_ID.RA_07 NIST CSF v2.0 ID.RA 07 Changes and exceptions are managed, assessed for risk impact, recorded, and tracked. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration NIST_CSF_v2.0 PR.AA NIST_CSF_v2.0_PR.AA 404 not found NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault NIST_CSF_v2.0 PR.AA NIST_CSF_v2.0_PR.AA 404 not found NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL NIST_CSF_v2.0 PR.AA NIST_CSF_v2.0_PR.AA 404 not found NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NIST_CSF_v2.0 PR.AA_01 NIST_CSF_v2.0_PR.AA_01 NIST CSF v2.0 PR.AA 01 Identities and credentials for authorized users, services, and hardware are managed by the organization. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_CSF_v2.0 PR.AA_01 NIST_CSF_v2.0_PR.AA_01 NIST CSF v2.0 PR.AA 01 Identities and credentials for authorized users, services, and hardware are managed by the organization. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration NIST_CSF_v2.0 PR.AA_01 NIST_CSF_v2.0_PR.AA_01 NIST CSF v2.0 PR.AA 01 Identities and credentials for authorized users, services, and hardware are managed by the organization. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL NIST_CSF_v2.0 PR.AA_01 NIST_CSF_v2.0_PR.AA_01 NIST CSF v2.0 PR.AA 01 Identities and credentials for authorized users, services, and hardware are managed by the organization. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_CSF_v2.0 PR.AA_05 NIST_CSF_v2.0_PR.AA_05 NIST CSF v2.0 PR.AA 05 Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_CSF_v2.0 PR.AA_05 NIST_CSF_v2.0_PR.AA_05 NIST CSF v2.0 PR.AA 05 Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NIST_CSF_v2.0 PR.AA_05 NIST_CSF_v2.0_PR.AA_05 NIST CSF v2.0 PR.AA 05 Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration NIST_CSF_v2.0 PR.AA_05 NIST_CSF_v2.0_PR.AA_05 NIST CSF v2.0 PR.AA 05 Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub NIST_CSF_v2.0 PR.AA_05 NIST_CSF_v2.0_PR.AA_05 NIST CSF v2.0 PR.AA 05 Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_CSF_v2.0 PR.AA_05 NIST_CSF_v2.0_PR.AA_05 NIST CSF v2.0 PR.AA 05 Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NIST_CSF_v2.0 PR.AA_05 NIST_CSF_v2.0_PR.AA_05 NIST CSF v2.0 PR.AA 05 Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes NIST_CSF_v2.0 PR.AA_05 NIST_CSF_v2.0_PR.AA_05 NIST CSF v2.0 PR.AA 05 Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration NIST_CSF_v2.0 PR.AA_05 NIST_CSF_v2.0_PR.AA_05 NIST CSF v2.0 PR.AA 05 Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes NIST_CSF_v2.0 PR.AA_05 NIST_CSF_v2.0_PR.AA_05 NIST CSF v2.0 PR.AA 05 Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus NIST_CSF_v2.0 PR.AA_05 NIST_CSF_v2.0_PR.AA_05 NIST CSF v2.0 PR.AA 05 Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL NIST_CSF_v2.0 PR.AA_05 NIST_CSF_v2.0_PR.AA_05 NIST CSF v2.0 PR.AA 05 Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NIST_CSF_v2.0 PR.AA_05 NIST_CSF_v2.0_PR.AA_05 NIST CSF v2.0 PR.AA 05 Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB NIST_CSF_v2.0 PR.AA_05 NIST_CSF_v2.0_PR.AA_05 NIST CSF v2.0 PR.AA 05 Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL NIST_CSF_v2.0 PR.AA_05 NIST_CSF_v2.0_PR.AA_05 NIST CSF v2.0 PR.AA 05 Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_CSF_v2.0 PR.AA_05 NIST_CSF_v2.0_PR.AA_05 NIST CSF v2.0 PR.AA 05 Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL NIST_CSF_v2.0 PR.AA_05 NIST_CSF_v2.0_PR.AA_05 NIST CSF v2.0 PR.AA 05 Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring NIST_CSF_v2.0 PR.AA_05 NIST_CSF_v2.0_PR.AA_05 NIST CSF v2.0 PR.AA 05 Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning NIST_CSF_v2.0 PR.AA_05 NIST_CSF_v2.0_PR.AA_05 NIST CSF v2.0 PR.AA 05 Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NIST_CSF_v2.0 PR.AA_05 NIST_CSF_v2.0_PR.AA_05 NIST CSF v2.0 PR.AA 05 Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NIST_CSF_v2.0 PR.AA_05 NIST_CSF_v2.0_PR.AA_05 NIST CSF v2.0 PR.AA 05 Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NIST_CSF_v2.0 PR.AA_05 NIST_CSF_v2.0_PR.AA_05 NIST CSF v2.0 PR.AA 05 Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_CSF_v2.0 PR.AA_05 NIST_CSF_v2.0_PR.AA_05 NIST CSF v2.0 PR.AA 05 Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network NIST_CSF_v2.0 PR.AA_05 NIST_CSF_v2.0_PR.AA_05 NIST CSF v2.0 PR.AA 05 Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring NIST_CSF_v2.0 PR.AA_05 NIST_CSF_v2.0_PR.AA_05 NIST CSF v2.0 PR.AA 05 Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute NIST_CSF_v2.0 PR.AA_05 NIST_CSF_v2.0_PR.AA_05 NIST CSF v2.0 PR.AA 05 Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NIST_CSF_v2.0 PR.AA_05 NIST_CSF_v2.0_PR.AA_05 NIST CSF v2.0 PR.AA 05 Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NIST_CSF_v2.0 PR.AA_05 NIST_CSF_v2.0_PR.AA_05 NIST CSF v2.0 PR.AA 05 Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring NIST_CSF_v2.0 PR.AA_05 NIST_CSF_v2.0_PR.AA_05 NIST CSF v2.0 PR.AA 05 Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center NIST_CSF_v2.0 PR.DS NIST_CSF_v2.0_PR.DS 404 not found NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault NIST_CSF_v2.0 PR.DS_01 NIST_CSF_v2.0_PR.DS_01 NIST CSF v2.0 PR.DS 01 The confidentiality, integrity, and availability of data-at-rest are protected. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL NIST_CSF_v2.0 PR.DS_01 NIST_CSF_v2.0_PR.DS_01 NIST CSF v2.0 PR.DS 01 The confidentiality, integrity, and availability of data-at-rest are protected. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL NIST_CSF_v2.0 PR.DS_01 NIST_CSF_v2.0_PR.DS_01 NIST CSF v2.0 PR.DS 01 The confidentiality, integrity, and availability of data-at-rest are protected. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup NIST_CSF_v2.0 PR.DS_01 NIST_CSF_v2.0_PR.DS_01 NIST CSF v2.0 PR.DS 01 The confidentiality, integrity, and availability of data-at-rest are protected. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service NIST_CSF_v2.0 PR.DS_02 NIST_CSF_v2.0_PR.DS_02 NIST CSF v2.0 PR.DS 02 The confidentiality, integrity, and availability of data-in-transit are protected. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration NIST_CSF_v2.0 PR.DS_02 NIST_CSF_v2.0_PR.DS_02 NIST CSF v2.0 PR.DS 02 The confidentiality, integrity, and availability of data-in-transit are protected. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute NIST_CSF_v2.0 PR.PS_02 NIST_CSF_v2.0_PR.PS_02 NIST CSF v2.0 PR.PS 02 Software is maintained, replaced, and removed commensurate with risk. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center NIST_CSF_v2.0 PR.PS_04 NIST_CSF_v2.0_PR.PS_04 NIST CSF v2.0 PR.PS 04 Log records are generated and made available for continuous monitoring. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center NIST_CSF_v2.0 PR.PS_04 NIST_CSF_v2.0_PR.PS_04 NIST CSF v2.0 PR.PS 04 Log records are generated and made available for continuous monitoring. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center NIST_CSF_v2.0 PR.PS_05 NIST_CSF_v2.0_PR.PS_05 NIST CSF v2.0 PR.PS 05 Installation and execution of unauthorized software are prevented. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_CSF_v2.0 PR.PS_05 NIST_CSF_v2.0_PR.PS_05 NIST CSF v2.0 PR.PS 05 Installation and execution of unauthorized software are prevented. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute NIST_CSF_v2.0 PR.PS_05 NIST_CSF_v2.0_PR.PS_05 NIST CSF v2.0 PR.PS 05 Installation and execution of unauthorized software are prevented. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center NIST_CSF_v2.0 PR.PS_05 NIST_CSF_v2.0_PR.PS_05 NIST CSF v2.0 PR.PS 05 Installation and execution of unauthorized software are prevented. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_CSF_v2.0 PR.PS_05 NIST_CSF_v2.0_PR.PS_05 NIST CSF v2.0 PR.PS 05 Installation and execution of unauthorized software are prevented. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_CSF_v2.0 PR.PS_05 NIST_CSF_v2.0_PR.PS_05 NIST CSF v2.0 PR.PS 05 Installation and execution of unauthorized software are prevented. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center NIST_CSF_v2.0 PR.PS_05 NIST_CSF_v2.0_PR.PS_05 NIST CSF v2.0 PR.PS 05 Installation and execution of unauthorized software are prevented. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_CSF_v2.0 PR.PS_05 NIST_CSF_v2.0_PR.PS_05 NIST CSF v2.0 PR.PS 05 Installation and execution of unauthorized software are prevented. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center NIST_CSF_v2.0 PR.PS_05 NIST_CSF_v2.0_PR.PS_05 NIST CSF v2.0 PR.PS 05 Installation and execution of unauthorized software are prevented. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NIST_CSF_v2.0 RC.RP NIST_CSF_v2.0_RC.RP 404 not found NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NIST_CSF_v2.0 RC.RP_04 NIST_CSF_v2.0_RC.RP_04 NIST CSF v2.0 RC.RP 04 Critical mission functions and cybersecurity risk management are considered to establish post-incident operational norms. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_CSF_v2.0 RS.CO_02 NIST_CSF_v2.0_RS.CO_02 NIST CSF v2.0 RS.CO 02 Internal and external stakeholders are notified of incidents. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_CSF_v2.0 RS.CO_03 NIST_CSF_v2.0_RS.CO_03 NIST CSF v2.0 RS.CO 03 Information is shared with designated internal and external stakeholders. NIST CSF v2.0 (184a0e05-7b06-4a68-bbbe-13b8353bc613)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance NIST_SP_800-171_R2_3 .1.11 NIST_SP_800-171_R2_3.1.11 NIST SP 800-171 R2 3.1.11 Terminate (automatically) a user session after a defined condition. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance NIST_SP_800-171_R2_3 .1.15 NIST_SP_800-171_R2_3.1.15 NIST SP 800-171 R2 3.1.15 Authorize remote execution of privileged commands and remote access to security-relevant information. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance NIST_SP_800-171_R2_3 .1.15 NIST_SP_800-171_R2_3.1.15 NIST SP 800-171 R2 3.1.15 Authorize remote execution of privileged commands and remote access to security-relevant information. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
01c387ea-383d-4ca9-295a-977fab516b03 Authorize remote access to privileged commands Regulatory Compliance NIST_SP_800-171_R2_3 .1.15 NIST_SP_800-171_R2_3.1.15 NIST SP 800-171 R2 3.1.15 Authorize remote execution of privileged commands and remote access to security-relevant information. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance NIST_SP_800-171_R2_3 .1.15 NIST_SP_800-171_R2_3.1.15 NIST SP 800-171 R2 3.1.15 Authorize remote execution of privileged commands and remote access to security-relevant information. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance NIST_SP_800-171_R2_3 .1.15 NIST_SP_800-171_R2_3.1.15 NIST SP 800-171 R2 3.1.15 Authorize remote execution of privileged commands and remote access to security-relevant information. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance NIST_SP_800-171_R2_3 .1.16 NIST_SP_800-171_R2_3.1.16 NIST SP 800-171 R2 3.1.16 Authorize wireless access prior to allowing such connections NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance NIST_SP_800-171_R2_3 .1.16 NIST_SP_800-171_R2_3.1.16 NIST SP 800-171 R2 3.1.16 Authorize wireless access prior to allowing such connections NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance NIST_SP_800-171_R2_3 .1.17 NIST_SP_800-171_R2_3.1.17 NIST SP 800-171 R2 3.1.17 Protect wireless access using authentication and encryption NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance NIST_SP_800-171_R2_3 .1.17 NIST_SP_800-171_R2_3.1.17 NIST SP 800-171 R2 3.1.17 Protect wireless access using authentication and encryption NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance NIST_SP_800-171_R2_3 .1.17 NIST_SP_800-171_R2_3.1.17 NIST SP 800-171 R2 3.1.17 Protect wireless access using authentication and encryption NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance NIST_SP_800-171_R2_3 .1.18 NIST_SP_800-171_R2_3.1.18 NIST SP 800-171 R2 3.1.18 Control connection of mobile devices. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance NIST_SP_800-171_R2_3 .1.19 NIST_SP_800-171_R2_3.1.19 NIST SP 800-171 R2 3.1.19 Encrypt CUI on mobile devices and mobile computing platforms NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance NIST_SP_800-171_R2_3 .1.19 NIST_SP_800-171_R2_3.1.19 NIST SP 800-171 R2 3.1.19 Encrypt CUI on mobile devices and mobile computing platforms NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fd81a1b3-2d7a-107c-507e-29b87d040c19 Enforce appropriate usage of all accounts Regulatory Compliance NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance NIST_SP_800-171_R2_3 .1.20 NIST_SP_800-171_R2_3.1.20 NIST SP 800-171 R2 3.1.20 Verify and control/limit connections to and use of external systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance NIST_SP_800-171_R2_3 .1.20 NIST_SP_800-171_R2_3.1.20 NIST SP 800-171 R2 3.1.20 Verify and control/limit connections to and use of external systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance NIST_SP_800-171_R2_3 .1.21 NIST_SP_800-171_R2_3.1.21 NIST SP 800-171 R2 3.1.21 Limit use of portable storage devices on external systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance NIST_SP_800-171_R2_3 .1.21 NIST_SP_800-171_R2_3.1.21 NIST SP 800-171 R2 3.1.21 Limit use of portable storage devices on external systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-171_R2_3 .1.21 NIST_SP_800-171_R2_3.1.21 NIST SP 800-171 R2 3.1.21 Limit use of portable storage devices on external systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b4512986-80f5-1656-0c58-08866bd2673a Designate authorized personnel to post publicly accessible information Regulatory Compliance NIST_SP_800-171_R2_3 .1.22 NIST_SP_800-171_R2_3.1.22 NIST SP 800-171 R2 3.1.22 Control CUI posted or processed on publicly accessible systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information Regulatory Compliance NIST_SP_800-171_R2_3 .1.22 NIST_SP_800-171_R2_3.1.22 NIST SP 800-171 R2 3.1.22 Control CUI posted or processed on publicly accessible systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9e3c505e-7aeb-2096-3417-b132242731fc Review content prior to posting publicly accessible information Regulatory Compliance NIST_SP_800-171_R2_3 .1.22 NIST_SP_800-171_R2_3.1.22 NIST SP 800-171 R2 3.1.22 Control CUI posted or processed on publicly accessible systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b5244f81-6cab-3188-2412-179162294996 Review publicly accessible content for nonpublic information Regulatory Compliance NIST_SP_800-171_R2_3 .1.22 NIST_SP_800-171_R2_3.1.22 NIST SP 800-171 R2 3.1.22 Control CUI posted or processed on publicly accessible systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure AI Search services should disable public network access Search NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center NIST_SP_800-171_R2_3 .1.4 NIST_SP_800-171_R2_3.1.4 NIST SP 800-171 R2 3.1.4 Separate the duties of individuals to reduce the risk of malevolent activity without collusion. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration NIST_SP_800-171_R2_3 .1.4 NIST_SP_800-171_R2_3.1.4 NIST SP 800-171 R2 3.1.4 Separate the duties of individuals to reduce the risk of malevolent activity without collusion. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance NIST_SP_800-171_R2_3 .1.4 NIST_SP_800-171_R2_3.1.4 NIST SP 800-171 R2 3.1.4 Separate the duties of individuals to reduce the risk of malevolent activity without collusion. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance NIST_SP_800-171_R2_3 .1.4 NIST_SP_800-171_R2_3.1.4 NIST SP 800-171 R2 3.1.4 Separate the duties of individuals to reduce the risk of malevolent activity without collusion. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration NIST_SP_800-171_R2_3 .1.4 NIST_SP_800-171_R2_3.1.4 NIST SP 800-171 R2 3.1.4 Separate the duties of individuals to reduce the risk of malevolent activity without collusion. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance NIST_SP_800-171_R2_3 .1.4 NIST_SP_800-171_R2_3.1.4 NIST SP 800-171 R2 3.1.4 Separate the duties of individuals to reduce the risk of malevolent activity without collusion. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance NIST_SP_800-171_R2_3 .1.5 NIST_SP_800-171_R2_3.1.5 NIST SP 800-171 R2 3.1.5 Employ the principle of least privilege, including for specific security functions and privileged accounts. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance NIST_SP_800-171_R2_3 .1.5 NIST_SP_800-171_R2_3.1.5 NIST SP 800-171 R2 3.1.5 Employ the principle of least privilege, including for specific security functions and privileged accounts. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance NIST_SP_800-171_R2_3 .1.5 NIST_SP_800-171_R2_3.1.5 NIST SP 800-171 R2 3.1.5 Employ the principle of least privilege, including for specific security functions and privileged accounts. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance NIST_SP_800-171_R2_3 .1.5 NIST_SP_800-171_R2_3.1.5 NIST SP 800-171 R2 3.1.5 Employ the principle of least privilege, including for specific security functions and privileged accounts. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance NIST_SP_800-171_R2_3 .1.5 NIST_SP_800-171_R2_3.1.5 NIST SP 800-171 R2 3.1.5 Employ the principle of least privilege, including for specific security functions and privileged accounts. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General NIST_SP_800-171_R2_3 .1.5 NIST_SP_800-171_R2_3.1.5 NIST SP 800-171 R2 3.1.5 Employ the principle of least privilege, including for specific security functions and privileged accounts. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance NIST_SP_800-171_R2_3 .1.5 NIST_SP_800-171_R2_3.1.5 NIST SP 800-171 R2 3.1.5 Employ the principle of least privilege, including for specific security functions and privileged accounts. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center NIST_SP_800-171_R2_3 .1.5 NIST_SP_800-171_R2_3.1.5 NIST SP 800-171 R2 3.1.5 Employ the principle of least privilege, including for specific security functions and privileged accounts. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance NIST_SP_800-171_R2_3 .1.7 NIST_SP_800-171_R2_3.1.7 NIST SP 800-171 R2 3.1.7 Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance NIST_SP_800-171_R2_3 .1.7 NIST_SP_800-171_R2_3.1.7 NIST SP 800-171 R2 3.1.7 Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance NIST_SP_800-171_R2_3 .1.7 NIST_SP_800-171_R2_3.1.7 NIST SP 800-171 R2 3.1.7 Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance NIST_SP_800-171_R2_3 .1.7 NIST_SP_800-171_R2_3.1.7 NIST SP 800-171 R2 3.1.7 Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance NIST_SP_800-171_R2_3 .1.7 NIST_SP_800-171_R2_3.1.7 NIST SP 800-171 R2 3.1.7 Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance NIST_SP_800-171_R2_3 .1.7 NIST_SP_800-171_R2_3.1.7 NIST SP 800-171 R2 3.1.7 Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b4409bff-2287-8407-05fd-c73175a68302 Enforce a limit of consecutive failed login attempts Regulatory Compliance NIST_SP_800-171_R2_3 .1.8 NIST_SP_800-171_R2_3.1.8 NIST SP 800-171 R2 3.1.8 Limit unsuccessful logon attempts. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance NIST_SP_800-171_R2_3 .10.1 NIST_SP_800-171_R2_3.10.1 NIST SP 800-171 R2 3.10.1 Limit physical access to organizational systems, equipment, and the respective operating environments to authorized individuals. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance NIST_SP_800-171_R2_3 .10.2 NIST_SP_800-171_R2_3.10.2 NIST SP 800-171 R2 3.10.2 Protect and monitor the physical facility and support infrastructure for organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance NIST_SP_800-171_R2_3 .10.2 NIST_SP_800-171_R2_3.10.2 NIST SP 800-171 R2 3.10.2 Protect and monitor the physical facility and support infrastructure for organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance NIST_SP_800-171_R2_3 .10.3 NIST_SP_800-171_R2_3.10.3 NIST SP 800-171 R2 3.10.3 Escort visitors and monitor visitor activity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-171_R2_3 .10.3 NIST_SP_800-171_R2_3.10.3 NIST SP 800-171 R2 3.10.3 Escort visitors and monitor visitor activity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance NIST_SP_800-171_R2_3 .10.4 NIST_SP_800-171_R2_3.10.4 NIST SP 800-171 R2 3.10.4 Maintain audit logs of physical access. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance NIST_SP_800-171_R2_3 .10.5 NIST_SP_800-171_R2_3.10.5 NIST SP 800-171 R2 3.10.5 Control and manage physical access devices. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-171_R2_3 .10.5 NIST_SP_800-171_R2_3.10.5 NIST SP 800-171 R2 3.10.5 Control and manage physical access devices. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance NIST_SP_800-171_R2_3 .10.5 NIST_SP_800-171_R2_3.10.5 NIST SP 800-171 R2 3.10.5 Control and manage physical access devices. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance NIST_SP_800-171_R2_3 .10.5 NIST_SP_800-171_R2_3.10.5 NIST SP 800-171 R2 3.10.5 Control and manage physical access devices. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance NIST_SP_800-171_R2_3 .10.6 NIST_SP_800-171_R2_3.10.6 NIST SP 800-171 R2 3.10.6 Enforce safeguarding measures for CUI at alternate work sites. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance NIST_SP_800-171_R2_3 .11.1 NIST_SP_800-171_R2_3.11.1 NIST SP 800-171 R2 3.11.1 Periodically assess the risk to organizational operations, organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance NIST_SP_800-171_R2_3 .11.1 NIST_SP_800-171_R2_3.11.1 NIST SP 800-171 R2 3.11.1 Periodically assess the risk to organizational operations, organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
5b802722-71dd-a13d-2e7e-231e09589efb Implement privileged access for executing vulnerability scanning activities Regulatory Compliance NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance NIST_SP_800-171_R2_3 .12.1 NIST_SP_800-171_R2_3.12.1 NIST SP 800-171 R2 3.12.1 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance NIST_SP_800-171_R2_3 .12.1 NIST_SP_800-171_R2_3.12.1 NIST SP 800-171 R2 3.12.1 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance NIST_SP_800-171_R2_3 .12.1 NIST_SP_800-171_R2_3.12.1 NIST SP 800-171 R2 3.12.1 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance NIST_SP_800-171_R2_3 .12.1 NIST_SP_800-171_R2_3.12.1 NIST SP 800-171 R2 3.12.1 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance NIST_SP_800-171_R2_3 .12.2 NIST_SP_800-171_R2_3.12.2 NIST SP 800-171 R2 3.12.2 Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance NIST_SP_800-171_R2_3 .12.2 NIST_SP_800-171_R2_3.12.2 NIST SP 800-171 R2 3.12.2 Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d93fe1be-13e4-421d-9c21-3158e2fa2667 Implement plans of action and milestones for security program process Regulatory Compliance NIST_SP_800-171_R2_3 .12.2 NIST_SP_800-171_R2_3.12.2 NIST SP 800-171 R2 3.12.2 Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance NIST_SP_800-171_R2_3 .12.2 NIST_SP_800-171_R2_3.12.2 NIST SP 800-171 R2 3.12.2 Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance NIST_SP_800-171_R2_3 .12.3 NIST_SP_800-171_R2_3.12.3 NIST SP 800-171 R2 3.12.3 Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance NIST_SP_800-171_R2_3 .12.3 NIST_SP_800-171_R2_3.12.3 NIST SP 800-171 R2 3.12.3 Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance NIST_SP_800-171_R2_3 .12.3 NIST_SP_800-171_R2_3.12.3 NIST SP 800-171 R2 3.12.3 Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance NIST_SP_800-171_R2_3 .12.4 NIST_SP_800-171_R2_3.12.4 NIST SP 800-171 R2 3.12.4 Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance NIST_SP_800-171_R2_3 .12.4 NIST_SP_800-171_R2_3.12.4 NIST SP 800-171 R2 3.12.4 Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance NIST_SP_800-171_R2_3 .12.4 NIST_SP_800-171_R2_3.12.4 NIST SP 800-171 R2 3.12.4 Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance NIST_SP_800-171_R2_3 .12.4 NIST_SP_800-171_R2_3.12.4 NIST SP 800-171 R2 3.12.4 Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance NIST_SP_800-171_R2_3 .12.4 NIST_SP_800-171_R2_3.12.4 NIST SP 800-171 R2 3.12.4 Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance NIST_SP_800-171_R2_3 .12.4 NIST_SP_800-171_R2_3.12.4 NIST SP 800-171 R2 3.12.4 Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance NIST_SP_800-171_R2_3 .12.4 NIST_SP_800-171_R2_3.12.4 NIST SP 800-171 R2 3.12.4 Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance NIST_SP_800-171_R2_3 .12.4 NIST_SP_800-171_R2_3.12.4 NIST SP 800-171 R2 3.12.4 Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure AI Search services should disable public network access Search NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
970f84d8-71b6-4091-9979-ace7e3fb6dbb HPC Cache accounts should use customer-managed key for encryption Storage NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a1ad735a-e96f-45d2-a7b2-9a4932cab7ec Event Hub namespaces should use a customer-managed key for encryption Event Hub NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
295fc8b1-dc9f-4f53-9c61-3f313ceab40a Service Bus Premium namespaces should use a customer-managed key for encryption Service Bus NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys Kubernetes NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
702dd420-7fcc-42c5-afe8-4026edd20fe0 OS and data disks should be encrypted with a customer-managed key Compute NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f7d52b2d-e161-4dfa-a82b-55e564167385 Azure Synapse workspaces should use customer-managed keys to encrypt data at rest Synapse NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1f68a601-6e6d-4e42-babf-3f643a047ea2 Azure Monitor Logs clusters should be encrypted with customer-managed key Monitoring NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
99e9ccd8-3db9-4592-b0d1-14b1715a4d8a Azure Batch account should use customer-managed keys to encrypt data Batch NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5 Logic Apps Integration Service Environment should be encrypted with customer-managed keys Logic Apps NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
64d314f6-6062-4780-a861-c23e8951bee5 Azure HDInsight clusters should use customer-managed keys to encrypt data at rest HDInsight NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
86efb160-8de7-451d-bc08-5d475b0aadae Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password Data Box NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
51522a96-0869-4791-82f3-981000c2c67f Bot Service should be encrypted with a customer-managed key Bot Service NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4ec52d6d-beb7-40c4-9a9e-fe753254690e Azure data factories should be encrypted with a customer-managed key Data Factory NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Azure AI Services resources should encrypt data at rest with a customer-managed key (CMK) Cognitive Services NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fa298e57-9444-42ba-bf04-86e8470e32c7 Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption Monitoring NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6 Azure HDInsight clusters should use encryption at host to encrypt data at rest HDInsight NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance NIST_SP_800-171_R2_3 .13.11 NIST_SP_800-171_R2_3.13.11 NIST SP 800-171 R2 3.13.11 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
62fa14f0-4cbe-762d-5469-0899a99b98aa Explicitly notify use of collaborative computing devices Regulatory Compliance NIST_SP_800-171_R2_3 .13.12 NIST_SP_800-171_R2_3.13.12 NIST SP 800-171 R2 3.13.12 Prohibit remote activation of collaborative computing devices and provide indication of devices in use to users present at the device NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
678ca228-042d-6d8e-a598-c58d5670437d Prohibit remote activation of collaborative computing devices Regulatory Compliance NIST_SP_800-171_R2_3 .13.12 NIST_SP_800-171_R2_3.13.12 NIST SP 800-171 R2 3.13.12 Prohibit remote activation of collaborative computing devices and provide indication of devices in use to users present at the device NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance NIST_SP_800-171_R2_3 .13.13 NIST_SP_800-171_R2_3.13.13 NIST SP 800-171 R2 3.13.13 Control and monitor the use of mobile code. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ffdaa742-0d6f-726f-3eac-6e6c34e36c93 Establish usage restrictions for mobile code technologies Regulatory Compliance NIST_SP_800-171_R2_3 .13.13 NIST_SP_800-171_R2_3.13.13 NIST SP 800-171 R2 3.13.13 Control and monitor the use of mobile code. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
291f20d4-8d93-1d73-89f3-6ce28b825563 Authorize, monitor, and control usage of mobile code technologies Regulatory Compliance NIST_SP_800-171_R2_3 .13.13 NIST_SP_800-171_R2_3.13.13 NIST SP 800-171 R2 3.13.13 Control and monitor the use of mobile code. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance NIST_SP_800-171_R2_3 .13.14 NIST_SP_800-171_R2_3.13.14 NIST SP 800-171 R2 3.13.14 Control and monitor the use of Voice over Internet Protocol (VoIP) technologies. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
68a39c2b-0f17-69ee-37a3-aa10f9853a08 Establish voip usage restrictions Regulatory Compliance NIST_SP_800-171_R2_3 .13.14 NIST_SP_800-171_R2_3.13.14 NIST SP 800-171 R2 3.13.14 Control and monitor the use of Voice over Internet Protocol (VoIP) technologies. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c7d57a6a-7cc2-66c0-299f-83bf90558f5d Enforce random unique session identifiers Regulatory Compliance NIST_SP_800-171_R2_3 .13.15 NIST_SP_800-171_R2_3.13.15 NIST SP 800-171 R2 3.13.15 Protect the authenticity of communications sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance NIST_SP_800-171_R2_3 .13.15 NIST_SP_800-171_R2_3.13.15 NIST SP 800-171 R2 3.13.15 Protect the authenticity of communications sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Double encryption should be enabled on Azure Data Explorer Azure Data Explorer NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c349d81b-9985-44ae-a8da-ff98d108ede8 Azure Data Box jobs should enable double encryption for data at rest on the device Data Box NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b4ac1030-89c5-4697-8e00-28b5ba6a8811 Azure Stack Edge devices should use double-encryption Azure Stack Edge NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ea0dfaed-95fb-448c-934e-d6e713ce393d Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) Monitoring NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3a58212a-c829-4f13-9872-6371df2fd0b4 Infrastructure encryption should be enabled for Azure Database for MySQL servers SQL NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
41425d9f-d1a5-499a-9932-f8ed8453932c Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host Kubernetes NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fb74e86f-d351-4b8d-b034-93da7391c01f App Service Environment should have internal encryption enabled App Service NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure AI Search services should disable public network access Search NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance NIST_SP_800-171_R2_3 .13.3 NIST_SP_800-171_R2_3.13.3 NIST SP 800-171 R2 3.13.3 Separate user functionality from system management functionality. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance NIST_SP_800-171_R2_3 .13.3 NIST_SP_800-171_R2_3.13.3 NIST SP 800-171 R2 3.13.3 Separate user functionality from system management functionality. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance NIST_SP_800-171_R2_3 .13.3 NIST_SP_800-171_R2_3.13.3 NIST SP 800-171 R2 3.13.3 Separate user functionality from system management functionality. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure AI Search services should disable public network access Search NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure AI Search services should disable public network access Search NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance NIST_SP_800-171_R2_3 .13.7 NIST_SP_800-171_R2_3.13.7 NIST SP 800-171 R2 3.13.7 Prevent remote devices from simultaneously establishing non-remote connections with organizational systems and communicating via some other connection to resources in external networks (i.e., split tunneling). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service NIST_SP_800-171_R2_3 .13.8 NIST_SP_800-171_R2_3.13.8 NIST SP 800-171 R2 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration NIST_SP_800-171_R2_3 .13.8 NIST_SP_800-171_R2_3.13.8 NIST SP 800-171 R2 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service NIST_SP_800-171_R2_3 .13.8 NIST_SP_800-171_R2_3.13.8 NIST SP 800-171 R2 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance NIST_SP_800-171_R2_3 .13.8 NIST_SP_800-171_R2_3.13.8 NIST SP 800-171 R2 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance NIST_SP_800-171_R2_3 .13.8 NIST_SP_800-171_R2_3.13.8 NIST SP 800-171 R2 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes NIST_SP_800-171_R2_3 .13.8 NIST_SP_800-171_R2_3.13.8 NIST SP 800-171 R2 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d9da03a1-f3c3-412a-9709-947156872263 Azure HDInsight clusters should use encryption in transit to encrypt communication between Azure HDInsight cluster nodes HDInsight NIST_SP_800-171_R2_3 .13.8 NIST_SP_800-171_R2_3.13.8 NIST SP 800-171 R2 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache NIST_SP_800-171_R2_3 .13.8 NIST_SP_800-171_R2_3.13.8 NIST SP 800-171 R2 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NIST_SP_800-171_R2_3 .13.8 NIST_SP_800-171_R2_3.13.8 NIST SP 800-171 R2 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service NIST_SP_800-171_R2_3 .13.8 NIST_SP_800-171_R2_3.13.8 NIST SP 800-171 R2 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service NIST_SP_800-171_R2_3 .13.8 NIST_SP_800-171_R2_3.13.8 NIST SP 800-171 R2 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL NIST_SP_800-171_R2_3 .13.8 NIST_SP_800-171_R2_3.13.8 NIST SP 800-171 R2 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service NIST_SP_800-171_R2_3 .13.8 NIST_SP_800-171_R2_3.13.8 NIST SP 800-171 R2 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL NIST_SP_800-171_R2_3 .13.8 NIST_SP_800-171_R2_3.13.8 NIST SP 800-171 R2 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance NIST_SP_800-171_R2_3 .13.8 NIST_SP_800-171_R2_3.13.8 NIST SP 800-171 R2 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service NIST_SP_800-171_R2_3 .13.8 NIST_SP_800-171_R2_3.13.8 NIST SP 800-171 R2 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance NIST_SP_800-171_R2_3 .13.9 NIST_SP_800-171_R2_3.13.9 NIST SP 800-171 R2 3.13.9 Terminate network connections associated with communications sessions at the end of the sessions or after a defined period of inactivity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NIST_SP_800-171_R2_3 .14.3 NIST_SP_800-171_R2_3.14.3 NIST SP 800-171 R2 3.14.3 Monitor system security alerts and advisories and take action in response. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center NIST_SP_800-171_R2_3 .14.3 NIST_SP_800-171_R2_3.14.3 NIST SP 800-171 R2 3.14.3 Monitor system security alerts and advisories and take action in response. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Disseminate security alerts to personnel Regulatory Compliance NIST_SP_800-171_R2_3 .14.3 NIST_SP_800-171_R2_3.14.3 NIST SP 800-171 R2 3.14.3 Monitor system security alerts and advisories and take action in response. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
26d178a4-9261-6f04-a100-47ed85314c6e Implement security directives Regulatory Compliance NIST_SP_800-171_R2_3 .14.3 NIST_SP_800-171_R2_3.14.3 NIST SP 800-171 R2 3.14.3 Monitor system security alerts and advisories and take action in response. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_SP_800-171_R2_3 .14.3 NIST_SP_800-171_R2_3.14.3 NIST SP 800-171 R2 3.14.3 Monitor system security alerts and advisories and take action in response. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-171_R2_3 .14.3 NIST_SP_800-171_R2_3.14.3 NIST SP 800-171 R2 3.14.3 Monitor system security alerts and advisories and take action in response. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-171_R2_3 .14.3 NIST_SP_800-171_R2_3.14.3 NIST SP 800-171 R2 3.14.3 Monitor system security alerts and advisories and take action in response. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-171_R2_3 .14.3 NIST_SP_800-171_R2_3.14.3 NIST SP 800-171 R2 3.14.3 Monitor system security alerts and advisories and take action in response. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-171_R2_3 .14.3 NIST_SP_800-171_R2_3.14.3 NIST SP 800-171 R2 3.14.3 Monitor system security alerts and advisories and take action in response. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-171_R2_3 .14.3 NIST_SP_800-171_R2_3.14.3 NIST SP 800-171 R2 3.14.3 Monitor system security alerts and advisories and take action in response. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-171_R2_3 .14.3 NIST_SP_800-171_R2_3.14.3 NIST SP 800-171 R2 3.14.3 Monitor system security alerts and advisories and take action in response. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-171_R2_3 .14.3 NIST_SP_800-171_R2_3.14.3 NIST SP 800-171 R2 3.14.3 Monitor system security alerts and advisories and take action in response. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-171_R2_3 .14.3 NIST_SP_800-171_R2_3.14.3 NIST SP 800-171 R2 3.14.3 Monitor system security alerts and advisories and take action in response. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b0e3035d-6366-2e37-796e-8bcab9c649e6 Establish a threat intelligence program Regulatory Compliance NIST_SP_800-171_R2_3 .14.3 NIST_SP_800-171_R2_3.14.3 NIST SP 800-171 R2 3.14.3 Monitor system security alerts and advisories and take action in response. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute NIST_SP_800-171_R2_3 .14.4 NIST_SP_800-171_R2_3.14.4 NIST SP 800-171 R2 3.14.4 Update malicious code protection mechanisms when new releases are available. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance NIST_SP_800-171_R2_3 .14.4 NIST_SP_800-171_R2_3.14.4 NIST SP 800-171 R2 3.14.4 Update malicious code protection mechanisms when new releases are available. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute NIST_SP_800-171_R2_3 .14.4 NIST_SP_800-171_R2_3.14.4 NIST SP 800-171 R2 3.14.4 Update malicious code protection mechanisms when new releases are available. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance NIST_SP_800-171_R2_3 .14.4 NIST_SP_800-171_R2_3.14.4 NIST SP 800-171 R2 3.14.4 Update malicious code protection mechanisms when new releases are available. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance NIST_SP_800-171_R2_3 .14.4 NIST_SP_800-171_R2_3.14.4 NIST SP 800-171 R2 3.14.4 Update malicious code protection mechanisms when new releases are available. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance NIST_SP_800-171_R2_3 .14.4 NIST_SP_800-171_R2_3.14.4 NIST SP 800-171 R2 3.14.4 Update malicious code protection mechanisms when new releases are available. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-171_R2_3 .14.4 NIST_SP_800-171_R2_3.14.4 NIST SP 800-171 R2 3.14.4 Update malicious code protection mechanisms when new releases are available. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration NIST_SP_800-171_R2_3 .14.4 NIST_SP_800-171_R2_3.14.4 NIST SP 800-171 R2 3.14.4 Update malicious code protection mechanisms when new releases are available. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-171_R2_3 .14.4 NIST_SP_800-171_R2_3.14.4 NIST SP 800-171 R2 3.14.4 Update malicious code protection mechanisms when new releases are available. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute NIST_SP_800-171_R2_3 .14.5 NIST_SP_800-171_R2_3.14.5 NIST SP 800-171 R2 3.14.5 Perform periodic scans of organizational systems and real-time scans of files from external sources as files are downloaded, opened, or executed. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration NIST_SP_800-171_R2_3 .14.5 NIST_SP_800-171_R2_3.14.5 NIST SP 800-171 R2 3.14.5 Perform periodic scans of organizational systems and real-time scans of files from external sources as files are downloaded, opened, or executed. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-171_R2_3 .14.5 NIST_SP_800-171_R2_3.14.5 NIST SP 800-171 R2 3.14.5 Perform periodic scans of organizational systems and real-time scans of files from external sources as files are downloaded, opened, or executed. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute NIST_SP_800-171_R2_3 .14.5 NIST_SP_800-171_R2_3.14.5 NIST SP 800-171 R2 3.14.5 Perform periodic scans of organizational systems and real-time scans of files from external sources as files are downloaded, opened, or executed. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
07b42fb5-027e-5a3c-4915-9d9ef3020ec7 Discover any indicators of compromise Regulatory Compliance NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance NIST_SP_800-171_R2_3 .2.1 NIST_SP_800-171_R2_3.2.1 NIST SP 800-171 R2 3.2.1 Ensure that managers, systems administrators, and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies, standards,& procedures related to the security of those systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance NIST_SP_800-171_R2_3 .2.1 NIST_SP_800-171_R2_3.2.1 NIST SP 800-171 R2 3.2.1 Ensure that managers, systems administrators, and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies, standards,& procedures related to the security of those systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance NIST_SP_800-171_R2_3 .2.2 NIST_SP_800-171_R2_3.2.2 NIST SP 800-171 R2 3.2.2 Ensure that personnel are trained to carry out their assigned information security-related duties and responsibilities. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance NIST_SP_800-171_R2_3 .2.2 NIST_SP_800-171_R2_3.2.2 NIST SP 800-171 R2 3.2.2 Ensure that personnel are trained to carry out their assigned information security-related duties and responsibilities. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats Regulatory Compliance NIST_SP_800-171_R2_3 .2.3 NIST_SP_800-171_R2_3.2.3 NIST SP 800-171 R2 3.2.3 Provide security awareness training on recognizing and reporting potential indicators of insider threat. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
35de8462-03ff-45b3-5746-9d4603c74c56 Implement an insider threat program Regulatory Compliance NIST_SP_800-171_R2_3 .2.3 NIST_SP_800-171_R2_3.2.3 NIST SP 800-171 R2 3.2.3 Provide security awareness training on recognizing and reporting potential indicators of insider threat. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a930f477-9dcb-2113-8aa7-45bb6fc90861 Review and update the events defined in AU-02 Regulatory Compliance NIST_SP_800-171_R2_3 .3.3 NIST_SP_800-171_R2_3.3.3 NIST SP 800-171 R2 3.3.3 Review and update logged events. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-171_R2_3 .3.4 NIST_SP_800-171_R2_3.3.4 NIST SP 800-171 R2 3.3.4 Alert in the event of an audit logging process failure. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-171_R2_3 .3.4 NIST_SP_800-171_R2_3.3.4 NIST SP 800-171 R2 3.3.4 Alert in the event of an audit logging process failure. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-171_R2_3 .3.4 NIST_SP_800-171_R2_3.3.4 NIST SP 800-171 R2 3.3.4 Alert in the event of an audit logging process failure. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance NIST_SP_800-171_R2_3 .3.4 NIST_SP_800-171_R2_3.3.4 NIST SP 800-171 R2 3.3.4 Alert in the event of an audit logging process failure. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-171_R2_3 .3.4 NIST_SP_800-171_R2_3.3.4 NIST SP 800-171 R2 3.3.4 Alert in the event of an audit logging process failure. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-171_R2_3 .3.4 NIST_SP_800-171_R2_3.3.4 NIST SP 800-171 R2 3.3.4 Alert in the event of an audit logging process failure. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-171_R2_3 .3.4 NIST_SP_800-171_R2_3.3.4 NIST SP 800-171 R2 3.3.4 Alert in the event of an audit logging process failure. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0f4fa857-079d-9d3d-5c49-21f616189e03 Provide real-time alerts for audit event failures Regulatory Compliance NIST_SP_800-171_R2_3 .3.4 NIST_SP_800-171_R2_3.3.4 NIST SP 800-171 R2 3.3.4 Alert in the event of an audit logging process failure. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-171_R2_3 .3.4 NIST_SP_800-171_R2_3.3.4 NIST SP 800-171 R2 3.3.4 Alert in the event of an audit logging process failure. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-171_R2_3 .3.4 NIST_SP_800-171_R2_3.3.4 NIST SP 800-171 R2 3.3.4 Alert in the event of an audit logging process failure. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-171_R2_3 .3.4 NIST_SP_800-171_R2_3.3.4 NIST SP 800-171 R2 3.3.4 Alert in the event of an audit logging process failure. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-171_R2_3 .3.4 NIST_SP_800-171_R2_3.3.4 NIST SP 800-171 R2 3.3.4 Alert in the event of an audit logging process failure. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-171_R2_3 .3.5 NIST_SP_800-171_R2_3.3.5 NIST SP 800-171 R2 3.3.5 Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-171_R2_3 .3.5 NIST_SP_800-171_R2_3.3.5 NIST SP 800-171 R2 3.3.5 Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-171_R2_3 .3.5 NIST_SP_800-171_R2_3.3.5 NIST SP 800-171 R2 3.3.5 Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-171_R2_3 .3.5 NIST_SP_800-171_R2_3.3.5 NIST SP 800-171 R2 3.3.5 Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-171_R2_3 .3.5 NIST_SP_800-171_R2_3.3.5 NIST SP 800-171 R2 3.3.5 Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-171_R2_3 .3.5 NIST_SP_800-171_R2_3.3.5 NIST SP 800-171 R2 3.3.5 Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-171_R2_3 .3.5 NIST_SP_800-171_R2_3.3.5 NIST SP 800-171 R2 3.3.5 Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-171_R2_3 .3.5 NIST_SP_800-171_R2_3.3.5 NIST SP 800-171 R2 3.3.5 Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-171_R2_3 .3.5 NIST_SP_800-171_R2_3.3.5 NIST SP 800-171 R2 3.3.5 Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance NIST_SP_800-171_R2_3 .3.5 NIST_SP_800-171_R2_3.3.5 NIST SP 800-171 R2 3.3.5 Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance NIST_SP_800-171_R2_3 .3.5 NIST_SP_800-171_R2_3.3.5 NIST SP 800-171 R2 3.3.5 Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
85335602-93f5-7730-830b-d43426fd51fa Integrate Audit record analysis Regulatory Compliance NIST_SP_800-171_R2_3 .3.5 NIST_SP_800-171_R2_3.3.5 NIST SP 800-171 R2 3.3.5 Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-171_R2_3 .3.5 NIST_SP_800-171_R2_3.3.5 NIST SP 800-171 R2 3.3.5 Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance NIST_SP_800-171_R2_3 .3.6 NIST_SP_800-171_R2_3.3.6 NIST SP 800-171 R2 3.3.6 Provide audit record reduction and report generation to support on-demand analysis and reporting. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance NIST_SP_800-171_R2_3 .3.6 NIST_SP_800-171_R2_3.3.6 NIST SP 800-171 R2 3.3.6 Provide audit record reduction and report generation to support on-demand analysis and reporting. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance NIST_SP_800-171_R2_3 .3.6 NIST_SP_800-171_R2_3.3.6 NIST SP 800-171 R2 3.3.6 Provide audit record reduction and report generation to support on-demand analysis and reporting. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
44f8a42d-739f-8030-89a8-4c2d5b3f6af3 Provide audit review, analysis, and reporting capability Regulatory Compliance NIST_SP_800-171_R2_3 .3.6 NIST_SP_800-171_R2_3.3.6 NIST SP 800-171 R2 3.3.6 Provide audit record reduction and report generation to support on-demand analysis and reporting. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
214ea241-010d-8926-44cc-b90a96d52adc Compile Audit records into system wide audit Regulatory Compliance NIST_SP_800-171_R2_3 .3.6 NIST_SP_800-171_R2_3.3.6 NIST SP 800-171 R2 3.3.6 Provide audit record reduction and report generation to support on-demand analysis and reporting. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance NIST_SP_800-171_R2_3 .3.6 NIST_SP_800-171_R2_3.3.6 NIST SP 800-171 R2 3.3.6 Provide audit record reduction and report generation to support on-demand analysis and reporting. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
21633c09-804e-7fcd-78e3-635c6bfe2be7 Provide capability to process customer-controlled audit records Regulatory Compliance NIST_SP_800-171_R2_3 .3.6 NIST_SP_800-171_R2_3.3.6 NIST SP 800-171 R2 3.3.6 Provide audit record reduction and report generation to support on-demand analysis and reporting. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1ee4c7eb-480a-0007-77ff-4ba370776266 Use system clocks for audit records Regulatory Compliance NIST_SP_800-171_R2_3 .3.7 NIST_SP_800-171_R2_3.3.7 NIST SP 800-171 R2 3.3.7 Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c0559109-6a27-a217-6821-5a6d44f92897 Maintain integrity of audit system Regulatory Compliance NIST_SP_800-171_R2_3 .3.8 NIST_SP_800-171_R2_3.3.8 NIST SP 800-171 R2 3.3.8 Protect audit information and audit logging tools from unauthorized access, modification, and deletion. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance NIST_SP_800-171_R2_3 .3.8 NIST_SP_800-171_R2_3.3.8 NIST SP 800-171 R2 3.3.8 Protect audit information and audit logging tools from unauthorized access, modification, and deletion. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance NIST_SP_800-171_R2_3 .3.8 NIST_SP_800-171_R2_3.3.8 NIST SP 800-171 R2 3.3.8 Protect audit information and audit logging tools from unauthorized access, modification, and deletion. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance NIST_SP_800-171_R2_3 .3.8 NIST_SP_800-171_R2_3.3.8 NIST SP 800-171 R2 3.3.8 Protect audit information and audit logging tools from unauthorized access, modification, and deletion. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance NIST_SP_800-171_R2_3 .3.9 NIST_SP_800-171_R2_3.3.9 NIST SP 800-171 R2 3.3.9 Limit management of audit logging functionality to a subset of privileged users. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
5e4e9685-3818-5934-0071-2620c4fa2ca5 Retain previous versions of baseline configs Regulatory Compliance NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Kubernetes NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Kubernetes NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Kubernetes NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Kubernetes NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Kubernetes NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Kubernetes NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers Regulatory Compliance NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance NIST_SP_800-171_R2_3 .4.3 NIST_SP_800-171_R2_3.4.3 NIST SP 800-171 R2 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance NIST_SP_800-171_R2_3 .4.3 NIST_SP_800-171_R2_3.4.3 NIST SP 800-171 R2 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance NIST_SP_800-171_R2_3 .4.3 NIST_SP_800-171_R2_3.4.3 NIST SP 800-171 R2 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance NIST_SP_800-171_R2_3 .4.3 NIST_SP_800-171_R2_3.4.3 NIST SP 800-171 R2 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance NIST_SP_800-171_R2_3 .4.3 NIST_SP_800-171_R2_3.4.3 NIST SP 800-171 R2 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance NIST_SP_800-171_R2_3 .4.3 NIST_SP_800-171_R2_3.4.3 NIST SP 800-171 R2 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance NIST_SP_800-171_R2_3 .4.3 NIST_SP_800-171_R2_3.4.3 NIST SP 800-171 R2 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance NIST_SP_800-171_R2_3 .4.3 NIST_SP_800-171_R2_3.4.3 NIST SP 800-171 R2 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance NIST_SP_800-171_R2_3 .4.3 NIST_SP_800-171_R2_3.4.3 NIST SP 800-171 R2 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance NIST_SP_800-171_R2_3 .4.3 NIST_SP_800-171_R2_3.4.3 NIST SP 800-171 R2 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance NIST_SP_800-171_R2_3 .4.3 NIST_SP_800-171_R2_3.4.3 NIST SP 800-171 R2 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance NIST_SP_800-171_R2_3 .4.3 NIST_SP_800-171_R2_3.4.3 NIST SP 800-171 R2 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6abdf7c7-362b-3f35-099e-533ed50988f9 Assign information security representative to change control Regulatory Compliance NIST_SP_800-171_R2_3 .4.3 NIST_SP_800-171_R2_3.4.3 NIST SP 800-171 R2 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance NIST_SP_800-171_R2_3 .4.3 NIST_SP_800-171_R2_3.4.3 NIST SP 800-171 R2 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance NIST_SP_800-171_R2_3 .4.3 NIST_SP_800-171_R2_3.4.3 NIST SP 800-171 R2 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance NIST_SP_800-171_R2_3 .4.4 NIST_SP_800-171_R2_3.4.4 NIST SP 800-171 R2 3.4.4 Analyze the security impact of changes prior to implementation. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance NIST_SP_800-171_R2_3 .4.4 NIST_SP_800-171_R2_3.4.4 NIST SP 800-171 R2 3.4.4 Analyze the security impact of changes prior to implementation. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance NIST_SP_800-171_R2_3 .4.4 NIST_SP_800-171_R2_3.4.4 NIST SP 800-171 R2 3.4.4 Analyze the security impact of changes prior to implementation. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance NIST_SP_800-171_R2_3 .4.4 NIST_SP_800-171_R2_3.4.4 NIST SP 800-171 R2 3.4.4 Analyze the security impact of changes prior to implementation. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance NIST_SP_800-171_R2_3 .4.4 NIST_SP_800-171_R2_3.4.4 NIST SP 800-171 R2 3.4.4 Analyze the security impact of changes prior to implementation. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance NIST_SP_800-171_R2_3 .4.4 NIST_SP_800-171_R2_3.4.4 NIST SP 800-171 R2 3.4.4 Analyze the security impact of changes prior to implementation. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance NIST_SP_800-171_R2_3 .4.4 NIST_SP_800-171_R2_3.4.4 NIST SP 800-171 R2 3.4.4 Analyze the security impact of changes prior to implementation. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance NIST_SP_800-171_R2_3 .4.4 NIST_SP_800-171_R2_3.4.4 NIST SP 800-171 R2 3.4.4 Analyze the security impact of changes prior to implementation. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8cd815bf-97e1-5144-0735-11f6ddb50a59 Enforce and audit access restrictions Regulatory Compliance NIST_SP_800-171_R2_3 .4.5 NIST_SP_800-171_R2_3.4.5 NIST SP 800-171 R2 3.4.5 Define, document, approve, and enforce physical and logical access restrictions associated with changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance NIST_SP_800-171_R2_3 .4.5 NIST_SP_800-171_R2_3.4.5 NIST SP 800-171 R2 3.4.5 Define, document, approve, and enforce physical and logical access restrictions associated with changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance NIST_SP_800-171_R2_3 .4.5 NIST_SP_800-171_R2_3.4.5 NIST SP 800-171 R2 3.4.5 Define, document, approve, and enforce physical and logical access restrictions associated with changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges Regulatory Compliance NIST_SP_800-171_R2_3 .4.5 NIST_SP_800-171_R2_3.4.5 NIST SP 800-171 R2 3.4.5 Define, document, approve, and enforce physical and logical access restrictions associated with changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4ee5975d-2507-5530-a20a-83a725889c6f Restrict unauthorized software and firmware installation Regulatory Compliance NIST_SP_800-171_R2_3 .4.5 NIST_SP_800-171_R2_3.4.5 NIST SP 800-171 R2 3.4.5 Define, document, approve, and enforce physical and logical access restrictions associated with changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c246d146-82b0-301f-32e7-1065dcd248b7 Review changes for any unauthorized changes Regulatory Compliance NIST_SP_800-171_R2_3 .4.5 NIST_SP_800-171_R2_3.4.5 NIST SP 800-171 R2 3.4.5 Define, document, approve, and enforce physical and logical access restrictions associated with changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-171_R2_3 .4.6 NIST_SP_800-171_R2_3.4.6 NIST SP 800-171 R2 3.4.6 Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f29b17a4-0df2-8a50-058a-8570f9979d28 Assign system identifiers Regulatory Compliance NIST_SP_800-171_R2_3 .5.1 NIST_SP_800-171_R2_3.5.1 NIST SP 800-171 R2 3.5.1 Identify system users, processes acting on behalf of users, and devices. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance NIST_SP_800-171_R2_3 .5.1 NIST_SP_800-171_R2_3.5.1 NIST SP 800-171 R2 3.5.1 Identify system users, processes acting on behalf of users, and devices. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-171_R2_3 .5.1 NIST_SP_800-171_R2_3.5.1 NIST SP 800-171 R2 3.5.1 Identify system users, processes acting on behalf of users, and devices. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
08ad71d0-52be-6503-4908-e015460a16ae Require use of individual authenticators Regulatory Compliance NIST_SP_800-171_R2_3 .5.1 NIST_SP_800-171_R2_3.5.1 NIST SP 800-171 R2 3.5.1 Identify system users, processes acting on behalf of users, and devices. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-171_R2_3 .5.1 NIST_SP_800-171_R2_3.5.1 NIST SP 800-171 R2 3.5.1 Identify system users, processes acting on behalf of users, and devices. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-171_R2_3 .5.1 NIST_SP_800-171_R2_3.5.1 NIST SP 800-171 R2 3.5.1 Identify system users, processes acting on behalf of users, and devices. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NIST_SP_800-171_R2_3 .5.1 NIST_SP_800-171_R2_3.5.1 NIST SP 800-171 R2 3.5.1 Identify system users, processes acting on behalf of users, and devices. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance NIST_SP_800-171_R2_3 .5.1 NIST_SP_800-171_R2_3.5.1 NIST SP 800-171 R2 3.5.1 Identify system users, processes acting on behalf of users, and devices. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-171_R2_3 .5.1 NIST_SP_800-171_R2_3.5.1 NIST SP 800-171 R2 3.5.1 Identify system users, processes acting on behalf of users, and devices. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance NIST_SP_800-171_R2_3 .5.10 NIST_SP_800-171_R2_3.5.10 NIST SP 800-171 R2 3.5.10 Store and transmit only cryptographically-protected passwords. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration NIST_SP_800-171_R2_3 .5.10 NIST_SP_800-171_R2_3.5.10 NIST SP 800-171 R2 3.5.10 Store and transmit only cryptographically-protected passwords. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIST_SP_800-171_R2_3 .5.10 NIST_SP_800-171_R2_3.5.10 NIST SP 800-171 R2 3.5.10 Store and transmit only cryptographically-protected passwords. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIST_SP_800-171_R2_3 .5.10 NIST_SP_800-171_R2_3.5.10 NIST SP 800-171 R2 3.5.10 Store and transmit only cryptographically-protected passwords. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration NIST_SP_800-171_R2_3 .5.10 NIST_SP_800-171_R2_3.5.10 NIST SP 800-171 R2 3.5.10 Store and transmit only cryptographically-protected passwords. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NIST_SP_800-171_R2_3 .5.10 NIST_SP_800-171_R2_3.5.10 NIST SP 800-171 R2 3.5.10 Store and transmit only cryptographically-protected passwords. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration NIST_SP_800-171_R2_3 .5.10 NIST_SP_800-171_R2_3.5.10 NIST SP 800-171 R2 3.5.10 Store and transmit only cryptographically-protected passwords. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
37dbe3dc-0e9c-24fa-36f2-11197cbfa207 Ensure authorized users protect provided authenticators Regulatory Compliance NIST_SP_800-171_R2_3 .5.10 NIST_SP_800-171_R2_3.5.10 NIST SP 800-171 R2 3.5.10 Store and transmit only cryptographically-protected passwords. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration NIST_SP_800-171_R2_3 .5.10 NIST_SP_800-171_R2_3.5.10 NIST SP 800-171 R2 3.5.10 Store and transmit only cryptographically-protected passwords. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1ff03f2a-974b-3272-34f2-f6cd51420b30 Obscure feedback information during authentication process Regulatory Compliance NIST_SP_800-171_R2_3 .5.11 NIST_SP_800-171_R2_3.5.11 NIST SP 800-171 R2 3.5.11 Obscure feedback of authentication information NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance NIST_SP_800-171_R2_3 .5.3 NIST_SP_800-171_R2_3.5.3 NIST SP 800-171 R2 3.5.3 Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance NIST_SP_800-171_R2_3 .5.3 NIST_SP_800-171_R2_3.5.3 NIST SP 800-171 R2 3.5.3 Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration NIST_SP_800-171_R2_3 .5.4 NIST_SP_800-171_R2_3.5.4 NIST SP 800-171 R2 3.5.4 Employ replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-171_R2_3 .5.5 NIST_SP_800-171_R2_3.5.5 NIST SP 800-171 R2 3.5.5 Prevent reuse of identifiers for a defined period. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-171_R2_3 .5.5 NIST_SP_800-171_R2_3.5.5 NIST SP 800-171 R2 3.5.5 Prevent reuse of identifiers for a defined period. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-171_R2_3 .5.5 NIST_SP_800-171_R2_3.5.5 NIST SP 800-171 R2 3.5.5 Prevent reuse of identifiers for a defined period. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-171_R2_3 .5.5 NIST_SP_800-171_R2_3.5.5 NIST SP 800-171 R2 3.5.5 Prevent reuse of identifiers for a defined period. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4781e5fd-76b8-7d34-6df3-a0a7fca47665 Prevent identifier reuse for the defined time period Regulatory Compliance NIST_SP_800-171_R2_3 .5.5 NIST_SP_800-171_R2_3.5.5 NIST SP 800-171 R2 3.5.5 Prevent reuse of identifiers for a defined period. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NIST_SP_800-171_R2_3 .5.5 NIST_SP_800-171_R2_3.5.5 NIST SP 800-171 R2 3.5.5 Prevent reuse of identifiers for a defined period. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-171_R2_3 .5.6 NIST_SP_800-171_R2_3.5.6 NIST SP 800-171 R2 3.5.6 Disable identifiers after a defined period of inactivity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NIST_SP_800-171_R2_3 .5.6 NIST_SP_800-171_R2_3.5.6 NIST SP 800-171 R2 3.5.6 Disable identifiers after a defined period of inactivity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-171_R2_3 .5.6 NIST_SP_800-171_R2_3.5.6 NIST SP 800-171 R2 3.5.6 Disable identifiers after a defined period of inactivity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-171_R2_3 .5.6 NIST_SP_800-171_R2_3.5.6 NIST SP 800-171 R2 3.5.6 Disable identifiers after a defined period of inactivity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-171_R2_3 .5.6 NIST_SP_800-171_R2_3.5.6 NIST SP 800-171 R2 3.5.6 Disable identifiers after a defined period of inactivity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center NIST_SP_800-171_R2_3 .5.6 NIST_SP_800-171_R2_3.5.6 NIST SP 800-171 R2 3.5.6 Disable identifiers after a defined period of inactivity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIST_SP_800-171_R2_3 .5.7 NIST_SP_800-171_R2_3.5.7 NIST SP 800-171 R2 3.5.7 Enforce a minimum password complexity and change of characters when new passwords are created. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIST_SP_800-171_R2_3 .5.7 NIST_SP_800-171_R2_3.5.7 NIST SP 800-171 R2 3.5.7 Enforce a minimum password complexity and change of characters when new passwords are created. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration NIST_SP_800-171_R2_3 .5.7 NIST_SP_800-171_R2_3.5.7 NIST SP 800-171 R2 3.5.7 Enforce a minimum password complexity and change of characters when new passwords are created. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration NIST_SP_800-171_R2_3 .5.7 NIST_SP_800-171_R2_3.5.7 NIST SP 800-171 R2 3.5.7 Enforce a minimum password complexity and change of characters when new passwords are created. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance NIST_SP_800-171_R2_3 .5.7 NIST_SP_800-171_R2_3.5.7 NIST SP 800-171 R2 3.5.7 Enforce a minimum password complexity and change of characters when new passwords are created. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance NIST_SP_800-171_R2_3 .5.7 NIST_SP_800-171_R2_3.5.7 NIST SP 800-171 R2 3.5.7 Enforce a minimum password complexity and change of characters when new passwords are created. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance NIST_SP_800-171_R2_3 .5.7 NIST_SP_800-171_R2_3.5.7 NIST SP 800-171 R2 3.5.7 Enforce a minimum password complexity and change of characters when new passwords are created. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration NIST_SP_800-171_R2_3 .5.7 NIST_SP_800-171_R2_3.5.7 NIST SP 800-171 R2 3.5.7 Enforce a minimum password complexity and change of characters when new passwords are created. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration NIST_SP_800-171_R2_3 .5.8 NIST_SP_800-171_R2_3.5.8 NIST SP 800-171 R2 3.5.8 Prohibit password reuse for a specified number of generations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration NIST_SP_800-171_R2_3 .5.8 NIST_SP_800-171_R2_3.5.8 NIST SP 800-171 R2 3.5.8 Prohibit password reuse for a specified number of generations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIST_SP_800-171_R2_3 .5.8 NIST_SP_800-171_R2_3.5.8 NIST SP 800-171 R2 3.5.8 Prohibit password reuse for a specified number of generations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIST_SP_800-171_R2_3 .5.8 NIST_SP_800-171_R2_3.5.8 NIST SP 800-171 R2 3.5.8 Prohibit password reuse for a specified number of generations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance NIST_SP_800-171_R2_3 .6.1 NIST_SP_800-171_R2_3.6.1 NIST SP 800-171 R2 3.6.1 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance NIST_SP_800-171_R2_3 .6.1 NIST_SP_800-171_R2_3.6.1 NIST SP 800-171 R2 3.6.1 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-171_R2_3 .6.1 NIST_SP_800-171_R2_3.6.1 NIST SP 800-171 R2 3.6.1 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance NIST_SP_800-171_R2_3 .6.1 NIST_SP_800-171_R2_3.6.1 NIST SP 800-171 R2 3.6.1 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance NIST_SP_800-171_R2_3 .6.1 NIST_SP_800-171_R2_3.6.1 NIST SP 800-171 R2 3.6.1 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d4e6a629-28eb-79a9-000b-88030e4823ca Coordinate with external organizations to achieve cross org perspective Regulatory Compliance NIST_SP_800-171_R2_3 .6.1 NIST_SP_800-171_R2_3.6.1 NIST SP 800-171 R2 3.6.1 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance NIST_SP_800-171_R2_3 .6.1 NIST_SP_800-171_R2_3.6.1 NIST SP 800-171 R2 3.6.1 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance NIST_SP_800-171_R2_3 .6.1 NIST_SP_800-171_R2_3.6.1 NIST SP 800-171 R2 3.6.1 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance NIST_SP_800-171_R2_3 .6.1 NIST_SP_800-171_R2_3.6.1 NIST SP 800-171 R2 3.6.1 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance NIST_SP_800-171_R2_3 .6.1 NIST_SP_800-171_R2_3.6.1 NIST SP 800-171 R2 3.6.1 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance NIST_SP_800-171_R2_3 .6.1 NIST_SP_800-171_R2_3.6.1 NIST SP 800-171 R2 3.6.1 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance NIST_SP_800-171_R2_3 .6.1 NIST_SP_800-171_R2_3.6.1 NIST SP 800-171 R2 3.6.1 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NIST_SP_800-171_R2_3 .6.2 NIST_SP_800-171_R2_3.6.2 NIST SP 800-171 R2 3.6.2 Track, document, and report incidents to designated officials and/or authorities both internal and external to the organization. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_SP_800-171_R2_3 .6.2 NIST_SP_800-171_R2_3.6.2 NIST SP 800-171 R2 3.6.2 Track, document, and report incidents to designated officials and/or authorities both internal and external to the organization. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center NIST_SP_800-171_R2_3 .6.2 NIST_SP_800-171_R2_3.6.2 NIST SP 800-171 R2 3.6.2 Track, document, and report incidents to designated officials and/or authorities both internal and external to the organization. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance NIST_SP_800-171_R2_3 .6.3 NIST_SP_800-171_R2_3.6.3 NIST SP 800-171 R2 3.6.3 Test the organizational incident response capability. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance NIST_SP_800-171_R2_3 .6.3 NIST_SP_800-171_R2_3.6.3 NIST SP 800-171 R2 3.6.3 Test the organizational incident response capability. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance NIST_SP_800-171_R2_3 .6.3 NIST_SP_800-171_R2_3.6.3 NIST SP 800-171 R2 3.6.3 Test the organizational incident response capability. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance NIST_SP_800-171_R2_3 .7.1 NIST_SP_800-171_R2_3.7.1 NIST SP 800-171 R2 3.7.1 Perform maintenance on organizational systems.[26]. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-171_R2_3 .7.2 NIST_SP_800-171_R2_3.7.2 NIST SP 800-171 R2 3.7.2 Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance NIST_SP_800-171_R2_3 .7.2 NIST_SP_800-171_R2_3.7.2 NIST SP 800-171 R2 3.7.2 Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-171_R2_3 .7.2 NIST_SP_800-171_R2_3.7.2 NIST SP 800-171 R2 3.7.2 Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-171_R2_3 .7.2 NIST_SP_800-171_R2_3.7.2 NIST SP 800-171 R2 3.7.2 Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-171_R2_3 .7.3 NIST_SP_800-171_R2_3.7.3 NIST SP 800-171 R2 3.7.3 Ensure equipment removed for off-site maintenance is sanitized of any CUI. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-171_R2_3 .7.3 NIST_SP_800-171_R2_3.7.3 NIST SP 800-171 R2 3.7.3 Ensure equipment removed for off-site maintenance is sanitized of any CUI. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-171_R2_3 .7.3 NIST_SP_800-171_R2_3.7.3 NIST SP 800-171 R2 3.7.3 Ensure equipment removed for off-site maintenance is sanitized of any CUI. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-171_R2_3 .7.4 NIST_SP_800-171_R2_3.7.4 NIST SP 800-171 R2 3.7.4 Check media containing diagnostic and test programs for malicious code before the media are used in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance NIST_SP_800-171_R2_3 .7.4 NIST_SP_800-171_R2_3.7.4 NIST SP 800-171 R2 3.7.4 Check media containing diagnostic and test programs for malicious code before the media are used in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-171_R2_3 .7.5 NIST_SP_800-171_R2_3.7.5 NIST SP 800-171 R2 3.7.5 Require multifactor authentication to establish nonlocal maintenance sessions via external network connections and terminate such connections when nonlocal maintenance is complete. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4ce91e4e-6dab-3c46-011a-aa14ae1561bf Maintain list of authorized remote maintenance personnel Regulatory Compliance NIST_SP_800-171_R2_3 .7.6 NIST_SP_800-171_R2_3.7.6 NIST SP 800-171 R2 3.7.6 Supervise the maintenance activities of maintenance personnel without required access authorization. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d Manage maintenance personnel Regulatory Compliance NIST_SP_800-171_R2_3 .7.6 NIST_SP_800-171_R2_3.7.6 NIST SP 800-171 R2 3.7.6 Supervise the maintenance activities of maintenance personnel without required access authorization. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7a489c62-242c-5db9-74df-c073056d6fa3 Designate personnel to supervise unauthorized maintenance activities Regulatory Compliance NIST_SP_800-171_R2_3 .7.6 NIST_SP_800-171_R2_3.7.6 NIST SP 800-171 R2 3.7.6 Supervise the maintenance activities of maintenance personnel without required access authorization. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-171_R2_3 .8.1 NIST_SP_800-171_R2_3.8.1 NIST SP 800-171 R2 3.8.1 Protect (i.e., physically control and securely store) system media containing CUI, both paper and digital. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-171_R2_3 .8.1 NIST_SP_800-171_R2_3.8.1 NIST SP 800-171 R2 3.8.1 Protect (i.e., physically control and securely store) system media containing CUI, both paper and digital. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-171_R2_3 .8.2 NIST_SP_800-171_R2_3.8.2 NIST SP 800-171 R2 3.8.2 Limit access to CUI on system media to authorized users NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-171_R2_3 .8.2 NIST_SP_800-171_R2_3.8.2 NIST SP 800-171 R2 3.8.2 Limit access to CUI on system media to authorized users NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-171_R2_3 .8.3 NIST_SP_800-171_R2_3.8.3 NIST SP 800-171 R2 3.8.3 Sanitize or destroy system media containing CUI before disposal or release for reuse. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-171_R2_3 .8.3 NIST_SP_800-171_R2_3.8.3 NIST SP 800-171 R2 3.8.3 Sanitize or destroy system media containing CUI before disposal or release for reuse. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-171_R2_3 .8.4 NIST_SP_800-171_R2_3.8.4 NIST SP 800-171 R2 3.8.4 Mark media with necessary CUI markings and distribution limitations.[27] NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance NIST_SP_800-171_R2_3 .8.5 NIST_SP_800-171_R2_3.8.5 NIST SP 800-171 R2 3.8.5 Control access to media containing CUI and maintain accountability for media during transport outside of controlled areas. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-171_R2_3 .8.5 NIST_SP_800-171_R2_3.8.5 NIST SP 800-171 R2 3.8.5 Control access to media containing CUI and maintain accountability for media during transport outside of controlled areas. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance NIST_SP_800-171_R2_3 .8.6 NIST_SP_800-171_R2_3.8.6 NIST SP 800-171 R2 3.8.6 Implement cryptographic mechanisms to protect the confidentiality of CUI stored on digital media during transport unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-171_R2_3 .8.6 NIST_SP_800-171_R2_3.8.6 NIST SP 800-171 R2 3.8.6 Implement cryptographic mechanisms to protect the confidentiality of CUI stored on digital media during transport unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance NIST_SP_800-171_R2_3 .8.7 NIST_SP_800-171_R2_3.8.7 NIST SP 800-171 R2 3.8.7 Control the use of removable media on system components. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance NIST_SP_800-171_R2_3 .8.7 NIST_SP_800-171_R2_3.8.7 NIST SP 800-171 R2 3.8.7 Control the use of removable media on system components. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-171_R2_3 .8.7 NIST_SP_800-171_R2_3.8.7 NIST SP 800-171 R2 3.8.7 Control the use of removable media on system components. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance NIST_SP_800-171_R2_3 .8.7 NIST_SP_800-171_R2_3.8.7 NIST SP 800-171 R2 3.8.7 Control the use of removable media on system components. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance NIST_SP_800-171_R2_3 .8.8 NIST_SP_800-171_R2_3.8.8 NIST SP 800-171 R2 3.8.8 Prohibit the use of portable storage devices when such devices have no identifiable owner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance NIST_SP_800-171_R2_3 .8.8 NIST_SP_800-171_R2_3.8.8 NIST SP 800-171 R2 3.8.8 Prohibit the use of portable storage devices when such devices have no identifiable owner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-171_R2_3 .8.8 NIST_SP_800-171_R2_3.8.8 NIST SP 800-171 R2 3.8.8 Prohibit the use of portable storage devices when such devices have no identifiable owner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance NIST_SP_800-171_R2_3 .8.8 NIST_SP_800-171_R2_3.8.8 NIST SP 800-171 R2 3.8.8 Prohibit the use of portable storage devices when such devices have no identifiable owner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL NIST_SP_800-171_R2_3 .8.9 NIST_SP_800-171_R2_3.8.9 NIST SP 800-171 R2 3.8.9 Protect the confidentiality of backup CUI at storage locations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-171_R2_3 .8.9 NIST_SP_800-171_R2_3.8.9 NIST SP 800-171 R2 3.8.9 Protect the confidentiality of backup CUI at storage locations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance NIST_SP_800-171_R2_3 .8.9 NIST_SP_800-171_R2_3.8.9 NIST SP 800-171 R2 3.8.9 Protect the confidentiality of backup CUI at storage locations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL NIST_SP_800-171_R2_3 .8.9 NIST_SP_800-171_R2_3.8.9 NIST SP 800-171 R2 3.8.9 Protect the confidentiality of backup CUI at storage locations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup NIST_SP_800-171_R2_3 .8.9 NIST_SP_800-171_R2_3.8.9 NIST SP 800-171 R2 3.8.9 Protect the confidentiality of backup CUI at storage locations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault NIST_SP_800-171_R2_3 .8.9 NIST_SP_800-171_R2_3.8.9 NIST SP 800-171 R2 3.8.9 Protect the confidentiality of backup CUI at storage locations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault NIST_SP_800-171_R2_3 .8.9 NIST_SP_800-171_R2_3.8.9 NIST SP 800-171 R2 3.8.9 Protect the confidentiality of backup CUI at storage locations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL NIST_SP_800-171_R2_3 .8.9 NIST_SP_800-171_R2_3.8.9 NIST SP 800-171 R2 3.8.9 Protect the confidentiality of backup CUI at storage locations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c42f19c9-5d88-92da-0742-371a0ea03126 Clear personnel with access to classified information Regulatory Compliance NIST_SP_800-171_R2_3 .9.1 NIST_SP_800-171_R2_3.9.1 NIST SP 800-171 R2 3.9.1 Screen individuals prior to authorizing access to organizational systems containing CUI. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e0c480bf-0d68-a42d-4cbb-b60f851f8716 Implement personnel screening Regulatory Compliance NIST_SP_800-171_R2_3 .9.1 NIST_SP_800-171_R2_3.9.1 NIST SP 800-171 R2 3.9.1 Screen individuals prior to authorizing access to organizational systems containing CUI. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance NIST_SP_800-171_R2_3 .9.2 NIST_SP_800-171_R2_3.9.2 NIST SP 800-171 R2 3.9.2 Ensure that organizational systems containing CUI are protected during and after personnel actions such as terminations and transfers NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance NIST_SP_800-171_R2_3 .9.2 NIST_SP_800-171_R2_3.9.2 NIST SP 800-171 R2 3.9.2 Ensure that organizational systems containing CUI are protected during and after personnel actions such as terminations and transfers NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance NIST_SP_800-171_R2_3 .9.2 NIST_SP_800-171_R2_3.9.2 NIST SP 800-171 R2 3.9.2 Ensure that organizational systems containing CUI are protected during and after personnel actions such as terminations and transfers NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance NIST_SP_800-171_R2_3 .9.2 NIST_SP_800-171_R2_3.9.2 NIST SP 800-171 R2 3.9.2 Ensure that organizational systems containing CUI are protected during and after personnel actions such as terminations and transfers NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance NIST_SP_800-171_R2_3 .9.2 NIST_SP_800-171_R2_3.9.2 NIST SP 800-171 R2 3.9.2 Ensure that organizational systems containing CUI are protected during and after personnel actions such as terminations and transfers NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance NIST_SP_800-171_R2_3 .9.2 NIST_SP_800-171_R2_3.9.2 NIST SP 800-171 R2 3.9.2 Ensure that organizational systems containing CUI are protected during and after personnel actions such as terminations and transfers NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance NIST_SP_800-171_R2_3 .9.2 NIST_SP_800-171_R2_3.9.2 NIST SP 800-171 R2 3.9.2 Ensure that organizational systems containing CUI are protected during and after personnel actions such as terminations and transfers NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration NIST_SP_800-171_R3_3 .1.1 NIST_SP_800-171_R3_3.1.1 NIST 800-171 R3 3.1.1 Account Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage NIST_SP_800-171_R3_3 .1.1 NIST_SP_800-171_R3_3.1.1 NIST 800-171 R3 3.1.1 Account Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration NIST_SP_800-171_R3_3 .1.1 NIST_SP_800-171_R3_3.1.1 NIST 800-171 R3 3.1.1 Account Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration NIST_SP_800-171_R3_3 .1.1 NIST_SP_800-171_R3_3.1.1 NIST 800-171 R3 3.1.1 Account Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center NIST_SP_800-171_R3_3 .1.1 NIST_SP_800-171_R3_3.1.1 NIST 800-171 R3 3.1.1 Account Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration NIST_SP_800-171_R3_3 .1.1 NIST_SP_800-171_R3_3.1.1 NIST 800-171 R3 3.1.1 Account Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration NIST_SP_800-171_R3_3 .1.1 NIST_SP_800-171_R3_3.1.1 NIST 800-171 R3 3.1.1 Account Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NIST_SP_800-171_R3_3 .1.1 NIST_SP_800-171_R3_3.1.1 NIST 800-171 R3 3.1.1 Account Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration NIST_SP_800-171_R3_3 .1.1 NIST_SP_800-171_R3_3.1.1 NIST 800-171 R3 3.1.1 Account Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL NIST_SP_800-171_R3_3 .1.1 NIST_SP_800-171_R3_3.1.1 NIST 800-171 R3 3.1.1 Account Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration NIST_SP_800-171_R3_3 .1.1 NIST_SP_800-171_R3_3.1.1 NIST 800-171 R3 3.1.1 Account Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NIST_SP_800-171_R3_3 .1.1 NIST_SP_800-171_R3_3.1.1 NIST 800-171 R3 3.1.1 Account Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NIST_SP_800-171_R3_3 .1.1 NIST_SP_800-171_R3_3.1.1 NIST 800-171 R3 3.1.1 Account Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub NIST_SP_800-171_R3_3 .1.1 NIST_SP_800-171_R3_3.1.1 NIST 800-171 R3 3.1.1 Account Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NIST_SP_800-171_R3_3 .1.1 NIST_SP_800-171_R3_3.1.1 NIST 800-171 R3 3.1.1 Account Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault NIST_SP_800-171_R3_3 .1.1 NIST_SP_800-171_R3_3.1.1 NIST 800-171 R3 3.1.1 Account Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration NIST_SP_800-171_R3_3 .1.1 NIST_SP_800-171_R3_3.1.1 NIST 800-171 R3 3.1.1 Account Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning NIST_SP_800-171_R3_3 .1.1 NIST_SP_800-171_R3_3.1.1 NIST 800-171 R3 3.1.1 Account Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery NIST_SP_800-171_R3_3 .1.12 NIST_SP_800-171_R3_3.1.12 NIST 800-171 R3 3.1.12 Remote Access NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NIST_SP_800-171_R3_3 .1.12 NIST_SP_800-171_R3_3.1.12 NIST 800-171 R3 3.1.12 Remote Access NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network NIST_SP_800-171_R3_3 .1.12 NIST_SP_800-171_R3_3.1.12 NIST 800-171 R3 3.1.12 Remote Access NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NIST_SP_800-171_R3_3 .1.12 NIST_SP_800-171_R3_3.1.12 NIST 800-171 R3 3.1.12 Remote Access NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage NIST_SP_800-171_R3_3 .1.12 NIST_SP_800-171_R3_3.1.12 NIST 800-171 R3 3.1.12 Remote Access NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration NIST_SP_800-171_R3_3 .1.12 NIST_SP_800-171_R3_3.1.12 NIST 800-171 R3 3.1.12 Remote Access NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services NIST_SP_800-171_R3_3 .1.12 NIST_SP_800-171_R3_3.1.12 NIST 800-171 R3 3.1.12 Remote Access NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network NIST_SP_800-171_R3_3 .1.12 NIST_SP_800-171_R3_3.1.12 NIST 800-171 R3 3.1.12 Remote Access NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NIST_SP_800-171_R3_3 .1.12 NIST_SP_800-171_R3_3.1.12 NIST 800-171 R3 3.1.12 Remote Access NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-171_R3_3 .1.12 NIST_SP_800-171_R3_3.1.12 NIST 800-171 R3 3.1.12 Remote Access NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration NIST_SP_800-171_R3_3 .1.12 NIST_SP_800-171_R3_3.1.12 NIST 800-171 R3 3.1.12 Remote Access NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-171_R3_3 .1.12 NIST_SP_800-171_R3_3.1.12 NIST 800-171 R3 3.1.12 Remote Access NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL NIST_SP_800-171_R3_3 .1.12 NIST_SP_800-171_R3_3.1.12 NIST 800-171 R3 3.1.12 Remote Access NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup NIST_SP_800-171_R3_3 .1.12 NIST_SP_800-171_R3_3.1.12 NIST 800-171 R3 3.1.12 Remote Access NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-171_R3_3 .1.12 NIST_SP_800-171_R3_3.1.12 NIST 800-171 R3 3.1.12 Remote Access NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute NIST_SP_800-171_R3_3 .1.16 NIST_SP_800-171_R3_3.1.16 NIST 800-171 R3 3.1.16 Wireless Access NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration NIST_SP_800-171_R3_3 .1.16 NIST_SP_800-171_R3_3.1.16 NIST 800-171 R3 3.1.16 Wireless Access NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NIST_SP_800-171_R3_3 .1.16 NIST_SP_800-171_R3_3.1.16 NIST 800-171 R3 3.1.16 Wireless Access NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NIST_SP_800-171_R3_3 .1.16 NIST_SP_800-171_R3_3.1.16 NIST 800-171 R3 3.1.16 Wireless Access NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault NIST_SP_800-171_R3_3 .1.16 NIST_SP_800-171_R3_3.1.16 NIST 800-171 R3 3.1.16 Wireless Access NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault NIST_SP_800-171_R3_3 .1.16 NIST_SP_800-171_R3_3.1.16 NIST 800-171 R3 3.1.16 Wireless Access NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center NIST_SP_800-171_R3_3 .1.16 NIST_SP_800-171_R3_3.1.16 NIST 800-171 R3 3.1.16 Wireless Access NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration NIST_SP_800-171_R3_3 .1.16 NIST_SP_800-171_R3_3.1.16 NIST 800-171 R3 3.1.16 Wireless Access NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NIST_SP_800-171_R3_3 .1.18 NIST_SP_800-171_R3_3.1.18 NIST 800-171 R3 3.1.18 Access Control for Mobile Devices NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NIST_SP_800-171_R3_3 .1.18 NIST_SP_800-171_R3_3.1.18 NIST 800-171 R3 3.1.18 Access Control for Mobile Devices NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery NIST_SP_800-171_R3_3 .1.18 NIST_SP_800-171_R3_3.1.18 NIST 800-171 R3 3.1.18 Access Control for Mobile Devices NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NIST_SP_800-171_R3_3 .1.18 NIST_SP_800-171_R3_3.1.18 NIST 800-171 R3 3.1.18 Access Control for Mobile Devices NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration NIST_SP_800-171_R3_3 .1.18 NIST_SP_800-171_R3_3.1.18 NIST 800-171 R3 3.1.18 Access Control for Mobile Devices NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NIST_SP_800-171_R3_3 .1.18 NIST_SP_800-171_R3_3.1.18 NIST 800-171 R3 3.1.18 Access Control for Mobile Devices NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network NIST_SP_800-171_R3_3 .1.18 NIST_SP_800-171_R3_3.1.18 NIST 800-171 R3 3.1.18 Access Control for Mobile Devices NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network NIST_SP_800-171_R3_3 .1.18 NIST_SP_800-171_R3_3.1.18 NIST 800-171 R3 3.1.18 Access Control for Mobile Devices NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL NIST_SP_800-171_R3_3 .1.18 NIST_SP_800-171_R3_3.1.18 NIST 800-171 R3 3.1.18 Access Control for Mobile Devices NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NIST_SP_800-171_R3_3 .1.18 NIST_SP_800-171_R3_3.1.18 NIST 800-171 R3 3.1.18 Access Control for Mobile Devices NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring NIST_SP_800-171_R3_3 .1.18 NIST_SP_800-171_R3_3.1.18 NIST 800-171 R3 3.1.18 Access Control for Mobile Devices NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup NIST_SP_800-171_R3_3 .1.18 NIST_SP_800-171_R3_3.1.18 NIST 800-171 R3 3.1.18 Access Control for Mobile Devices NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring NIST_SP_800-171_R3_3 .1.18 NIST_SP_800-171_R3_3.1.18 NIST 800-171 R3 3.1.18 Access Control for Mobile Devices NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning NIST_SP_800-171_R3_3 .1.18 NIST_SP_800-171_R3_3.1.18 NIST 800-171 R3 3.1.18 Access Control for Mobile Devices NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL NIST_SP_800-171_R3_3 .1.18 NIST_SP_800-171_R3_3.1.18 NIST 800-171 R3 3.1.18 Access Control for Mobile Devices NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL NIST_SP_800-171_R3_3 .1.18 NIST_SP_800-171_R3_3.1.18 NIST 800-171 R3 3.1.18 Access Control for Mobile Devices NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services NIST_SP_800-171_R3_3 .1.18 NIST_SP_800-171_R3_3.1.18 NIST 800-171 R3 3.1.18 Access Control for Mobile Devices NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance NIST_SP_800-171_R3_3 .1.18 NIST_SP_800-171_R3_3.1.18 NIST 800-171 R3 3.1.18 Access Control for Mobile Devices NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NIST_SP_800-171_R3_3 .1.18 NIST_SP_800-171_R3_3.1.18 NIST 800-171 R3 3.1.18 Access Control for Mobile Devices NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NIST_SP_800-171_R3_3 .1.18 NIST_SP_800-171_R3_3.1.18 NIST 800-171 R3 3.1.18 Access Control for Mobile Devices NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-171_R3_3 .1.18 NIST_SP_800-171_R3_3.1.18 NIST 800-171 R3 3.1.18 Access Control for Mobile Devices NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-171_R3_3 .1.18 NIST_SP_800-171_R3_3.1.18 NIST 800-171 R3 3.1.18 Access Control for Mobile Devices NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NIST_SP_800-171_R3_3 .1.18 NIST_SP_800-171_R3_3.1.18 NIST 800-171 R3 3.1.18 Access Control for Mobile Devices NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration NIST_SP_800-171_R3_3 .1.18 NIST_SP_800-171_R3_3.1.18 NIST 800-171 R3 3.1.18 Access Control for Mobile Devices NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-171_R3_3 .1.18 NIST_SP_800-171_R3_3.1.18 NIST 800-171 R3 3.1.18 Access Control for Mobile Devices NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB NIST_SP_800-171_R3_3 .1.18 NIST_SP_800-171_R3_3.1.18 NIST 800-171 R3 3.1.18 Access Control for Mobile Devices NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute NIST_SP_800-171_R3_3 .1.18 NIST_SP_800-171_R3_3.1.18 NIST 800-171 R3 3.1.18 Access Control for Mobile Devices NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry NIST_SP_800-171_R3_3 .1.18 NIST_SP_800-171_R3_3.1.18 NIST 800-171 R3 3.1.18 Access Control for Mobile Devices NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning NIST_SP_800-171_R3_3 .1.2 NIST_SP_800-171_R3_3.1.2 NIST 800-171 R3 3.1.2 Access Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d46c275d-1680-448d-b2ec-e495a3b6cc89 Kubernetes cluster services should only use allowed external IPs Kubernetes NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities Kubernetes NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
56fd377d-098c-4f02-8406-81eb055902b8 IP firewall rules on Azure Synapse workspaces should be removed Synapse NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NIST_SP_800-171_R3_3 .1.3 NIST_SP_800-171_R3_3.1.3 NIST 800-171 R3 3.1.3 Information Flow Enforcement NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration NIST_SP_800-171_R3_3 .1.5 NIST_SP_800-171_R3_3.1.5 NIST 800-171 R3 3.1.5 Least Privilege NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration NIST_SP_800-171_R3_3 .1.5 NIST_SP_800-171_R3_3.1.5 NIST 800-171 R3 3.1.5 Least Privilege NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration NIST_SP_800-171_R3_3 .1.5 NIST_SP_800-171_R3_3.1.5 NIST 800-171 R3 3.1.5 Least Privilege NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage NIST_SP_800-171_R3_3 .1.5 NIST_SP_800-171_R3_3.1.5 NIST 800-171 R3 3.1.5 Least Privilege NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration NIST_SP_800-171_R3_3 .1.5 NIST_SP_800-171_R3_3.1.5 NIST 800-171 R3 3.1.5 Least Privilege NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration NIST_SP_800-171_R3_3 .1.5 NIST_SP_800-171_R3_3.1.5 NIST 800-171 R3 3.1.5 Least Privilege NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NIST_SP_800-171_R3_3 .1.5 NIST_SP_800-171_R3_3.1.5 NIST 800-171 R3 3.1.5 Least Privilege NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-171_R3_3 .1.5 NIST_SP_800-171_R3_3.1.5 NIST 800-171 R3 3.1.5 Least Privilege NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse NIST_SP_800-171_R3_3 .1.5 NIST_SP_800-171_R3_3.1.5 NIST 800-171 R3 3.1.5 Least Privilege NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration NIST_SP_800-171_R3_3 .1.5 NIST_SP_800-171_R3_3.1.5 NIST 800-171 R3 3.1.5 Least Privilege NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub NIST_SP_800-171_R3_3 .1.5 NIST_SP_800-171_R3_3.1.5 NIST 800-171 R3 3.1.5 Least Privilege NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center NIST_SP_800-171_R3_3 .1.5 NIST_SP_800-171_R3_3.1.5 NIST 800-171 R3 3.1.5 Least Privilege NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NIST_SP_800-171_R3_3 .1.5 NIST_SP_800-171_R3_3.1.5 NIST 800-171 R3 3.1.5 Least Privilege NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL NIST_SP_800-171_R3_3 .1.5 NIST_SP_800-171_R3_3.1.5 NIST 800-171 R3 3.1.5 Least Privilege NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration NIST_SP_800-171_R3_3 .1.5 NIST_SP_800-171_R3_3.1.5 NIST 800-171 R3 3.1.5 Least Privilege NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL NIST_SP_800-171_R3_3 .1.5 NIST_SP_800-171_R3_3.1.5 NIST 800-171 R3 3.1.5 Least Privilege NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration NIST_SP_800-171_R3_3 .1.5 NIST_SP_800-171_R3_3.1.5 NIST 800-171 R3 3.1.5 Least Privilege NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NIST_SP_800-171_R3_3 .1.5 NIST_SP_800-171_R3_3.1.5 NIST 800-171 R3 3.1.5 Least Privilege NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network NIST_SP_800-171_R3_3 .1.5 NIST_SP_800-171_R3_3.1.5 NIST 800-171 R3 3.1.5 Least Privilege NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault NIST_SP_800-171_R3_3 .1.5 NIST_SP_800-171_R3_3.1.5 NIST 800-171 R3 3.1.5 Least Privilege NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL NIST_SP_800-171_R3_3 .1.5 NIST_SP_800-171_R3_3.1.5 NIST 800-171 R3 3.1.5 Least Privilege NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault NIST_SP_800-171_R3_3 .1.5 NIST_SP_800-171_R3_3.1.5 NIST 800-171 R3 3.1.5 Least Privilege NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning NIST_SP_800-171_R3_3 .1.5 NIST_SP_800-171_R3_3.1.5 NIST 800-171 R3 3.1.5 Least Privilege NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NIST_SP_800-171_R3_3 .1.5 NIST_SP_800-171_R3_3.1.5 NIST 800-171 R3 3.1.5 Least Privilege NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault NIST_SP_800-171_R3_3 .1.6 NIST_SP_800-171_R3_3.1.6 NIST 800-171 R3 3.1.6 Least Privilege – Privileged Accounts NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration NIST_SP_800-171_R3_3 .1.6 NIST_SP_800-171_R3_3.1.6 NIST 800-171 R3 3.1.6 Least Privilege – Privileged Accounts NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration NIST_SP_800-171_R3_3 .1.6 NIST_SP_800-171_R3_3.1.6 NIST 800-171 R3 3.1.6 Least Privilege – Privileged Accounts NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NIST_SP_800-171_R3_3 .1.6 NIST_SP_800-171_R3_3.1.6 NIST 800-171 R3 3.1.6 Least Privilege – Privileged Accounts NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning NIST_SP_800-171_R3_3 .1.6 NIST_SP_800-171_R3_3.1.6 NIST 800-171 R3 3.1.6 Least Privilege – Privileged Accounts NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration NIST_SP_800-171_R3_3 .1.6 NIST_SP_800-171_R3_3.1.6 NIST 800-171 R3 3.1.6 Least Privilege – Privileged Accounts NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration NIST_SP_800-171_R3_3 .1.6 NIST_SP_800-171_R3_3.1.6 NIST 800-171 R3 3.1.6 Least Privilege – Privileged Accounts NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center NIST_SP_800-171_R3_3 .1.6 NIST_SP_800-171_R3_3.1.6 NIST 800-171 R3 3.1.6 Least Privilege – Privileged Accounts NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NIST_SP_800-171_R3_3 .1.6 NIST_SP_800-171_R3_3.1.6 NIST 800-171 R3 3.1.6 Least Privilege – Privileged Accounts NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration NIST_SP_800-171_R3_3 .1.6 NIST_SP_800-171_R3_3.1.6 NIST 800-171 R3 3.1.6 Least Privilege – Privileged Accounts NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NIST_SP_800-171_R3_3 .1.6 NIST_SP_800-171_R3_3.1.6 NIST 800-171 R3 3.1.6 Least Privilege – Privileged Accounts NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NIST_SP_800-171_R3_3 .1.6 NIST_SP_800-171_R3_3.1.6 NIST 800-171 R3 3.1.6 Least Privilege – Privileged Accounts NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration NIST_SP_800-171_R3_3 .1.6 NIST_SP_800-171_R3_3.1.6 NIST 800-171 R3 3.1.6 Least Privilege – Privileged Accounts NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL NIST_SP_800-171_R3_3 .1.6 NIST_SP_800-171_R3_3.1.6 NIST 800-171 R3 3.1.6 Least Privilege – Privileged Accounts NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NIST_SP_800-171_R3_3 .1.6 NIST_SP_800-171_R3_3.1.6 NIST 800-171 R3 3.1.6 Least Privilege – Privileged Accounts NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration NIST_SP_800-171_R3_3 .1.6 NIST_SP_800-171_R3_3.1.6 NIST 800-171 R3 3.1.6 Least Privilege – Privileged Accounts NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration NIST_SP_800-171_R3_3 .1.6 NIST_SP_800-171_R3_3.1.6 NIST 800-171 R3 3.1.6 Least Privilege – Privileged Accounts NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub NIST_SP_800-171_R3_3 .1.6 NIST_SP_800-171_R3_3.1.6 NIST 800-171 R3 3.1.6 Least Privilege – Privileged Accounts NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage NIST_SP_800-171_R3_3 .1.6 NIST_SP_800-171_R3_3.1.6 NIST 800-171 R3 3.1.6 Least Privilege – Privileged Accounts NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration NIST_SP_800-171_R3_3 .1.7 NIST_SP_800-171_R3_3.1.7 NIST 800-171 R3 3.1.7 Least Privilege – Privileged Functions NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NIST_SP_800-171_R3_3 .1.7 NIST_SP_800-171_R3_3.1.7 NIST 800-171 R3 3.1.7 Least Privilege – Privileged Functions NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NIST_SP_800-171_R3_3 .1.7 NIST_SP_800-171_R3_3.1.7 NIST 800-171 R3 3.1.7 Least Privilege – Privileged Functions NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NIST_SP_800-171_R3_3 .11.2 NIST_SP_800-171_R3_3.11.2 NIST 800-171 R3 3.11.2 Vulnerability Monitoring and Scanning NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center NIST_SP_800-171_R3_3 .11.2 NIST_SP_800-171_R3_3.11.2 NIST 800-171 R3 3.11.2 Vulnerability Monitoring and Scanning NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center NIST_SP_800-171_R3_3 .11.2 NIST_SP_800-171_R3_3.11.2 NIST 800-171 R3 3.11.2 Vulnerability Monitoring and Scanning NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-171_R3_3 .11.2 NIST_SP_800-171_R3_3.11.2 NIST 800-171 R3 3.11.2 Vulnerability Monitoring and Scanning NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center NIST_SP_800-171_R3_3 .11.2 NIST_SP_800-171_R3_3.11.2 NIST 800-171 R3 3.11.2 Vulnerability Monitoring and Scanning NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL NIST_SP_800-171_R3_3 .11.2 NIST_SP_800-171_R3_3.11.2 NIST 800-171 R3 3.11.2 Vulnerability Monitoring and Scanning NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center NIST_SP_800-171_R3_3 .11.2 NIST_SP_800-171_R3_3.11.2 NIST 800-171 R3 3.11.2 Vulnerability Monitoring and Scanning NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center NIST_SP_800-171_R3_3 .11.2 NIST_SP_800-171_R3_3.11.2 NIST 800-171 R3 3.11.2 Vulnerability Monitoring and Scanning NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center NIST_SP_800-171_R3_3 .11.2 NIST_SP_800-171_R3_3.11.2 NIST 800-171 R3 3.11.2 Vulnerability Monitoring and Scanning NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center NIST_SP_800-171_R3_3 .11.2 NIST_SP_800-171_R3_3.11.2 NIST 800-171 R3 3.11.2 Vulnerability Monitoring and Scanning NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-171_R3_3 .11.2 NIST_SP_800-171_R3_3.11.2 NIST 800-171 R3 3.11.2 Vulnerability Monitoring and Scanning NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-171_R3_3 .11.2 NIST_SP_800-171_R3_3.11.2 NIST 800-171 R3 3.11.2 Vulnerability Monitoring and Scanning NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL NIST_SP_800-171_R3_3 .11.2 NIST_SP_800-171_R3_3.11.2 NIST 800-171 R3 3.11.2 Vulnerability Monitoring and Scanning NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center NIST_SP_800-171_R3_3 .11.2 NIST_SP_800-171_R3_3.11.2 NIST 800-171 R3 3.11.2 Vulnerability Monitoring and Scanning NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center NIST_SP_800-171_R3_3 .11.2 NIST_SP_800-171_R3_3.11.2 NIST 800-171 R3 3.11.2 Vulnerability Monitoring and Scanning NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center NIST_SP_800-171_R3_3 .12.3 NIST_SP_800-171_R3_3.12.3 NIST 800-171 R3 3.12.3 Continuous Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-171_R3_3 .12.3 NIST_SP_800-171_R3_3.12.3 NIST 800-171 R3 3.12.3 Continuous Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-171_R3_3 .12.3 NIST_SP_800-171_R3_3.12.3 NIST 800-171 R3 3.12.3 Continuous Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center NIST_SP_800-171_R3_3 .12.3 NIST_SP_800-171_R3_3.12.3 NIST 800-171 R3 3.12.3 Continuous Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-171_R3_3 .12.3 NIST_SP_800-171_R3_3.12.3 NIST 800-171 R3 3.12.3 Continuous Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-171_R3_3 .12.3 NIST_SP_800-171_R3_3.12.3 NIST 800-171 R3 3.12.3 Continuous Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-171_R3_3 .12.3 NIST_SP_800-171_R3_3.12.3 NIST 800-171 R3 3.12.3 Continuous Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center NIST_SP_800-171_R3_3 .12.3 NIST_SP_800-171_R3_3.12.3 NIST 800-171 R3 3.12.3 Continuous Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center NIST_SP_800-171_R3_3 .12.3 NIST_SP_800-171_R3_3.12.3 NIST 800-171 R3 3.12.3 Continuous Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-171_R3_3 .12.3 NIST_SP_800-171_R3_3.12.3 NIST 800-171 R3 3.12.3 Continuous Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center NIST_SP_800-171_R3_3 .12.3 NIST_SP_800-171_R3_3.12.3 NIST 800-171 R3 3.12.3 Continuous Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-171_R3_3 .12.3 NIST_SP_800-171_R3_3.12.3 NIST 800-171 R3 3.12.3 Continuous Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center NIST_SP_800-171_R3_3 .12.3 NIST_SP_800-171_R3_3.12.3 NIST 800-171 R3 3.12.3 Continuous Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center NIST_SP_800-171_R3_3 .12.3 NIST_SP_800-171_R3_3.12.3 NIST 800-171 R3 3.12.3 Continuous Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center NIST_SP_800-171_R3_3 .12.3 NIST_SP_800-171_R3_3.12.3 NIST 800-171 R3 3.12.3 Continuous Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NIST_SP_800-171_R3_3 .12.3 NIST_SP_800-171_R3_3.12.3 NIST 800-171 R3 3.12.3 Continuous Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-171_R3_3 .12.3 NIST_SP_800-171_R3_3.12.3 NIST 800-171 R3 3.12.3 Continuous Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring NIST_SP_800-171_R3_3 .12.5 NIST_SP_800-171_R3_3.12.5 NIST 800-171 R3 3.12.5 Information Exchange NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus NIST_SP_800-171_R3_3 .12.5 NIST_SP_800-171_R3_3.12.5 NIST 800-171 R3 3.12.5 Information Exchange NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring NIST_SP_800-171_R3_3 .12.5 NIST_SP_800-171_R3_3.12.5 NIST 800-171 R3 3.12.5 Information Exchange NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute NIST_SP_800-171_R3_3 .12.5 NIST_SP_800-171_R3_3.12.5 NIST 800-171 R3 3.12.5 Information Exchange NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring NIST_SP_800-171_R3_3 .12.5 NIST_SP_800-171_R3_3.12.5 NIST 800-171 R3 3.12.5 Information Exchange NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL NIST_SP_800-171_R3_3 .12.5 NIST_SP_800-171_R3_3.12.5 NIST 800-171 R3 3.12.5 Information Exchange NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NIST_SP_800-171_R3_3 .12.5 NIST_SP_800-171_R3_3.12.5 NIST 800-171 R3 3.12.5 Information Exchange NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-171_R3_3 .12.5 NIST_SP_800-171_R3_3.12.5 NIST 800-171 R3 3.12.5 Information Exchange NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning NIST_SP_800-171_R3_3 .12.5 NIST_SP_800-171_R3_3.12.5 NIST 800-171 R3 3.12.5 Information Exchange NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-171_R3_3 .12.5 NIST_SP_800-171_R3_3.12.5 NIST 800-171 R3 3.12.5 Information Exchange NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NIST_SP_800-171_R3_3 .12.5 NIST_SP_800-171_R3_3.12.5 NIST 800-171 R3 3.12.5 Information Exchange NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NIST_SP_800-171_R3_3 .12.5 NIST_SP_800-171_R3_3.12.5 NIST 800-171 R3 3.12.5 Information Exchange NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NIST_SP_800-171_R3_3 .12.5 NIST_SP_800-171_R3_3.12.5 NIST 800-171 R3 3.12.5 Information Exchange NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NIST_SP_800-171_R3_3 .12.5 NIST_SP_800-171_R3_3.12.5 NIST 800-171 R3 3.12.5 Information Exchange NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network NIST_SP_800-171_R3_3 .12.5 NIST_SP_800-171_R3_3.12.5 NIST 800-171 R3 3.12.5 Information Exchange NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NIST_SP_800-171_R3_3 .12.5 NIST_SP_800-171_R3_3.12.5 NIST 800-171 R3 3.12.5 Information Exchange NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NIST_SP_800-171_R3_3 .12.5 NIST_SP_800-171_R3_3.12.5 NIST 800-171 R3 3.12.5 Information Exchange NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration NIST_SP_800-171_R3_3 .12.5 NIST_SP_800-171_R3_3.12.5 NIST 800-171 R3 3.12.5 Information Exchange NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-171_R3_3 .12.5 NIST_SP_800-171_R3_3.12.5 NIST 800-171 R3 3.12.5 Information Exchange NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub NIST_SP_800-171_R3_3 .12.5 NIST_SP_800-171_R3_3.12.5 NIST 800-171 R3 3.12.5 Information Exchange NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-171_R3_3 .12.5 NIST_SP_800-171_R3_3.12.5 NIST 800-171 R3 3.12.5 Information Exchange NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB NIST_SP_800-171_R3_3 .12.5 NIST_SP_800-171_R3_3.12.5 NIST 800-171 R3 3.12.5 Information Exchange NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NIST_SP_800-171_R3_3 .12.5 NIST_SP_800-171_R3_3.12.5 NIST 800-171 R3 3.12.5 Information Exchange NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-171_R3_3 .12.5 NIST_SP_800-171_R3_3.12.5 NIST 800-171 R3 3.12.5 Information Exchange NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL NIST_SP_800-171_R3_3 .12.5 NIST_SP_800-171_R3_3.12.5 NIST 800-171 R3 3.12.5 Information Exchange NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NIST_SP_800-171_R3_3 .13.1 NIST_SP_800-171_R3_3.13.1 NIST 800-171 R3 3.13.1 Boundary Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage NIST_SP_800-171_R3_3 .13.10 NIST_SP_800-171_R3_3.13.10 NIST 800-171 R3 3.13.10 Cryptographic Key Establishment and Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration NIST_SP_800-171_R3_3 .13.10 NIST_SP_800-171_R3_3.13.10 NIST 800-171 R3 3.13.10 Cryptographic Key Establishment and Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics NIST_SP_800-171_R3_3 .13.10 NIST_SP_800-171_R3_3.13.10 NIST 800-171 R3 3.13.10 Cryptographic Key Establishment and Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance NIST_SP_800-171_R3_3 .13.10 NIST_SP_800-171_R3_3.13.10 NIST 800-171 R3 3.13.10 Cryptographic Key Establishment and Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute NIST_SP_800-171_R3_3 .13.10 NIST_SP_800-171_R3_3.13.10 NIST 800-171 R3 3.13.10 Cryptographic Key Establishment and Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NIST_SP_800-171_R3_3 .13.10 NIST_SP_800-171_R3_3.13.10 NIST 800-171 R3 3.13.10 Cryptographic Key Establishment and Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NIST_SP_800-171_R3_3 .13.10 NIST_SP_800-171_R3_3.13.10 NIST 800-171 R3 3.13.10 Cryptographic Key Establishment and Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault NIST_SP_800-171_R3_3 .13.10 NIST_SP_800-171_R3_3.13.10 NIST 800-171 R3 3.13.10 Cryptographic Key Establishment and Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute NIST_SP_800-171_R3_3 .13.10 NIST_SP_800-171_R3_3.13.10 NIST 800-171 R3 3.13.10 Cryptographic Key Establishment and Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things NIST_SP_800-171_R3_3 .13.10 NIST_SP_800-171_R3_3.13.10 NIST 800-171 R3 3.13.10 Cryptographic Key Establishment and Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation NIST_SP_800-171_R3_3 .13.10 NIST_SP_800-171_R3_3.13.10 NIST 800-171 R3 3.13.10 Cryptographic Key Establishment and Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-171_R3_3 .13.10 NIST_SP_800-171_R3_3.13.10 NIST 800-171 R3 3.13.10 Cryptographic Key Establishment and Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-171_R3_3 .13.10 NIST_SP_800-171_R3_3.13.10 NIST 800-171 R3 3.13.10 Cryptographic Key Establishment and Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault NIST_SP_800-171_R3_3 .13.10 NIST_SP_800-171_R3_3.13.10 NIST 800-171 R3 3.13.10 Cryptographic Key Establishment and Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-171_R3_3 .13.11 NIST_SP_800-171_R3_3.13.11 NIST 800-171 R3 3.13.11 Cryptographic Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics NIST_SP_800-171_R3_3 .13.11 NIST_SP_800-171_R3_3.13.11 NIST 800-171 R3 3.13.11 Cryptographic Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration NIST_SP_800-171_R3_3 .13.11 NIST_SP_800-171_R3_3.13.11 NIST 800-171 R3 3.13.11 Cryptographic Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault NIST_SP_800-171_R3_3 .13.11 NIST_SP_800-171_R3_3.13.11 NIST 800-171 R3 3.13.11 Cryptographic Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center NIST_SP_800-171_R3_3 .13.11 NIST_SP_800-171_R3_3.13.11 NIST 800-171 R3 3.13.11 Cryptographic Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL NIST_SP_800-171_R3_3 .13.11 NIST_SP_800-171_R3_3.13.11 NIST 800-171 R3 3.13.11 Cryptographic Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-171_R3_3 .13.11 NIST_SP_800-171_R3_3.13.11 NIST 800-171 R3 3.13.11 Cryptographic Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL NIST_SP_800-171_R3_3 .13.11 NIST_SP_800-171_R3_3.13.11 NIST 800-171 R3 3.13.11 Cryptographic Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-171_R3_3 .13.11 NIST_SP_800-171_R3_3.13.11 NIST 800-171 R3 3.13.11 Cryptographic Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute NIST_SP_800-171_R3_3 .13.11 NIST_SP_800-171_R3_3.13.11 NIST 800-171 R3 3.13.11 Cryptographic Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute NIST_SP_800-171_R3_3 .13.11 NIST_SP_800-171_R3_3.13.11 NIST 800-171 R3 3.13.11 Cryptographic Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration NIST_SP_800-171_R3_3 .13.11 NIST_SP_800-171_R3_3.13.11 NIST 800-171 R3 3.13.11 Cryptographic Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NIST_SP_800-171_R3_3 .13.11 NIST_SP_800-171_R3_3.13.11 NIST 800-171 R3 3.13.11 Cryptographic Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation NIST_SP_800-171_R3_3 .13.11 NIST_SP_800-171_R3_3.13.11 NIST 800-171 R3 3.13.11 Cryptographic Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration NIST_SP_800-171_R3_3 .13.11 NIST_SP_800-171_R3_3.13.11 NIST 800-171 R3 3.13.11 Cryptographic Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer NIST_SP_800-171_R3_3 .13.11 NIST_SP_800-171_R3_3.13.11 NIST 800-171 R3 3.13.11 Cryptographic Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer NIST_SP_800-171_R3_3 .13.11 NIST_SP_800-171_R3_3.13.11 NIST 800-171 R3 3.13.11 Cryptographic Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance NIST_SP_800-171_R3_3 .13.11 NIST_SP_800-171_R3_3.13.11 NIST 800-171 R3 3.13.11 Cryptographic Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault NIST_SP_800-171_R3_3 .13.11 NIST_SP_800-171_R3_3.13.11 NIST 800-171 R3 3.13.11 Cryptographic Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NIST_SP_800-171_R3_3 .13.13 NIST_SP_800-171_R3_3.13.13 NIST 800-171 R3 3.13.13 Mobile Code NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NIST_SP_800-171_R3_3 .13.15 NIST_SP_800-171_R3_3.13.15 NIST 800-171 R3 3.13.15 Session Authenticity NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NIST_SP_800-171_R3_3 .13.15 NIST_SP_800-171_R3_3.13.15 NIST 800-171 R3 3.13.15 Session Authenticity NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NIST_SP_800-171_R3_3 .13.6 NIST_SP_800-171_R3_3.13.6 NIST 800-171 R3 3.13.6 Network Communications – Deny by Default – Allow by Exception NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NIST_SP_800-171_R3_3 .13.6 NIST_SP_800-171_R3_3.13.6 NIST 800-171 R3 3.13.6 Network Communications – Deny by Default – Allow by Exception NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration NIST_SP_800-171_R3_3 .13.6 NIST_SP_800-171_R3_3.13.6 NIST 800-171 R3 3.13.6 Network Communications – Deny by Default – Allow by Exception NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL NIST_SP_800-171_R3_3 .13.6 NIST_SP_800-171_R3_3.13.6 NIST 800-171 R3 3.13.6 Network Communications – Deny by Default – Allow by Exception NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring NIST_SP_800-171_R3_3 .13.8 NIST_SP_800-171_R3_3.13.8 NIST 800-171 R3 3.13.8 Transmission and Storage Confidentiality NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services NIST_SP_800-171_R3_3 .13.8 NIST_SP_800-171_R3_3.13.8 NIST 800-171 R3 3.13.8 Transmission and Storage Confidentiality NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things NIST_SP_800-171_R3_3 .13.8 NIST_SP_800-171_R3_3.13.8 NIST 800-171 R3 3.13.8 Transmission and Storage Confidentiality NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer NIST_SP_800-171_R3_3 .13.8 NIST_SP_800-171_R3_3.13.8 NIST 800-171 R3 3.13.8 Transmission and Storage Confidentiality NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL NIST_SP_800-171_R3_3 .13.8 NIST_SP_800-171_R3_3.13.8 NIST 800-171 R3 3.13.8 Transmission and Storage Confidentiality NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL NIST_SP_800-171_R3_3 .13.8 NIST_SP_800-171_R3_3.13.8 NIST 800-171 R3 3.13.8 Transmission and Storage Confidentiality NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration NIST_SP_800-171_R3_3 .13.8 NIST_SP_800-171_R3_3.13.8 NIST 800-171 R3 3.13.8 Transmission and Storage Confidentiality NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute NIST_SP_800-171_R3_3 .13.8 NIST_SP_800-171_R3_3.13.8 NIST 800-171 R3 3.13.8 Transmission and Storage Confidentiality NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache NIST_SP_800-171_R3_3 .13.8 NIST_SP_800-171_R3_3.13.8 NIST 800-171 R3 3.13.8 Transmission and Storage Confidentiality NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage NIST_SP_800-171_R3_3 .13.8 NIST_SP_800-171_R3_3.13.8 NIST 800-171 R3 3.13.8 Transmission and Storage Confidentiality NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute NIST_SP_800-171_R3_3 .13.8 NIST_SP_800-171_R3_3.13.8 NIST 800-171 R3 3.13.8 Transmission and Storage Confidentiality NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration NIST_SP_800-171_R3_3 .13.8 NIST_SP_800-171_R3_3.13.8 NIST 800-171 R3 3.13.8 Transmission and Storage Confidentiality NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services NIST_SP_800-171_R3_3 .13.9 NIST_SP_800-171_R3_3.13.9 NIST 800-171 R3 3.13.9 Network Disconnect NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute NIST_SP_800-171_R3_3 .13.9 NIST_SP_800-171_R3_3.13.9 NIST 800-171 R3 3.13.9 Network Disconnect NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring NIST_SP_800-171_R3_3 .13.9 NIST_SP_800-171_R3_3.13.9 NIST 800-171 R3 3.13.9 Network Disconnect NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL NIST_SP_800-171_R3_3 .13.9 NIST_SP_800-171_R3_3.13.9 NIST 800-171 R3 3.13.9 Network Disconnect NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery NIST_SP_800-171_R3_3 .13.9 NIST_SP_800-171_R3_3.13.9 NIST 800-171 R3 3.13.9 Network Disconnect NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NIST_SP_800-171_R3_3 .13.9 NIST_SP_800-171_R3_3.13.9 NIST 800-171 R3 3.13.9 Network Disconnect NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance NIST_SP_800-171_R3_3 .13.9 NIST_SP_800-171_R3_3.13.9 NIST 800-171 R3 3.13.9 Network Disconnect NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network NIST_SP_800-171_R3_3 .13.9 NIST_SP_800-171_R3_3.13.9 NIST 800-171 R3 3.13.9 Network Disconnect NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NIST_SP_800-171_R3_3 .13.9 NIST_SP_800-171_R3_3.13.9 NIST 800-171 R3 3.13.9 Network Disconnect NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-171_R3_3 .13.9 NIST_SP_800-171_R3_3.13.9 NIST 800-171 R3 3.13.9 Network Disconnect NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-171_R3_3 .13.9 NIST_SP_800-171_R3_3.13.9 NIST 800-171 R3 3.13.9 Network Disconnect NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NIST_SP_800-171_R3_3 .13.9 NIST_SP_800-171_R3_3.13.9 NIST 800-171 R3 3.13.9 Network Disconnect NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL NIST_SP_800-171_R3_3 .13.9 NIST_SP_800-171_R3_3.13.9 NIST 800-171 R3 3.13.9 Network Disconnect NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration NIST_SP_800-171_R3_3 .13.9 NIST_SP_800-171_R3_3.13.9 NIST 800-171 R3 3.13.9 Network Disconnect NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL NIST_SP_800-171_R3_3 .13.9 NIST_SP_800-171_R3_3.13.9 NIST 800-171 R3 3.13.9 Network Disconnect NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup NIST_SP_800-171_R3_3 .13.9 NIST_SP_800-171_R3_3.13.9 NIST 800-171 R3 3.13.9 Network Disconnect NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB NIST_SP_800-171_R3_3 .13.9 NIST_SP_800-171_R3_3.13.9 NIST 800-171 R3 3.13.9 Network Disconnect NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NIST_SP_800-171_R3_3 .13.9 NIST_SP_800-171_R3_3.13.9 NIST 800-171 R3 3.13.9 Network Disconnect NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NIST_SP_800-171_R3_3 .13.9 NIST_SP_800-171_R3_3.13.9 NIST 800-171 R3 3.13.9 Network Disconnect NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-171_R3_3 .13.9 NIST_SP_800-171_R3_3.13.9 NIST 800-171 R3 3.13.9 Network Disconnect NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NIST_SP_800-171_R3_3 .13.9 NIST_SP_800-171_R3_3.13.9 NIST 800-171 R3 3.13.9 Network Disconnect NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring NIST_SP_800-171_R3_3 .13.9 NIST_SP_800-171_R3_3.13.9 NIST 800-171 R3 3.13.9 Network Disconnect NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NIST_SP_800-171_R3_3 .13.9 NIST_SP_800-171_R3_3.13.9 NIST 800-171 R3 3.13.9 Network Disconnect NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning NIST_SP_800-171_R3_3 .13.9 NIST_SP_800-171_R3_3.13.9 NIST 800-171 R3 3.13.9 Network Disconnect NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry NIST_SP_800-171_R3_3 .13.9 NIST_SP_800-171_R3_3.13.9 NIST 800-171 R3 3.13.9 Network Disconnect NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration NIST_SP_800-171_R3_3 .13.9 NIST_SP_800-171_R3_3.13.9 NIST 800-171 R3 3.13.9 Network Disconnect NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network NIST_SP_800-171_R3_3 .13.9 NIST_SP_800-171_R3_3.13.9 NIST 800-171 R3 3.13.9 Network Disconnect NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse NIST_SP_800-171_R3_3 .14.1 NIST_SP_800-171_R3_3.14.1 NIST 800-171 R3 3.14.1 Flaw Remediation NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL NIST_SP_800-171_R3_3 .14.1 NIST_SP_800-171_R3_3.14.1 NIST 800-171 R3 3.14.1 Flaw Remediation NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center NIST_SP_800-171_R3_3 .14.1 NIST_SP_800-171_R3_3.14.1 NIST 800-171 R3 3.14.1 Flaw Remediation NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager NIST_SP_800-171_R3_3 .14.1 NIST_SP_800-171_R3_3.14.1 NIST 800-171 R3 3.14.1 Flaw Remediation NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center NIST_SP_800-171_R3_3 .14.1 NIST_SP_800-171_R3_3.14.1 NIST 800-171 R3 3.14.1 Flaw Remediation NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NIST_SP_800-171_R3_3 .14.1 NIST_SP_800-171_R3_3.14.1 NIST 800-171 R3 3.14.1 Flaw Remediation NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center NIST_SP_800-171_R3_3 .14.1 NIST_SP_800-171_R3_3.14.1 NIST 800-171 R3 3.14.1 Flaw Remediation NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-171_R3_3 .14.1 NIST_SP_800-171_R3_3.14.1 NIST 800-171 R3 3.14.1 Flaw Remediation NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NIST_SP_800-171_R3_3 .14.1 NIST_SP_800-171_R3_3.14.1 NIST 800-171 R3 3.14.1 Flaw Remediation NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center NIST_SP_800-171_R3_3 .14.1 NIST_SP_800-171_R3_3.14.1 NIST 800-171 R3 3.14.1 Flaw Remediation NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center NIST_SP_800-171_R3_3 .14.1 NIST_SP_800-171_R3_3.14.1 NIST 800-171 R3 3.14.1 Flaw Remediation NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center NIST_SP_800-171_R3_3 .14.1 NIST_SP_800-171_R3_3.14.1 NIST 800-171 R3 3.14.1 Flaw Remediation NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center NIST_SP_800-171_R3_3 .14.1 NIST_SP_800-171_R3_3.14.1 NIST 800-171 R3 3.14.1 Flaw Remediation NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL NIST_SP_800-171_R3_3 .14.1 NIST_SP_800-171_R3_3.14.1 NIST 800-171 R3 3.14.1 Flaw Remediation NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-171_R3_3 .14.1 NIST_SP_800-171_R3_3.14.1 NIST 800-171 R3 3.14.1 Flaw Remediation NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center NIST_SP_800-171_R3_3 .14.1 NIST_SP_800-171_R3_3.14.1 NIST 800-171 R3 3.14.1 Flaw Remediation NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center NIST_SP_800-171_R3_3 .14.1 NIST_SP_800-171_R3_3.14.1 NIST 800-171 R3 3.14.1 Flaw Remediation NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center NIST_SP_800-171_R3_3 .14.1 NIST_SP_800-171_R3_3.14.1 NIST 800-171 R3 3.14.1 Flaw Remediation NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NIST_SP_800-171_R3_3 .14.1 NIST_SP_800-171_R3_3.14.1 NIST 800-171 R3 3.14.1 Flaw Remediation NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center NIST_SP_800-171_R3_3 .14.1 NIST_SP_800-171_R3_3.14.1 NIST 800-171 R3 3.14.1 Flaw Remediation NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute NIST_SP_800-171_R3_3 .14.1 NIST_SP_800-171_R3_3.14.1 NIST 800-171 R3 3.14.1 Flaw Remediation NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center NIST_SP_800-171_R3_3 .14.1 NIST_SP_800-171_R3_3.14.1 NIST 800-171 R3 3.14.1 Flaw Remediation NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning NIST_SP_800-171_R3_3 .14.1 NIST_SP_800-171_R3_3.14.1 NIST 800-171 R3 3.14.1 Flaw Remediation NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-171_R3_3 .14.2 NIST_SP_800-171_R3_3.14.2 NIST 800-171 R3 3.14.2 Malicious Code Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-171_R3_3 .14.2 NIST_SP_800-171_R3_3.14.2 NIST 800-171 R3 3.14.2 Malicious Code Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center NIST_SP_800-171_R3_3 .14.2 NIST_SP_800-171_R3_3.14.2 NIST 800-171 R3 3.14.2 Malicious Code Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-171_R3_3 .14.2 NIST_SP_800-171_R3_3.14.2 NIST 800-171 R3 3.14.2 Malicious Code Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-171_R3_3 .14.2 NIST_SP_800-171_R3_3.14.2 NIST 800-171 R3 3.14.2 Malicious Code Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NIST_SP_800-171_R3_3 .14.2 NIST_SP_800-171_R3_3.14.2 NIST 800-171 R3 3.14.2 Malicious Code Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-171_R3_3 .14.2 NIST_SP_800-171_R3_3.14.2 NIST 800-171 R3 3.14.2 Malicious Code Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center NIST_SP_800-171_R3_3 .14.2 NIST_SP_800-171_R3_3.14.2 NIST 800-171 R3 3.14.2 Malicious Code Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center NIST_SP_800-171_R3_3 .14.2 NIST_SP_800-171_R3_3.14.2 NIST 800-171 R3 3.14.2 Malicious Code Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute NIST_SP_800-171_R3_3 .14.2 NIST_SP_800-171_R3_3.14.2 NIST 800-171 R3 3.14.2 Malicious Code Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network NIST_SP_800-171_R3_3 .14.2 NIST_SP_800-171_R3_3.14.2 NIST 800-171 R3 3.14.2 Malicious Code Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-171_R3_3 .14.2 NIST_SP_800-171_R3_3.14.2 NIST 800-171 R3 3.14.2 Malicious Code Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-171_R3_3 .14.2 NIST_SP_800-171_R3_3.14.2 NIST 800-171 R3 3.14.2 Malicious Code Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-171_R3_3 .14.2 NIST_SP_800-171_R3_3.14.2 NIST 800-171 R3 3.14.2 Malicious Code Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes NIST_SP_800-171_R3_3 .14.2 NIST_SP_800-171_R3_3.14.2 NIST 800-171 R3 3.14.2 Malicious Code Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center NIST_SP_800-171_R3_3 .14.2 NIST_SP_800-171_R3_3.14.2 NIST 800-171 R3 3.14.2 Malicious Code Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-171_R3_3 .14.2 NIST_SP_800-171_R3_3.14.2 NIST 800-171 R3 3.14.2 Malicious Code Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NIST_SP_800-171_R3_3 .14.2 NIST_SP_800-171_R3_3.14.2 NIST 800-171 R3 3.14.2 Malicious Code Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute NIST_SP_800-171_R3_3 .14.2 NIST_SP_800-171_R3_3.14.2 NIST 800-171 R3 3.14.2 Malicious Code Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring NIST_SP_800-171_R3_3 .14.6 NIST_SP_800-171_R3_3.14.6 NIST 800-171 R3 3.14.6 System Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NIST_SP_800-171_R3_3 .14.6 NIST_SP_800-171_R3_3.14.6 NIST 800-171 R3 3.14.6 System Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network NIST_SP_800-171_R3_3 .14.6 NIST_SP_800-171_R3_3.14.6 NIST 800-171 R3 3.14.6 System Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center NIST_SP_800-171_R3_3 .14.6 NIST_SP_800-171_R3_3.14.6 NIST 800-171 R3 3.14.6 System Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring NIST_SP_800-171_R3_3 .14.6 NIST_SP_800-171_R3_3.14.6 NIST 800-171 R3 3.14.6 System Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NIST_SP_800-171_R3_3 .14.6 NIST_SP_800-171_R3_3.14.6 NIST 800-171 R3 3.14.6 System Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-171_R3_3 .14.6 NIST_SP_800-171_R3_3.14.6 NIST 800-171 R3 3.14.6 System Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring NIST_SP_800-171_R3_3 .14.6 NIST_SP_800-171_R3_3.14.6 NIST 800-171 R3 3.14.6 System Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center NIST_SP_800-171_R3_3 .14.6 NIST_SP_800-171_R3_3.14.6 NIST 800-171 R3 3.14.6 System Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center NIST_SP_800-171_R3_3 .14.6 NIST_SP_800-171_R3_3.14.6 NIST 800-171 R3 3.14.6 System Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center NIST_SP_800-171_R3_3 .14.6 NIST_SP_800-171_R3_3.14.6 NIST 800-171 R3 3.14.6 System Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NIST_SP_800-171_R3_3 .14.6 NIST_SP_800-171_R3_3.14.6 NIST 800-171 R3 3.14.6 System Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring NIST_SP_800-171_R3_3 .14.6 NIST_SP_800-171_R3_3.14.6 NIST 800-171 R3 3.14.6 System Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center NIST_SP_800-171_R3_3 .14.6 NIST_SP_800-171_R3_3.14.6 NIST 800-171 R3 3.14.6 System Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring NIST_SP_800-171_R3_3 .14.6 NIST_SP_800-171_R3_3.14.6 NIST 800-171 R3 3.14.6 System Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-171_R3_3 .14.6 NIST_SP_800-171_R3_3.14.6 NIST 800-171 R3 3.14.6 System Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring NIST_SP_800-171_R3_3 .14.6 NIST_SP_800-171_R3_3.14.6 NIST 800-171 R3 3.14.6 System Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center NIST_SP_800-171_R3_3 .14.6 NIST_SP_800-171_R3_3.14.6 NIST 800-171 R3 3.14.6 System Monitoring NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring NIST_SP_800-171_R3_3 .14.8 NIST_SP_800-171_R3_3.14.8 NIST 800-171 R3 3.14.8 Information Management and Retention NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_SP_800-171_R3_3 .15.2 NIST_SP_800-171_R3_3.15.2 NIST 800-171 R3 3.15.2 System Security Plan NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NIST_SP_800-171_R3_3 .15.2 NIST_SP_800-171_R3_3.15.2 NIST 800-171 R3 3.15.2 System Security Plan NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NIST_SP_800-171_R3_3 .15.2 NIST_SP_800-171_R3_3.15.2 NIST 800-171 R3 3.15.2 System Security Plan NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring NIST_SP_800-171_R3_3 .15.3 NIST_SP_800-171_R3_3.15.3 NIST 800-171 R3 3.15.3 Rules of Behavior NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring NIST_SP_800-171_R3_3 .15.3 NIST_SP_800-171_R3_3.15.3 NIST 800-171 R3 3.15.3 Rules of Behavior NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring NIST_SP_800-171_R3_3 .15.3 NIST_SP_800-171_R3_3.15.3 NIST 800-171 R3 3.15.3 Rules of Behavior NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration NIST_SP_800-171_R3_3 .15.3 NIST_SP_800-171_R3_3.15.3 NIST 800-171 R3 3.15.3 Rules of Behavior NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-171_R3_3 .16.2 NIST_SP_800-171_R3_3.16.2 NIST 800-171 R3 3.16.2 Unsupported System Components NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NIST_SP_800-171_R3_3 .17.1 NIST_SP_800-171_R3_3.17.1 NIST 800-171 R3 3.17.1 Supply Chain Risk Management Plan NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_SP_800-171_R3_3 .17.1 NIST_SP_800-171_R3_3.17.1 NIST 800-171 R3 3.17.1 Supply Chain Risk Management Plan NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NIST_SP_800-171_R3_3 .17.1 NIST_SP_800-171_R3_3.17.1 NIST 800-171 R3 3.17.1 Supply Chain Risk Management Plan NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_SP_800-171_R3_3 .2.1 NIST_SP_800-171_R3_3.2.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NIST_SP_800-171_R3_3 .2.1 NIST_SP_800-171_R3_3.2.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring NIST_SP_800-171_R3_3 .3.1 NIST_SP_800-171_R3_3.3.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration NIST_SP_800-171_R3_3 .3.2 NIST_SP_800-171_R3_3.3.2 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NIST_SP_800-171_R3_3 .3.2 NIST_SP_800-171_R3_3.3.2 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring NIST_SP_800-171_R3_3 .3.2 NIST_SP_800-171_R3_3.3.2 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General NIST_SP_800-171_R3_3 .3.2 NIST_SP_800-171_R3_3.3.2 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch NIST_SP_800-171_R3_3 .3.2 NIST_SP_800-171_R3_3.3.2 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NIST_SP_800-171_R3_3 .3.2 NIST_SP_800-171_R3_3.3.2 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration NIST_SP_800-171_R3_3 .3.2 NIST_SP_800-171_R3_3.3.2 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring NIST_SP_800-171_R3_3 .3.2 NIST_SP_800-171_R3_3.3.2 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network NIST_SP_800-171_R3_3 .3.2 NIST_SP_800-171_R3_3.3.2 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring NIST_SP_800-171_R3_3 .3.3 NIST_SP_800-171_R3_3.3.3 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration NIST_SP_800-171_R3_3 .3.4 NIST_SP_800-171_R3_3.3.4 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring NIST_SP_800-171_R3_3 .3.5 NIST_SP_800-171_R3_3.3.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring NIST_SP_800-171_R3_3 .3.5 NIST_SP_800-171_R3_3.3.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NIST_SP_800-171_R3_3 .3.5 NIST_SP_800-171_R3_3.3.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NIST_SP_800-171_R3_3 .3.5 NIST_SP_800-171_R3_3.3.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring NIST_SP_800-171_R3_3 .3.5 NIST_SP_800-171_R3_3.3.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes NIST_SP_800-171_R3_3 .3.5 NIST_SP_800-171_R3_3.3.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring NIST_SP_800-171_R3_3 .3.5 NIST_SP_800-171_R3_3.3.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring NIST_SP_800-171_R3_3 .3.5 NIST_SP_800-171_R3_3.3.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault NIST_SP_800-171_R3_3 .3.5 NIST_SP_800-171_R3_3.3.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring NIST_SP_800-171_R3_3 .3.5 NIST_SP_800-171_R3_3.3.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NIST_SP_800-171_R3_3 .3.5 NIST_SP_800-171_R3_3.3.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration NIST_SP_800-171_R3_3 .3.5 NIST_SP_800-171_R3_3.3.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration NIST_SP_800-171_R3_3 .3.5 NIST_SP_800-171_R3_3.3.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration NIST_SP_800-171_R3_3 .3.5 NIST_SP_800-171_R3_3.3.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring NIST_SP_800-171_R3_3 .3.5 NIST_SP_800-171_R3_3.3.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring NIST_SP_800-171_R3_3 .3.5 NIST_SP_800-171_R3_3.3.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning NIST_SP_800-171_R3_3 .3.5 NIST_SP_800-171_R3_3.3.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring NIST_SP_800-171_R3_3 .3.6 NIST_SP_800-171_R3_3.3.6 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General NIST_SP_800-171_R3_3 .3.7 NIST_SP_800-171_R3_3.3.7 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring NIST_SP_800-171_R3_3 .3.7 NIST_SP_800-171_R3_3.3.7 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch NIST_SP_800-171_R3_3 .3.7 NIST_SP_800-171_R3_3.3.7 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration NIST_SP_800-171_R3_3 .3.7 NIST_SP_800-171_R3_3.3.7 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration NIST_SP_800-171_R3_3 .3.7 NIST_SP_800-171_R3_3.3.7 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring NIST_SP_800-171_R3_3 .3.7 NIST_SP_800-171_R3_3.3.7 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NIST_SP_800-171_R3_3 .3.7 NIST_SP_800-171_R3_3.3.7 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NIST_SP_800-171_R3_3 .3.7 NIST_SP_800-171_R3_3.3.7 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network NIST_SP_800-171_R3_3 .3.7 NIST_SP_800-171_R3_3.3.7 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NIST_SP_800-171_R3_3 .3.8 NIST_SP_800-171_R3_3.3.8 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring NIST_SP_800-171_R3_3 .3.8 NIST_SP_800-171_R3_3.3.8 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring NIST_SP_800-171_R3_3 .3.8 NIST_SP_800-171_R3_3.3.8 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring NIST_SP_800-171_R3_3 .3.8 NIST_SP_800-171_R3_3.3.8 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
1dc2fc00-2245-4143-99f4-874c937f13ef Azure API Management platform version should be stv2 API Management NIST_SP_800-171_R3_3 .4.1 NIST_SP_800-171_R3_3.4.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes NIST_SP_800-171_R3_3 .4.1 NIST_SP_800-171_R3_3.4.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network NIST_SP_800-171_R3_3 .4.1 NIST_SP_800-171_R3_3.4.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration NIST_SP_800-171_R3_3 .4.1 NIST_SP_800-171_R3_3.4.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network NIST_SP_800-171_R3_3 .4.1 NIST_SP_800-171_R3_3.4.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-171_R3_3 .4.1 NIST_SP_800-171_R3_3.4.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NIST_SP_800-171_R3_3 .4.1 NIST_SP_800-171_R3_3.4.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NIST_SP_800-171_R3_3 .4.1 NIST_SP_800-171_R3_3.4.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute NIST_SP_800-171_R3_3 .4.1 NIST_SP_800-171_R3_3.4.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring NIST_SP_800-171_R3_3 .4.10 NIST_SP_800-171_R3_3.4.10 NIST 800-171 R3 3.4.10 System Component Inventory NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring NIST_SP_800-171_R3_3 .4.10 NIST_SP_800-171_R3_3.4.10 NIST 800-171 R3 3.4.10 System Component Inventory NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-171_R3_3 .4.10 NIST_SP_800-171_R3_3.4.10 NIST 800-171 R3 3.4.10 System Component Inventory NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute NIST_SP_800-171_R3_3 .4.10 NIST_SP_800-171_R3_3.4.10 NIST 800-171 R3 3.4.10 System Component Inventory NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring NIST_SP_800-171_R3_3 .4.10 NIST_SP_800-171_R3_3.4.10 NIST 800-171 R3 3.4.10 System Component Inventory NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
ebb67efd-3c46-49b0-adfe-5599eb944998 Audit Windows machines that don't have the specified applications installed Guest Configuration NIST_SP_800-171_R3_3 .4.10 NIST_SP_800-171_R3_3.4.10 NIST 800-171 R3 3.4.10 System Component Inventory NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network NIST_SP_800-171_R3_3 .4.10 NIST_SP_800-171_R3_3.4.10 NIST 800-171 R3 3.4.10 System Component Inventory NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
6b2122c1-8120-4ff5-801b-17625a355590 Azure Arc enabled Kubernetes clusters should have the Azure Policy extension installed Kubernetes NIST_SP_800-171_R3_3 .4.2 NIST_SP_800-171_R3_3.4.2 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration NIST_SP_800-171_R3_3 .4.2 NIST_SP_800-171_R3_3.4.2 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NIST_SP_800-171_R3_3 .4.2 NIST_SP_800-171_R3_3.4.2 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-171_R3_3 .4.2 NIST_SP_800-171_R3_3.4.2 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-171_R3_3 .4.2 NIST_SP_800-171_R3_3.4.2 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network NIST_SP_800-171_R3_3 .4.2 NIST_SP_800-171_R3_3.4.2 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes NIST_SP_800-171_R3_3 .4.2 NIST_SP_800-171_R3_3.4.2 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration NIST_SP_800-171_R3_3 .4.2 NIST_SP_800-171_R3_3.4.2 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-171_R3_3 .4.2 NIST_SP_800-171_R3_3.4.2 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network NIST_SP_800-171_R3_3 .4.2 NIST_SP_800-171_R3_3.4.2 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes NIST_SP_800-171_R3_3 .4.2 NIST_SP_800-171_R3_3.4.2 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration NIST_SP_800-171_R3_3 .4.2 NIST_SP_800-171_R3_3.4.2 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration NIST_SP_800-171_R3_3 .4.2 NIST_SP_800-171_R3_3.4.2 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center NIST_SP_800-171_R3_3 .4.3 NIST_SP_800-171_R3_3.4.3 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-171_R3_3 .4.3 NIST_SP_800-171_R3_3.4.3 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-171_R3_3 .4.3 NIST_SP_800-171_R3_3.4.3 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-171_R3_3 .4.3 NIST_SP_800-171_R3_3.4.3 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center NIST_SP_800-171_R3_3 .4.3 NIST_SP_800-171_R3_3.4.3 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-171_R3_3 .4.3 NIST_SP_800-171_R3_3.4.3 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-171_R3_3 .4.3 NIST_SP_800-171_R3_3.4.3 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center NIST_SP_800-171_R3_3 .4.3 NIST_SP_800-171_R3_3.4.3 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-171_R3_3 .4.3 NIST_SP_800-171_R3_3.4.3 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center NIST_SP_800-171_R3_3 .4.3 NIST_SP_800-171_R3_3.4.3 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-171_R3_3 .4.3 NIST_SP_800-171_R3_3.4.3 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center NIST_SP_800-171_R3_3 .4.3 NIST_SP_800-171_R3_3.4.3 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center NIST_SP_800-171_R3_3 .4.3 NIST_SP_800-171_R3_3.4.3 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center NIST_SP_800-171_R3_3 .4.3 NIST_SP_800-171_R3_3.4.3 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-171_R3_3 .4.3 NIST_SP_800-171_R3_3.4.3 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-171_R3_3 .4.3 NIST_SP_800-171_R3_3.4.3 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NIST_SP_800-171_R3_3 .4.4 NIST_SP_800-171_R3_3.4.4 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center NIST_SP_800-171_R3_3 .4.4 NIST_SP_800-171_R3_3.4.4 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NIST_SP_800-171_R3_3 .4.5 NIST_SP_800-171_R3_3.4.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus NIST_SP_800-171_R3_3 .4.5 NIST_SP_800-171_R3_3.4.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-171_R3_3 .4.5 NIST_SP_800-171_R3_3.4.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration NIST_SP_800-171_R3_3 .4.6 NIST_SP_800-171_R3_3.4.6 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NIST_SP_800-171_R3_3 .4.6 NIST_SP_800-171_R3_3.4.6 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-171_R3_3 .4.6 NIST_SP_800-171_R3_3.4.6 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NIST_SP_800-171_R3_3 .4.6 NIST_SP_800-171_R3_3.4.6 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network NIST_SP_800-171_R3_3 .4.6 NIST_SP_800-171_R3_3.4.6 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration NIST_SP_800-171_R3_3 .4.6 NIST_SP_800-171_R3_3.4.6 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration NIST_SP_800-171_R3_3 .4.6 NIST_SP_800-171_R3_3.4.6 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-171_R3_3 .4.6 NIST_SP_800-171_R3_3.4.6 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NIST_SP_800-171_R3_3 .4.6 NIST_SP_800-171_R3_3.4.6 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes NIST_SP_800-171_R3_3 .4.6 NIST_SP_800-171_R3_3.4.6 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration NIST_SP_800-171_R3_3 .4.6 NIST_SP_800-171_R3_3.4.6 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes NIST_SP_800-171_R3_3 .4.6 NIST_SP_800-171_R3_3.4.6 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NIST_SP_800-171_R3_3 .4.6 NIST_SP_800-171_R3_3.4.6 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration NIST_SP_800-171_R3_3 .4.6 NIST_SP_800-171_R3_3.4.6 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NIST_SP_800-171_R3_3 .4.6 NIST_SP_800-171_R3_3.4.6 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network NIST_SP_800-171_R3_3 .4.6 NIST_SP_800-171_R3_3.4.6 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network NIST_SP_800-171_R3_3 .4.6 NIST_SP_800-171_R3_3.4.6 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes NIST_SP_800-171_R3_3 .4.6 NIST_SP_800-171_R3_3.4.6 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration NIST_SP_800-171_R3_3 .4.6 NIST_SP_800-171_R3_3.4.6 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NIST_SP_800-171_R3_3 .4.6 NIST_SP_800-171_R3_3.4.6 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration NIST_SP_800-171_R3_3 .4.6 NIST_SP_800-171_R3_3.4.6 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network NIST_SP_800-171_R3_3 .4.6 NIST_SP_800-171_R3_3.4.6 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center NIST_SP_800-171_R3_3 .4.6 NIST_SP_800-171_R3_3.4.6 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes NIST_SP_800-171_R3_3 .4.6 NIST_SP_800-171_R3_3.4.6 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center NIST_SP_800-171_R3_3 .4.8 NIST_SP_800-171_R3_3.4.8 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes NIST_SP_800-171_R3_3 .4.8 NIST_SP_800-171_R3_3.4.8 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration NIST_SP_800-171_R3_3 .4.8 NIST_SP_800-171_R3_3.4.8 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes NIST_SP_800-171_R3_3 .4.8 NIST_SP_800-171_R3_3.4.8 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration NIST_SP_800-171_R3_3 .4.8 NIST_SP_800-171_R3_3.4.8 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NIST_SP_800-171_R3_3 .5.1 NIST_SP_800-171_R3_3.5.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse NIST_SP_800-171_R3_3 .5.1 NIST_SP_800-171_R3_3.5.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NIST_SP_800-171_R3_3 .5.1 NIST_SP_800-171_R3_3.5.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network NIST_SP_800-171_R3_3 .5.1 NIST_SP_800-171_R3_3.5.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL NIST_SP_800-171_R3_3 .5.1 NIST_SP_800-171_R3_3.5.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL NIST_SP_800-171_R3_3 .5.1 NIST_SP_800-171_R3_3.5.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage NIST_SP_800-171_R3_3 .5.1 NIST_SP_800-171_R3_3.5.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-171_R3_3 .5.1 NIST_SP_800-171_R3_3.5.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NIST_SP_800-171_R3_3 .5.1 NIST_SP_800-171_R3_3.5.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault NIST_SP_800-171_R3_3 .5.1 NIST_SP_800-171_R3_3.5.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL NIST_SP_800-171_R3_3 .5.12 NIST_SP_800-171_R3_3.5.12 NIST 800-171 R3 3.5.12 Authenticator Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NIST_SP_800-171_R3_3 .5.12 NIST_SP_800-171_R3_3.5.12 NIST 800-171 R3 3.5.12 Authenticator Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-171_R3_3 .5.12 NIST_SP_800-171_R3_3.5.12 NIST 800-171 R3 3.5.12 Authenticator Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration NIST_SP_800-171_R3_3 .5.12 NIST_SP_800-171_R3_3.5.12 NIST 800-171 R3 3.5.12 Authenticator Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration NIST_SP_800-171_R3_3 .5.12 NIST_SP_800-171_R3_3.5.12 NIST 800-171 R3 3.5.12 Authenticator Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service NIST_SP_800-171_R3_3 .5.12 NIST_SP_800-171_R3_3.5.12 NIST 800-171 R3 3.5.12 Authenticator Management NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NIST_SP_800-171_R3_3 .5.2 NIST_SP_800-171_R3_3.5.2 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network NIST_SP_800-171_R3_3 .5.3 NIST_SP_800-171_R3_3.5.3 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault NIST_SP_800-171_R3_3 .5.5 NIST_SP_800-171_R3_3.5.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration NIST_SP_800-171_R3_3 .5.7 NIST_SP_800-171_R3_3.5.7 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NIST_SP_800-171_R3_3 .5.7 NIST_SP_800-171_R3_3.5.7 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-171_R3_3 .5.7 NIST_SP_800-171_R3_3.5.7 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration NIST_SP_800-171_R3_3 .5.7 NIST_SP_800-171_R3_3.5.7 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service NIST_SP_800-171_R3_3 .5.7 NIST_SP_800-171_R3_3.5.7 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL NIST_SP_800-171_R3_3 .5.7 NIST_SP_800-171_R3_3.5.7 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NIST_SP_800-171_R3_3 .6.1 NIST_SP_800-171_R3_3.6.1 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NIST_SP_800-171_R3_3 .6.2 NIST_SP_800-171_R3_3.6.2 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NIST_SP_800-171_R3_3 .6.2 NIST_SP_800-171_R3_3.6.2 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_SP_800-171_R3_3 .6.2 NIST_SP_800-171_R3_3.6.2 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NIST_SP_800-171_R3_3 .6.5 NIST_SP_800-171_R3_3.6.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_SP_800-171_R3_3 .6.5 NIST_SP_800-171_R3_3.6.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NIST_SP_800-171_R3_3 .6.5 NIST_SP_800-171_R3_3.6.5 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault NIST_SP_800-171_R3_3 .8.2 NIST_SP_800-171_R3_3.8.2 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub NIST_SP_800-171_R3_3 .8.2 NIST_SP_800-171_R3_3.8.2 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration NIST_SP_800-171_R3_3 .8.2 NIST_SP_800-171_R3_3.8.2 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault NIST_SP_800-171_R3_3 .8.3 NIST_SP_800-171_R3_3.8.3 404 not found NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault NIST_SP_800-171_R3_3 .8.9 NIST_SP_800-171_R3_3.8.9 NIST 800-171 R3 3.8.9 System Backup – Cryptographic Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup NIST_SP_800-171_R3_3 .8.9 NIST_SP_800-171_R3_3.8.9 NIST 800-171 R3 3.8.9 System Backup – Cryptographic Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL NIST_SP_800-171_R3_3 .8.9 NIST_SP_800-171_R3_3.8.9 NIST 800-171 R3 3.8.9 System Backup – Cryptographic Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL NIST_SP_800-171_R3_3 .8.9 NIST_SP_800-171_R3_3.8.9 NIST 800-171 R3 3.8.9 System Backup – Cryptographic Protection NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration NIST_SP_800-171_R3_3 .9.2 NIST_SP_800-171_R3_3.9.2 NIST 800-171 R3 3.9.2 Personnel Termination and Transfer NIST 800-171 R3 (38916c43-6876-4971-a4b1-806aa7e55ccc)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance NIST_SP_800-53_R4 AC-1 NIST_SP_800-53_R4_AC-1 NIST SP 800-53 Rev. 4 AC-1 Access Control Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance NIST_SP_800-53_R4 AC-1 NIST_SP_800-53_R4_AC-1 NIST SP 800-53 Rev. 4 AC-1 Access Control Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance NIST_SP_800-53_R4 AC-1 NIST_SP_800-53_R4_AC-1 NIST SP 800-53 Rev. 4 AC-1 Access Control Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance NIST_SP_800-53_R4 AC-1 NIST_SP_800-53_R4_AC-1 NIST SP 800-53 Rev. 4 AC-1 Access Control Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d8350d4c-9314-400b-288f-20ddfce04fbd Define and enforce the limit of concurrent sessions Regulatory Compliance NIST_SP_800-53_R4 AC-10 NIST_SP_800-53_R4_AC-10 NIST SP 800-53 Rev. 4 AC-10 Concurrent Session Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance NIST_SP_800-53_R4 AC-12 NIST_SP_800-53_R4_AC-12 NIST SP 800-53 Rev. 4 AC-12 Session Termination NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0471c6b7-1588-701c-2713-1fade73b75f6 Display an explicit logout message Regulatory Compliance NIST_SP_800-53_R4 AC-12(1) NIST_SP_800-53_R4_AC-12(1) NIST SP 800-53 Rev. 4 AC-12 (1) User-Initiated Logouts / Message Displays NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
db580551-0b3c-4ea1-8a4c-4cdb5feb340f Provide the logout capability Regulatory Compliance NIST_SP_800-53_R4 AC-12(1) NIST_SP_800-53_R4_AC-12(1) NIST SP 800-53 Rev. 4 AC-12 (1) User-Initiated Logouts / Message Displays NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication Regulatory Compliance NIST_SP_800-53_R4 AC-14 NIST_SP_800-53_R4_AC-14 NIST SP 800-53 Rev. 4 AC-14 Permitted Actions Without Identification Or Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R4 AC-16 NIST_SP_800-53_R4_AC-16 NIST SP 800-53 Rev. 4 AC-16 Security Attributes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R4 AC-16 NIST_SP_800-53_R4_AC-16 NIST SP 800-53 Rev. 4 AC-16 Security Attributes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance NIST_SP_800-53_R4 AC-17(2) NIST_SP_800-53_R4_AC-17(2) NIST SP 800-53 Rev. 4 AC-17 (2) Protection Of Confidentiality / Integrity Using Encryption NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance NIST_SP_800-53_R4 AC-17(2) NIST_SP_800-53_R4_AC-17(2) NIST SP 800-53 Rev. 4 AC-17 (2) Protection Of Confidentiality / Integrity Using Encryption NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance NIST_SP_800-53_R4 AC-17(3) NIST_SP_800-53_R4_AC-17(3) NIST SP 800-53 Rev. 4 AC-17 (3) Managed Access Control Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance NIST_SP_800-53_R4 AC-17(4) NIST_SP_800-53_R4_AC-17(4) NIST SP 800-53 Rev. 4 AC-17 (4) Privileged Commands / Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance NIST_SP_800-53_R4 AC-17(4) NIST_SP_800-53_R4_AC-17(4) NIST SP 800-53 Rev. 4 AC-17 (4) Privileged Commands / Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
01c387ea-383d-4ca9-295a-977fab516b03 Authorize remote access to privileged commands Regulatory Compliance NIST_SP_800-53_R4 AC-17(4) NIST_SP_800-53_R4_AC-17(4) NIST SP 800-53 Rev. 4 AC-17 (4) Privileged Commands / Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance NIST_SP_800-53_R4 AC-17(4) NIST_SP_800-53_R4_AC-17(4) NIST SP 800-53 Rev. 4 AC-17 (4) Privileged Commands / Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance NIST_SP_800-53_R4 AC-17(4) NIST_SP_800-53_R4_AC-17(4) NIST SP 800-53 Rev. 4 AC-17 (4) Privileged Commands / Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4edaca8c-0912-1ac5-9eaa-6a1057740fae Provide capability to disconnect or disable remote access Regulatory Compliance NIST_SP_800-53_R4 AC-17(9) NIST_SP_800-53_R4_AC-17(9) NIST SP 800-53 Rev. 4 AC-17 (9) Disconnect / Disable Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance NIST_SP_800-53_R4 AC-18 NIST_SP_800-53_R4_AC-18 NIST SP 800-53 Rev. 4 AC-18 Wireless Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance NIST_SP_800-53_R4 AC-18 NIST_SP_800-53_R4_AC-18 NIST SP 800-53 Rev. 4 AC-18 Wireless Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance NIST_SP_800-53_R4 AC-18(1) NIST_SP_800-53_R4_AC-18(1) NIST SP 800-53 Rev. 4 AC-18 (1) Authentication And Encryption NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance NIST_SP_800-53_R4 AC-18(1) NIST_SP_800-53_R4_AC-18(1) NIST SP 800-53 Rev. 4 AC-18 (1) Authentication And Encryption NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance NIST_SP_800-53_R4 AC-18(1) NIST_SP_800-53_R4_AC-18(1) NIST SP 800-53 Rev. 4 AC-18 (1) Authentication And Encryption NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance NIST_SP_800-53_R4 AC-19 NIST_SP_800-53_R4_AC-19 NIST SP 800-53 Rev. 4 AC-19 Access Control For Mobile Devices NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance NIST_SP_800-53_R4 AC-19(5) NIST_SP_800-53_R4_AC-19(5) NIST SP 800-53 Rev. 4 AC-19 (5) Full Device / Container-Based Encryption NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance NIST_SP_800-53_R4 AC-19(5) NIST_SP_800-53_R4_AC-19(5) NIST SP 800-53 Rev. 4 AC-19 (5) Full Device / Container-Based Encryption NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts Regulatory Compliance NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-53_R4 AC-2(1) NIST_SP_800-53_R4_AC-2(1) NIST SP 800-53 Rev. 4 AC-2 (1) Automated System Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-53_R4 AC-2(1) NIST_SP_800-53_R4_AC-2(1) NIST SP 800-53 Rev. 4 AC-2 (1) Automated System Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-53_R4 AC-2(1) NIST_SP_800-53_R4_AC-2(1) NIST SP 800-53 Rev. 4 AC-2 (1) Automated System Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance NIST_SP_800-53_R4 AC-2(1) NIST_SP_800-53_R4_AC-2(1) NIST SP 800-53 Rev. 4 AC-2 (1) Automated System Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance NIST_SP_800-53_R4 AC-2(1) NIST_SP_800-53_R4_AC-2(1) NIST SP 800-53 Rev. 4 AC-2 (1) Automated System Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance NIST_SP_800-53_R4 AC-2(1) NIST_SP_800-53_R4_AC-2(1) NIST SP 800-53 Rev. 4 AC-2 (1) Automated System Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance NIST_SP_800-53_R4 AC-2(1) NIST_SP_800-53_R4_AC-2(1) NIST SP 800-53 Rev. 4 AC-2 (1) Automated System Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
76d66b5c-85e4-93f5-96a5-ebb2fad61dc6 Terminate customer controlled account credentials Regulatory Compliance NIST_SP_800-53_R4 AC-2(10) NIST_SP_800-53_R4_AC-2(10) NIST SP 800-53 Rev. 4 AC-2 (10) Shared / Group Account Credential Termination NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fd81a1b3-2d7a-107c-507e-29b87d040c19 Enforce appropriate usage of all accounts Regulatory Compliance NIST_SP_800-53_R4 AC-2(11) NIST_SP_800-53_R4_AC-2(11) NIST SP 800-53 Rev. 4 AC-2 (11) Usage Conditions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R4 AC-2(12) NIST_SP_800-53_R4_AC-2(12) NIST SP 800-53 Rev. 4 AC-2 (12) Account Monitoring / Atypical Usage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R4 AC-2(12) NIST_SP_800-53_R4_AC-2(12) NIST SP 800-53 Rev. 4 AC-2 (12) Account Monitoring / Atypical Usage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance NIST_SP_800-53_R4 AC-2(12) NIST_SP_800-53_R4_AC-2(12) NIST SP 800-53 Rev. 4 AC-2 (12) Account Monitoring / Atypical Usage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R4 AC-2(12) NIST_SP_800-53_R4_AC-2(12) NIST SP 800-53 Rev. 4 AC-2 (12) Account Monitoring / Atypical Usage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R4 AC-2(12) NIST_SP_800-53_R4_AC-2(12) NIST SP 800-53 Rev. 4 AC-2 (12) Account Monitoring / Atypical Usage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIST_SP_800-53_R4 AC-2(12) NIST_SP_800-53_R4_AC-2(12) NIST SP 800-53 Rev. 4 AC-2 (12) Account Monitoring / Atypical Usage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e4054c0e-1184-09e6-4c5e-701e0bc90f81 Report atypical behavior of user accounts Regulatory Compliance NIST_SP_800-53_R4 AC-2(12) NIST_SP_800-53_R4_AC-2(12) NIST SP 800-53 Rev. 4 AC-2 (12) Account Monitoring / Atypical Usage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R4 AC-2(12) NIST_SP_800-53_R4_AC-2(12) NIST SP 800-53 Rev. 4 AC-2 (12) Account Monitoring / Atypical Usage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R4 AC-2(12) NIST_SP_800-53_R4_AC-2(12) NIST SP 800-53 Rev. 4 AC-2 (12) Account Monitoring / Atypical Usage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R4 AC-2(12) NIST_SP_800-53_R4_AC-2(12) NIST SP 800-53 Rev. 4 AC-2 (12) Account Monitoring / Atypical Usage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R4 AC-2(12) NIST_SP_800-53_R4_AC-2(12) NIST SP 800-53 Rev. 4 AC-2 (12) Account Monitoring / Atypical Usage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R4 AC-2(12) NIST_SP_800-53_R4_AC-2(12) NIST SP 800-53 Rev. 4 AC-2 (12) Account Monitoring / Atypical Usage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R4 AC-2(12) NIST_SP_800-53_R4_AC-2(12) NIST SP 800-53 Rev. 4 AC-2 (12) Account Monitoring / Atypical Usage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
22c16ae4-19d0-29cb-422f-cb44061180ee Disable user accounts posing a significant risk Regulatory Compliance NIST_SP_800-53_R4 AC-2(13) NIST_SP_800-53_R4_AC-2(13) NIST SP 800-53 Rev. 4 AC-2 (13) Disable Accounts For High-Risk Individuals NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance NIST_SP_800-53_R4 AC-2(3) NIST_SP_800-53_R4_AC-2(3) NIST SP 800-53 Rev. 4 AC-2 (3) Disable Inactive Accounts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance NIST_SP_800-53_R4 AC-2(3) NIST_SP_800-53_R4_AC-2(3) NIST SP 800-53 Rev. 4 AC-2 (3) Disable Inactive Accounts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance NIST_SP_800-53_R4 AC-2(4) NIST_SP_800-53_R4_AC-2(4) NIST SP 800-53 Rev. 4 AC-2 (4) Automated Audit Actions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance NIST_SP_800-53_R4 AC-2(4) NIST_SP_800-53_R4_AC-2(4) NIST SP 800-53 Rev. 4 AC-2 (4) Automated Audit Actions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance NIST_SP_800-53_R4 AC-2(4) NIST_SP_800-53_R4_AC-2(4) NIST SP 800-53 Rev. 4 AC-2 (4) Automated Audit Actions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance NIST_SP_800-53_R4 AC-2(4) NIST_SP_800-53_R4_AC-2(4) NIST SP 800-53 Rev. 4 AC-2 (4) Automated Audit Actions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance NIST_SP_800-53_R4 AC-2(4) NIST_SP_800-53_R4_AC-2(4) NIST SP 800-53 Rev. 4 AC-2 (4) Automated Audit Actions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2af4640d-11a6-a64b-5ceb-a468f4341c0c Define and enforce inactivity log policy Regulatory Compliance NIST_SP_800-53_R4 AC-2(5) NIST_SP_800-53_R4_AC-2(5) NIST SP 800-53 Rev. 4 AC-2 (5) Inactivity Logout NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance NIST_SP_800-53_R4 AC-2(7) NIST_SP_800-53_R4_AC-2(7) NIST SP 800-53 Rev. 4 AC-2 (7) Role-Based Schemes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance NIST_SP_800-53_R4 AC-2(7) NIST_SP_800-53_R4_AC-2(7) NIST SP 800-53 Rev. 4 AC-2 (7) Role-Based Schemes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-53_R4 AC-2(7) NIST_SP_800-53_R4_AC-2(7) NIST SP 800-53 Rev. 4 AC-2 (7) Role-Based Schemes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-53_R4 AC-2(7) NIST_SP_800-53_R4_AC-2(7) NIST SP 800-53 Rev. 4 AC-2 (7) Role-Based Schemes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance NIST_SP_800-53_R4 AC-2(7) NIST_SP_800-53_R4_AC-2(7) NIST SP 800-53 Rev. 4 AC-2 (7) Role-Based Schemes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance NIST_SP_800-53_R4 AC-2(7) NIST_SP_800-53_R4_AC-2(7) NIST SP 800-53 Rev. 4 AC-2 (7) Role-Based Schemes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-53_R4 AC-2(7) NIST_SP_800-53_R4_AC-2(7) NIST SP 800-53 Rev. 4 AC-2 (7) Role-Based Schemes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General NIST_SP_800-53_R4 AC-2(7) NIST_SP_800-53_R4_AC-2(7) NIST SP 800-53 Rev. 4 AC-2 (7) Role-Based Schemes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance NIST_SP_800-53_R4 AC-2(7) NIST_SP_800-53_R4_AC-2(7) NIST SP 800-53 Rev. 4 AC-2 (7) Role-Based Schemes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance NIST_SP_800-53_R4 AC-2(7) NIST_SP_800-53_R4_AC-2(7) NIST SP 800-53 Rev. 4 AC-2 (7) Role-Based Schemes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts Regulatory Compliance NIST_SP_800-53_R4 AC-2(9) NIST_SP_800-53_R4_AC-2(9) NIST SP 800-53 Rev. 4 AC-2 (9) Restrictions On Use Of Shared Groups / Accounts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance NIST_SP_800-53_R4 AC-20 NIST_SP_800-53_R4_AC-20 NIST SP 800-53 Rev. 4 AC-20 Use Of External Information Systems NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance NIST_SP_800-53_R4 AC-20 NIST_SP_800-53_R4_AC-20 NIST SP 800-53 Rev. 4 AC-20 Use Of External Information Systems NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance NIST_SP_800-53_R4 AC-20(1) NIST_SP_800-53_R4_AC-20(1) NIST SP 800-53 Rev. 4 AC-20 (1) Limits On Authorized Use NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance NIST_SP_800-53_R4 AC-20(2) NIST_SP_800-53_R4_AC-20(2) NIST SP 800-53 Rev. 4 AC-20 (2) Portable Storage Devices NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance NIST_SP_800-53_R4 AC-20(2) NIST_SP_800-53_R4_AC-20(2) NIST SP 800-53 Rev. 4 AC-20 (2) Portable Storage Devices NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R4 AC-20(2) NIST_SP_800-53_R4_AC-20(2) NIST SP 800-53 Rev. 4 AC-20 (2) Portable Storage Devices NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a44c9fba-43f8-4b7b-7ee6-db52c96b4366 Facilitate information sharing Regulatory Compliance NIST_SP_800-53_R4 AC-21 NIST_SP_800-53_R4_AC-21 NIST SP 800-53 Rev. 4 AC-21 Information Sharing NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e54901fe-42c2-7f3b-3c5f-327aa5320a69 Automate information sharing decisions Regulatory Compliance NIST_SP_800-53_R4 AC-21 NIST_SP_800-53_R4_AC-21 NIST SP 800-53 Rev. 4 AC-21 Information Sharing NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b5244f81-6cab-3188-2412-179162294996 Review publicly accessible content for nonpublic information Regulatory Compliance NIST_SP_800-53_R4 AC-22 NIST_SP_800-53_R4_AC-22 NIST SP 800-53 Rev. 4 AC-22 Publicly Accessible Content NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9e3c505e-7aeb-2096-3417-b132242731fc Review content prior to posting publicly accessible information Regulatory Compliance NIST_SP_800-53_R4 AC-22 NIST_SP_800-53_R4_AC-22 NIST SP 800-53 Rev. 4 AC-22 Publicly Accessible Content NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information Regulatory Compliance NIST_SP_800-53_R4 AC-22 NIST_SP_800-53_R4_AC-22 NIST SP 800-53 Rev. 4 AC-22 Publicly Accessible Content NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b4512986-80f5-1656-0c58-08866bd2673a Designate authorized personnel to post publicly accessible information Regulatory Compliance NIST_SP_800-53_R4 AC-22 NIST_SP_800-53_R4_AC-22 NIST SP 800-53 Rev. 4 AC-22 Publicly Accessible Content NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center NIST_SP_800-53_R4 AC-3(7) NIST_SP_800-53_R4_AC-3(7) NIST SP 800-53 Rev. 4 AC-3 (7) Role-based Access Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure AI Search services should disable public network access Search NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance NIST_SP_800-53_R4 AC-4(21) NIST_SP_800-53_R4_AC-4(21) NIST SP 800-53 Rev. 4 AC-4 (21) Physical / Logical Separation Of Information Flows NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance NIST_SP_800-53_R4 AC-4(21) NIST_SP_800-53_R4_AC-4(21) NIST SP 800-53 Rev. 4 AC-4 (21) Physical / Logical Separation Of Information Flows NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance NIST_SP_800-53_R4 AC-4(21) NIST_SP_800-53_R4_AC-4(21) NIST SP 800-53 Rev. 4 AC-4 (21) Physical / Logical Separation Of Information Flows NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance NIST_SP_800-53_R4 AC-4(21) NIST_SP_800-53_R4_AC-4(21) NIST SP 800-53 Rev. 4 AC-4 (21) Physical / Logical Separation Of Information Flows NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIST_SP_800-53_R4 AC-4(3) NIST_SP_800-53_R4_AC-4(3) NIST SP 800-53 Rev. 4 AC-4 (3) Dynamic Information Flow Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance NIST_SP_800-53_R4 AC-4(8) NIST_SP_800-53_R4_AC-4(8) NIST SP 800-53 Rev. 4 AC-4 (8) Security Policy Filters NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance NIST_SP_800-53_R4 AC-5 NIST_SP_800-53_R4_AC-5 NIST SP 800-53 Rev. 4 AC-5 Separation Of Duties NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center NIST_SP_800-53_R4 AC-5 NIST_SP_800-53_R4_AC-5 NIST SP 800-53 Rev. 4 AC-5 Separation Of Duties NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance NIST_SP_800-53_R4 AC-5 NIST_SP_800-53_R4_AC-5 NIST SP 800-53 Rev. 4 AC-5 Separation Of Duties NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance NIST_SP_800-53_R4 AC-5 NIST_SP_800-53_R4_AC-5 NIST SP 800-53 Rev. 4 AC-5 Separation Of Duties NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General NIST_SP_800-53_R4 AC-6 NIST_SP_800-53_R4_AC-6 NIST SP 800-53 Rev. 4 AC-6 Least Privilege NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center NIST_SP_800-53_R4 AC-6 NIST_SP_800-53_R4_AC-6 NIST SP 800-53 Rev. 4 AC-6 Least Privilege NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance NIST_SP_800-53_R4 AC-6 NIST_SP_800-53_R4_AC-6 NIST SP 800-53 Rev. 4 AC-6 Least Privilege NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance NIST_SP_800-53_R4 AC-6 NIST_SP_800-53_R4_AC-6 NIST SP 800-53 Rev. 4 AC-6 Least Privilege NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance NIST_SP_800-53_R4 AC-6(1) NIST_SP_800-53_R4_AC-6(1) NIST SP 800-53 Rev. 4 AC-6 (1) Authorize Access To Security Functions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance NIST_SP_800-53_R4 AC-6(1) NIST_SP_800-53_R4_AC-6(1) NIST SP 800-53 Rev. 4 AC-6 (1) Authorize Access To Security Functions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance NIST_SP_800-53_R4 AC-6(1) NIST_SP_800-53_R4_AC-6(1) NIST SP 800-53 Rev. 4 AC-6 (1) Authorize Access To Security Functions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance NIST_SP_800-53_R4 AC-6(5) NIST_SP_800-53_R4_AC-6(5) NIST SP 800-53 Rev. 4 AC-6 (5) Privileged Accounts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance NIST_SP_800-53_R4 AC-6(7) NIST_SP_800-53_R4_AC-6(7) NIST SP 800-53 Rev. 4 AC-6 (7) Review Of User Privileges NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance NIST_SP_800-53_R4 AC-6(7) NIST_SP_800-53_R4_AC-6(7) NIST SP 800-53 Rev. 4 AC-6 (7) Review Of User Privileges NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General NIST_SP_800-53_R4 AC-6(7) NIST_SP_800-53_R4_AC-6(7) NIST SP 800-53 Rev. 4 AC-6 (7) Review Of User Privileges NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center NIST_SP_800-53_R4 AC-6(7) NIST_SP_800-53_R4_AC-6(7) NIST SP 800-53 Rev. 4 AC-6 (7) Review Of User Privileges NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
68d2e478-3b19-23eb-1357-31b296547457 Enforce software execution privileges Regulatory Compliance NIST_SP_800-53_R4 AC-6(8) NIST_SP_800-53_R4_AC-6(8) NIST SP 800-53 Rev. 4 AC-6 (8) Privilege Levels For Code Execution NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance NIST_SP_800-53_R4 AC-6(9) NIST_SP_800-53_R4_AC-6(9) NIST SP 800-53 Rev. 4 AC-6 (9) Auditing Use Of Privileged Functions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance NIST_SP_800-53_R4 AC-6(9) NIST_SP_800-53_R4_AC-6(9) NIST SP 800-53 Rev. 4 AC-6 (9) Auditing Use Of Privileged Functions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance NIST_SP_800-53_R4 AC-6(9) NIST_SP_800-53_R4_AC-6(9) NIST SP 800-53 Rev. 4 AC-6 (9) Auditing Use Of Privileged Functions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance NIST_SP_800-53_R4 AC-6(9) NIST_SP_800-53_R4_AC-6(9) NIST SP 800-53 Rev. 4 AC-6 (9) Auditing Use Of Privileged Functions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance NIST_SP_800-53_R4 AC-6(9) NIST_SP_800-53_R4_AC-6(9) NIST SP 800-53 Rev. 4 AC-6 (9) Auditing Use Of Privileged Functions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance NIST_SP_800-53_R4 AC-6(9) NIST_SP_800-53_R4_AC-6(9) NIST SP 800-53 Rev. 4 AC-6 (9) Auditing Use Of Privileged Functions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b4409bff-2287-8407-05fd-c73175a68302 Enforce a limit of consecutive failed login attempts Regulatory Compliance NIST_SP_800-53_R4 AC-7 NIST_SP_800-53_R4_AC-7 NIST SP 800-53 Rev. 4 AC-7 Unsuccessful Logon Attempts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance NIST_SP_800-53_R4 AT-1 NIST_SP_800-53_R4_AT-1 NIST SP 800-53 Rev. 4 AT-1 Security Awareness And Training Policy Andprocedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance NIST_SP_800-53_R4 AT-1 NIST_SP_800-53_R4_AT-1 NIST SP 800-53 Rev. 4 AT-1 Security Awareness And Training Policy Andprocedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance NIST_SP_800-53_R4 AT-2 NIST_SP_800-53_R4_AT-2 NIST SP 800-53 Rev. 4 AT-2 Security Awareness Training NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance NIST_SP_800-53_R4 AT-2 NIST_SP_800-53_R4_AT-2 NIST SP 800-53 Rev. 4 AT-2 Security Awareness Training NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance NIST_SP_800-53_R4 AT-2 NIST_SP_800-53_R4_AT-2 NIST SP 800-53 Rev. 4 AT-2 Security Awareness Training NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats Regulatory Compliance NIST_SP_800-53_R4 AT-2(2) NIST_SP_800-53_R4_AT-2(2) NIST SP 800-53 Rev. 4 AT-2 (2) Insider Threat NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance NIST_SP_800-53_R4 AT-3 NIST_SP_800-53_R4_AT-3 NIST SP 800-53 Rev. 4 AT-3 Role-Based Security Training NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance NIST_SP_800-53_R4 AT-3 NIST_SP_800-53_R4_AT-3 NIST SP 800-53 Rev. 4 AT-3 Role-Based Security Training NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance NIST_SP_800-53_R4 AT-3 NIST_SP_800-53_R4_AT-3 NIST SP 800-53 Rev. 4 AT-3 Role-Based Security Training NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d041726f-00e0-41ca-368c-b1a122066482 Provide role-based practical exercises Regulatory Compliance NIST_SP_800-53_R4 AT-3(3) NIST_SP_800-53_R4_AT-3(3) NIST SP 800-53 Rev. 4 AT-3 (3) Practical Exercises NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f6794ab8-9a7d-3b24-76ab-265d3646232b Provide role-based training on suspicious activities Regulatory Compliance NIST_SP_800-53_R4 AT-3(4) NIST_SP_800-53_R4_AT-3(4) NIST SP 800-53 Rev. 4 AT-3 (4) Suspicious Communications And Anomalous System Behavior NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance NIST_SP_800-53_R4 AT-4 NIST_SP_800-53_R4_AT-4 NIST SP 800-53 Rev. 4 AT-4 Security Training Records NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance NIST_SP_800-53_R4 AT-4 NIST_SP_800-53_R4_AT-4 NIST SP 800-53 Rev. 4 AT-4 Security Training Records NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3153d9c0-2584-14d3-362d-578b01358aeb Retain training records Regulatory Compliance NIST_SP_800-53_R4 AT-4 NIST_SP_800-53_R4_AT-4 NIST SP 800-53 Rev. 4 AT-4 Security Training Records NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance NIST_SP_800-53_R4 AU-1 NIST_SP_800-53_R4_AU-1 NIST SP 800-53 Rev. 4 AU-1 Audit And Accountability Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance NIST_SP_800-53_R4 AU-1 NIST_SP_800-53_R4_AU-1 NIST SP 800-53 Rev. 4 AU-1 Audit And Accountability Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance NIST_SP_800-53_R4 AU-1 NIST_SP_800-53_R4_AU-1 NIST SP 800-53 Rev. 4 AU-1 Audit And Accountability Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance NIST_SP_800-53_R4 AU-1 NIST_SP_800-53_R4_AU-1 NIST SP 800-53 Rev. 4 AU-1 Audit And Accountability Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance NIST_SP_800-53_R4 AU-10 NIST_SP_800-53_R4_AU-10 NIST SP 800-53 Rev. 4 AU-10 Non-Repudiation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL NIST_SP_800-53_R4 AU-11 NIST_SP_800-53_R4_AU-11 NIST SP 800-53 Rev. 4 AU-11 Audit Record Retention NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance NIST_SP_800-53_R4 AU-11 NIST_SP_800-53_R4_AU-11 NIST SP 800-53 Rev. 4 AU-11 Audit Record Retention NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance NIST_SP_800-53_R4 AU-11 NIST_SP_800-53_R4_AU-11 NIST SP 800-53 Rev. 4 AU-11 Audit Record Retention NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance NIST_SP_800-53_R4 AU-11 NIST_SP_800-53_R4_AU-11 NIST SP 800-53 Rev. 4 AU-11 Audit Record Retention NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
214ea241-010d-8926-44cc-b90a96d52adc Compile Audit records into system wide audit Regulatory Compliance NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d200f199-69f4-95a6-90b0-37ff0cf1040c Provide the capability to extend or limit auditing on customer-deployed resources Regulatory Compliance NIST_SP_800-53_R4 AU-12(3) NIST_SP_800-53_R4_AU-12(3) NIST SP 800-53 Rev. 4 AU-12 (3) Changes By Authorized Individuals NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance NIST_SP_800-53_R4 AU-2 NIST_SP_800-53_R4_AU-2 NIST SP 800-53 Rev. 4 AU-2 Audit Events NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a930f477-9dcb-2113-8aa7-45bb6fc90861 Review and update the events defined in AU-02 Regulatory Compliance NIST_SP_800-53_R4 AU-2(3) NIST_SP_800-53_R4_AU-2(3) NIST SP 800-53 Rev. 4 AU-2 (3) Reviews And Updates NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance NIST_SP_800-53_R4 AU-3 NIST_SP_800-53_R4_AU-3 NIST SP 800-53 Rev. 4 AU-3 Content Of Audit Records NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance NIST_SP_800-53_R4 AU-3(1) NIST_SP_800-53_R4_AU-3(1) NIST SP 800-53 Rev. 4 AU-3 (1) Additional Audit Information NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance NIST_SP_800-53_R4 AU-4 NIST_SP_800-53_R4_AU-4 NIST SP 800-53 Rev. 4 AU-4 Audit Storage Capacity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance NIST_SP_800-53_R4 AU-5 NIST_SP_800-53_R4_AU-5 NIST SP 800-53 Rev. 4 AU-5 Response To Audit Processing Failures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0f4fa857-079d-9d3d-5c49-21f616189e03 Provide real-time alerts for audit event failures Regulatory Compliance NIST_SP_800-53_R4 AU-5(2) NIST_SP_800-53_R4_AU-5(2) NIST SP 800-53 Rev. 4 AU-5 (2) Real-Time Alerts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance NIST_SP_800-53_R4 AU-6(1) NIST_SP_800-53_R4_AU-6(1) NIST SP 800-53 Rev. 4 AU-6 (1) Process Integration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance NIST_SP_800-53_R4 AU-6(1) NIST_SP_800-53_R4_AU-6(1) NIST SP 800-53 Rev. 4 AU-6 (1) Process Integration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance NIST_SP_800-53_R4 AU-6(1) NIST_SP_800-53_R4_AU-6(1) NIST SP 800-53 Rev. 4 AU-6 (1) Process Integration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance NIST_SP_800-53_R4 AU-6(1) NIST_SP_800-53_R4_AU-6(1) NIST SP 800-53 Rev. 4 AU-6 (1) Process Integration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance NIST_SP_800-53_R4 AU-6(1) NIST_SP_800-53_R4_AU-6(1) NIST SP 800-53 Rev. 4 AU-6 (1) Process Integration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance NIST_SP_800-53_R4 AU-6(1) NIST_SP_800-53_R4_AU-6(1) NIST SP 800-53 Rev. 4 AU-6 (1) Process Integration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance NIST_SP_800-53_R4 AU-6(1) NIST_SP_800-53_R4_AU-6(1) NIST SP 800-53 Rev. 4 AU-6 (1) Process Integration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance NIST_SP_800-53_R4 AU-6(1) NIST_SP_800-53_R4_AU-6(1) NIST SP 800-53 Rev. 4 AU-6 (1) Process Integration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance NIST_SP_800-53_R4 AU-6(1) NIST_SP_800-53_R4_AU-6(1) NIST SP 800-53 Rev. 4 AU-6 (1) Process Integration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance NIST_SP_800-53_R4 AU-6(1) NIST_SP_800-53_R4_AU-6(1) NIST SP 800-53 Rev. 4 AU-6 (1) Process Integration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance NIST_SP_800-53_R4 AU-6(1) NIST_SP_800-53_R4_AU-6(1) NIST SP 800-53 Rev. 4 AU-6 (1) Process Integration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
de251b09-4a5e-1204-4bef-62ac58d47999 Adjust level of audit review, analysis, and reporting Regulatory Compliance NIST_SP_800-53_R4 AU-6(10) NIST_SP_800-53_R4_AU-6(10) NIST SP 800-53 Rev. 4 AU-6 (10) Audit Level Adjustment NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance NIST_SP_800-53_R4 AU-6(3) NIST_SP_800-53_R4_AU-6(3) NIST SP 800-53 Rev. 4 AU-6 (3) Correlate Audit Repositories NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance NIST_SP_800-53_R4 AU-6(3) NIST_SP_800-53_R4_AU-6(3) NIST SP 800-53 Rev. 4 AU-6 (3) Correlate Audit Repositories NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
85335602-93f5-7730-830b-d43426fd51fa Integrate Audit record analysis Regulatory Compliance NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3eecf628-a1c8-1b48-1b5c-7ca781e97970 Specify permitted actions associated with customer audit information Regulatory Compliance NIST_SP_800-53_R4 AU-6(7) NIST_SP_800-53_R4_AU-6(7) NIST SP 800-53 Rev. 4 AU-6 (7) Permitted Actions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
44f8a42d-739f-8030-89a8-4c2d5b3f6af3 Provide audit review, analysis, and reporting capability Regulatory Compliance NIST_SP_800-53_R4 AU-7 NIST_SP_800-53_R4_AU-7 NIST SP 800-53 Rev. 4 AU-7 Audit Reduction And Report Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
27ce30dd-3d56-8b54-6144-e26d9a37a541 Ensure audit records are not altered Regulatory Compliance NIST_SP_800-53_R4 AU-7 NIST_SP_800-53_R4_AU-7 NIST SP 800-53 Rev. 4 AU-7 Audit Reduction And Report Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
21633c09-804e-7fcd-78e3-635c6bfe2be7 Provide capability to process customer-controlled audit records Regulatory Compliance NIST_SP_800-53_R4 AU-7(1) NIST_SP_800-53_R4_AU-7(1) NIST SP 800-53 Rev. 4 AU-7 (1) Automatic Processing NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1ee4c7eb-480a-0007-77ff-4ba370776266 Use system clocks for audit records Regulatory Compliance NIST_SP_800-53_R4 AU-8 NIST_SP_800-53_R4_AU-8 NIST SP 800-53 Rev. 4 AU-8 Time Stamps NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1ee4c7eb-480a-0007-77ff-4ba370776266 Use system clocks for audit records Regulatory Compliance NIST_SP_800-53_R4 AU-8(1) NIST_SP_800-53_R4_AU-8(1) NIST SP 800-53 Rev. 4 AU-8 (1) Synchronization With Authoritative Time Source NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance NIST_SP_800-53_R4 AU-9 NIST_SP_800-53_R4_AU-9 NIST SP 800-53 Rev. 4 AU-9 Protection Of Audit Information NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance NIST_SP_800-53_R4 AU-9 NIST_SP_800-53_R4_AU-9 NIST SP 800-53 Rev. 4 AU-9 Protection Of Audit Information NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance NIST_SP_800-53_R4 AU-9(2) NIST_SP_800-53_R4_AU-9(2) NIST SP 800-53 Rev. 4 AU-9 (2) Audit Backup On Separate Physical Systems / Components NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c0559109-6a27-a217-6821-5a6d44f92897 Maintain integrity of audit system Regulatory Compliance NIST_SP_800-53_R4 AU-9(3) NIST_SP_800-53_R4_AU-9(3) NIST SP 800-53 Rev. 4 AU-9 (3) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance NIST_SP_800-53_R4 AU-9(4) NIST_SP_800-53_R4_AU-9(4) NIST SP 800-53 Rev. 4 AU-9 (4) Access By Subset Of Privileged Users NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance NIST_SP_800-53_R4 CA-1 NIST_SP_800-53_R4_CA-1 NIST SP 800-53 Rev. 4 CA-1 Security Assessment And Authorization Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance NIST_SP_800-53_R4 CA-2 NIST_SP_800-53_R4_CA-2 NIST SP 800-53 Rev. 4 CA-2 Security Assessments NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance NIST_SP_800-53_R4 CA-2 NIST_SP_800-53_R4_CA-2 NIST SP 800-53 Rev. 4 CA-2 Security Assessments NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance NIST_SP_800-53_R4 CA-2 NIST_SP_800-53_R4_CA-2 NIST SP 800-53 Rev. 4 CA-2 Security Assessments NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance NIST_SP_800-53_R4 CA-2 NIST_SP_800-53_R4_CA-2 NIST SP 800-53 Rev. 4 CA-2 Security Assessments NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b65c5d8e-9043-9612-2c17-65f231d763bb Employ independent assessors to conduct security control assessments Regulatory Compliance NIST_SP_800-53_R4 CA-2(1) NIST_SP_800-53_R4_CA-2(1) NIST SP 800-53 Rev. 4 CA-2 (1) Independent Assessors NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f78fc35e-1268-0bca-a798-afcba9d2330a Select additional testing for security control assessments Regulatory Compliance NIST_SP_800-53_R4 CA-2(2) NIST_SP_800-53_R4_CA-2(2) NIST SP 800-53 Rev. 4 CA-2 (2) Specialized Assessments NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3054c74b-9b45-2581-56cf-053a1a716c39 Accept assessment results Regulatory Compliance NIST_SP_800-53_R4 CA-2(3) NIST_SP_800-53_R4_CA-2(3) NIST SP 800-53 Rev. 4 CA-2 (3) External Organizations NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance NIST_SP_800-53_R4 CA-3 NIST_SP_800-53_R4_CA-3 NIST SP 800-53 Rev. 4 CA-3 System Interconnections NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance NIST_SP_800-53_R4 CA-3 NIST_SP_800-53_R4_CA-3 NIST SP 800-53 Rev. 4 CA-3 System Interconnections NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance NIST_SP_800-53_R4 CA-3(3) NIST_SP_800-53_R4_CA-3(3) NIST SP 800-53 Rev. 4 CA-3 (3) Unclassified Non-National Security System Connections NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
80029bc5-834f-3a9c-a2d8-acbc1aab4e9f Employ restrictions on external system interconnections Regulatory Compliance NIST_SP_800-53_R4 CA-3(5) NIST_SP_800-53_R4_CA-3(5) NIST SP 800-53 Rev. 4 CA-3 (5) Restrictions On External System Connections NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance NIST_SP_800-53_R4 CA-5 NIST_SP_800-53_R4_CA-5 NIST SP 800-53 Rev. 4 CA-5 Plan Of Action And Milestones NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance NIST_SP_800-53_R4 CA-5 NIST_SP_800-53_R4_CA-5 NIST SP 800-53 Rev. 4 CA-5 Plan Of Action And Milestones NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
449ebb52-945b-36e5-3446-af6f33770f8f Update the security authorization Regulatory Compliance NIST_SP_800-53_R4 CA-6 NIST_SP_800-53_R4_CA-6 NIST SP 800-53 Rev. 4 CA-6 Security Authorization NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0716f0f5-4955-2ccb-8d5e-c6be14d57c0f Ensure resources are authorized Regulatory Compliance NIST_SP_800-53_R4 CA-6 NIST_SP_800-53_R4_CA-6 NIST SP 800-53 Rev. 4 CA-6 Security Authorization NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e29a8f1b-149b-2fa3-969d-ebee1baa9472 Assign an authorizing official (AO) Regulatory Compliance NIST_SP_800-53_R4 CA-6 NIST_SP_800-53_R4_CA-6 NIST SP 800-53 Rev. 4 CA-6 Security Authorization NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance NIST_SP_800-53_R4 CA-7 NIST_SP_800-53_R4_CA-7 NIST SP 800-53 Rev. 4 CA-7 Continuous Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance NIST_SP_800-53_R4 CA-7 NIST_SP_800-53_R4_CA-7 NIST SP 800-53 Rev. 4 CA-7 Continuous Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance NIST_SP_800-53_R4 CA-7 NIST_SP_800-53_R4_CA-7 NIST SP 800-53 Rev. 4 CA-7 Continuous Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3baee3fd-30f5-882c-018c-cc78703a0106 Employ independent assessors for continuous monitoring Regulatory Compliance NIST_SP_800-53_R4 CA-7(1) NIST_SP_800-53_R4_CA-7(1) NIST SP 800-53 Rev. 4 CA-7 (1) Independent Assessment NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6a379d74-903b-244a-4c44-838728bea6b0 Analyse data obtained from continuous monitoring Regulatory Compliance NIST_SP_800-53_R4 CA-7(3) NIST_SP_800-53_R4_CA-7(3) NIST SP 800-53 Rev. 4 CA-7 (3) Trend Analyses NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
611ebc63-8600-50b6-a0e3-fef272457132 Employ independent team for penetration testing Regulatory Compliance NIST_SP_800-53_R4 CA-8(1) NIST_SP_800-53_R4_CA-8(1) NIST SP 800-53 Rev. 4 CA-8 (1) Independent Penetration Agent Or Team NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance NIST_SP_800-53_R4 CA-9 NIST_SP_800-53_R4_CA-9 NIST SP 800-53 Rev. 4 CA-9 Internal System Connections NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance NIST_SP_800-53_R4 CM-1 NIST_SP_800-53_R4_CM-1 NIST SP 800-53 Rev. 4 CM-1 Configuration Management Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
725164e5-3b21-1ec2-7e42-14f077862841 Require compliance with intellectual property rights Regulatory Compliance NIST_SP_800-53_R4 CM-10 NIST_SP_800-53_R4_CM-10 NIST SP 800-53 Rev. 4 CM-10 Software Usage Restrictions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
77cc89bb-774f-48d7-8a84-fb8c322c3000 Track software license usage Regulatory Compliance NIST_SP_800-53_R4 CM-10 NIST_SP_800-53_R4_CM-10 NIST SP 800-53 Rev. 4 CM-10 Software Usage Restrictions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
08c11b48-8745-034d-1c1b-a144feec73b9 Restrict use of open source software Regulatory Compliance NIST_SP_800-53_R4 CM-10(1) NIST_SP_800-53_R4_CM-10(1) NIST SP 800-53 Rev. 4 CM-10 (1) Open Source Software NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance NIST_SP_800-53_R4 CM-2 NIST_SP_800-53_R4_CM-2 NIST SP 800-53 Rev. 4 CM-2 Baseline Configuration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance NIST_SP_800-53_R4 CM-2 NIST_SP_800-53_R4_CM-2 NIST SP 800-53 Rev. 4 CM-2 Baseline Configuration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance NIST_SP_800-53_R4 CM-2 NIST_SP_800-53_R4_CM-2 NIST SP 800-53 Rev. 4 CM-2 Baseline Configuration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance NIST_SP_800-53_R4 CM-2 NIST_SP_800-53_R4_CM-2 NIST SP 800-53 Rev. 4 CM-2 Baseline Configuration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance NIST_SP_800-53_R4 CM-2 NIST_SP_800-53_R4_CM-2 NIST SP 800-53 Rev. 4 CM-2 Baseline Configuration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance NIST_SP_800-53_R4 CM-2 NIST_SP_800-53_R4_CM-2 NIST SP 800-53 Rev. 4 CM-2 Baseline Configuration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance NIST_SP_800-53_R4 CM-2(2) NIST_SP_800-53_R4_CM-2(2) NIST SP 800-53 Rev. 4 CM-2 (2) Automation Support For Accuracy / Currency NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance NIST_SP_800-53_R4 CM-2(2) NIST_SP_800-53_R4_CM-2(2) NIST SP 800-53 Rev. 4 CM-2 (2) Automation Support For Accuracy / Currency NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance NIST_SP_800-53_R4 CM-2(2) NIST_SP_800-53_R4_CM-2(2) NIST SP 800-53 Rev. 4 CM-2 (2) Automation Support For Accuracy / Currency NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance NIST_SP_800-53_R4 CM-2(2) NIST_SP_800-53_R4_CM-2(2) NIST SP 800-53 Rev. 4 CM-2 (2) Automation Support For Accuracy / Currency NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance NIST_SP_800-53_R4 CM-2(2) NIST_SP_800-53_R4_CM-2(2) NIST SP 800-53 Rev. 4 CM-2 (2) Automation Support For Accuracy / Currency NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance NIST_SP_800-53_R4 CM-2(2) NIST_SP_800-53_R4_CM-2(2) NIST SP 800-53 Rev. 4 CM-2 (2) Automation Support For Accuracy / Currency NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5e4e9685-3818-5934-0071-2620c4fa2ca5 Retain previous versions of baseline configs Regulatory Compliance NIST_SP_800-53_R4 CM-2(3) NIST_SP_800-53_R4_CM-2(3) NIST SP 800-53 Rev. 4 CM-2 (3) Retention Of Previous Configurations NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals Regulatory Compliance NIST_SP_800-53_R4 CM-2(7) NIST_SP_800-53_R4_CM-2(7) NIST SP 800-53 Rev. 4 CM-2 (7) Configure Systems, Components, Or Devices For High-Risk Areas NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return Regulatory Compliance NIST_SP_800-53_R4 CM-2(7) NIST_SP_800-53_R4_CM-2(7) NIST SP 800-53 Rev. 4 CM-2 (7) Configure Systems, Components, Or Devices For High-Risk Areas NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance NIST_SP_800-53_R4 CM-3 NIST_SP_800-53_R4_CM-3 NIST SP 800-53 Rev. 4 CM-3 Configuration Change Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance NIST_SP_800-53_R4 CM-3 NIST_SP_800-53_R4_CM-3 NIST SP 800-53 Rev. 4 CM-3 Configuration Change Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance NIST_SP_800-53_R4 CM-3 NIST_SP_800-53_R4_CM-3 NIST SP 800-53 Rev. 4 CM-3 Configuration Change Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance NIST_SP_800-53_R4 CM-3 NIST_SP_800-53_R4_CM-3 NIST SP 800-53 Rev. 4 CM-3 Configuration Change Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance NIST_SP_800-53_R4 CM-3 NIST_SP_800-53_R4_CM-3 NIST SP 800-53 Rev. 4 CM-3 Configuration Change Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance NIST_SP_800-53_R4 CM-3 NIST_SP_800-53_R4_CM-3 NIST SP 800-53 Rev. 4 CM-3 Configuration Change Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance NIST_SP_800-53_R4 CM-3 NIST_SP_800-53_R4_CM-3 NIST SP 800-53 Rev. 4 CM-3 Configuration Change Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance NIST_SP_800-53_R4 CM-3 NIST_SP_800-53_R4_CM-3 NIST SP 800-53 Rev. 4 CM-3 Configuration Change Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance NIST_SP_800-53_R4 CM-3(1) NIST_SP_800-53_R4_CM-3(1) NIST SP 800-53 Rev. 4 CM-3 (1) Automated Document / Notification / Prohibition Of Changes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance NIST_SP_800-53_R4 CM-3(1) NIST_SP_800-53_R4_CM-3(1) NIST SP 800-53 Rev. 4 CM-3 (1) Automated Document / Notification / Prohibition Of Changes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance NIST_SP_800-53_R4 CM-3(1) NIST_SP_800-53_R4_CM-3(1) NIST SP 800-53 Rev. 4 CM-3 (1) Automated Document / Notification / Prohibition Of Changes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance NIST_SP_800-53_R4 CM-3(1) NIST_SP_800-53_R4_CM-3(1) NIST SP 800-53 Rev. 4 CM-3 (1) Automated Document / Notification / Prohibition Of Changes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance NIST_SP_800-53_R4 CM-3(1) NIST_SP_800-53_R4_CM-3(1) NIST SP 800-53 Rev. 4 CM-3 (1) Automated Document / Notification / Prohibition Of Changes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance NIST_SP_800-53_R4 CM-3(1) NIST_SP_800-53_R4_CM-3(1) NIST SP 800-53 Rev. 4 CM-3 (1) Automated Document / Notification / Prohibition Of Changes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance NIST_SP_800-53_R4 CM-3(2) NIST_SP_800-53_R4_CM-3(2) NIST SP 800-53 Rev. 4 CM-3 (2) Test / Validate / Document Changes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance NIST_SP_800-53_R4 CM-3(2) NIST_SP_800-53_R4_CM-3(2) NIST SP 800-53 Rev. 4 CM-3 (2) Test / Validate / Document Changes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance NIST_SP_800-53_R4 CM-3(2) NIST_SP_800-53_R4_CM-3(2) NIST SP 800-53 Rev. 4 CM-3 (2) Test / Validate / Document Changes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6abdf7c7-362b-3f35-099e-533ed50988f9 Assign information security representative to change control Regulatory Compliance NIST_SP_800-53_R4 CM-3(4) NIST_SP_800-53_R4_CM-3(4) NIST SP 800-53 Rev. 4 CM-3 (4) Security Representative NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b8dad106-6444-5f55-307e-1e1cc9723e39 Ensure cryptographic mechanisms are under configuration management Regulatory Compliance NIST_SP_800-53_R4 CM-3(6) NIST_SP_800-53_R4_CM-3(6) NIST SP 800-53 Rev. 4 CM-3 (6) Cryptography Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance NIST_SP_800-53_R4 CM-4 NIST_SP_800-53_R4_CM-4 NIST SP 800-53 Rev. 4 CM-4 Security Impact Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance NIST_SP_800-53_R4 CM-4 NIST_SP_800-53_R4_CM-4 NIST SP 800-53 Rev. 4 CM-4 Security Impact Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance NIST_SP_800-53_R4 CM-4 NIST_SP_800-53_R4_CM-4 NIST SP 800-53 Rev. 4 CM-4 Security Impact Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance NIST_SP_800-53_R4 CM-4 NIST_SP_800-53_R4_CM-4 NIST SP 800-53 Rev. 4 CM-4 Security Impact Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance NIST_SP_800-53_R4 CM-4 NIST_SP_800-53_R4_CM-4 NIST SP 800-53 Rev. 4 CM-4 Security Impact Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance NIST_SP_800-53_R4 CM-4 NIST_SP_800-53_R4_CM-4 NIST SP 800-53 Rev. 4 CM-4 Security Impact Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance NIST_SP_800-53_R4 CM-4 NIST_SP_800-53_R4_CM-4 NIST SP 800-53 Rev. 4 CM-4 Security Impact Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance NIST_SP_800-53_R4 CM-4 NIST_SP_800-53_R4_CM-4 NIST SP 800-53 Rev. 4 CM-4 Security Impact Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance NIST_SP_800-53_R4 CM-4(1) NIST_SP_800-53_R4_CM-4(1) NIST SP 800-53 Rev. 4 CM-4 (1) Separate Test Environments NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance NIST_SP_800-53_R4 CM-4(1) NIST_SP_800-53_R4_CM-4(1) NIST SP 800-53 Rev. 4 CM-4 (1) Separate Test Environments NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance NIST_SP_800-53_R4 CM-4(1) NIST_SP_800-53_R4_CM-4(1) NIST SP 800-53 Rev. 4 CM-4 (1) Separate Test Environments NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance NIST_SP_800-53_R4 CM-4(1) NIST_SP_800-53_R4_CM-4(1) NIST SP 800-53 Rev. 4 CM-4 (1) Separate Test Environments NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance NIST_SP_800-53_R4 CM-4(1) NIST_SP_800-53_R4_CM-4(1) NIST SP 800-53 Rev. 4 CM-4 (1) Separate Test Environments NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance NIST_SP_800-53_R4 CM-5 NIST_SP_800-53_R4_CM-5 NIST SP 800-53 Rev. 4 CM-5 Access Restrictions For Change NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8cd815bf-97e1-5144-0735-11f6ddb50a59 Enforce and audit access restrictions Regulatory Compliance NIST_SP_800-53_R4 CM-5(1) NIST_SP_800-53_R4_CM-5(1) NIST SP 800-53 Rev. 4 CM-5 (1) Automated Access Enforcement / Auditing NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c246d146-82b0-301f-32e7-1065dcd248b7 Review changes for any unauthorized changes Regulatory Compliance NIST_SP_800-53_R4 CM-5(2) NIST_SP_800-53_R4_CM-5(2) NIST SP 800-53 Rev. 4 CM-5 (2) Review System Changes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4ee5975d-2507-5530-a20a-83a725889c6f Restrict unauthorized software and firmware installation Regulatory Compliance NIST_SP_800-53_R4 CM-5(3) NIST_SP_800-53_R4_CM-5(3) NIST SP 800-53 Rev. 4 CM-5 (3) Signed Components NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges Regulatory Compliance NIST_SP_800-53_R4 CM-5(5) NIST_SP_800-53_R4_CM-5(5) NIST SP 800-53 Rev. 4 CM-5 (5) Limit Production / Operational Privileges NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance NIST_SP_800-53_R4 CM-5(5) NIST_SP_800-53_R4_CM-5(5) NIST SP 800-53 Rev. 4 CM-5 (5) Limit Production / Operational Privileges NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Kubernetes NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Kubernetes NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Kubernetes NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance NIST_SP_800-53_R4 CM-6(1) NIST_SP_800-53_R4_CM-6(1) NIST SP 800-53 Rev. 4 CM-6 (1) Automated Central Management / Application / Verification NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers Regulatory Compliance NIST_SP_800-53_R4 CM-6(1) NIST_SP_800-53_R4_CM-6(1) NIST SP 800-53 Rev. 4 CM-6 (1) Automated Central Management / Application / Verification NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance NIST_SP_800-53_R4 CM-6(1) NIST_SP_800-53_R4_CM-6(1) NIST SP 800-53 Rev. 4 CM-6 (1) Automated Central Management / Application / Verification NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R4 CM-7 NIST_SP_800-53_R4_CM-7 NIST SP 800-53 Rev. 4 CM-7 Least Functionality NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance NIST_SP_800-53_R4 CM-8 NIST_SP_800-53_R4_CM-8 NIST SP 800-53 Rev. 4 CM-8 Information System Component Inventory NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance NIST_SP_800-53_R4 CM-8 NIST_SP_800-53_R4_CM-8 NIST SP 800-53 Rev. 4 CM-8 Information System Component Inventory NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance NIST_SP_800-53_R4 CM-8(1) NIST_SP_800-53_R4_CM-8(1) NIST SP 800-53 Rev. 4 CM-8 (1) Updates During Installations / Removals NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance NIST_SP_800-53_R4 CM-8(1) NIST_SP_800-53_R4_CM-8(1) NIST SP 800-53 Rev. 4 CM-8 (1) Updates During Installations / Removals NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance NIST_SP_800-53_R4 CM-8(3) NIST_SP_800-53_R4_CM-8(3) NIST SP 800-53 Rev. 4 CM-8 (3) Automated Unauthorized Component Detection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices Regulatory Compliance NIST_SP_800-53_R4 CM-8(3) NIST_SP_800-53_R4_CM-8(3) NIST SP 800-53 Rev. 4 CM-8 (3) Automated Unauthorized Component Detection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance NIST_SP_800-53_R4 CM-8(4) NIST_SP_800-53_R4_CM-8(4) NIST SP 800-53 Rev. 4 CM-8 (4) Accountability Information NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance NIST_SP_800-53_R4 CM-8(4) NIST_SP_800-53_R4_CM-8(4) NIST SP 800-53 Rev. 4 CM-8 (4) Accountability Information NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance NIST_SP_800-53_R4 CM-9 NIST_SP_800-53_R4_CM-9 NIST SP 800-53 Rev. 4 CM-9 Configuration Management Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
836f8406-3b8a-11bb-12cb-6c7fa0765668 Develop configuration item identification plan Regulatory Compliance NIST_SP_800-53_R4 CM-9 NIST_SP_800-53_R4_CM-9 NIST SP 800-53 Rev. 4 CM-9 Configuration Management Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance NIST_SP_800-53_R4 CM-9 NIST_SP_800-53_R4_CM-9 NIST SP 800-53 Rev. 4 CM-9 Configuration Management Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
874a6f2e-2098-53bc-3a16-20dcdc425a7e Create configuration plan protection Regulatory Compliance NIST_SP_800-53_R4 CM-9 NIST_SP_800-53_R4_CM-9 NIST SP 800-53 Rev. 4 CM-9 Configuration Management Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance NIST_SP_800-53_R4 CM-9 NIST_SP_800-53_R4_CM-9 NIST SP 800-53 Rev. 4 CM-9 Configuration Management Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance NIST_SP_800-53_R4 CM-9 NIST_SP_800-53_R4_CM-9 NIST SP 800-53 Rev. 4 CM-9 Configuration Management Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance NIST_SP_800-53_R4 CP-1 NIST_SP_800-53_R4_CP-1 NIST SP 800-53 Rev. 4 CP-1 Contingency Planning Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f33c3238-11d2-508c-877c-4262ec1132e1 Recover and reconstitute resources after any disruption Regulatory Compliance NIST_SP_800-53_R4 CP-10 NIST_SP_800-53_R4_CP-10 NIST SP 800-53 Rev. 4 CP-10 Information System Recovery And Reconstitution NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ba02d0a0-566a-25dc-73f1-101c726a19c5 Implement transaction based recovery Regulatory Compliance NIST_SP_800-53_R4 CP-10(2) NIST_SP_800-53_R4_CP-10(2) NIST SP 800-53 Rev. 4 CP-10 (2) Transaction Recovery NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f801d58e-5659-9a4a-6e8d-02c9334732e5 Restore resources to operational state Regulatory Compliance NIST_SP_800-53_R4 CP-10(4) NIST_SP_800-53_R4_CP-10(4) NIST SP 800-53 Rev. 4 CP-10 (4) Restore Within Time Period NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance NIST_SP_800-53_R4 CP-2 NIST_SP_800-53_R4_CP-2 NIST SP 800-53 Rev. 4 CP-2 Contingency Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures Regulatory Compliance NIST_SP_800-53_R4 CP-2 NIST_SP_800-53_R4_CP-2 NIST SP 800-53 Rev. 4 CP-2 Contingency Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance NIST_SP_800-53_R4 CP-2 NIST_SP_800-53_R4_CP-2 NIST SP 800-53 Rev. 4 CP-2 Contingency Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance NIST_SP_800-53_R4 CP-2 NIST_SP_800-53_R4_CP-2 NIST SP 800-53 Rev. 4 CP-2 Contingency Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance NIST_SP_800-53_R4 CP-2 NIST_SP_800-53_R4_CP-2 NIST SP 800-53 Rev. 4 CP-2 Contingency Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance NIST_SP_800-53_R4 CP-2 NIST_SP_800-53_R4_CP-2 NIST SP 800-53 Rev. 4 CP-2 Contingency Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance NIST_SP_800-53_R4 CP-2 NIST_SP_800-53_R4_CP-2 NIST SP 800-53 Rev. 4 CP-2 Contingency Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan Regulatory Compliance NIST_SP_800-53_R4 CP-2 NIST_SP_800-53_R4_CP-2 NIST SP 800-53 Rev. 4 CP-2 Contingency Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance NIST_SP_800-53_R4 CP-2(1) NIST_SP_800-53_R4_CP-2(1) NIST SP 800-53 Rev. 4 CP-2 (1) Coordinate With Related Plans NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
33602e78-35e3-4f06-17fb-13dd887448e4 Conduct capacity planning Regulatory Compliance NIST_SP_800-53_R4 CP-2(2) NIST_SP_800-53_R4_CP-2(2) NIST SP 800-53 Rev. 4 CP-2 (2) Capacity Planning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance NIST_SP_800-53_R4 CP-2(3) NIST_SP_800-53_R4_CP-2(3) NIST SP 800-53 Rev. 4 CP-2 (3) Resume Essential Missions / Business Functions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
91a54089-2d69-0f56-62dc-b6371a1671c0 Resume all mission and business functions Regulatory Compliance NIST_SP_800-53_R4 CP-2(4) NIST_SP_800-53_R4_CP-2(4) NIST SP 800-53 Rev. 4 CP-2 (4) Resume All Missions / Business Functions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance NIST_SP_800-53_R4 CP-2(5) NIST_SP_800-53_R4_CP-2(5) NIST SP 800-53 Rev. 4 CP-2 (5) Continue Essential Missions / Business Functions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cb8841d4-9d13-7292-1d06-ba4d68384681 Perform a business impact assessment and application criticality assessment Regulatory Compliance NIST_SP_800-53_R4 CP-2(8) NIST_SP_800-53_R4_CP-2(8) NIST SP 800-53 Rev. 4 CP-2 (8) Identify Critical Assets NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance NIST_SP_800-53_R4 CP-3 NIST_SP_800-53_R4_CP-3 NIST SP 800-53 Rev. 4 CP-3 Contingency Training NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9c954fcf-6dd8-81f1-41b5-832ae5c62caf Incorporate simulated contingency training Regulatory Compliance NIST_SP_800-53_R4 CP-3(1) NIST_SP_800-53_R4_CP-3(1) NIST SP 800-53 Rev. 4 CP-3 (1) Simulated Events NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
58a51cde-008b-1a5d-61b5-d95849770677 Test the business continuity and disaster recovery plan Regulatory Compliance NIST_SP_800-53_R4 CP-4 NIST_SP_800-53_R4_CP-4 NIST SP 800-53 Rev. 4 CP-4 Contingency Plan Testing NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8bfdbaa6-6824-3fec-9b06-7961bf7389a6 Initiate contingency plan testing corrective actions Regulatory Compliance NIST_SP_800-53_R4 CP-4 NIST_SP_800-53_R4_CP-4 NIST SP 800-53 Rev. 4 CP-4 Contingency Plan Testing NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5d3abfea-a130-1208-29c0-e57de80aa6b0 Review the results of contingency plan testing Regulatory Compliance NIST_SP_800-53_R4 CP-4 NIST_SP_800-53_R4_CP-4 NIST SP 800-53 Rev. 4 CP-4 Contingency Plan Testing NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance NIST_SP_800-53_R4 CP-4(1) NIST_SP_800-53_R4_CP-4(1) NIST SP 800-53 Rev. 4 CP-4 (1) Coordinate With Related Plans NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
60442979-6333-85f0-84c5-b887bac67448 Evaluate alternate processing site capabilities Regulatory Compliance NIST_SP_800-53_R4 CP-4(2) NIST_SP_800-53_R4_CP-4(2) NIST SP 800-53 Rev. 4 CP-4 (2) Alternate Processing Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ba99d512-3baa-1c38-8b0b-ae16bbd34274 Test contingency plan at an alternate processing location Regulatory Compliance NIST_SP_800-53_R4 CP-4(2) NIST_SP_800-53_R4_CP-4(2) NIST SP 800-53 Rev. 4 CP-4 (2) Alternate Processing Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL NIST_SP_800-53_R4 CP-6 NIST_SP_800-53_R4_CP-6 NIST SP 800-53 Rev. 4 CP-6 Alternate Storage Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL NIST_SP_800-53_R4 CP-6 NIST_SP_800-53_R4_CP-6 NIST SP 800-53 Rev. 4 CP-6 Alternate Storage Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL NIST_SP_800-53_R4 CP-6 NIST_SP_800-53_R4_CP-6 NIST SP 800-53 Rev. 4 CP-6 Alternate Storage Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance NIST_SP_800-53_R4 CP-6 NIST_SP_800-53_R4_CP-6 NIST SP 800-53 Rev. 4 CP-6 Alternate Storage Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance NIST_SP_800-53_R4 CP-6 NIST_SP_800-53_R4_CP-6 NIST SP 800-53 Rev. 4 CP-6 Alternate Storage Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL NIST_SP_800-53_R4 CP-6 NIST_SP_800-53_R4_CP-6 NIST SP 800-53 Rev. 4 CP-6 Alternate Storage Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bf045164-79ba-4215-8f95-f8048dc1780b Geo-redundant storage should be enabled for Storage Accounts Storage NIST_SP_800-53_R4 CP-6 NIST_SP_800-53_R4_CP-6 NIST SP 800-53 Rev. 4 CP-6 Alternate Storage Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance NIST_SP_800-53_R4 CP-6(1) NIST_SP_800-53_R4_CP-6(1) NIST SP 800-53 Rev. 4 CP-6 (1) Separation From Primary Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL NIST_SP_800-53_R4 CP-6(1) NIST_SP_800-53_R4_CP-6(1) NIST SP 800-53 Rev. 4 CP-6 (1) Separation From Primary Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL NIST_SP_800-53_R4 CP-6(1) NIST_SP_800-53_R4_CP-6(1) NIST SP 800-53 Rev. 4 CP-6 (1) Separation From Primary Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL NIST_SP_800-53_R4 CP-6(1) NIST_SP_800-53_R4_CP-6(1) NIST SP 800-53 Rev. 4 CP-6 (1) Separation From Primary Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bf045164-79ba-4215-8f95-f8048dc1780b Geo-redundant storage should be enabled for Storage Accounts Storage NIST_SP_800-53_R4 CP-6(1) NIST_SP_800-53_R4_CP-6(1) NIST SP 800-53 Rev. 4 CP-6 (1) Separation From Primary Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL NIST_SP_800-53_R4 CP-6(1) NIST_SP_800-53_R4_CP-6(1) NIST SP 800-53 Rev. 4 CP-6 (1) Separation From Primary Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
245fe58b-96f8-9f1e-48c5-7f49903f66fd Establish alternate storage site that facilitates recovery operations Regulatory Compliance NIST_SP_800-53_R4 CP-6(2) NIST_SP_800-53_R4_CP-6(2) NIST SP 800-53 Rev. 4 CP-6 (2) Recovery Time / Point Objectives NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site Regulatory Compliance NIST_SP_800-53_R4 CP-6(3) NIST_SP_800-53_R4_CP-6(3) NIST SP 800-53 Rev. 4 CP-6 (3) Accessibility NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance NIST_SP_800-53_R4 CP-7 NIST_SP_800-53_R4_CP-7 NIST SP 800-53 Rev. 4 CP-7 Alternate Processing Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NIST_SP_800-53_R4 CP-7 NIST_SP_800-53_R4_CP-7 NIST SP 800-53 Rev. 4 CP-7 Alternate Processing Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance NIST_SP_800-53_R4 CP-7(1) NIST_SP_800-53_R4_CP-7(1) NIST SP 800-53 Rev. 4 CP-7 (1) Separation From Primary Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance NIST_SP_800-53_R4 CP-7(2) NIST_SP_800-53_R4_CP-7(2) NIST SP 800-53 Rev. 4 CP-7 (2) Accessibility NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance NIST_SP_800-53_R4 CP-7(3) NIST_SP_800-53_R4_CP-7(3) NIST SP 800-53 Rev. 4 CP-7 (3) Priority Of Service NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers Regulatory Compliance NIST_SP_800-53_R4 CP-7(3) NIST_SP_800-53_R4_CP-7(3) NIST SP 800-53 Rev. 4 CP-7 (3) Priority Of Service NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0f31d98d-5ce2-705b-4aa5-b4f6705110dd Prepare alternate processing site for use as operational site Regulatory Compliance NIST_SP_800-53_R4 CP-7(4) NIST_SP_800-53_R4_CP-7(4) NIST SP 800-53 Rev. 4 CP-7 (4) Preparation For Use NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers Regulatory Compliance NIST_SP_800-53_R4 CP-8(1) NIST_SP_800-53_R4_CP-8(1) NIST SP 800-53 Rev. 4 CP-8 (1) Priority Of Service Provisions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault NIST_SP_800-53_R4 CP-9 NIST_SP_800-53_R4_CP-9 NIST SP 800-53 Rev. 4 CP-9 Information System Backup NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup NIST_SP_800-53_R4 CP-9 NIST_SP_800-53_R4_CP-9 NIST SP 800-53 Rev. 4 CP-9 Information System Backup NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault NIST_SP_800-53_R4 CP-9 NIST_SP_800-53_R4_CP-9 NIST SP 800-53 Rev. 4 CP-9 Information System Backup NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance NIST_SP_800-53_R4 CP-9 NIST_SP_800-53_R4_CP-9 NIST SP 800-53 Rev. 4 CP-9 Information System Backup NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL NIST_SP_800-53_R4 CP-9 NIST_SP_800-53_R4_CP-9 NIST SP 800-53 Rev. 4 CP-9 Information System Backup NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL NIST_SP_800-53_R4 CP-9 NIST_SP_800-53_R4_CP-9 NIST SP 800-53 Rev. 4 CP-9 Information System Backup NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance NIST_SP_800-53_R4 CP-9 NIST_SP_800-53_R4_CP-9 NIST SP 800-53 Rev. 4 CP-9 Information System Backup NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R4 CP-9 NIST_SP_800-53_R4_CP-9 NIST SP 800-53 Rev. 4 CP-9 Information System Backup NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL NIST_SP_800-53_R4 CP-9 NIST_SP_800-53_R4_CP-9 NIST SP 800-53 Rev. 4 CP-9 Information System Backup NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance NIST_SP_800-53_R4 CP-9(3) NIST_SP_800-53_R4_CP-9(3) NIST SP 800-53 Rev. 4 CP-9 (3) Separate Storage For Critical Information NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance NIST_SP_800-53_R4 CP-9(5) NIST_SP_800-53_R4_CP-9(5) NIST SP 800-53 Rev. 4 CP-9 (5) Transfer To Alternate Storage Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures Regulatory Compliance NIST_SP_800-53_R4 IA-1 NIST_SP_800-53_R4_IA-1 NIST SP 800-53 Rev. 4 IA-1 Identification And Authentication Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance NIST_SP_800-53_R4 IA-2 NIST_SP_800-53_R4_IA-2 NIST SP 800-53 Rev. 4 IA-2 Identification And Authentication (Organizational Users) NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-53_R4 IA-2 NIST_SP_800-53_R4_IA-2 NIST SP 800-53 Rev. 4 IA-2 Identification And Authentication (Organizational Users) NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-53_R4 IA-2 NIST_SP_800-53_R4_IA-2 NIST SP 800-53 Rev. 4 IA-2 Identification And Authentication (Organizational Users) NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-53_R4 IA-2 NIST_SP_800-53_R4_IA-2 NIST SP 800-53 Rev. 4 IA-2 Identification And Authentication (Organizational Users) NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance NIST_SP_800-53_R4 IA-2 NIST_SP_800-53_R4_IA-2 NIST SP 800-53 Rev. 4 IA-2 Identification And Authentication (Organizational Users) NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-53_R4 IA-2 NIST_SP_800-53_R4_IA-2 NIST SP 800-53 Rev. 4 IA-2 Identification And Authentication (Organizational Users) NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NIST_SP_800-53_R4 IA-2 NIST_SP_800-53_R4_IA-2 NIST SP 800-53 Rev. 4 IA-2 Identification And Authentication (Organizational Users) NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance NIST_SP_800-53_R4 IA-2(1) NIST_SP_800-53_R4_IA-2(1) NIST SP 800-53 Rev. 4 IA-2 (1) Network Access To Privileged Accounts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance NIST_SP_800-53_R4 IA-2(11) NIST_SP_800-53_R4_IA-2(11) NIST SP 800-53 Rev. 4 IA-2 (11) Remote Access - Separate Device NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance NIST_SP_800-53_R4 IA-2(11) NIST_SP_800-53_R4_IA-2(11) NIST SP 800-53 Rev. 4 IA-2 (11) Remote Access - Separate Device NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance NIST_SP_800-53_R4 IA-2(12) NIST_SP_800-53_R4_IA-2(12) NIST SP 800-53 Rev. 4 IA-2 (12) Acceptance Of Piv Credentials NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance NIST_SP_800-53_R4 IA-2(2) NIST_SP_800-53_R4_IA-2(2) NIST SP 800-53 Rev. 4 IA-2 (2) Network Access To Non-Privileged Accounts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance NIST_SP_800-53_R4 IA-2(3) NIST_SP_800-53_R4_IA-2(3) NIST SP 800-53 Rev. 4 IA-2 (3) Local Access To Privileged Accounts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
08ad71d0-52be-6503-4908-e015460a16ae Require use of individual authenticators Regulatory Compliance NIST_SP_800-53_R4 IA-2(5) NIST_SP_800-53_R4_IA-2(5) NIST SP 800-53 Rev. 4 IA-2 (5) Group Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NIST_SP_800-53_R4 IA-4 NIST_SP_800-53_R4_IA-4 NIST SP 800-53 Rev. 4 IA-4 Identifier Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4781e5fd-76b8-7d34-6df3-a0a7fca47665 Prevent identifier reuse for the defined time period Regulatory Compliance NIST_SP_800-53_R4 IA-4 NIST_SP_800-53_R4_IA-4 NIST SP 800-53 Rev. 4 IA-4 Identifier Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f29b17a4-0df2-8a50-058a-8570f9979d28 Assign system identifiers Regulatory Compliance NIST_SP_800-53_R4 IA-4 NIST_SP_800-53_R4_IA-4 NIST SP 800-53 Rev. 4 IA-4 Identifier Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-53_R4 IA-4 NIST_SP_800-53_R4_IA-4 NIST SP 800-53 Rev. 4 IA-4 Identifier Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-53_R4 IA-4 NIST_SP_800-53_R4_IA-4 NIST SP 800-53 Rev. 4 IA-4 Identifier Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-53_R4 IA-4 NIST_SP_800-53_R4_IA-4 NIST SP 800-53 Rev. 4 IA-4 Identifier Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-53_R4 IA-4 NIST_SP_800-53_R4_IA-4 NIST SP 800-53 Rev. 4 IA-4 Identifier Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ca748dfe-3e28-1d18-4221-89aea30aa0a5 Identify status of individual users Regulatory Compliance NIST_SP_800-53_R4 IA-4(4) NIST_SP_800-53_R4_IA-4(4) NIST SP 800-53 Rev. 4 IA-4 (4) Identify User Status NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIST_SP_800-53_R4 IA-5(1) NIST_SP_800-53_R4_IA-5(1) NIST SP 800-53 Rev. 4 IA-5 (1) Password-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance NIST_SP_800-53_R4 IA-5(1) NIST_SP_800-53_R4_IA-5(1) NIST SP 800-53 Rev. 4 IA-5 (1) Password-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIST_SP_800-53_R4 IA-5(1) NIST_SP_800-53_R4_IA-5(1) NIST SP 800-53 Rev. 4 IA-5 (1) Password-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NIST_SP_800-53_R4 IA-5(1) NIST_SP_800-53_R4_IA-5(1) NIST SP 800-53 Rev. 4 IA-5 (1) Password-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration NIST_SP_800-53_R4 IA-5(1) NIST_SP_800-53_R4_IA-5(1) NIST SP 800-53 Rev. 4 IA-5 (1) Password-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration NIST_SP_800-53_R4 IA-5(1) NIST_SP_800-53_R4_IA-5(1) NIST SP 800-53 Rev. 4 IA-5 (1) Password-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration NIST_SP_800-53_R4 IA-5(1) NIST_SP_800-53_R4_IA-5(1) NIST SP 800-53 Rev. 4 IA-5 (1) Password-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration NIST_SP_800-53_R4 IA-5(1) NIST_SP_800-53_R4_IA-5(1) NIST SP 800-53 Rev. 4 IA-5 (1) Password-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration NIST_SP_800-53_R4 IA-5(1) NIST_SP_800-53_R4_IA-5(1) NIST SP 800-53 Rev. 4 IA-5 (1) Password-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
237b38db-ca4d-4259-9e47-7882441ca2c0 Audit Windows machines that do not have the minimum password age set to specified number of days Guest Configuration NIST_SP_800-53_R4 IA-5(1) NIST_SP_800-53_R4_IA-5(1) NIST SP 800-53 Rev. 4 IA-5 (1) Password-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration NIST_SP_800-53_R4 IA-5(1) NIST_SP_800-53_R4_IA-5(1) NIST SP 800-53 Rev. 4 IA-5 (1) Password-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration NIST_SP_800-53_R4 IA-5(1) NIST_SP_800-53_R4_IA-5(1) NIST SP 800-53 Rev. 4 IA-5 (1) Password-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance NIST_SP_800-53_R4 IA-5(1) NIST_SP_800-53_R4_IA-5(1) NIST SP 800-53 Rev. 4 IA-5 (1) Password-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance NIST_SP_800-53_R4 IA-5(1) NIST_SP_800-53_R4_IA-5(1) NIST SP 800-53 Rev. 4 IA-5 (1) Password-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance NIST_SP_800-53_R4 IA-5(1) NIST_SP_800-53_R4_IA-5(1) NIST SP 800-53 Rev. 4 IA-5 (1) Password-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance NIST_SP_800-53_R4 IA-5(11) NIST_SP_800-53_R4_IA-5(11) NIST SP 800-53 Rev. 4 IA-5 (11) Hardware Token-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c7e8ddc1-14aa-1814-7fe1-aad1742b27da Enforce expiration of cached authenticators Regulatory Compliance NIST_SP_800-53_R4 IA-5(13) NIST_SP_800-53_R4_IA-5(13) NIST SP 800-53 Rev. 4 IA-5 (13) Expiration Of Cached Authenticators NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance NIST_SP_800-53_R4 IA-5(2) NIST_SP_800-53_R4_IA-5(2) NIST SP 800-53 Rev. 4 IA-5 (2) Pki-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance NIST_SP_800-53_R4 IA-5(2) NIST_SP_800-53_R4_IA-5(2) NIST SP 800-53 Rev. 4 IA-5 (2) Pki-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance NIST_SP_800-53_R4 IA-5(2) NIST_SP_800-53_R4_IA-5(2) NIST SP 800-53 Rev. 4 IA-5 (2) Pki-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6f311b49-9b0d-8c67-3d6e-db80ae528173 Bind authenticators and identities dynamically Regulatory Compliance NIST_SP_800-53_R4 IA-5(2) NIST_SP_800-53_R4_IA-5(2) NIST SP 800-53 Rev. 4 IA-5 (2) Pki-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0065241c-72e9-3b2c-556f-75de66332a94 Establish parameters for searching secret authenticators and verifiers Regulatory Compliance NIST_SP_800-53_R4 IA-5(2) NIST_SP_800-53_R4_IA-5(2) NIST SP 800-53 Rev. 4 IA-5 (2) Pki-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4012c2b7-4e0e-a7ab-1688-4aab43f14420 Map authenticated identities to individuals Regulatory Compliance NIST_SP_800-53_R4 IA-5(2) NIST_SP_800-53_R4_IA-5(2) NIST SP 800-53 Rev. 4 IA-5 (2) Pki-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance NIST_SP_800-53_R4 IA-5(2) NIST_SP_800-53_R4_IA-5(2) NIST SP 800-53 Rev. 4 IA-5 (2) Pki-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
098dcde7-016a-06c3-0985-0daaf3301d3a Distribute authenticators Regulatory Compliance NIST_SP_800-53_R4 IA-5(3) NIST_SP_800-53_R4_IA-5(3) NIST SP 800-53 Rev. 4 IA-5 (3) In-Person Or Trusted Third-Party Registration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance NIST_SP_800-53_R4 IA-5(4) NIST_SP_800-53_R4_IA-5(4) NIST SP 800-53 Rev. 4 IA-5 (4) Automated Support For Password Strength Determination NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance NIST_SP_800-53_R4 IA-5(4) NIST_SP_800-53_R4_IA-5(4) NIST SP 800-53 Rev. 4 IA-5 (4) Automated Support For Password Strength Determination NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance NIST_SP_800-53_R4 IA-5(4) NIST_SP_800-53_R4_IA-5(4) NIST SP 800-53 Rev. 4 IA-5 (4) Automated Support For Password Strength Determination NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
37dbe3dc-0e9c-24fa-36f2-11197cbfa207 Ensure authorized users protect provided authenticators Regulatory Compliance NIST_SP_800-53_R4 IA-5(6) NIST_SP_800-53_R4_IA-5(6) NIST SP 800-53 Rev. 4 IA-5 (6) Protection Of Authenticators NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eda0cbb7-6043-05bf-645b-67411f1a59b3 Ensure there are no unencrypted static authenticators Regulatory Compliance NIST_SP_800-53_R4 IA-5(7) NIST_SP_800-53_R4_IA-5(7) NIST SP 800-53 Rev. 4 IA-5 (7) No Embedded Unencrypted Static Authenticators NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1ff03f2a-974b-3272-34f2-f6cd51420b30 Obscure feedback information during authentication process Regulatory Compliance NIST_SP_800-53_R4 IA-6 NIST_SP_800-53_R4_IA-6 NIST SP 800-53 Rev. 4 IA-6 Authenticator Feedback NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance NIST_SP_800-53_R4 IA-7 NIST_SP_800-53_R4_IA-7 NIST SP 800-53 Rev. 4 IA-7 Cryptographic Module Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance NIST_SP_800-53_R4 IA-8 NIST_SP_800-53_R4_IA-8 NIST SP 800-53 Rev. 4 IA-8 Identification And Authentication (Non- Organizational Users) NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
55be3260-a7a2-3c06-7fe6-072d07525ab7 Accept PIV credentials Regulatory Compliance NIST_SP_800-53_R4 IA-8(1) NIST_SP_800-53_R4_IA-8(1) NIST SP 800-53 Rev. 4 IA-8 (1) Acceptance Of Piv Credentials From Other Agencies NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2d2ca910-7957-23ee-2945-33f401606efc Accept only FICAM-approved third-party credentials Regulatory Compliance NIST_SP_800-53_R4 IA-8(2) NIST_SP_800-53_R4_IA-8(2) NIST SP 800-53 Rev. 4 IA-8 (2) Acceptance Of Third-Party Credentials NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
db8b35d6-8adb-3f51-44ff-c648ab5b1530 Employ FICAM-approved resources to accept third-party credentials Regulatory Compliance NIST_SP_800-53_R4 IA-8(3) NIST_SP_800-53_R4_IA-8(3) NIST SP 800-53 Rev. 4 IA-8 (3) Use Of Ficam-Approved Products NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a8df9c78-4044-98be-2c05-31a315ac8957 Conform to FICAM-issued profiles Regulatory Compliance NIST_SP_800-53_R4 IA-8(4) NIST_SP_800-53_R4_IA-8(4) NIST SP 800-53 Rev. 4 IA-8 (4) Use Of Ficam-Issued Profiles NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance NIST_SP_800-53_R4 IR-1 NIST_SP_800-53_R4_IR-1 NIST SP 800-53 Rev. 4 IR-1 Incident Response Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance NIST_SP_800-53_R4 IR-2 NIST_SP_800-53_R4_IR-2 NIST SP 800-53 Rev. 4 IR-2 Incident Response Training NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1fdeb7c4-4c93-8271-a135-17ebe85f1cc7 Incorporate simulated events into incident response training Regulatory Compliance NIST_SP_800-53_R4 IR-2(1) NIST_SP_800-53_R4_IR-2(1) NIST SP 800-53 Rev. 4 IR-2 (1) Simulated Events NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c8aa992d-76b7-7ca0-07b3-31a58d773fa9 Employ automated training environment Regulatory Compliance NIST_SP_800-53_R4 IR-2(2) NIST_SP_800-53_R4_IR-2(2) NIST SP 800-53 Rev. 4 IR-2 (2) Automated Training Environments NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance NIST_SP_800-53_R4 IR-3 NIST_SP_800-53_R4_IR-3 NIST SP 800-53 Rev. 4 IR-3 Incident Response Testing NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance NIST_SP_800-53_R4 IR-3 NIST_SP_800-53_R4_IR-3 NIST SP 800-53 Rev. 4 IR-3 Incident Response Testing NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance NIST_SP_800-53_R4 IR-3 NIST_SP_800-53_R4_IR-3 NIST SP 800-53 Rev. 4 IR-3 Incident Response Testing NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance NIST_SP_800-53_R4 IR-3(2) NIST_SP_800-53_R4_IR-3(2) NIST SP 800-53 Rev. 4 IR-3 (2) Coordination With Related Plans NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance NIST_SP_800-53_R4 IR-3(2) NIST_SP_800-53_R4_IR-3(2) NIST SP 800-53 Rev. 4 IR-3 (2) Coordination With Related Plans NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance NIST_SP_800-53_R4 IR-3(2) NIST_SP_800-53_R4_IR-3(2) NIST SP 800-53 Rev. 4 IR-3 (2) Coordination With Related Plans NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance NIST_SP_800-53_R4 IR-4(1) NIST_SP_800-53_R4_IR-4(1) NIST SP 800-53 Rev. 4 IR-4 (1) Automated Incident Handling Processes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance NIST_SP_800-53_R4 IR-4(1) NIST_SP_800-53_R4_IR-4(1) NIST SP 800-53 Rev. 4 IR-4 (1) Automated Incident Handling Processes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance NIST_SP_800-53_R4 IR-4(1) NIST_SP_800-53_R4_IR-4(1) NIST SP 800-53 Rev. 4 IR-4 (1) Automated Incident Handling Processes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1e0d5ba8-a433-01aa-829c-86b06c9631ec Include dynamic reconfig of customer deployed resources Regulatory Compliance NIST_SP_800-53_R4 IR-4(2) NIST_SP_800-53_R4_IR-4(2) NIST SP 800-53 Rev. 4 IR-4 (2) Dynamic Reconfiguration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
23d1a569-2d1e-7f43-9e22-1f94115b7dd5 Identify classes of Incidents and Actions taken Regulatory Compliance NIST_SP_800-53_R4 IR-4(3) NIST_SP_800-53_R4_IR-4(3) NIST SP 800-53 Rev. 4 IR-4 (3) Continuity Of Operations NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance NIST_SP_800-53_R4 IR-4(4) NIST_SP_800-53_R4_IR-4(4) NIST SP 800-53 Rev. 4 IR-4 (4) Information Correlation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
98e33927-8d7f-6d5f-44f5-2469b40b7215 Implement Incident handling capability Regulatory Compliance NIST_SP_800-53_R4 IR-4(6) NIST_SP_800-53_R4_IR-4(6) NIST SP 800-53 Rev. 4 IR-4 (6) Insider Threats - Specific Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d4e6a629-28eb-79a9-000b-88030e4823ca Coordinate with external organizations to achieve cross org perspective Regulatory Compliance NIST_SP_800-53_R4 IR-4(8) NIST_SP_800-53_R4_IR-4(8) NIST SP 800-53 Rev. 4 IR-4 (8) Correlation With External Organizations NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R4 IR-5 NIST_SP_800-53_R4_IR-5 NIST SP 800-53 Rev. 4 IR-5 Incident Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R4 IR-5 NIST_SP_800-53_R4_IR-5 NIST SP 800-53 Rev. 4 IR-5 Incident Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R4 IR-5 NIST_SP_800-53_R4_IR-5 NIST SP 800-53 Rev. 4 IR-5 Incident Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center NIST_SP_800-53_R4 IR-5 NIST_SP_800-53_R4_IR-5 NIST SP 800-53 Rev. 4 IR-5 Incident Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NIST_SP_800-53_R4 IR-5 NIST_SP_800-53_R4_IR-5 NIST SP 800-53 Rev. 4 IR-5 Incident Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_SP_800-53_R4 IR-5 NIST_SP_800-53_R4_IR-5 NIST SP 800-53 Rev. 4 IR-5 Incident Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R4 IR-5 NIST_SP_800-53_R4_IR-5 NIST SP 800-53 Rev. 4 IR-5 Incident Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R4 IR-5 NIST_SP_800-53_R4_IR-5 NIST SP 800-53 Rev. 4 IR-5 Incident Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R4 IR-5 NIST_SP_800-53_R4_IR-5 NIST SP 800-53 Rev. 4 IR-5 Incident Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R4 IR-5 NIST_SP_800-53_R4_IR-5 NIST SP 800-53 Rev. 4 IR-5 Incident Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R4 IR-5 NIST_SP_800-53_R4_IR-5 NIST SP 800-53 Rev. 4 IR-5 Incident Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R4 IR-5 NIST_SP_800-53_R4_IR-5 NIST SP 800-53 Rev. 4 IR-5 Incident Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R4 IR-5 NIST_SP_800-53_R4_IR-5 NIST SP 800-53 Rev. 4 IR-5 Incident Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance NIST_SP_800-53_R4 IR-6(1) NIST_SP_800-53_R4_IR-6(1) NIST SP 800-53 Rev. 4 IR-6 (1) Automated Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_SP_800-53_R4 IR-6(2) NIST_SP_800-53_R4_IR-6(2) NIST SP 800-53 Rev. 4 IR-6 (2) Vulnerabilities Related to Incidents NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NIST_SP_800-53_R4 IR-6(2) NIST_SP_800-53_R4_IR-6(2) NIST SP 800-53 Rev. 4 IR-6 (2) Vulnerabilities Related to Incidents NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center NIST_SP_800-53_R4 IR-6(2) NIST_SP_800-53_R4_IR-6(2) NIST SP 800-53 Rev. 4 IR-6 (2) Vulnerabilities Related to Incidents NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance NIST_SP_800-53_R4 IR-7 NIST_SP_800-53_R4_IR-7 NIST SP 800-53 Rev. 4 IR-7 Incident Response Assistance NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance NIST_SP_800-53_R4 IR-7(1) NIST_SP_800-53_R4_IR-7(1) NIST SP 800-53 Rev. 4 IR-7 (1) Automation Support For Availability Of Information / Support NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance NIST_SP_800-53_R4 IR-7(1) NIST_SP_800-53_R4_IR-7(1) NIST SP 800-53 Rev. 4 IR-7 (1) Automation Support For Availability Of Information / Support NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance NIST_SP_800-53_R4 IR-7(1) NIST_SP_800-53_R4_IR-7(1) NIST SP 800-53 Rev. 4 IR-7 (1) Automation Support For Availability Of Information / Support NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance NIST_SP_800-53_R4 IR-7(1) NIST_SP_800-53_R4_IR-7(1) NIST SP 800-53 Rev. 4 IR-7 (1) Automation Support For Availability Of Information / Support NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance NIST_SP_800-53_R4 IR-7(1) NIST_SP_800-53_R4_IR-7(1) NIST SP 800-53 Rev. 4 IR-7 (1) Automation Support For Availability Of Information / Support NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance NIST_SP_800-53_R4 IR-7(1) NIST_SP_800-53_R4_IR-7(1) NIST SP 800-53 Rev. 4 IR-7 (1) Automation Support For Availability Of Information / Support NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-53_R4 IR-7(1) NIST_SP_800-53_R4_IR-7(1) NIST SP 800-53 Rev. 4 IR-7 (1) Automation Support For Availability Of Information / Support NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b470a37a-7a47-3792-34dd-7a793140702e Establish relationship between incident response capability and external providers Regulatory Compliance NIST_SP_800-53_R4 IR-7(2) NIST_SP_800-53_R4_IR-7(2) NIST SP 800-53 Rev. 4 IR-7 (2) Coordination With External Providers NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
037c0089-6606-2dab-49ad-437005b5035f Identify incident response personnel Regulatory Compliance NIST_SP_800-53_R4 IR-7(2) NIST_SP_800-53_R4_IR-7(2) NIST SP 800-53 Rev. 4 IR-7 (2) Coordination With External Providers NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance NIST_SP_800-53_R4 IR-8 NIST_SP_800-53_R4_IR-8 NIST SP 800-53 Rev. 4 IR-8 Incident Response Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance NIST_SP_800-53_R4 IR-8 NIST_SP_800-53_R4_IR-8 NIST SP 800-53 Rev. 4 IR-8 Incident Response Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance NIST_SP_800-53_R4 IR-8 NIST_SP_800-53_R4_IR-8 NIST SP 800-53 Rev. 4 IR-8 Incident Response Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance NIST_SP_800-53_R4 IR-8 NIST_SP_800-53_R4_IR-8 NIST SP 800-53 Rev. 4 IR-8 Incident Response Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records Regulatory Compliance NIST_SP_800-53_R4 IR-8 NIST_SP_800-53_R4_IR-8 NIST SP 800-53 Rev. 4 IR-8 Incident Response Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance NIST_SP_800-53_R4 IR-8 NIST_SP_800-53_R4_IR-8 NIST SP 800-53 Rev. 4 IR-8 Incident Response Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance NIST_SP_800-53_R4 IR-9 NIST_SP_800-53_R4_IR-9 NIST SP 800-53 Rev. 4 IR-9 Information Spillage Response NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance NIST_SP_800-53_R4 IR-9 NIST_SP_800-53_R4_IR-9 NIST SP 800-53 Rev. 4 IR-9 Information Spillage Response NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
69d90ee6-9f9f-262a-2038-d909fb4e5723 Identify spilled information Regulatory Compliance NIST_SP_800-53_R4 IR-9 NIST_SP_800-53_R4_IR-9 NIST SP 800-53 Rev. 4 IR-9 Information Spillage Response NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance NIST_SP_800-53_R4 IR-9 NIST_SP_800-53_R4_IR-9 NIST SP 800-53 Rev. 4 IR-9 Information Spillage Response NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
22457e81-3ec6-5271-a786-c3ca284601dd Isolate information spills Regulatory Compliance NIST_SP_800-53_R4 IR-9 NIST_SP_800-53_R4_IR-9 NIST SP 800-53 Rev. 4 IR-9 Information Spillage Response NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance NIST_SP_800-53_R4 IR-9 NIST_SP_800-53_R4_IR-9 NIST SP 800-53 Rev. 4 IR-9 Information Spillage Response NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
279052a0-8238-694d-9661-bf649f951747 Identify contaminated systems and components Regulatory Compliance NIST_SP_800-53_R4 IR-9 NIST_SP_800-53_R4_IR-9 NIST SP 800-53 Rev. 4 IR-9 Information Spillage Response NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
037c0089-6606-2dab-49ad-437005b5035f Identify incident response personnel Regulatory Compliance NIST_SP_800-53_R4 IR-9(1) NIST_SP_800-53_R4_IR-9(1) NIST SP 800-53 Rev. 4 IR-9 (1) Responsible Personnel NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance NIST_SP_800-53_R4 IR-9(2) NIST_SP_800-53_R4_IR-9(2) NIST SP 800-53 Rev. 4 IR-9 (2) Training NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bb048641-6017-7272-7772-a008f285a520 Develop spillage response procedures Regulatory Compliance NIST_SP_800-53_R4 IR-9(3) NIST_SP_800-53_R4_IR-9(3) NIST SP 800-53 Rev. 4 IR-9 (3) Post-Spill Operations NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance NIST_SP_800-53_R4 IR-9(4) NIST_SP_800-53_R4_IR-9(4) NIST SP 800-53 Rev. 4 IR-9 (4) Exposure To Unauthorized Personnel NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance NIST_SP_800-53_R4 MA-1 NIST_SP_800-53_R4_MA-1 NIST SP 800-53 Rev. 4 MA-1 System Maintenance Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-53_R4 MA-2 NIST_SP_800-53_R4_MA-2 NIST SP 800-53 Rev. 4 MA-2 Controlled Maintenance NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-53_R4 MA-2 NIST_SP_800-53_R4_MA-2 NIST SP 800-53 Rev. 4 MA-2 Controlled Maintenance NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R4 MA-2 NIST_SP_800-53_R4_MA-2 NIST SP 800-53 Rev. 4 MA-2 Controlled Maintenance NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance NIST_SP_800-53_R4 MA-2 NIST_SP_800-53_R4_MA-2 NIST SP 800-53 Rev. 4 MA-2 Controlled Maintenance NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
74041cfe-3f87-1d17-79ec-34ca5f895542 Produce complete records of remote maintenance activities Regulatory Compliance NIST_SP_800-53_R4 MA-2(2) NIST_SP_800-53_R4_MA-2(2) NIST SP 800-53 Rev. 4 MA-2 (2) Automated Maintenance Activities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b8587fce-138f-86e8-33a3-c60768bf1da6 Automate remote maintenance activities Regulatory Compliance NIST_SP_800-53_R4 MA-2(2) NIST_SP_800-53_R4_MA-2(2) NIST SP 800-53 Rev. 4 MA-2 (2) Automated Maintenance Activities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-53_R4 MA-3 NIST_SP_800-53_R4_MA-3 NIST SP 800-53 Rev. 4 MA-3 Maintenance Tools NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance NIST_SP_800-53_R4 MA-3 NIST_SP_800-53_R4_MA-3 NIST SP 800-53 Rev. 4 MA-3 Maintenance Tools NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance NIST_SP_800-53_R4 MA-3(1) NIST_SP_800-53_R4_MA-3(1) NIST SP 800-53 Rev. 4 MA-3 (1) Inspect Tools NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-53_R4 MA-3(1) NIST_SP_800-53_R4_MA-3(1) NIST SP 800-53 Rev. 4 MA-3 (1) Inspect Tools NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-53_R4 MA-3(2) NIST_SP_800-53_R4_MA-3(2) NIST SP 800-53 Rev. 4 MA-3 (2) Inspect Media NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance NIST_SP_800-53_R4 MA-3(2) NIST_SP_800-53_R4_MA-3(2) NIST SP 800-53 Rev. 4 MA-3 (2) Inspect Media NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R4 MA-3(3) NIST_SP_800-53_R4_MA-3(3) NIST SP 800-53 Rev. 4 MA-3 (3) Prevent Unauthorized Removal NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance NIST_SP_800-53_R4 MA-3(3) NIST_SP_800-53_R4_MA-3(3) NIST SP 800-53 Rev. 4 MA-3 (3) Prevent Unauthorized Removal NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-53_R4 MA-3(3) NIST_SP_800-53_R4_MA-3(3) NIST SP 800-53 Rev. 4 MA-3 (3) Prevent Unauthorized Removal NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-53_R4 MA-3(3) NIST_SP_800-53_R4_MA-3(3) NIST SP 800-53 Rev. 4 MA-3 (3) Prevent Unauthorized Removal NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-53_R4 MA-4 NIST_SP_800-53_R4_MA-4 NIST SP 800-53 Rev. 4 MA-4 Nonlocal Maintenance NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-53_R4 MA-4(2) NIST_SP_800-53_R4_MA-4(2) NIST SP 800-53 Rev. 4 MA-4 (2) Document Nonlocal Maintenance NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5bac5fb7-7735-357b-767d-02264bfe5c3b Perform all non-local maintenance Regulatory Compliance NIST_SP_800-53_R4 MA-4(3) NIST_SP_800-53_R4_MA-4(3) NIST SP 800-53 Rev. 4 MA-4 (3) Comparable Security / Sanitization NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
10c3a1b1-29b0-a2d5-8f4c-a284b0f07830 Implement cryptographic mechanisms Regulatory Compliance NIST_SP_800-53_R4 MA-4(6) NIST_SP_800-53_R4_MA-4(6) NIST SP 800-53 Rev. 4 MA-4 (6) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d Manage maintenance personnel Regulatory Compliance NIST_SP_800-53_R4 MA-5 NIST_SP_800-53_R4_MA-5 NIST SP 800-53 Rev. 4 MA-5 Maintenance Personnel NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4ce91e4e-6dab-3c46-011a-aa14ae1561bf Maintain list of authorized remote maintenance personnel Regulatory Compliance NIST_SP_800-53_R4 MA-5 NIST_SP_800-53_R4_MA-5 NIST SP 800-53 Rev. 4 MA-5 Maintenance Personnel NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7a489c62-242c-5db9-74df-c073056d6fa3 Designate personnel to supervise unauthorized maintenance activities Regulatory Compliance NIST_SP_800-53_R4 MA-5 NIST_SP_800-53_R4_MA-5 NIST SP 800-53 Rev. 4 MA-5 Maintenance Personnel NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-53_R4 MA-5(1) NIST_SP_800-53_R4_MA-5(1) NIST SP 800-53 Rev. 4 MA-5 (1) Individuals Without Appropriate Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R4 MA-5(1) NIST_SP_800-53_R4_MA-5(1) NIST SP 800-53 Rev. 4 MA-5 (1) Individuals Without Appropriate Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eb598832-4bcc-658d-4381-3ecbe17b9866 Provide timely maintenance support Regulatory Compliance NIST_SP_800-53_R4 MA-6 NIST_SP_800-53_R4_MA-6 NIST SP 800-53 Rev. 4 MA-6 Timely Maintenance NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance NIST_SP_800-53_R4 MP-1 NIST_SP_800-53_R4_MP-1 NIST SP 800-53 Rev. 4 MP-1 Media Protection Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R4 MP-2 NIST_SP_800-53_R4_MP-2 NIST SP 800-53 Rev. 4 MP-2 Media Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R4 MP-3 NIST_SP_800-53_R4_MP-3 NIST SP 800-53 Rev. 4 MP-3 Media Marking NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-53_R4 MP-4 NIST_SP_800-53_R4_MP-4 NIST SP 800-53 Rev. 4 MP-4 Media Storage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R4 MP-4 NIST_SP_800-53_R4_MP-4 NIST SP 800-53 Rev. 4 MP-4 Media Storage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R4 MP-5 NIST_SP_800-53_R4_MP-5 NIST SP 800-53 Rev. 4 MP-5 Media Transport NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance NIST_SP_800-53_R4 MP-5 NIST_SP_800-53_R4_MP-5 NIST SP 800-53 Rev. 4 MP-5 Media Transport NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R4 MP-5(4) NIST_SP_800-53_R4_MP-5(4) NIST SP 800-53 Rev. 4 MP-5 (4) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance NIST_SP_800-53_R4 MP-5(4) NIST_SP_800-53_R4_MP-5(4) NIST SP 800-53 Rev. 4 MP-5 (4) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R4 MP-6 NIST_SP_800-53_R4_MP-6 NIST SP 800-53 Rev. 4 MP-6 Media Sanitization NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-53_R4 MP-6 NIST_SP_800-53_R4_MP-6 NIST SP 800-53 Rev. 4 MP-6 Media Sanitization NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R4 MP-6(1) NIST_SP_800-53_R4_MP-6(1) NIST SP 800-53 Rev. 4 MP-6 (1) Review / Approve / Track / Document / Verify NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-53_R4 MP-6(1) NIST_SP_800-53_R4_MP-6(1) NIST SP 800-53 Rev. 4 MP-6 (1) Review / Approve / Track / Document / Verify NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-53_R4 MP-6(2) NIST_SP_800-53_R4_MP-6(2) NIST SP 800-53 Rev. 4 MP-6 (2) Equipment Testing NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R4 MP-6(2) NIST_SP_800-53_R4_MP-6(2) NIST SP 800-53 Rev. 4 MP-6 (2) Equipment Testing NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance NIST_SP_800-53_R4 MP-7 NIST_SP_800-53_R4_MP-7 NIST SP 800-53 Rev. 4 MP-7 Media Use NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance NIST_SP_800-53_R4 MP-7 NIST_SP_800-53_R4_MP-7 NIST SP 800-53 Rev. 4 MP-7 Media Use NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance NIST_SP_800-53_R4 MP-7 NIST_SP_800-53_R4_MP-7 NIST SP 800-53 Rev. 4 MP-7 Media Use NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R4 MP-7 NIST_SP_800-53_R4_MP-7 NIST SP 800-53 Rev. 4 MP-7 Media Use NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance NIST_SP_800-53_R4 MP-7(1) NIST_SP_800-53_R4_MP-7(1) NIST SP 800-53 Rev. 4 MP-7 (1) Prohibit Use Without Owner NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance NIST_SP_800-53_R4 MP-7(1) NIST_SP_800-53_R4_MP-7(1) NIST SP 800-53 Rev. 4 MP-7 (1) Prohibit Use Without Owner NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance NIST_SP_800-53_R4 MP-7(1) NIST_SP_800-53_R4_MP-7(1) NIST SP 800-53 Rev. 4 MP-7 (1) Prohibit Use Without Owner NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R4 MP-7(1) NIST_SP_800-53_R4_MP-7(1) NIST SP 800-53 Rev. 4 MP-7 (1) Prohibit Use Without Owner NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance NIST_SP_800-53_R4 PE-1 NIST_SP_800-53_R4_PE-1 NIST SP 800-53 Rev. 4 PE-1 Physical And Environmental Protection Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
aa892c0d-2c40-200c-0dd8-eac8c4748ede Employ automatic emergency lighting Regulatory Compliance NIST_SP_800-53_R4 PE-12 NIST_SP_800-53_R4_PE-12 NIST SP 800-53 Rev. 4 PE-12 Emergency Lighting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R4 PE-13 NIST_SP_800-53_R4_PE-13 NIST SP 800-53 Rev. 4 PE-13 Fire Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c2eabc28-1e5c-78a2-a712-7cc176c44c07 Implement a penetration testing methodology Regulatory Compliance NIST_SP_800-53_R4 PE-13(1) NIST_SP_800-53_R4_PE-13(1) NIST SP 800-53 Rev. 4 PE-13 (1) Detection Devices / Systems NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R4 PE-13(1) NIST_SP_800-53_R4_PE-13(1) NIST SP 800-53 Rev. 4 PE-13 (1) Detection Devices / Systems NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance NIST_SP_800-53_R4 PE-13(1) NIST_SP_800-53_R4_PE-13(1) NIST SP 800-53 Rev. 4 PE-13 (1) Detection Devices / Systems NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R4 PE-13(2) NIST_SP_800-53_R4_PE-13(2) NIST SP 800-53 Rev. 4 PE-13 (2) Suppression Devices / Systems NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R4 PE-13(3) NIST_SP_800-53_R4_PE-13(3) NIST SP 800-53 Rev. 4 PE-13 (3) Automatic Fire Suppression NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R4 PE-14 NIST_SP_800-53_R4_PE-14 NIST SP 800-53 Rev. 4 PE-14 Temperature And Humidity Controls NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R4 PE-14(2) NIST_SP_800-53_R4_PE-14(2) NIST SP 800-53 Rev. 4 PE-14 (2) Monitoring With Alarms / Notifications NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance NIST_SP_800-53_R4 PE-14(2) NIST_SP_800-53_R4_PE-14(2) NIST SP 800-53 Rev. 4 PE-14 (2) Monitoring With Alarms / Notifications NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R4 PE-15 NIST_SP_800-53_R4_PE-15 NIST SP 800-53 Rev. 4 PE-15 Water Damage Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
25a1f840-65d0-900a-43e4-bee253de04de Define requirements for managing assets Regulatory Compliance NIST_SP_800-53_R4 PE-16 NIST_SP_800-53_R4_PE-16 NIST SP 800-53 Rev. 4 PE-16 Delivery And Removal NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance NIST_SP_800-53_R4 PE-16 NIST_SP_800-53_R4_PE-16 NIST SP 800-53 Rev. 4 PE-16 Delivery And Removal NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance NIST_SP_800-53_R4 PE-17 NIST_SP_800-53_R4_PE-17 NIST SP 800-53 Rev. 4 PE-17 Alternate Work Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R4 PE-18 NIST_SP_800-53_R4_PE-18 NIST SP 800-53 Rev. 4 PE-18 Location Of Information System Components NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance NIST_SP_800-53_R4 PE-2 NIST_SP_800-53_R4_PE-2 NIST SP 800-53 Rev. 4 PE-2 Physical Access Authorizations NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance NIST_SP_800-53_R4 PE-3 NIST_SP_800-53_R4_PE-3 NIST SP 800-53 Rev. 4 PE-3 Physical Access Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance NIST_SP_800-53_R4 PE-3 NIST_SP_800-53_R4_PE-3 NIST SP 800-53 Rev. 4 PE-3 Physical Access Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R4 PE-3 NIST_SP_800-53_R4_PE-3 NIST SP 800-53 Rev. 4 PE-3 Physical Access Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance NIST_SP_800-53_R4 PE-3 NIST_SP_800-53_R4_PE-3 NIST SP 800-53 Rev. 4 PE-3 Physical Access Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance NIST_SP_800-53_R4 PE-4 NIST_SP_800-53_R4_PE-4 NIST SP 800-53 Rev. 4 PE-4 Access Control For Transmission Medium NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R4 PE-4 NIST_SP_800-53_R4_PE-4 NIST SP 800-53 Rev. 4 PE-4 Access Control For Transmission Medium NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance NIST_SP_800-53_R4 PE-5 NIST_SP_800-53_R4_PE-5 NIST SP 800-53 Rev. 4 PE-5 Access Control For Output Devices NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R4 PE-5 NIST_SP_800-53_R4_PE-5 NIST SP 800-53 Rev. 4 PE-5 Access Control For Output Devices NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance NIST_SP_800-53_R4 PE-5 NIST_SP_800-53_R4_PE-5 NIST SP 800-53 Rev. 4 PE-5 Access Control For Output Devices NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance NIST_SP_800-53_R4 PE-6(1) NIST_SP_800-53_R4_PE-6(1) NIST SP 800-53 Rev. 4 PE-6 (1) Intrusion Alarms / Surveillance Equipment NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance NIST_SP_800-53_R4 PE-6(1) NIST_SP_800-53_R4_PE-6(1) NIST SP 800-53 Rev. 4 PE-6 (1) Intrusion Alarms / Surveillance Equipment NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance NIST_SP_800-53_R4 PE-8 NIST_SP_800-53_R4_PE-8 NIST SP 800-53 Rev. 4 PE-8 Visitor Access Records NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R4 PE-8 NIST_SP_800-53_R4_PE-8 NIST SP 800-53 Rev. 4 PE-8 Visitor Access Records NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance NIST_SP_800-53_R4 PL-1 NIST_SP_800-53_R4_PL-1 NIST SP 800-53 Rev. 4 PL-1 Security Planning Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance NIST_SP_800-53_R4 PL-2 NIST_SP_800-53_R4_PL-2 NIST SP 800-53 Rev. 4 PL-2 System Security Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance NIST_SP_800-53_R4 PL-2 NIST_SP_800-53_R4_PL-2 NIST SP 800-53 Rev. 4 PL-2 System Security Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance NIST_SP_800-53_R4 PL-2 NIST_SP_800-53_R4_PL-2 NIST SP 800-53 Rev. 4 PL-2 System Security Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance NIST_SP_800-53_R4 PL-2 NIST_SP_800-53_R4_PL-2 NIST SP 800-53 Rev. 4 PL-2 System Security Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance NIST_SP_800-53_R4 PL-2 NIST_SP_800-53_R4_PL-2 NIST SP 800-53 Rev. 4 PL-2 System Security Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance NIST_SP_800-53_R4 PL-2 NIST_SP_800-53_R4_PL-2 NIST SP 800-53 Rev. 4 PL-2 System Security Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance NIST_SP_800-53_R4 PL-2(3) NIST_SP_800-53_R4_PL-2(3) NIST SP 800-53 Rev. 4 PL-2 (3) Plan / Coordinate With Other Organizational Entities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance NIST_SP_800-53_R4 PL-2(3) NIST_SP_800-53_R4_PL-2(3) NIST SP 800-53 Rev. 4 PL-2 (3) Plan / Coordinate With Other Organizational Entities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance NIST_SP_800-53_R4 PL-2(3) NIST_SP_800-53_R4_PL-2(3) NIST SP 800-53 Rev. 4 PL-2 (3) Plan / Coordinate With Other Organizational Entities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance NIST_SP_800-53_R4 PL-4 NIST_SP_800-53_R4_PL-4 NIST SP 800-53 Rev. 4 PL-4 Rules Of Behavior NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance NIST_SP_800-53_R4 PL-4 NIST_SP_800-53_R4_PL-4 NIST SP 800-53 Rev. 4 PL-4 Rules Of Behavior NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance NIST_SP_800-53_R4 PL-4 NIST_SP_800-53_R4_PL-4 NIST SP 800-53 Rev. 4 PL-4 Rules Of Behavior NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance NIST_SP_800-53_R4 PL-4 NIST_SP_800-53_R4_PL-4 NIST SP 800-53 Rev. 4 PL-4 Rules Of Behavior NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance NIST_SP_800-53_R4 PL-4 NIST_SP_800-53_R4_PL-4 NIST SP 800-53 Rev. 4 PL-4 Rules Of Behavior NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance NIST_SP_800-53_R4 PL-4 NIST_SP_800-53_R4_PL-4 NIST SP 800-53 Rev. 4 PL-4 Rules Of Behavior NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance NIST_SP_800-53_R4 PL-4 NIST_SP_800-53_R4_PL-4 NIST SP 800-53 Rev. 4 PL-4 Rules Of Behavior NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance NIST_SP_800-53_R4 PL-4 NIST_SP_800-53_R4_PL-4 NIST SP 800-53 Rev. 4 PL-4 Rules Of Behavior NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance NIST_SP_800-53_R4 PL-4 NIST_SP_800-53_R4_PL-4 NIST SP 800-53 Rev. 4 PL-4 Rules Of Behavior NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance NIST_SP_800-53_R4 PL-4(1) NIST_SP_800-53_R4_PL-4(1) NIST SP 800-53 Rev. 4 PL-4 (1) Social Media And Networking Restrictions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ced291b8-1d3d-7e27-40cf-829e9dd523c8 Review and update the information security architecture Regulatory Compliance NIST_SP_800-53_R4 PL-8 NIST_SP_800-53_R4_PL-8 NIST SP 800-53 Rev. 4 PL-8 Information Security Architecture NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e7422f08-65b4-50e4-3779-d793156e0079 Develop a concept of operations (CONOPS) Regulatory Compliance NIST_SP_800-53_R4 PL-8 NIST_SP_800-53_R4_PL-8 NIST SP 800-53 Rev. 4 PL-8 Information Security Architecture NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance NIST_SP_800-53_R4 PS-1 NIST_SP_800-53_R4_PS-1 NIST SP 800-53 Rev. 4 PS-1 Personnel Security Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b7897ddc-9716-2460-96f7-7757ad038cc4 Assign risk designations Regulatory Compliance NIST_SP_800-53_R4 PS-2 NIST_SP_800-53_R4_PS-2 NIST SP 800-53 Rev. 4 PS-2 Position Risk Designation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c6aeb800-0b19-944d-92dc-59b893722329 Rescreen individuals at a defined frequency Regulatory Compliance NIST_SP_800-53_R4 PS-3 NIST_SP_800-53_R4_PS-3 NIST SP 800-53 Rev. 4 PS-3 Personnel Screening NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e0c480bf-0d68-a42d-4cbb-b60f851f8716 Implement personnel screening Regulatory Compliance NIST_SP_800-53_R4 PS-3 NIST_SP_800-53_R4_PS-3 NIST SP 800-53 Rev. 4 PS-3 Personnel Screening NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c42f19c9-5d88-92da-0742-371a0ea03126 Clear personnel with access to classified information Regulatory Compliance NIST_SP_800-53_R4 PS-3 NIST_SP_800-53_R4_PS-3 NIST SP 800-53 Rev. 4 PS-3 Personnel Screening NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance NIST_SP_800-53_R4 PS-3(3) NIST_SP_800-53_R4_PS-3(3) NIST SP 800-53 Rev. 4 PS-3 (3) Information With Special Protection Measures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance NIST_SP_800-53_R4 PS-4 NIST_SP_800-53_R4_PS-4 NIST SP 800-53 Rev. 4 PS-4 Personnel Termination NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance NIST_SP_800-53_R4 PS-4 NIST_SP_800-53_R4_PS-4 NIST SP 800-53 Rev. 4 PS-4 Personnel Termination NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance NIST_SP_800-53_R4 PS-4 NIST_SP_800-53_R4_PS-4 NIST SP 800-53 Rev. 4 PS-4 Personnel Termination NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance NIST_SP_800-53_R4 PS-4 NIST_SP_800-53_R4_PS-4 NIST SP 800-53 Rev. 4 PS-4 Personnel Termination NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance NIST_SP_800-53_R4 PS-4 NIST_SP_800-53_R4_PS-4 NIST SP 800-53 Rev. 4 PS-4 Personnel Termination NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
729c8708-2bec-093c-8427-2e87d2cd426d Automate notification of employee termination Regulatory Compliance NIST_SP_800-53_R4 PS-4(2) NIST_SP_800-53_R4_PS-4(2) NIST SP 800-53 Rev. 4 PS-4 (2) Automated Notification NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance NIST_SP_800-53_R4 PS-5 NIST_SP_800-53_R4_PS-5 NIST SP 800-53 Rev. 4 PS-5 Personnel Transfer NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance NIST_SP_800-53_R4 PS-5 NIST_SP_800-53_R4_PS-5 NIST SP 800-53 Rev. 4 PS-5 Personnel Transfer NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance NIST_SP_800-53_R4 PS-5 NIST_SP_800-53_R4_PS-5 NIST SP 800-53 Rev. 4 PS-5 Personnel Transfer NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance NIST_SP_800-53_R4 PS-5 NIST_SP_800-53_R4_PS-5 NIST SP 800-53 Rev. 4 PS-5 Personnel Transfer NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e7589f4e-1e8b-72c2-3692-1e14d7f3699f Ensure access agreements are signed or resigned timely Regulatory Compliance NIST_SP_800-53_R4 PS-6 NIST_SP_800-53_R4_PS-6 NIST SP 800-53 Rev. 4 PS-6 Access Agreements NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e21f91d1-2803-0282-5f2d-26ebc4b170ef Update organizational access agreements Regulatory Compliance NIST_SP_800-53_R4 PS-6 NIST_SP_800-53_R4_PS-6 NIST SP 800-53 Rev. 4 PS-6 Access Agreements NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c981fa70-2e58-8141-1457-e7f62ebc2ade Document organizational access agreements Regulatory Compliance NIST_SP_800-53_R4 PS-6 NIST_SP_800-53_R4_PS-6 NIST SP 800-53 Rev. 4 PS-6 Access Agreements NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance NIST_SP_800-53_R4 PS-6 NIST_SP_800-53_R4_PS-6 NIST SP 800-53 Rev. 4 PS-6 Access Agreements NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3af53f59-979f-24a8-540f-d7cdbc366607 Require users to sign access agreement Regulatory Compliance NIST_SP_800-53_R4 PS-6 NIST_SP_800-53_R4_PS-6 NIST SP 800-53 Rev. 4 PS-6 Access Agreements NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance NIST_SP_800-53_R4 PS-7 NIST_SP_800-53_R4_PS-7 NIST SP 800-53 Rev. 4 PS-7 Third-Party Personnel Security NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance NIST_SP_800-53_R4 PS-7 NIST_SP_800-53_R4_PS-7 NIST SP 800-53 Rev. 4 PS-7 Third-Party Personnel Security NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance NIST_SP_800-53_R4 PS-7 NIST_SP_800-53_R4_PS-7 NIST SP 800-53 Rev. 4 PS-7 Third-Party Personnel Security NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance NIST_SP_800-53_R4 PS-7 NIST_SP_800-53_R4_PS-7 NIST SP 800-53 Rev. 4 PS-7 Third-Party Personnel Security NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
afd5d60a-48d2-8073-1ec2-6687e22f2ddd Require notification of third-party personnel transfer or termination Regulatory Compliance NIST_SP_800-53_R4 PS-7 NIST_SP_800-53_R4_PS-7 NIST SP 800-53 Rev. 4 PS-7 Third-Party Personnel Security NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions Regulatory Compliance NIST_SP_800-53_R4 PS-8 NIST_SP_800-53_R4_PS-8 NIST SP 800-53 Rev. 4 PS-8 Personnel Sanctions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process Regulatory Compliance NIST_SP_800-53_R4 PS-8 NIST_SP_800-53_R4_PS-8 NIST SP 800-53 Rev. 4 PS-8 Personnel Sanctions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance NIST_SP_800-53_R4 RA-1 NIST_SP_800-53_R4_RA-1 NIST SP 800-53 Rev. 4 RA-1 Risk Assessment Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
11ba0508-58a8-44de-5f3a-9e05d80571da Develop business classification schemes Regulatory Compliance NIST_SP_800-53_R4 RA-2 NIST_SP_800-53_R4_RA-2 NIST SP 800-53 Rev. 4 RA-2 Security Categorization NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
93fa357f-2e38-22a9-5138-8cc5124e1923 Categorize information Regulatory Compliance NIST_SP_800-53_R4 RA-2 NIST_SP_800-53_R4_RA-2 NIST SP 800-53 Rev. 4 RA-2 Security Categorization NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance NIST_SP_800-53_R4 RA-2 NIST_SP_800-53_R4_RA-2 NIST SP 800-53 Rev. 4 RA-2 Security Categorization NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6c79c3e5-5f7b-a48a-5c7b-8c158bc01115 Ensure security categorization is approved Regulatory Compliance NIST_SP_800-53_R4 RA-2 NIST_SP_800-53_R4_RA-2 NIST SP 800-53 Rev. 4 RA-2 Security Categorization NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance NIST_SP_800-53_R4 RA-3 NIST_SP_800-53_R4_RA-3 NIST SP 800-53 Rev. 4 RA-3 Risk Assessment NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance NIST_SP_800-53_R4 RA-3 NIST_SP_800-53_R4_RA-3 NIST SP 800-53 Rev. 4 RA-3 Risk Assessment NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance NIST_SP_800-53_R4 RA-3 NIST_SP_800-53_R4_RA-3 NIST SP 800-53 Rev. 4 RA-3 Risk Assessment NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance NIST_SP_800-53_R4 RA-3 NIST_SP_800-53_R4_RA-3 NIST SP 800-53 Rev. 4 RA-3 Risk Assessment NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R4 RA-5(1) NIST_SP_800-53_R4_RA-5(1) NIST SP 800-53 Rev. 4 RA-5 (1) Update Tool Capability NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R4 RA-5(1) NIST_SP_800-53_R4_RA-5(1) NIST SP 800-53 Rev. 4 RA-5 (1) Update Tool Capability NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance NIST_SP_800-53_R4 RA-5(10) NIST_SP_800-53_R4_RA-5(10) NIST SP 800-53 Rev. 4 RA-5 (10) Correlate Scanning Information NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R4 RA-5(2) NIST_SP_800-53_R4_RA-5(2) NIST SP 800-53 Rev. 4 RA-5 (2) Update By Frequency / Prior To New Scan / When Identified NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R4 RA-5(2) NIST_SP_800-53_R4_RA-5(2) NIST SP 800-53 Rev. 4 RA-5 (2) Update By Frequency / Prior To New Scan / When Identified NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R4 RA-5(3) NIST_SP_800-53_R4_RA-5(3) NIST SP 800-53 Rev. 4 RA-5 (3) Breadth / Depth Of Coverage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R4 RA-5(3) NIST_SP_800-53_R4_RA-5(3) NIST SP 800-53 Rev. 4 RA-5 (3) Breadth / Depth Of Coverage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d25cbded-121e-0ed6-1857-dc698c9095b1 Take action in response to customer information Regulatory Compliance NIST_SP_800-53_R4 RA-5(4) NIST_SP_800-53_R4_RA-5(4) NIST SP 800-53 Rev. 4 RA-5 (4) Discoverable Information NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5b802722-71dd-a13d-2e7e-231e09589efb Implement privileged access for executing vulnerability scanning activities Regulatory Compliance NIST_SP_800-53_R4 RA-5(5) NIST_SP_800-53_R4_RA-5(5) NIST SP 800-53 Rev. 4 RA-5 (5) Privileged Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R4 RA-5(6) NIST_SP_800-53_R4_RA-5(6) NIST SP 800-53 Rev. 4 RA-5 (6) Automated Trend Analyses NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-53_R4 RA-5(6) NIST_SP_800-53_R4_RA-5(6) NIST SP 800-53 Rev. 4 RA-5 (6) Automated Trend Analyses NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R4 RA-5(6) NIST_SP_800-53_R4_RA-5(6) NIST SP 800-53 Rev. 4 RA-5 (6) Automated Trend Analyses NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ff136354-1c92-76dc-2dab-80fb7c6a9f1a Observe and report security weaknesses Regulatory Compliance NIST_SP_800-53_R4 RA-5(6) NIST_SP_800-53_R4_RA-5(6) NIST SP 800-53 Rev. 4 RA-5 (6) Automated Trend Analyses NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bf883b14-9c19-0f37-8825-5e39a8b66d5b Perform threat modeling Regulatory Compliance NIST_SP_800-53_R4 RA-5(6) NIST_SP_800-53_R4_RA-5(6) NIST SP 800-53 Rev. 4 RA-5 (6) Automated Trend Analyses NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance NIST_SP_800-53_R4 RA-5(8) NIST_SP_800-53_R4_RA-5(8) NIST SP 800-53 Rev. 4 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance NIST_SP_800-53_R4 RA-5(8) NIST_SP_800-53_R4_RA-5(8) NIST SP 800-53 Rev. 4 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance NIST_SP_800-53_R4 RA-5(8) NIST_SP_800-53_R4_RA-5(8) NIST SP 800-53 Rev. 4 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance NIST_SP_800-53_R4 RA-5(8) NIST_SP_800-53_R4_RA-5(8) NIST SP 800-53 Rev. 4 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance NIST_SP_800-53_R4 RA-5(8) NIST_SP_800-53_R4_RA-5(8) NIST SP 800-53 Rev. 4 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance NIST_SP_800-53_R4 RA-5(8) NIST_SP_800-53_R4_RA-5(8) NIST SP 800-53 Rev. 4 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance NIST_SP_800-53_R4 RA-5(8) NIST_SP_800-53_R4_RA-5(8) NIST SP 800-53 Rev. 4 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance NIST_SP_800-53_R4 RA-5(8) NIST_SP_800-53_R4_RA-5(8) NIST SP 800-53 Rev. 4 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance NIST_SP_800-53_R4 RA-5(8) NIST_SP_800-53_R4_RA-5(8) NIST SP 800-53 Rev. 4 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance NIST_SP_800-53_R4 RA-5(8) NIST_SP_800-53_R4_RA-5(8) NIST SP 800-53 Rev. 4 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance NIST_SP_800-53_R4 RA-5(8) NIST_SP_800-53_R4_RA-5(8) NIST SP 800-53 Rev. 4 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance NIST_SP_800-53_R4 RA-5(8) NIST_SP_800-53_R4_RA-5(8) NIST SP 800-53 Rev. 4 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance NIST_SP_800-53_R4 RA-5(8) NIST_SP_800-53_R4_RA-5(8) NIST SP 800-53 Rev. 4 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a30bd8e9-7064-312a-0e1f-e1b485d59f6e Review exploit protection events Regulatory Compliance NIST_SP_800-53_R4 RA-5(8) NIST_SP_800-53_R4_RA-5(8) NIST SP 800-53 Rev. 4 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance NIST_SP_800-53_R4 RA-5(8) NIST_SP_800-53_R4_RA-5(8) NIST SP 800-53 Rev. 4 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance NIST_SP_800-53_R4 SA-1 NIST_SP_800-53_R4_SA-1 NIST SP 800-53 Rev. 4 SA-1 System And Services Acquisition Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance NIST_SP_800-53_R4 SA-10 NIST_SP_800-53_R4_SA-10 NIST SP 800-53 Rev. 4 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance NIST_SP_800-53_R4 SA-10 NIST_SP_800-53_R4_SA-10 NIST SP 800-53 Rev. 4 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance NIST_SP_800-53_R4 SA-10 NIST_SP_800-53_R4_SA-10 NIST SP 800-53 Rev. 4 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance NIST_SP_800-53_R4 SA-10 NIST_SP_800-53_R4_SA-10 NIST SP 800-53 Rev. 4 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance NIST_SP_800-53_R4 SA-10 NIST_SP_800-53_R4_SA-10 NIST SP 800-53 Rev. 4 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance NIST_SP_800-53_R4 SA-10 NIST_SP_800-53_R4_SA-10 NIST SP 800-53 Rev. 4 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R4 SA-10 NIST_SP_800-53_R4_SA-10 NIST SP 800-53 Rev. 4 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance NIST_SP_800-53_R4 SA-10 NIST_SP_800-53_R4_SA-10 NIST SP 800-53 Rev. 4 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R4 SA-10 NIST_SP_800-53_R4_SA-10 NIST SP 800-53 Rev. 4 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance NIST_SP_800-53_R4 SA-10(1) NIST_SP_800-53_R4_SA-10(1) NIST SP 800-53 Rev. 4 SA-10 (1) Software / Firmware Integrity Verification NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f8a63511-66f1-503f-196d-d6217ee0823a Require developers to produce evidence of security assessment plan execution Regulatory Compliance NIST_SP_800-53_R4 SA-11 NIST_SP_800-53_R4_SA-11 NIST SP 800-53 Rev. 4 SA-11 Developer Security Testing And Evaluation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R4 SA-11 NIST_SP_800-53_R4_SA-11 NIST SP 800-53 Rev. 4 SA-11 Developer Security Testing And Evaluation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R4 SA-11 NIST_SP_800-53_R4_SA-11 NIST SP 800-53 Rev. 4 SA-11 Developer Security Testing And Evaluation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance NIST_SP_800-53_R4 SA-12 NIST_SP_800-53_R4_SA-12 NIST SP 800-53 Rev. 4 SA-12 Supply Chain Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance NIST_SP_800-53_R4 SA-12 NIST_SP_800-53_R4_SA-12 NIST SP 800-53 Rev. 4 SA-12 Supply Chain Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance NIST_SP_800-53_R4 SA-12 NIST_SP_800-53_R4_SA-12 NIST SP 800-53 Rev. 4 SA-12 Supply Chain Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance NIST_SP_800-53_R4 SA-12 NIST_SP_800-53_R4_SA-12 NIST SP 800-53 Rev. 4 SA-12 Supply Chain Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 Review development process, standards and tools Regulatory Compliance NIST_SP_800-53_R4 SA-15 NIST_SP_800-53_R4_SA-15 NIST SP 800-53 Rev. 4 SA-15 Development Process, Standards, And Tools NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
676c3c35-3c36-612c-9523-36d266a65000 Require developers to provide training Regulatory Compliance NIST_SP_800-53_R4 SA-16 NIST_SP_800-53_R4_SA-16 NIST SP 800-53 Rev. 4 SA-16 Developer-Provided Training NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f131c8c5-a54a-4888-1efc-158928924bc1 Require developers to build security architecture Regulatory Compliance NIST_SP_800-53_R4 SA-17 NIST_SP_800-53_R4_SA-17 NIST SP 800-53 Rev. 4 SA-17 Developer Security Architecture And Design NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3e37c891-840c-3eb4-78d2-e2e0bb5063e0 Require developers to describe accurate security functionality Regulatory Compliance NIST_SP_800-53_R4 SA-17 NIST_SP_800-53_R4_SA-17 NIST SP 800-53 Rev. 4 SA-17 Developer Security Architecture And Design NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7a114735-a420-057d-a651-9a73cd0416ef Require developers to provide unified security protection approach Regulatory Compliance NIST_SP_800-53_R4 SA-17 NIST_SP_800-53_R4_SA-17 NIST SP 800-53 Rev. 4 SA-17 Developer Security Architecture And Design NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance NIST_SP_800-53_R4 SA-2 NIST_SP_800-53_R4_SA-2 NIST SP 800-53 Rev. 4 SA-2 Allocation Of Resources NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
90a156a6-49ed-18d1-1052-69aac27c05cd Allocate resources in determining information system requirements Regulatory Compliance NIST_SP_800-53_R4 SA-2 NIST_SP_800-53_R4_SA-2 NIST SP 800-53 Rev. 4 SA-2 Allocation Of Resources NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ab02bb73-4ce1-89dd-3905-d93042809ba0 Align business objectives and IT goals Regulatory Compliance NIST_SP_800-53_R4 SA-2 NIST_SP_800-53_R4_SA-2 NIST SP 800-53 Rev. 4 SA-2 Allocation Of Resources NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
06af77de-02ca-0f3e-838a-a9420fe466f5 Establish a discrete line item in budgeting documentation Regulatory Compliance NIST_SP_800-53_R4 SA-2 NIST_SP_800-53_R4_SA-2 NIST SP 800-53 Rev. 4 SA-2 Allocation Of Resources NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources Regulatory Compliance NIST_SP_800-53_R4 SA-2 NIST_SP_800-53_R4_SA-2 NIST SP 800-53 Rev. 4 SA-2 Allocation Of Resources NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership Regulatory Compliance NIST_SP_800-53_R4 SA-2 NIST_SP_800-53_R4_SA-2 NIST SP 800-53 Rev. 4 SA-2 Allocation Of Resources NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance NIST_SP_800-53_R4 SA-3 NIST_SP_800-53_R4_SA-3 NIST SP 800-53 Rev. 4 SA-3 System Development Life Cycle NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance NIST_SP_800-53_R4 SA-3 NIST_SP_800-53_R4_SA-3 NIST SP 800-53 Rev. 4 SA-3 System Development Life Cycle NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance NIST_SP_800-53_R4 SA-3 NIST_SP_800-53_R4_SA-3 NIST SP 800-53 Rev. 4 SA-3 System Development Life Cycle NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance NIST_SP_800-53_R4 SA-4 NIST_SP_800-53_R4_SA-4 NIST SP 800-53 Rev. 4 SA-4 Acquisition Process NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance NIST_SP_800-53_R4 SA-4 NIST_SP_800-53_R4_SA-4 NIST SP 800-53 Rev. 4 SA-4 Acquisition Process NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance NIST_SP_800-53_R4 SA-4 NIST_SP_800-53_R4_SA-4 NIST SP 800-53 Rev. 4 SA-4 Acquisition Process NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance NIST_SP_800-53_R4 SA-4 NIST_SP_800-53_R4_SA-4 NIST SP 800-53 Rev. 4 SA-4 Acquisition Process NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance NIST_SP_800-53_R4 SA-4 NIST_SP_800-53_R4_SA-4 NIST SP 800-53 Rev. 4 SA-4 Acquisition Process NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance NIST_SP_800-53_R4 SA-4 NIST_SP_800-53_R4_SA-4 NIST SP 800-53 Rev. 4 SA-4 Acquisition Process NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance NIST_SP_800-53_R4 SA-4 NIST_SP_800-53_R4_SA-4 NIST SP 800-53 Rev. 4 SA-4 Acquisition Process NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance NIST_SP_800-53_R4 SA-4 NIST_SP_800-53_R4_SA-4 NIST SP 800-53 Rev. 4 SA-4 Acquisition Process NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance NIST_SP_800-53_R4 SA-4 NIST_SP_800-53_R4_SA-4 NIST SP 800-53 Rev. 4 SA-4 Acquisition Process NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance NIST_SP_800-53_R4 SA-4 NIST_SP_800-53_R4_SA-4 NIST SP 800-53 Rev. 4 SA-4 Acquisition Process NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance NIST_SP_800-53_R4 SA-4 NIST_SP_800-53_R4_SA-4 NIST SP 800-53 Rev. 4 SA-4 Acquisition Process NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
44b71aa8-099d-8b97-1557-0e853ec38e0d Obtain functional properties of security controls Regulatory Compliance NIST_SP_800-53_R4 SA-4(1) NIST_SP_800-53_R4_SA-4(1) NIST SP 800-53 Rev. 4 SA-4 (1) Functional Properties Of Security Controls NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8b333332-6efd-7c0d-5a9f-d1eb95105214 Employ FIPS 201-approved technology for PIV Regulatory Compliance NIST_SP_800-53_R4 SA-4(10) NIST_SP_800-53_R4_SA-4(10) NIST SP 800-53 Rev. 4 SA-4 (10) Use Of Approved Piv Products NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
22a02c9a-49e4-5dc9-0d14-eb35ad717154 Obtain design and implementation information for the security controls Regulatory Compliance NIST_SP_800-53_R4 SA-4(2) NIST_SP_800-53_R4_SA-4(2) NIST SP 800-53 Rev. 4 SA-4 (2) Design / Implementation Information For Security Controls NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ca6d7878-3189-1833-4620-6c7254ed1607 Obtain continuous monitoring plan for security controls Regulatory Compliance NIST_SP_800-53_R4 SA-4(8) NIST_SP_800-53_R4_SA-4(8) NIST SP 800-53 Rev. 4 SA-4 (8) Continuous Monitoring Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f6da5cca-5795-60ff-49e1-4972567815fe Require developer to identify SDLC ports, protocols, and services Regulatory Compliance NIST_SP_800-53_R4 SA-4(9) NIST_SP_800-53_R4_SA-4(9) NIST SP 800-53 Rev. 4 SA-4 (9) Functions / Ports / Protocols / Services In Use NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
be1c34ab-295a-07a6-785c-36f63c1d223e Obtain user security function documentation Regulatory Compliance NIST_SP_800-53_R4 SA-5 NIST_SP_800-53_R4_SA-5 NIST SP 800-53 Rev. 4 SA-5 Information System Documentation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3f1216b0-30ee-1ac9-3899-63eb744e85f5 Obtain Admin documentation Regulatory Compliance NIST_SP_800-53_R4 SA-5 NIST_SP_800-53_R4_SA-5 NIST SP 800-53 Rev. 4 SA-5 Information System Documentation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8c44a0ea-9b09-4d9c-0e91-f9bee3d05bfb Document customer-defined actions Regulatory Compliance NIST_SP_800-53_R4 SA-5 NIST_SP_800-53_R4_SA-5 NIST SP 800-53 Rev. 4 SA-5 Information System Documentation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
09960521-759e-5d12-086f-4192a72a5e92 Protect administrator and user documentation Regulatory Compliance NIST_SP_800-53_R4 SA-5 NIST_SP_800-53_R4_SA-5 NIST SP 800-53 Rev. 4 SA-5 Information System Documentation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
84a01872-5318-049e-061e-d56734183e84 Distribute information system documentation Regulatory Compliance NIST_SP_800-53_R4 SA-5 NIST_SP_800-53_R4_SA-5 NIST SP 800-53 Rev. 4 SA-5 Information System Documentation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance NIST_SP_800-53_R4 SA-9 NIST_SP_800-53_R4_SA-9 NIST SP 800-53 Rev. 4 SA-9 External Information System Services NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance NIST_SP_800-53_R4 SA-9 NIST_SP_800-53_R4_SA-9 NIST SP 800-53 Rev. 4 SA-9 External Information System Services NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance NIST_SP_800-53_R4 SA-9 NIST_SP_800-53_R4_SA-9 NIST SP 800-53 Rev. 4 SA-9 External Information System Services NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance NIST_SP_800-53_R4 SA-9 NIST_SP_800-53_R4_SA-9 NIST SP 800-53 Rev. 4 SA-9 External Information System Services NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance NIST_SP_800-53_R4 SA-9(1) NIST_SP_800-53_R4_SA-9(1) NIST SP 800-53 Rev. 4 SA-9 (1) Risk Assessments / Organizational Approvals NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
92b94485-1c49-3350-9ada-dffe94f08e87 Obtain approvals for acquisitions and outsourcing Regulatory Compliance NIST_SP_800-53_R4 SA-9(1) NIST_SP_800-53_R4_SA-9(1) NIST SP 800-53 Rev. 4 SA-9 (1) Risk Assessments / Organizational Approvals NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance NIST_SP_800-53_R4 SA-9(2) NIST_SP_800-53_R4_SA-9(2) NIST SP 800-53 Rev. 4 SA-9 (2) Identification Of Functions / Ports / Protocols / Services NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3eabed6d-1912-2d3c-858b-f438d08d0412 Ensure external providers consistently meet interests of the customers Regulatory Compliance NIST_SP_800-53_R4 SA-9(4) NIST_SP_800-53_R4_SA-9(4) NIST SP 800-53 Rev. 4 SA-9 (4) Consistent Interests Of Consumers And Providers NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0040d2e5-2779-170d-6a2c-1f5fca353335 Restrict location of information processing, storage and services Regulatory Compliance NIST_SP_800-53_R4 SA-9(5) NIST_SP_800-53_R4_SA-9(5) NIST SP 800-53 Rev. 4 SA-9 (5) Processing, Storage, And Service Location NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance NIST_SP_800-53_R4 SC-1 NIST_SP_800-53_R4_SC-1 NIST SP 800-53 Rev. 4 SC-1 System And Communications Protection Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance NIST_SP_800-53_R4 SC-10 NIST_SP_800-53_R4_SC-10 NIST SP 800-53 Rev. 4 SC-10 Network Disconnect NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
51522a96-0869-4791-82f3-981000c2c67f Bot Service should be encrypted with a customer-managed key Bot Service NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
64d314f6-6062-4780-a861-c23e8951bee5 Azure HDInsight clusters should use customer-managed keys to encrypt data at rest HDInsight NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Azure AI Services resources should encrypt data at rest with a customer-managed key (CMK) Cognitive Services NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fa298e57-9444-42ba-bf04-86e8470e32c7 Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption Monitoring NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6 Azure HDInsight clusters should use encryption at host to encrypt data at rest HDInsight NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4ec52d6d-beb7-40c4-9a9e-fe753254690e Azure data factories should be encrypted with a customer-managed key Data Factory NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
86efb160-8de7-451d-bc08-5d475b0aadae Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password Data Box NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
970f84d8-71b6-4091-9979-ace7e3fb6dbb HPC Cache accounts should use customer-managed key for encryption Storage NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a1ad735a-e96f-45d2-a7b2-9a4932cab7ec Event Hub namespaces should use a customer-managed key for encryption Event Hub NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
295fc8b1-dc9f-4f53-9c61-3f313ceab40a Service Bus Premium namespaces should use a customer-managed key for encryption Service Bus NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
702dd420-7fcc-42c5-afe8-4026edd20fe0 OS and data disks should be encrypted with a customer-managed key Compute NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f7d52b2d-e161-4dfa-a82b-55e564167385 Azure Synapse workspaces should use customer-managed keys to encrypt data at rest Synapse NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1f68a601-6e6d-4e42-babf-3f643a047ea2 Azure Monitor Logs clusters should be encrypted with customer-managed key Monitoring NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
99e9ccd8-3db9-4592-b0d1-14b1715a4d8a Azure Batch account should use customer-managed keys to encrypt data Batch NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5 Logic Apps Integration Service Environment should be encrypted with customer-managed keys Logic Apps NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys Kubernetes NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3ad7f0bc-3d03-0585-4d24-529779bb02c2 Maintain availability of information Regulatory Compliance NIST_SP_800-53_R4 SC-12(1) NIST_SP_800-53_R4_SC-12(1) NIST SP 800-53 Rev. 4 SC-12 (1) Availability NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
16c54e01-9e65-7524-7c33-beda48a75779 Produce, control and distribute symmetric cryptographic keys Regulatory Compliance NIST_SP_800-53_R4 SC-12(2) NIST_SP_800-53_R4_SC-12(2) NIST SP 800-53 Rev. 4 SC-12 (2) Symmetric Keys NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance NIST_SP_800-53_R4 SC-12(3) NIST_SP_800-53_R4_SC-12(3) NIST SP 800-53 Rev. 4 SC-12 (3) Asymmetric Keys NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance NIST_SP_800-53_R4 SC-13 NIST_SP_800-53_R4_SC-13 NIST SP 800-53 Rev. 4 SC-13 Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
678ca228-042d-6d8e-a598-c58d5670437d Prohibit remote activation of collaborative computing devices Regulatory Compliance NIST_SP_800-53_R4 SC-15 NIST_SP_800-53_R4_SC-15 NIST SP 800-53 Rev. 4 SC-15 Collaborative Computing Devices NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
62fa14f0-4cbe-762d-5469-0899a99b98aa Explicitly notify use of collaborative computing devices Regulatory Compliance NIST_SP_800-53_R4 SC-15 NIST_SP_800-53_R4_SC-15 NIST SP 800-53 Rev. 4 SC-15 Collaborative Computing Devices NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance NIST_SP_800-53_R4 SC-17 NIST_SP_800-53_R4_SC-17 NIST SP 800-53 Rev. 4 SC-17 Public Key Infrastructure Certificates NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
291f20d4-8d93-1d73-89f3-6ce28b825563 Authorize, monitor, and control usage of mobile code technologies Regulatory Compliance NIST_SP_800-53_R4 SC-18 NIST_SP_800-53_R4_SC-18 NIST SP 800-53 Rev. 4 SC-18 Mobile Code NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ffdaa742-0d6f-726f-3eac-6e6c34e36c93 Establish usage restrictions for mobile code technologies Regulatory Compliance NIST_SP_800-53_R4 SC-18 NIST_SP_800-53_R4_SC-18 NIST SP 800-53 Rev. 4 SC-18 Mobile Code NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance NIST_SP_800-53_R4 SC-18 NIST_SP_800-53_R4_SC-18 NIST SP 800-53 Rev. 4 SC-18 Mobile Code NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance NIST_SP_800-53_R4 SC-19 NIST_SP_800-53_R4_SC-19 NIST SP 800-53 Rev. 4 SC-19 Voice Over Internet Protocol NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
68a39c2b-0f17-69ee-37a3-aa10f9853a08 Establish voip usage restrictions Regulatory Compliance NIST_SP_800-53_R4 SC-19 NIST_SP_800-53_R4_SC-19 NIST SP 800-53 Rev. 4 SC-19 Voice Over Internet Protocol NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance NIST_SP_800-53_R4 SC-2 NIST_SP_800-53_R4_SC-2 NIST SP 800-53 Rev. 4 SC-2 Application Partitioning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance NIST_SP_800-53_R4 SC-2 NIST_SP_800-53_R4_SC-2 NIST SP 800-53 Rev. 4 SC-2 Application Partitioning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance NIST_SP_800-53_R4 SC-2 NIST_SP_800-53_R4_SC-2 NIST SP 800-53 Rev. 4 SC-2 Application Partitioning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance NIST_SP_800-53_R4 SC-20 NIST_SP_800-53_R4_SC-20 NIST SP 800-53 Rev. 4 SC-20 Secure Name /Address Resolution Service (Authoritative Source) NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance NIST_SP_800-53_R4 SC-20 NIST_SP_800-53_R4_SC-20 NIST SP 800-53 Rev. 4 SC-20 Secure Name /Address Resolution Service (Authoritative Source) NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance NIST_SP_800-53_R4 SC-21 NIST_SP_800-53_R4_SC-21 NIST SP 800-53 Rev. 4 SC-21 Secure Name /Address Resolution Service (Recursive Or Caching Resolver) NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance NIST_SP_800-53_R4 SC-21 NIST_SP_800-53_R4_SC-21 NIST SP 800-53 Rev. 4 SC-21 Secure Name /Address Resolution Service (Recursive Or Caching Resolver) NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance NIST_SP_800-53_R4 SC-22 NIST_SP_800-53_R4_SC-22 NIST SP 800-53 Rev. 4 SC-22 Architecture And Provisioning For Name/Address Resolution Service NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance NIST_SP_800-53_R4 SC-23 NIST_SP_800-53_R4_SC-23 NIST SP 800-53 Rev. 4 SC-23 Session Authenticity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c7d57a6a-7cc2-66c0-299f-83bf90558f5d Enforce random unique session identifiers Regulatory Compliance NIST_SP_800-53_R4 SC-23 NIST_SP_800-53_R4_SC-23 NIST SP 800-53 Rev. 4 SC-23 Session Authenticity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
396f465d-375e-57de-58ba-021adb008191 Invalidate session identifiers at logout Regulatory Compliance NIST_SP_800-53_R4 SC-23(1) NIST_SP_800-53_R4_SC-23(1) NIST SP 800-53 Rev. 4 SC-23 (1) Invalidate Session Identifiers At Logout NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance NIST_SP_800-53_R4 SC-24 NIST_SP_800-53_R4_SC-24 NIST SP 800-53 Rev. 4 SC-24 Fail In Known State NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b4ac1030-89c5-4697-8e00-28b5ba6a8811 Azure Stack Edge devices should use double-encryption Azure Stack Edge NIST_SP_800-53_R4 SC-28 NIST_SP_800-53_R4_SC-28 NIST SP 800-53 Rev. 4 SC-28 Protection Of Information At Rest NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation NIST_SP_800-53_R4 SC-28 NIST_SP_800-53_R4_SC-28 NIST SP 800-53 Rev. 4 SC-28 Protection Of Information At Rest NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c349d81b-9985-44ae-a8da-ff98d108ede8 Azure Data Box jobs should enable double encryption for data at rest on the device Data Box NIST_SP_800-53_R4 SC-28 NIST_SP_800-53_R4_SC-28 NIST SP 800-53 Rev. 4 SC-28 Protection Of Information At Rest NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Double encryption should be enabled on Azure Data Explorer Azure Data Explorer NIST_SP_800-53_R4 SC-28 NIST_SP_800-53_R4_SC-28 NIST SP 800-53 Rev. 4 SC-28 Protection Of Information At Rest NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric NIST_SP_800-53_R4 SC-28 NIST_SP_800-53_R4_SC-28 NIST SP 800-53 Rev. 4 SC-28 Protection Of Information At Rest NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance NIST_SP_800-53_R4 SC-28 NIST_SP_800-53_R4_SC-28 NIST SP 800-53 Rev. 4 SC-28 Protection Of Information At Rest NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance NIST_SP_800-53_R4 SC-28 NIST_SP_800-53_R4_SC-28 NIST SP 800-53 Rev. 4 SC-28 Protection Of Information At Rest NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL NIST_SP_800-53_R4 SC-28 NIST_SP_800-53_R4_SC-28 NIST SP 800-53 Rev. 4 SC-28 Protection Of Information At Rest NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage NIST_SP_800-53_R4 SC-28 NIST_SP_800-53_R4_SC-28 NIST SP 800-53 Rev. 4 SC-28 Protection Of Information At Rest NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer NIST_SP_800-53_R4 SC-28 NIST_SP_800-53_R4_SC-28 NIST SP 800-53 Rev. 4 SC-28 Protection Of Information At Rest NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
41425d9f-d1a5-499a-9932-f8ed8453932c Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host Kubernetes NIST_SP_800-53_R4 SC-28 NIST_SP_800-53_R4_SC-28 NIST SP 800-53 Rev. 4 SC-28 Protection Of Information At Rest NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute NIST_SP_800-53_R4 SC-28 NIST_SP_800-53_R4_SC-28 NIST SP 800-53 Rev. 4 SC-28 Protection Of Information At Rest NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL NIST_SP_800-53_R4 SC-28 NIST_SP_800-53_R4_SC-28 NIST SP 800-53 Rev. 4 SC-28 Protection Of Information At Rest NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fb74e86f-d351-4b8d-b034-93da7391c01f App Service Environment should have internal encryption enabled App Service NIST_SP_800-53_R4 SC-28 NIST_SP_800-53_R4_SC-28 NIST SP 800-53 Rev. 4 SC-28 Protection Of Information At Rest NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ea0dfaed-95fb-448c-934e-d6e713ce393d Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) Monitoring NIST_SP_800-53_R4 SC-28 NIST_SP_800-53_R4_SC-28 NIST SP 800-53 Rev. 4 SC-28 Protection Of Information At Rest NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3a58212a-c829-4f13-9872-6371df2fd0b4 Infrastructure encryption should be enabled for Azure Database for MySQL servers SQL NIST_SP_800-53_R4 SC-28 NIST_SP_800-53_R4_SC-28 NIST SP 800-53 Rev. 4 SC-28 Protection Of Information At Rest NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL NIST_SP_800-53_R4 SC-28(1) NIST_SP_800-53_R4_SC-28(1) NIST SP 800-53 Rev. 4 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
41425d9f-d1a5-499a-9932-f8ed8453932c Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host Kubernetes NIST_SP_800-53_R4 SC-28(1) NIST_SP_800-53_R4_SC-28(1) NIST SP 800-53 Rev. 4 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute NIST_SP_800-53_R4 SC-28(1) NIST_SP_800-53_R4_SC-28(1) NIST SP 800-53 Rev. 4 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage NIST_SP_800-53_R4 SC-28(1) NIST_SP_800-53_R4_SC-28(1) NIST SP 800-53 Rev. 4 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3a58212a-c829-4f13-9872-6371df2fd0b4 Infrastructure encryption should be enabled for Azure Database for MySQL servers SQL NIST_SP_800-53_R4 SC-28(1) NIST_SP_800-53_R4_SC-28(1) NIST SP 800-53 Rev. 4 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL NIST_SP_800-53_R4 SC-28(1) NIST_SP_800-53_R4_SC-28(1) NIST SP 800-53 Rev. 4 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fb74e86f-d351-4b8d-b034-93da7391c01f App Service Environment should have internal encryption enabled App Service NIST_SP_800-53_R4 SC-28(1) NIST_SP_800-53_R4_SC-28(1) NIST SP 800-53 Rev. 4 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Double encryption should be enabled on Azure Data Explorer Azure Data Explorer NIST_SP_800-53_R4 SC-28(1) NIST_SP_800-53_R4_SC-28(1) NIST SP 800-53 Rev. 4 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R4 SC-28(1) NIST_SP_800-53_R4_SC-28(1) NIST SP 800-53 Rev. 4 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric NIST_SP_800-53_R4 SC-28(1) NIST_SP_800-53_R4_SC-28(1) NIST SP 800-53 Rev. 4 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance NIST_SP_800-53_R4 SC-28(1) NIST_SP_800-53_R4_SC-28(1) NIST SP 800-53 Rev. 4 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c349d81b-9985-44ae-a8da-ff98d108ede8 Azure Data Box jobs should enable double encryption for data at rest on the device Data Box NIST_SP_800-53_R4 SC-28(1) NIST_SP_800-53_R4_SC-28(1) NIST SP 800-53 Rev. 4 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation NIST_SP_800-53_R4 SC-28(1) NIST_SP_800-53_R4_SC-28(1) NIST SP 800-53 Rev. 4 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b4ac1030-89c5-4697-8e00-28b5ba6a8811 Azure Stack Edge devices should use double-encryption Azure Stack Edge NIST_SP_800-53_R4 SC-28(1) NIST_SP_800-53_R4_SC-28(1) NIST SP 800-53 Rev. 4 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ea0dfaed-95fb-448c-934e-d6e713ce393d Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) Monitoring NIST_SP_800-53_R4 SC-28(1) NIST_SP_800-53_R4_SC-28(1) NIST SP 800-53 Rev. 4 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer NIST_SP_800-53_R4 SC-28(1) NIST_SP_800-53_R4_SC-28(1) NIST SP 800-53 Rev. 4 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R4 SC-3 NIST_SP_800-53_R4_SC-3 NIST SP 800-53 Rev. 4 SC-3 Security Function Isolation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration NIST_SP_800-53_R4 SC-3 NIST_SP_800-53_R4_SC-3 NIST SP 800-53 Rev. 4 SC-3 Security Function Isolation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bfc540fe-376c-2eef-4355-121312fa4437 Maintain separate execution domains for running processes Regulatory Compliance NIST_SP_800-53_R4 SC-39 NIST_SP_800-53_R4_SC-39 NIST SP 800-53 Rev. 4 SC-39 Process Isolation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center NIST_SP_800-53_R4 SC-5 NIST_SP_800-53_R4_SC-5 NIST SP 800-53 Rev. 4 SC-5 Denial Of Service Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center NIST_SP_800-53_R4 SC-5 NIST_SP_800-53_R4_SC-5 NIST SP 800-53 Rev. 4 SC-5 Denial Of Service Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b7306e73-0494-83a2-31f5-280e934a8f70 Develop and document a DDoS response plan Regulatory Compliance NIST_SP_800-53_R4 SC-5 NIST_SP_800-53_R4_SC-5 NIST SP 800-53 Rev. 4 SC-5 Denial Of Service Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NIST_SP_800-53_R4 SC-5 NIST_SP_800-53_R4_SC-5 NIST SP 800-53 Rev. 4 SC-5 Denial Of Service Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NIST_SP_800-53_R4 SC-5 NIST_SP_800-53_R4_SC-5 NIST SP 800-53 Rev. 4 SC-5 Denial Of Service Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources Regulatory Compliance NIST_SP_800-53_R4 SC-6 NIST_SP_800-53_R4_SC-6 NIST SP 800-53 Rev. 4 SC-6 Resource Availability NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
edcc36f1-511b-81e0-7125-abee29752fe7 Manage availability and capacity Regulatory Compliance NIST_SP_800-53_R4 SC-6 NIST_SP_800-53_R4_SC-6 NIST SP 800-53 Rev. 4 SC-6 Resource Availability NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership Regulatory Compliance NIST_SP_800-53_R4 SC-6 NIST_SP_800-53_R4_SC-6 NIST SP 800-53 Rev. 4 SC-6 Resource Availability NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure AI Search services should disable public network access Search NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance NIST_SP_800-53_R4 SC-7(12) NIST_SP_800-53_R4_SC-7(12) NIST SP 800-53 Rev. 4 SC-7 (12) Host-Based Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
dd6d00a8-701a-5935-a22b-c7b9c0c698b2 Isolate SecurID systems, Security Incident Management systems Regulatory Compliance NIST_SP_800-53_R4 SC-7(13) NIST_SP_800-53_R4_SC-7(13) NIST SP 800-53 Rev. 4 SC-7 (13) Isolation Of Security Tools / Mechanisms / Support Components NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
df54d34f-65f3-39f1-103c-a0464b8615df Manage transfers between standby and active system components Regulatory Compliance NIST_SP_800-53_R4 SC-7(18) NIST_SP_800-53_R4_SC-7(18) NIST SP 800-53 Rev. 4 SC-7 (18) Fail Secure NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance NIST_SP_800-53_R4 SC-7(18) NIST_SP_800-53_R4_SC-7(18) NIST SP 800-53 Rev. 4 SC-7 (18) Fail Secure NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
83eea3d3-0d2c-9ccd-1021-2111b29b2a62 Ensure system capable of dynamic isolation of resources Regulatory Compliance NIST_SP_800-53_R4 SC-7(20) NIST_SP_800-53_R4_SC-7(20) NIST SP 800-53 Rev. 4 SC-7 (20) Dynamic Isolation / Segregation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance NIST_SP_800-53_R4 SC-7(21) NIST_SP_800-53_R4_SC-7(21) NIST SP 800-53 Rev. 4 SC-7 (21) Isolation Of Information System Components NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure AI Search services should disable public network access Search NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance NIST_SP_800-53_R4 SC-7(4) NIST_SP_800-53_R4_SC-7(4) NIST SP 800-53 Rev. 4 SC-7 (4) External Telecommunications Services NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance NIST_SP_800-53_R4 SC-7(4) NIST_SP_800-53_R4_SC-7(4) NIST SP 800-53 Rev. 4 SC-7 (4) External Telecommunications Services NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance NIST_SP_800-53_R4 SC-7(4) NIST_SP_800-53_R4_SC-7(4) NIST SP 800-53 Rev. 4 SC-7 (4) External Telecommunications Services NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance NIST_SP_800-53_R4 SC-7(7) NIST_SP_800-53_R4_SC-7(7) NIST SP 800-53 Rev. 4 SC-7 (7) Prevent Split Tunneling For Remote Devices NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d91558ce-5a5c-551b-8fbb-83f793255e09 Route traffic through authenticated proxy network Regulatory Compliance NIST_SP_800-53_R4 SC-7(8) NIST_SP_800-53_R4_SC-7(8) NIST SP 800-53 Rev. 4 SC-7 (8) Route Traffic To Authenticated Proxy Servers NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance NIST_SP_800-53_R4 SC-8 NIST_SP_800-53_R4_SC-8 NIST SP 800-53 Rev. 4 SC-8 Transmission Confidentiality And Integrity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL NIST_SP_800-53_R4 SC-8 NIST_SP_800-53_R4_SC-8 NIST SP 800-53 Rev. 4 SC-8 Transmission Confidentiality And Integrity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL NIST_SP_800-53_R4 SC-8 NIST_SP_800-53_R4_SC-8 NIST SP 800-53 Rev. 4 SC-8 Transmission Confidentiality And Integrity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration NIST_SP_800-53_R4 SC-8 NIST_SP_800-53_R4_SC-8 NIST SP 800-53 Rev. 4 SC-8 Transmission Confidentiality And Integrity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes NIST_SP_800-53_R4 SC-8 NIST_SP_800-53_R4_SC-8 NIST SP 800-53 Rev. 4 SC-8 Transmission Confidentiality And Integrity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d9da03a1-f3c3-412a-9709-947156872263 Azure HDInsight clusters should use encryption in transit to encrypt communication between Azure HDInsight cluster nodes HDInsight NIST_SP_800-53_R4 SC-8 NIST_SP_800-53_R4_SC-8 NIST SP 800-53 Rev. 4 SC-8 Transmission Confidentiality And Integrity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache NIST_SP_800-53_R4 SC-8 NIST_SP_800-53_R4_SC-8 NIST SP 800-53 Rev. 4 SC-8 Transmission Confidentiality And Integrity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NIST_SP_800-53_R4 SC-8 NIST_SP_800-53_R4_SC-8 NIST SP 800-53 Rev. 4 SC-8 Transmission Confidentiality And Integrity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service NIST_SP_800-53_R4 SC-8 NIST_SP_800-53_R4_SC-8 NIST SP 800-53 Rev. 4 SC-8 Transmission Confidentiality And Integrity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service NIST_SP_800-53_R4 SC-8 NIST_SP_800-53_R4_SC-8 NIST SP 800-53 Rev. 4 SC-8 Transmission Confidentiality And Integrity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service NIST_SP_800-53_R4 SC-8 NIST_SP_800-53_R4_SC-8 NIST SP 800-53 Rev. 4 SC-8 Transmission Confidentiality And Integrity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service NIST_SP_800-53_R4 SC-8 NIST_SP_800-53_R4_SC-8 NIST SP 800-53 Rev. 4 SC-8 Transmission Confidentiality And Integrity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service NIST_SP_800-53_R4 SC-8 NIST_SP_800-53_R4_SC-8 NIST SP 800-53 Rev. 4 SC-8 Transmission Confidentiality And Integrity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service NIST_SP_800-53_R4 SC-8 NIST_SP_800-53_R4_SC-8 NIST SP 800-53 Rev. 4 SC-8 Transmission Confidentiality And Integrity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance NIST_SP_800-53_R4 SC-8 NIST_SP_800-53_R4_SC-8 NIST SP 800-53 Rev. 4 SC-8 Transmission Confidentiality And Integrity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration NIST_SP_800-53_R4 SC-8(1) NIST_SP_800-53_R4_SC-8(1) NIST SP 800-53 Rev. 4 SC-8 (1) Cryptographic Or Alternate Physical Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service NIST_SP_800-53_R4 SC-8(1) NIST_SP_800-53_R4_SC-8(1) NIST SP 800-53 Rev. 4 SC-8 (1) Cryptographic Or Alternate Physical Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service NIST_SP_800-53_R4 SC-8(1) NIST_SP_800-53_R4_SC-8(1) NIST SP 800-53 Rev. 4 SC-8 (1) Cryptographic Or Alternate Physical Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes NIST_SP_800-53_R4 SC-8(1) NIST_SP_800-53_R4_SC-8(1) NIST SP 800-53 Rev. 4 SC-8 (1) Cryptographic Or Alternate Physical Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service NIST_SP_800-53_R4 SC-8(1) NIST_SP_800-53_R4_SC-8(1) NIST SP 800-53 Rev. 4 SC-8 (1) Cryptographic Or Alternate Physical Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL NIST_SP_800-53_R4 SC-8(1) NIST_SP_800-53_R4_SC-8(1) NIST SP 800-53 Rev. 4 SC-8 (1) Cryptographic Or Alternate Physical Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL NIST_SP_800-53_R4 SC-8(1) NIST_SP_800-53_R4_SC-8(1) NIST SP 800-53 Rev. 4 SC-8 (1) Cryptographic Or Alternate Physical Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service NIST_SP_800-53_R4 SC-8(1) NIST_SP_800-53_R4_SC-8(1) NIST SP 800-53 Rev. 4 SC-8 (1) Cryptographic Or Alternate Physical Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service NIST_SP_800-53_R4 SC-8(1) NIST_SP_800-53_R4_SC-8(1) NIST SP 800-53 Rev. 4 SC-8 (1) Cryptographic Or Alternate Physical Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance NIST_SP_800-53_R4 SC-8(1) NIST_SP_800-53_R4_SC-8(1) NIST SP 800-53 Rev. 4 SC-8 (1) Cryptographic Or Alternate Physical Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service NIST_SP_800-53_R4 SC-8(1) NIST_SP_800-53_R4_SC-8(1) NIST SP 800-53 Rev. 4 SC-8 (1) Cryptographic Or Alternate Physical Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache NIST_SP_800-53_R4 SC-8(1) NIST_SP_800-53_R4_SC-8(1) NIST SP 800-53 Rev. 4 SC-8 (1) Cryptographic Or Alternate Physical Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d9da03a1-f3c3-412a-9709-947156872263 Azure HDInsight clusters should use encryption in transit to encrypt communication between Azure HDInsight cluster nodes HDInsight NIST_SP_800-53_R4 SC-8(1) NIST_SP_800-53_R4_SC-8(1) NIST SP 800-53 Rev. 4 SC-8 (1) Cryptographic Or Alternate Physical Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NIST_SP_800-53_R4 SC-8(1) NIST_SP_800-53_R4_SC-8(1) NIST SP 800-53 Rev. 4 SC-8 (1) Cryptographic Or Alternate Physical Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance NIST_SP_800-53_R4 SI-1 NIST_SP_800-53_R4_SI-1 NIST SP 800-53 Rev. 4 SI-1 System And Information Integrity Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8b1f29eb-1b22-4217-5337-9207cb55231e Perform information input validation Regulatory Compliance NIST_SP_800-53_R4 SI-10 NIST_SP_800-53_R4_SI-10 NIST SP 800-53 Rev. 4 SI-10 Information Input Validation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c2cb4658-44dc-9d11-3dad-7c6802dd5ba3 Generate error messages Regulatory Compliance NIST_SP_800-53_R4 SI-11 NIST_SP_800-53_R4_SI-11 NIST SP 800-53 Rev. 4 SI-11 Error Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
20762f1e-85fb-31b0-a600-e833633f10fe Reveal error messages Regulatory Compliance NIST_SP_800-53_R4 SI-11 NIST_SP_800-53_R4_SI-11 NIST SP 800-53 Rev. 4 SI-11 Error Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance NIST_SP_800-53_R4 SI-12 NIST_SP_800-53_R4_SI-12 NIST SP 800-53 Rev. 4 SI-12 Information Handling And Retention NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance NIST_SP_800-53_R4 SI-12 NIST_SP_800-53_R4_SI-12 NIST SP 800-53 Rev. 4 SI-12 Information Handling And Retention NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance NIST_SP_800-53_R4 SI-12 NIST_SP_800-53_R4_SI-12 NIST SP 800-53 Rev. 4 SI-12 Information Handling And Retention NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R4 SI-16 NIST_SP_800-53_R4_SI-16 NIST SP 800-53 Rev. 4 SI-16 Memory Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration NIST_SP_800-53_R4 SI-16 NIST_SP_800-53_R4_SI-16 NIST SP 800-53 Rev. 4 SI-16 Memory Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R4 SI-2(2) NIST_SP_800-53_R4_SI-2(2) NIST SP 800-53 Rev. 4 SI-2 (2) Automated Flaw Remediation Status NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a90c4d44-7fac-8e02-6d5b-0d92046b20e6 Automate flaw remediation Regulatory Compliance NIST_SP_800-53_R4 SI-2(2) NIST_SP_800-53_R4_SI-2(2) NIST SP 800-53 Rev. 4 SI-2 (2) Automated Flaw Remediation Status NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
dad1887d-161b-7b61-2e4d-5124a7b5724e Measure the time between flaw identification and flaw remediation Regulatory Compliance NIST_SP_800-53_R4 SI-2(3) NIST_SP_800-53_R4_SI-2(3) NIST SP 800-53 Rev. 4 SI-2 (3) Time To Remediate Flaws / Benchmarks For Corrective Actions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
dd2523d5-2db3-642b-a1cf-83ac973b32c2 Establish benchmarks for flaw remediation Regulatory Compliance NIST_SP_800-53_R4 SI-2(3) NIST_SP_800-53_R4_SI-2(3) NIST SP 800-53 Rev. 4 SI-2 (3) Time To Remediate Flaws / Benchmarks For Corrective Actions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service NIST_SP_800-53_R4 SI-2(6) NIST_SP_800-53_R4_SI-2(6) NIST SP 800-53 Rev. 4 SI-2 (6) Removal of Previous Versions of Software / Firmware NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service NIST_SP_800-53_R4 SI-2(6) NIST_SP_800-53_R4_SI-2(6) NIST SP 800-53 Rev. 4 SI-2 (6) Removal of Previous Versions of Software / Firmware NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center NIST_SP_800-53_R4 SI-2(6) NIST_SP_800-53_R4_SI-2(6) NIST SP 800-53 Rev. 4 SI-2 (6) Removal of Previous Versions of Software / Firmware NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance NIST_SP_800-53_R4 SI-3 NIST_SP_800-53_R4_SI-3 NIST SP 800-53 Rev. 4 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-53_R4 SI-3 NIST_SP_800-53_R4_SI-3 NIST SP 800-53 Rev. 4 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance NIST_SP_800-53_R4 SI-3 NIST_SP_800-53_R4_SI-3 NIST SP 800-53 Rev. 4 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance NIST_SP_800-53_R4 SI-3 NIST_SP_800-53_R4_SI-3 NIST SP 800-53 Rev. 4 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration NIST_SP_800-53_R4 SI-3 NIST_SP_800-53_R4_SI-3 NIST SP 800-53 Rev. 4 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R4 SI-3 NIST_SP_800-53_R4_SI-3 NIST SP 800-53 Rev. 4 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance NIST_SP_800-53_R4 SI-3 NIST_SP_800-53_R4_SI-3 NIST SP 800-53 Rev. 4 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance NIST_SP_800-53_R4 SI-3 NIST_SP_800-53_R4_SI-3 NIST SP 800-53 Rev. 4 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R4 SI-3 NIST_SP_800-53_R4_SI-3 NIST SP 800-53 Rev. 4 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance NIST_SP_800-53_R4 SI-3(1) NIST_SP_800-53_R4_SI-3(1) NIST SP 800-53 Rev. 4 SI-3 (1) Central Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R4 SI-3(1) NIST_SP_800-53_R4_SI-3(1) NIST SP 800-53 Rev. 4 SI-3 (1) Central Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance NIST_SP_800-53_R4 SI-3(1) NIST_SP_800-53_R4_SI-3(1) NIST SP 800-53 Rev. 4 SI-3 (1) Central Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration NIST_SP_800-53_R4 SI-3(1) NIST_SP_800-53_R4_SI-3(1) NIST SP 800-53 Rev. 4 SI-3 (1) Central Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R4 SI-3(1) NIST_SP_800-53_R4_SI-3(1) NIST SP 800-53 Rev. 4 SI-3 (1) Central Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-53_R4 SI-3(1) NIST_SP_800-53_R4_SI-3(1) NIST SP 800-53 Rev. 4 SI-3 (1) Central Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance NIST_SP_800-53_R4 SI-3(1) NIST_SP_800-53_R4_SI-3(1) NIST SP 800-53 Rev. 4 SI-3 (1) Central Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance NIST_SP_800-53_R4 SI-3(1) NIST_SP_800-53_R4_SI-3(1) NIST SP 800-53 Rev. 4 SI-3 (1) Central Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance NIST_SP_800-53_R4 SI-3(2) NIST_SP_800-53_R4_SI-3(2) NIST SP 800-53 Rev. 4 SI-3 (2) Automatic Updates NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance NIST_SP_800-53_R4 SI-3(2) NIST_SP_800-53_R4_SI-3(2) NIST SP 800-53 Rev. 4 SI-3 (2) Automatic Updates NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-53_R4 SI-3(2) NIST_SP_800-53_R4_SI-3(2) NIST SP 800-53 Rev. 4 SI-3 (2) Automatic Updates NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance NIST_SP_800-53_R4 SI-3(2) NIST_SP_800-53_R4_SI-3(2) NIST SP 800-53 Rev. 4 SI-3 (2) Automatic Updates NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance NIST_SP_800-53_R4 SI-3(2) NIST_SP_800-53_R4_SI-3(2) NIST SP 800-53 Rev. 4 SI-3 (2) Automatic Updates NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R4 SI-3(2) NIST_SP_800-53_R4_SI-3(2) NIST SP 800-53 Rev. 4 SI-3 (2) Automatic Updates NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance NIST_SP_800-53_R4 SI-3(7) NIST_SP_800-53_R4_SI-3(7) NIST SP 800-53 Rev. 4 SI-3 (7) Nonsignature-Based Detection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance NIST_SP_800-53_R4 SI-3(7) NIST_SP_800-53_R4_SI-3(7) NIST SP 800-53 Rev. 4 SI-3 (7) Nonsignature-Based Detection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance NIST_SP_800-53_R4 SI-3(7) NIST_SP_800-53_R4_SI-3(7) NIST SP 800-53 Rev. 4 SI-3 (7) Nonsignature-Based Detection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-53_R4 SI-3(7) NIST_SP_800-53_R4_SI-3(7) NIST SP 800-53 Rev. 4 SI-3 (7) Nonsignature-Based Detection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance NIST_SP_800-53_R4 SI-3(7) NIST_SP_800-53_R4_SI-3(7) NIST SP 800-53 Rev. 4 SI-3 (7) Nonsignature-Based Detection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R4 SI-3(7) NIST_SP_800-53_R4_SI-3(7) NIST SP 800-53 Rev. 4 SI-3 (7) Nonsignature-Based Detection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d9af7f88-686a-5a8b-704b-eafdab278977 Obtain legal opinion for monitoring system activities Regulatory Compliance NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7fc1f0da-0050-19bb-3d75-81ae15940df6 Provide monitoring information as needed Regulatory Compliance NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_SP_800-53_R4 SI-4(12) NIST_SP_800-53_R4_SI-4(12) NIST SP 800-53 Rev. 4 SI-4 (12) Automated Alerts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NIST_SP_800-53_R4 SI-4(12) NIST_SP_800-53_R4_SI-4(12) NIST SP 800-53 Rev. 4 SI-4 (12) Automated Alerts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center NIST_SP_800-53_R4 SI-4(12) NIST_SP_800-53_R4_SI-4(12) NIST SP 800-53 Rev. 4 SI-4 (12) Automated Alerts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls Regulatory Compliance NIST_SP_800-53_R4 SI-4(14) NIST_SP_800-53_R4_SI-4(14) NIST SP 800-53 Rev. 4 SI-4 (14) Wireless Intrusion Detection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance NIST_SP_800-53_R4 SI-4(2) NIST_SP_800-53_R4_SI-4(2) NIST SP 800-53 Rev. 4 SI-4 (2) Automated Tools For Real-Time Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance NIST_SP_800-53_R4 SI-4(2) NIST_SP_800-53_R4_SI-4(2) NIST SP 800-53 Rev. 4 SI-4 (2) Automated Tools For Real-Time Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance NIST_SP_800-53_R4 SI-4(22) NIST_SP_800-53_R4_SI-4(22) NIST SP 800-53 Rev. 4 SI-4 (22) Unauthorized Network Services NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
07b42fb5-027e-5a3c-4915-9d9ef3020ec7 Discover any indicators of compromise Regulatory Compliance NIST_SP_800-53_R4 SI-4(24) NIST_SP_800-53_R4_SI-4(24) NIST SP 800-53 Rev. 4 SI-4 (24) Indicators Of Compromise NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance NIST_SP_800-53_R4 SI-4(4) NIST_SP_800-53_R4_SI-4(4) NIST SP 800-53 Rev. 4 SI-4 (4) Inbound And Outbound Communications Traffic NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance NIST_SP_800-53_R4 SI-4(4) NIST_SP_800-53_R4_SI-4(4) NIST SP 800-53 Rev. 4 SI-4 (4) Inbound And Outbound Communications Traffic NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance NIST_SP_800-53_R4 SI-4(4) NIST_SP_800-53_R4_SI-4(4) NIST SP 800-53 Rev. 4 SI-4 (4) Inbound And Outbound Communications Traffic NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance NIST_SP_800-53_R4 SI-4(4) NIST_SP_800-53_R4_SI-4(4) NIST SP 800-53 Rev. 4 SI-4 (4) Inbound And Outbound Communications Traffic NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance NIST_SP_800-53_R4 SI-4(5) NIST_SP_800-53_R4_SI-4(5) NIST SP 800-53 Rev. 4 SI-4 (5) System-Generated Alerts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance NIST_SP_800-53_R4 SI-4(5) NIST_SP_800-53_R4_SI-4(5) NIST SP 800-53 Rev. 4 SI-4 (5) System-Generated Alerts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance NIST_SP_800-53_R4 SI-4(5) NIST_SP_800-53_R4_SI-4(5) NIST SP 800-53 Rev. 4 SI-4 (5) System-Generated Alerts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Disseminate security alerts to personnel Regulatory Compliance NIST_SP_800-53_R4 SI-5 NIST_SP_800-53_R4_SI-5 NIST SP 800-53 Rev. 4 SI-5 Security Alerts, Advisories, And Directives NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b0e3035d-6366-2e37-796e-8bcab9c649e6 Establish a threat intelligence program Regulatory Compliance NIST_SP_800-53_R4 SI-5 NIST_SP_800-53_R4_SI-5 NIST SP 800-53 Rev. 4 SI-5 Security Alerts, Advisories, And Directives NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
171e377b-5224-4a97-1eaa-62a3b5231dac Generate internal security alerts Regulatory Compliance NIST_SP_800-53_R4 SI-5 NIST_SP_800-53_R4_SI-5 NIST SP 800-53 Rev. 4 SI-5 Security Alerts, Advisories, And Directives NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
26d178a4-9261-6f04-a100-47ed85314c6e Implement security directives Regulatory Compliance NIST_SP_800-53_R4 SI-5 NIST_SP_800-53_R4_SI-5 NIST SP 800-53 Rev. 4 SI-5 Security Alerts, Advisories, And Directives NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b8689b2e-4308-a58b-a0b4-6f3343a000df Use automated mechanisms for security alerts Regulatory Compliance NIST_SP_800-53_R4 SI-5(1) NIST_SP_800-53_R4_SI-5(1) NIST SP 800-53 Rev. 4 SI-5 (1) Automated Alerts And Advisories NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f30edfad-4e1d-1eef-27ee-9292d6d89842 Perform security function verification at a defined frequency Regulatory Compliance NIST_SP_800-53_R4 SI-6 NIST_SP_800-53_R4_SI-6 NIST SP 800-53 Rev. 4 SI-6 Security Function Verification NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
18e9d748-73d4-0c96-55ab-b108bfbd5bc3 Notify personnel of any failed security verification tests Regulatory Compliance NIST_SP_800-53_R4 SI-6 NIST_SP_800-53_R4_SI-6 NIST SP 800-53 Rev. 4 SI-6 Security Function Verification NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ece8bb17-4080-5127-915f-dc7267ee8549 Verify security functions Regulatory Compliance NIST_SP_800-53_R4 SI-6 NIST_SP_800-53_R4_SI-6 NIST SP 800-53 Rev. 4 SI-6 Security Function Verification NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2 Create alternative actions for identified anomalies Regulatory Compliance NIST_SP_800-53_R4 SI-6 NIST_SP_800-53_R4_SI-6 NIST SP 800-53 Rev. 4 SI-6 Security Function Verification NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance NIST_SP_800-53_R4 SI-7 NIST_SP_800-53_R4_SI-7 NIST SP 800-53 Rev. 4 SI-7 Software, Firmware, And Information Integrity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance NIST_SP_800-53_R4 SI-7(1) NIST_SP_800-53_R4_SI-7(1) NIST SP 800-53 Rev. 4 SI-7 (1) Integrity Checks NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance NIST_SP_800-53_R4 SI-7(1) NIST_SP_800-53_R4_SI-7(1) NIST SP 800-53 Rev. 4 SI-7 (1) Integrity Checks NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8e920169-739d-40b5-3f99-c4d855327bb2 Prohibit binary/machine-executable code Regulatory Compliance NIST_SP_800-53_R4 SI-7(14) NIST_SP_800-53_R4_SI-7(14) NIST SP 800-53 Rev. 4 SI-7 (14) Binary Or Machine Executable Code NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Employ automatic shutdown/restart when violations are detected Regulatory Compliance NIST_SP_800-53_R4 SI-7(5) NIST_SP_800-53_R4_SI-7(5) NIST SP 800-53 Rev. 4 SI-7 (5) Automated Response To Integrity Violations NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery NIST_SP_800-53_R5.1.1 AC.17 NIST_SP_800-53_R5.1.1_AC.17 NIST SP 800-53 R5.1.1 AC.17 Remote Access NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup NIST_SP_800-53_R5.1.1 AC.17 NIST_SP_800-53_R5.1.1_AC.17 NIST SP 800-53 R5.1.1 AC.17 Remote Access NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage NIST_SP_800-53_R5.1.1 AC.17 NIST_SP_800-53_R5.1.1_AC.17 NIST SP 800-53 R5.1.1 AC.17 Remote Access NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services NIST_SP_800-53_R5.1.1 AC.17 NIST_SP_800-53_R5.1.1_AC.17 NIST SP 800-53 R5.1.1 AC.17 Remote Access NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network NIST_SP_800-53_R5.1.1 AC.17 NIST_SP_800-53_R5.1.1_AC.17 NIST SP 800-53 R5.1.1 AC.17 Remote Access NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL NIST_SP_800-53_R5.1.1 AC.17 NIST_SP_800-53_R5.1.1_AC.17 NIST SP 800-53 R5.1.1 AC.17 Remote Access NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration NIST_SP_800-53_R5.1.1 AC.17 NIST_SP_800-53_R5.1.1_AC.17 NIST SP 800-53 R5.1.1 AC.17 Remote Access NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NIST_SP_800-53_R5.1.1 AC.17 NIST_SP_800-53_R5.1.1_AC.17 NIST SP 800-53 R5.1.1 AC.17 Remote Access NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration NIST_SP_800-53_R5.1.1 AC.17 NIST_SP_800-53_R5.1.1_AC.17 NIST SP 800-53 R5.1.1 AC.17 Remote Access NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NIST_SP_800-53_R5.1.1 AC.17 NIST_SP_800-53_R5.1.1_AC.17 NIST SP 800-53 R5.1.1 AC.17 Remote Access NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network NIST_SP_800-53_R5.1.1 AC.17 NIST_SP_800-53_R5.1.1_AC.17 NIST SP 800-53 R5.1.1 AC.17 Remote Access NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup NIST_SP_800-53_R5.1.1 AC.17.1 NIST_SP_800-53_R5.1.1_AC.17.1 NIST SP 800-53 R5.1.1 AC.17.1 Remote Access | Monitoring and Control NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery NIST_SP_800-53_R5.1.1 AC.17.1 NIST_SP_800-53_R5.1.1_AC.17.1 NIST SP 800-53 R5.1.1 AC.17.1 Remote Access | Monitoring and Control NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services NIST_SP_800-53_R5.1.1 AC.17.1 NIST_SP_800-53_R5.1.1_AC.17.1 NIST SP 800-53 R5.1.1 AC.17.1 Remote Access | Monitoring and Control NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL NIST_SP_800-53_R5.1.1 AC.17.2 NIST_SP_800-53_R5.1.1_AC.17.2 NIST SP 800-53 R5.1.1 AC.17.2 Remote Access | Protection of Confidentiality and Integrity Using Encryption NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL NIST_SP_800-53_R5.1.1 AC.17.2 NIST_SP_800-53_R5.1.1_AC.17.2 NIST SP 800-53 R5.1.1 AC.17.2 Remote Access | Protection of Confidentiality and Integrity Using Encryption NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network NIST_SP_800-53_R5.1.1 AC.17.2 NIST_SP_800-53_R5.1.1_AC.17.2 NIST SP 800-53 R5.1.1 AC.17.2 Remote Access | Protection of Confidentiality and Integrity Using Encryption NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache NIST_SP_800-53_R5.1.1 AC.17.2 NIST_SP_800-53_R5.1.1_AC.17.2 NIST SP 800-53 R5.1.1 AC.17.2 Remote Access | Protection of Confidentiality and Integrity Using Encryption NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-53_R5.1.1 AC.17.3 NIST_SP_800-53_R5.1.1_AC.17.3 NIST SP 800-53 R5.1.1 AC.17.3 Remote Access | Managed Access Control Points NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services NIST_SP_800-53_R5.1.1 AC.17.3 NIST_SP_800-53_R5.1.1_AC.17.3 NIST SP 800-53 R5.1.1 AC.17.3 Remote Access | Managed Access Control Points NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-53_R5.1.1 AC.17.3 NIST_SP_800-53_R5.1.1_AC.17.3 NIST SP 800-53 R5.1.1 AC.17.3 Remote Access | Managed Access Control Points NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup NIST_SP_800-53_R5.1.1 AC.17.3 NIST_SP_800-53_R5.1.1_AC.17.3 NIST SP 800-53 R5.1.1 AC.17.3 Remote Access | Managed Access Control Points NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery NIST_SP_800-53_R5.1.1 AC.17.3 NIST_SP_800-53_R5.1.1_AC.17.3 NIST SP 800-53 R5.1.1 AC.17.3 Remote Access | Managed Access Control Points NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-53_R5.1.1 AC.17.3 NIST_SP_800-53_R5.1.1_AC.17.3 NIST SP 800-53 R5.1.1 AC.17.3 Remote Access | Managed Access Control Points NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NIST_SP_800-53_R5.1.1 AC.18 NIST_SP_800-53_R5.1.1_AC.18 NIST SP 800-53 R5.1.1 AC.18 Wireless Access NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration NIST_SP_800-53_R5.1.1 AC.18 NIST_SP_800-53_R5.1.1_AC.18 NIST SP 800-53 R5.1.1 AC.18 Wireless Access NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration NIST_SP_800-53_R5.1.1 AC.19 NIST_SP_800-53_R5.1.1_AC.19 NIST SP 800-53 R5.1.1 AC.19 Access Control for Mobile Devices NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage NIST_SP_800-53_R5.1.1 AC.2 NIST_SP_800-53_R5.1.1_AC.2 NIST SP 800-53 R5.1.1 AC.2 Account Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration NIST_SP_800-53_R5.1.1 AC.2 NIST_SP_800-53_R5.1.1_AC.2 NIST SP 800-53 R5.1.1 AC.2 Account Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL NIST_SP_800-53_R5.1.1 AC.2 NIST_SP_800-53_R5.1.1_AC.2 NIST SP 800-53 R5.1.1 AC.2 Account Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration NIST_SP_800-53_R5.1.1 AC.2 NIST_SP_800-53_R5.1.1_AC.2 NIST SP 800-53 R5.1.1 AC.2 Account Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration NIST_SP_800-53_R5.1.1 AC.2 NIST_SP_800-53_R5.1.1_AC.2 NIST SP 800-53 R5.1.1 AC.2 Account Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning NIST_SP_800-53_R5.1.1 AC.2 NIST_SP_800-53_R5.1.1_AC.2 NIST SP 800-53 R5.1.1 AC.2 Account Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration NIST_SP_800-53_R5.1.1 AC.2 NIST_SP_800-53_R5.1.1_AC.2 NIST SP 800-53 R5.1.1 AC.2 Account Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NIST_SP_800-53_R5.1.1 AC.2 NIST_SP_800-53_R5.1.1_AC.2 NIST SP 800-53 R5.1.1 AC.2 Account Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub NIST_SP_800-53_R5.1.1 AC.2 NIST_SP_800-53_R5.1.1_AC.2 NIST SP 800-53 R5.1.1 AC.2 Account Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NIST_SP_800-53_R5.1.1 AC.2 NIST_SP_800-53_R5.1.1_AC.2 NIST SP 800-53 R5.1.1 AC.2 Account Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NIST_SP_800-53_R5.1.1 AC.2 NIST_SP_800-53_R5.1.1_AC.2 NIST SP 800-53 R5.1.1 AC.2 Account Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center NIST_SP_800-53_R5.1.1 AC.2 NIST_SP_800-53_R5.1.1_AC.2 NIST SP 800-53 R5.1.1 AC.2 Account Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration NIST_SP_800-53_R5.1.1 AC.2 NIST_SP_800-53_R5.1.1_AC.2 NIST SP 800-53 R5.1.1 AC.2 Account Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NIST_SP_800-53_R5.1.1 AC.2 NIST_SP_800-53_R5.1.1_AC.2 NIST SP 800-53 R5.1.1 AC.2 Account Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration NIST_SP_800-53_R5.1.1 AC.2 NIST_SP_800-53_R5.1.1_AC.2 NIST SP 800-53 R5.1.1 AC.2 Account Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration NIST_SP_800-53_R5.1.1 AC.2 NIST_SP_800-53_R5.1.1_AC.2 NIST SP 800-53 R5.1.1 AC.2 Account Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault NIST_SP_800-53_R5.1.1 AC.2 NIST_SP_800-53_R5.1.1_AC.2 NIST SP 800-53 R5.1.1 AC.2 Account Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault NIST_SP_800-53_R5.1.1 AC.2.1 NIST_SP_800-53_R5.1.1_AC.2.1 NIST SP 800-53 R5.1.1 AC.2.1 Account Management | Automated System Account Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration NIST_SP_800-53_R5.1.1 AC.2.1 NIST_SP_800-53_R5.1.1_AC.2.1 NIST SP 800-53 R5.1.1 AC.2.1 Account Management | Automated System Account Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration NIST_SP_800-53_R5.1.1 AC.2.4 NIST_SP_800-53_R5.1.1_AC.2.4 NIST SP 800-53 R5.1.1 AC.2.4 Account Management | Automated Audit Actions NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring NIST_SP_800-53_R5.1.1 AC.2.4 NIST_SP_800-53_R5.1.1_AC.2.4 NIST SP 800-53 R5.1.1 AC.2.4 Account Management | Automated Audit Actions NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring NIST_SP_800-53_R5.1.1 AC.2.4 NIST_SP_800-53_R5.1.1_AC.2.4 NIST SP 800-53 R5.1.1 AC.2.4 Account Management | Automated Audit Actions NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration NIST_SP_800-53_R5.1.1 AC.2.4 NIST_SP_800-53_R5.1.1_AC.2.4 NIST SP 800-53 R5.1.1 AC.2.4 Account Management | Automated Audit Actions NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring NIST_SP_800-53_R5.1.1 AC.2.4 NIST_SP_800-53_R5.1.1_AC.2.4 NIST SP 800-53 R5.1.1 AC.2.4 Account Management | Automated Audit Actions NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration NIST_SP_800-53_R5.1.1 AC.2.6 NIST_SP_800-53_R5.1.1_AC.2.6 NIST SP 800-53 R5.1.1 AC.2.6 Account Management | Dynamic Privilege Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration NIST_SP_800-53_R5.1.1 AC.2.7 NIST_SP_800-53_R5.1.1_AC.2.7 NIST SP 800-53 R5.1.1 AC.2.7 Account Management | Privileged User Accounts NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB NIST_SP_800-53_R5.1.1 AC.3 NIST_SP_800-53_R5.1.1_AC.3 NIST SP 800-53 R5.1.1 AC.3 Access Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus NIST_SP_800-53_R5.1.1 AC.3 NIST_SP_800-53_R5.1.1_AC.3 NIST SP 800-53 R5.1.1 AC.3 Access Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning NIST_SP_800-53_R5.1.1 AC.3 NIST_SP_800-53_R5.1.1_AC.3 NIST SP 800-53 R5.1.1 AC.3 Access Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes NIST_SP_800-53_R5.1.1 AC.3 NIST_SP_800-53_R5.1.1_AC.3 NIST SP 800-53 R5.1.1 AC.3 Access Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NIST_SP_800-53_R5.1.1 AC.3 NIST_SP_800-53_R5.1.1_AC.3 NIST SP 800-53 R5.1.1 AC.3 Access Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NIST_SP_800-53_R5.1.1 AC.3 NIST_SP_800-53_R5.1.1_AC.3 NIST SP 800-53 R5.1.1 AC.3 Access Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute NIST_SP_800-53_R5.1.1 AC.3 NIST_SP_800-53_R5.1.1_AC.3 NIST SP 800-53 R5.1.1 AC.3 Access Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NIST_SP_800-53_R5.1.1 AC.3 NIST_SP_800-53_R5.1.1_AC.3 NIST SP 800-53 R5.1.1 AC.3 Access Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-53_R5.1.1 AC.3 NIST_SP_800-53_R5.1.1_AC.3 NIST SP 800-53 R5.1.1 AC.3 Access Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NIST_SP_800-53_R5.1.1 AC.3 NIST_SP_800-53_R5.1.1_AC.3 NIST SP 800-53 R5.1.1 AC.3 Access Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-53_R5.1.1 AC.3 NIST_SP_800-53_R5.1.1_AC.3 NIST SP 800-53 R5.1.1 AC.3 Access Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-53_R5.1.1 AC.3 NIST_SP_800-53_R5.1.1_AC.3 NIST SP 800-53 R5.1.1 AC.3 Access Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NIST_SP_800-53_R5.1.1 AC.3 NIST_SP_800-53_R5.1.1_AC.3 NIST SP 800-53 R5.1.1 AC.3 Access Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NIST_SP_800-53_R5.1.1 AC.3 NIST_SP_800-53_R5.1.1_AC.3 NIST SP 800-53 R5.1.1 AC.3 Access Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NIST_SP_800-53_R5.1.1 AC.3 NIST_SP_800-53_R5.1.1_AC.3 NIST SP 800-53 R5.1.1 AC.3 Access Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR NIST_SP_800-53_R5.1.1 AC.3 NIST_SP_800-53_R5.1.1_AC.3 NIST SP 800-53 R5.1.1 AC.3 Access Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration NIST_SP_800-53_R5.1.1 AC.3 NIST_SP_800-53_R5.1.1_AC.3 NIST SP 800-53 R5.1.1 AC.3 Access Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration NIST_SP_800-53_R5.1.1 AC.3 NIST_SP_800-53_R5.1.1_AC.3 NIST SP 800-53 R5.1.1 AC.3 Access Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NIST_SP_800-53_R5.1.1 AC.3 NIST_SP_800-53_R5.1.1_AC.3 NIST SP 800-53 R5.1.1 AC.3 Access Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub NIST_SP_800-53_R5.1.1 AC.3 NIST_SP_800-53_R5.1.1_AC.3 NIST SP 800-53 R5.1.1 AC.3 Access Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-53_R5.1.1 AC.3 NIST_SP_800-53_R5.1.1_AC.3 NIST SP 800-53 R5.1.1 AC.3 Access Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-53_R5.1.1 AC.3 NIST_SP_800-53_R5.1.1_AC.3 NIST SP 800-53 R5.1.1 AC.3 Access Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL NIST_SP_800-53_R5.1.1 AC.3.3 NIST_SP_800-53_R5.1.1_AC.3.3 NIST SP 800-53 R5.1.1 AC.3.3 Access Enforcement | Mandatory Access Control NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL NIST_SP_800-53_R5.1.1 AC.3.4 NIST_SP_800-53_R5.1.1_AC.3.4 NIST SP 800-53 R5.1.1 AC.3.4 Access Enforcement | Discretionary Access Control NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NIST_SP_800-53_R5.1.1 AC.3.5 NIST_SP_800-53_R5.1.1_AC.3.5 NIST SP 800-53 R5.1.1 AC.3.5 Access Enforcement | Security-relevant Information NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub NIST_SP_800-53_R5.1.1 AC.3.7 NIST_SP_800-53_R5.1.1_AC.3.7 NIST SP 800-53 R5.1.1 AC.3.7 Access Enforcement | Role-based Access Control NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault NIST_SP_800-53_R5.1.1 AC.3.7 NIST_SP_800-53_R5.1.1_AC.3.7 NIST SP 800-53 R5.1.1 AC.3.7 Access Enforcement | Role-based Access Control NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities Kubernetes NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
56fd377d-098c-4f02-8406-81eb055902b8 IP firewall rules on Azure Synapse workspaces should be removed Synapse NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-53_R5.1.1 AC.4 NIST_SP_800-53_R5.1.1_AC.4 NIST SP 800-53 R5.1.1 AC.4 Information Flow Enforcement NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network NIST_SP_800-53_R5.1.1 AC.4.4 NIST_SP_800-53_R5.1.1_AC.4.4 NIST SP 800-53 R5.1.1 AC.4.4 Information Flow Enforcement | Flow Control of Encrypted Information NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-53_R5.1.1 AC.4.4 NIST_SP_800-53_R5.1.1_AC.4.4 NIST SP 800-53 R5.1.1 AC.4.4 Information Flow Enforcement | Flow Control of Encrypted Information NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NIST_SP_800-53_R5.1.1 AC.4.4 NIST_SP_800-53_R5.1.1_AC.4.4 NIST SP 800-53 R5.1.1 AC.4.4 Information Flow Enforcement | Flow Control of Encrypted Information NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-53_R5.1.1 AC.4.4 NIST_SP_800-53_R5.1.1_AC.4.4 NIST SP 800-53 R5.1.1 AC.4.4 Information Flow Enforcement | Flow Control of Encrypted Information NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-53_R5.1.1 AC.4.4 NIST_SP_800-53_R5.1.1_AC.4.4 NIST SP 800-53 R5.1.1 AC.4.4 Information Flow Enforcement | Flow Control of Encrypted Information NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network NIST_SP_800-53_R5.1.1 AC.4.4 NIST_SP_800-53_R5.1.1_AC.4.4 NIST SP 800-53 R5.1.1 AC.4.4 Information Flow Enforcement | Flow Control of Encrypted Information NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup NIST_SP_800-53_R5.1.1 AC.4.4 NIST_SP_800-53_R5.1.1_AC.4.4 NIST SP 800-53 R5.1.1 AC.4.4 Information Flow Enforcement | Flow Control of Encrypted Information NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL NIST_SP_800-53_R5.1.1 AC.4.4 NIST_SP_800-53_R5.1.1_AC.4.4 NIST SP 800-53 R5.1.1 AC.4.4 Information Flow Enforcement | Flow Control of Encrypted Information NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery NIST_SP_800-53_R5.1.1 AC.4.4 NIST_SP_800-53_R5.1.1_AC.4.4 NIST SP 800-53 R5.1.1 AC.4.4 Information Flow Enforcement | Flow Control of Encrypted Information NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network NIST_SP_800-53_R5.1.1 AC.4.4 NIST_SP_800-53_R5.1.1_AC.4.4 NIST SP 800-53 R5.1.1 AC.4.4 Information Flow Enforcement | Flow Control of Encrypted Information NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services NIST_SP_800-53_R5.1.1 AC.4.4 NIST_SP_800-53_R5.1.1_AC.4.4 NIST SP 800-53 R5.1.1 AC.4.4 Information Flow Enforcement | Flow Control of Encrypted Information NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network NIST_SP_800-53_R5.1.1 AC.4.4 NIST_SP_800-53_R5.1.1_AC.4.4 NIST SP 800-53 R5.1.1 AC.4.4 Information Flow Enforcement | Flow Control of Encrypted Information NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-53_R5.1.1 AC.4.4 NIST_SP_800-53_R5.1.1_AC.4.4 NIST SP 800-53 R5.1.1 AC.4.4 Information Flow Enforcement | Flow Control of Encrypted Information NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network NIST_SP_800-53_R5.1.1 AC.4.4 NIST_SP_800-53_R5.1.1_AC.4.4 NIST SP 800-53 R5.1.1 AC.4.4 Information Flow Enforcement | Flow Control of Encrypted Information NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network NIST_SP_800-53_R5.1.1 AC.4.4 NIST_SP_800-53_R5.1.1_AC.4.4 NIST SP 800-53 R5.1.1 AC.4.4 Information Flow Enforcement | Flow Control of Encrypted Information NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning NIST_SP_800-53_R5.1.1 AC.4.4 NIST_SP_800-53_R5.1.1_AC.4.4 NIST SP 800-53 R5.1.1 AC.4.4 Information Flow Enforcement | Flow Control of Encrypted Information NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services NIST_SP_800-53_R5.1.1 AC.4.6 NIST_SP_800-53_R5.1.1_AC.4.6 NIST SP 800-53 R5.1.1 AC.4.6 Information Flow Enforcement | Metadata NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network NIST_SP_800-53_R5.1.1 AC.4.6 NIST_SP_800-53_R5.1.1_AC.4.6 NIST SP 800-53 R5.1.1 AC.4.6 Information Flow Enforcement | Metadata NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL NIST_SP_800-53_R5.1.1 AC.4.6 NIST_SP_800-53_R5.1.1_AC.4.6 NIST SP 800-53 R5.1.1 AC.4.6 Information Flow Enforcement | Metadata NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network NIST_SP_800-53_R5.1.1 AC.4.6 NIST_SP_800-53_R5.1.1_AC.4.6 NIST SP 800-53 R5.1.1 AC.4.6 Information Flow Enforcement | Metadata NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network NIST_SP_800-53_R5.1.1 AC.4.6 NIST_SP_800-53_R5.1.1_AC.4.6 NIST SP 800-53 R5.1.1 AC.4.6 Information Flow Enforcement | Metadata NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network NIST_SP_800-53_R5.1.1 AC.4.6 NIST_SP_800-53_R5.1.1_AC.4.6 NIST SP 800-53 R5.1.1 AC.4.6 Information Flow Enforcement | Metadata NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery NIST_SP_800-53_R5.1.1 AC.4.6 NIST_SP_800-53_R5.1.1_AC.4.6 NIST SP 800-53 R5.1.1 AC.4.6 Information Flow Enforcement | Metadata NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-53_R5.1.1 AC.4.6 NIST_SP_800-53_R5.1.1_AC.4.6 NIST SP 800-53 R5.1.1 AC.4.6 Information Flow Enforcement | Metadata NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NIST_SP_800-53_R5.1.1 AC.4.6 NIST_SP_800-53_R5.1.1_AC.4.6 NIST SP 800-53 R5.1.1 AC.4.6 Information Flow Enforcement | Metadata NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network NIST_SP_800-53_R5.1.1 AC.4.6 NIST_SP_800-53_R5.1.1_AC.4.6 NIST SP 800-53 R5.1.1 AC.4.6 Information Flow Enforcement | Metadata NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-53_R5.1.1 AC.4.6 NIST_SP_800-53_R5.1.1_AC.4.6 NIST SP 800-53 R5.1.1 AC.4.6 Information Flow Enforcement | Metadata NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning NIST_SP_800-53_R5.1.1 AC.4.6 NIST_SP_800-53_R5.1.1_AC.4.6 NIST SP 800-53 R5.1.1 AC.4.6 Information Flow Enforcement | Metadata NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network NIST_SP_800-53_R5.1.1 AC.4.6 NIST_SP_800-53_R5.1.1_AC.4.6 NIST SP 800-53 R5.1.1 AC.4.6 Information Flow Enforcement | Metadata NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-53_R5.1.1 AC.4.6 NIST_SP_800-53_R5.1.1_AC.4.6 NIST SP 800-53 R5.1.1 AC.4.6 Information Flow Enforcement | Metadata NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-53_R5.1.1 AC.4.6 NIST_SP_800-53_R5.1.1_AC.4.6 NIST SP 800-53 R5.1.1 AC.4.6 Information Flow Enforcement | Metadata NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup NIST_SP_800-53_R5.1.1 AC.4.6 NIST_SP_800-53_R5.1.1_AC.4.6 NIST SP 800-53 R5.1.1 AC.4.6 Information Flow Enforcement | Metadata NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NIST_SP_800-53_R5.1.1 AC.6 NIST_SP_800-53_R5.1.1_AC.6 NIST SP 800-53 R5.1.1 AC.6 Least Privilege NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NIST_SP_800-53_R5.1.1 AC.6 NIST_SP_800-53_R5.1.1_AC.6 NIST SP 800-53 R5.1.1 AC.6 Least Privilege NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-53_R5.1.1 AC.6 NIST_SP_800-53_R5.1.1_AC.6 NIST SP 800-53 R5.1.1 AC.6 Least Privilege NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-53_R5.1.1 AC.6 NIST_SP_800-53_R5.1.1_AC.6 NIST SP 800-53 R5.1.1 AC.6 Least Privilege NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NIST_SP_800-53_R5.1.1 AC.6 NIST_SP_800-53_R5.1.1_AC.6 NIST SP 800-53 R5.1.1 AC.6 Least Privilege NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute NIST_SP_800-53_R5.1.1 AC.6 NIST_SP_800-53_R5.1.1_AC.6 NIST SP 800-53 R5.1.1 AC.6 Least Privilege NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network NIST_SP_800-53_R5.1.1 AC.6 NIST_SP_800-53_R5.1.1_AC.6 NIST SP 800-53 R5.1.1 AC.6 Least Privilege NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-53_R5.1.1 AC.6 NIST_SP_800-53_R5.1.1_AC.6 NIST SP 800-53 R5.1.1 AC.6 Least Privilege NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL NIST_SP_800-53_R5.1.1 AC.6 NIST_SP_800-53_R5.1.1_AC.6 NIST SP 800-53 R5.1.1 AC.6 Least Privilege NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning NIST_SP_800-53_R5.1.1 AC.6 NIST_SP_800-53_R5.1.1_AC.6 NIST SP 800-53 R5.1.1 AC.6 Least Privilege NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring NIST_SP_800-53_R5.1.1 AC.6 NIST_SP_800-53_R5.1.1_AC.6 NIST SP 800-53 R5.1.1 AC.6 Least Privilege NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NIST_SP_800-53_R5.1.1 AC.6 NIST_SP_800-53_R5.1.1_AC.6 NIST SP 800-53 R5.1.1 AC.6 Least Privilege NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NIST_SP_800-53_R5.1.1 AC.6 NIST_SP_800-53_R5.1.1_AC.6 NIST SP 800-53 R5.1.1 AC.6 Least Privilege NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration NIST_SP_800-53_R5.1.1 AC.6 NIST_SP_800-53_R5.1.1_AC.6 NIST SP 800-53 R5.1.1 AC.6 Least Privilege NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring NIST_SP_800-53_R5.1.1 AC.6 NIST_SP_800-53_R5.1.1_AC.6 NIST SP 800-53 R5.1.1 AC.6 Least Privilege NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NIST_SP_800-53_R5.1.1 AC.6 NIST_SP_800-53_R5.1.1_AC.6 NIST SP 800-53 R5.1.1 AC.6 Least Privilege NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NIST_SP_800-53_R5.1.1 AC.6 NIST_SP_800-53_R5.1.1_AC.6 NIST SP 800-53 R5.1.1 AC.6 Least Privilege NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus NIST_SP_800-53_R5.1.1 AC.6 NIST_SP_800-53_R5.1.1_AC.6 NIST SP 800-53 R5.1.1 AC.6 Least Privilege NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NIST_SP_800-53_R5.1.1 AC.6 NIST_SP_800-53_R5.1.1_AC.6 NIST SP 800-53 R5.1.1 AC.6 Least Privilege NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL NIST_SP_800-53_R5.1.1 AC.6 NIST_SP_800-53_R5.1.1_AC.6 NIST SP 800-53 R5.1.1 AC.6 Least Privilege NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring NIST_SP_800-53_R5.1.1 AC.6 NIST_SP_800-53_R5.1.1_AC.6 NIST SP 800-53 R5.1.1 AC.6 Least Privilege NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R5.1.1 AC.6 NIST_SP_800-53_R5.1.1_AC.6 NIST SP 800-53 R5.1.1 AC.6 Least Privilege NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub NIST_SP_800-53_R5.1.1 AC.6 NIST_SP_800-53_R5.1.1_AC.6 NIST SP 800-53 R5.1.1 AC.6 Least Privilege NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-53_R5.1.1 AC.6 NIST_SP_800-53_R5.1.1_AC.6 NIST SP 800-53 R5.1.1 AC.6 Least Privilege NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB NIST_SP_800-53_R5.1.1 AC.6 NIST_SP_800-53_R5.1.1_AC.6 NIST SP 800-53 R5.1.1 AC.6 Least Privilege NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration NIST_SP_800-53_R5.1.1 AC.6.2 NIST_SP_800-53_R5.1.1_AC.6.2 NIST SP 800-53 R5.1.1 AC.6.2 Least Privilege | Non-privileged Access for Nonsecurity Functions NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration NIST_SP_800-53_R5.1.1 AC.6.6 NIST_SP_800-53_R5.1.1_AC.6.6 NIST SP 800-53 R5.1.1 AC.6.6 Least Privilege | Privileged Access by Non-organizational Users NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NIST_SP_800-53_R5.1.1 AC.6.6 NIST_SP_800-53_R5.1.1_AC.6.6 NIST SP 800-53 R5.1.1 AC.6.6 Least Privilege | Privileged Access by Non-organizational Users NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NIST_SP_800-53_R5.1.1 AC.6.9 NIST_SP_800-53_R5.1.1_AC.6.9 NIST SP 800-53 R5.1.1 AC.6.9 Least Privilege | Log Use of Privileged Functions NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring NIST_SP_800-53_R5.1.1 AU.11 NIST_SP_800-53_R5.1.1_AU.11 NIST SP 800-53 R5.1.1 AU.11 Audit Record Retention NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration NIST_SP_800-53_R5.1.1 AU.12 NIST_SP_800-53_R5.1.1_AU.12 NIST SP 800-53 R5.1.1 AU.12 Audit Record Generation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault NIST_SP_800-53_R5.1.1 AU.12 NIST_SP_800-53_R5.1.1_AU.12 NIST SP 800-53 R5.1.1 AU.12 Audit Record Generation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring NIST_SP_800-53_R5.1.1 AU.12 NIST_SP_800-53_R5.1.1_AU.12 NIST SP 800-53 R5.1.1 AU.12 Audit Record Generation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL NIST_SP_800-53_R5.1.1 AU.12 NIST_SP_800-53_R5.1.1_AU.12 NIST SP 800-53 R5.1.1 AU.12 Audit Record Generation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration NIST_SP_800-53_R5.1.1 AU.12 NIST_SP_800-53_R5.1.1_AU.12 NIST SP 800-53 R5.1.1 AU.12 Audit Record Generation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning NIST_SP_800-53_R5.1.1 AU.12 NIST_SP_800-53_R5.1.1_AU.12 NIST SP 800-53 R5.1.1 AU.12 Audit Record Generation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring NIST_SP_800-53_R5.1.1 AU.12 NIST_SP_800-53_R5.1.1_AU.12 NIST SP 800-53 R5.1.1 AU.12 Audit Record Generation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring NIST_SP_800-53_R5.1.1 AU.12 NIST_SP_800-53_R5.1.1_AU.12 NIST SP 800-53 R5.1.1 AU.12 Audit Record Generation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network NIST_SP_800-53_R5.1.1 AU.12 NIST_SP_800-53_R5.1.1_AU.12 NIST SP 800-53 R5.1.1 AU.12 Audit Record Generation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes NIST_SP_800-53_R5.1.1 AU.12 NIST_SP_800-53_R5.1.1_AU.12 NIST SP 800-53 R5.1.1 AU.12 Audit Record Generation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring NIST_SP_800-53_R5.1.1 AU.12 NIST_SP_800-53_R5.1.1_AU.12 NIST SP 800-53 R5.1.1 AU.12 Audit Record Generation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring NIST_SP_800-53_R5.1.1 AU.12 NIST_SP_800-53_R5.1.1_AU.12 NIST SP 800-53 R5.1.1 AU.12 Audit Record Generation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NIST_SP_800-53_R5.1.1 AU.12 NIST_SP_800-53_R5.1.1_AU.12 NIST SP 800-53 R5.1.1 AU.12 Audit Record Generation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NIST_SP_800-53_R5.1.1 AU.12 NIST_SP_800-53_R5.1.1_AU.12 NIST SP 800-53 R5.1.1 AU.12 Audit Record Generation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration NIST_SP_800-53_R5.1.1 AU.12 NIST_SP_800-53_R5.1.1_AU.12 NIST SP 800-53 R5.1.1 AU.12 Audit Record Generation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NIST_SP_800-53_R5.1.1 AU.12 NIST_SP_800-53_R5.1.1_AU.12 NIST SP 800-53 R5.1.1 AU.12 Audit Record Generation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring NIST_SP_800-53_R5.1.1 AU.12 NIST_SP_800-53_R5.1.1_AU.12 NIST SP 800-53 R5.1.1 AU.12 Audit Record Generation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring NIST_SP_800-53_R5.1.1 AU.12 NIST_SP_800-53_R5.1.1_AU.12 NIST SP 800-53 R5.1.1 AU.12 Audit Record Generation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration NIST_SP_800-53_R5.1.1 AU.12 NIST_SP_800-53_R5.1.1_AU.12 NIST SP 800-53 R5.1.1 AU.12 Audit Record Generation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network NIST_SP_800-53_R5.1.1 AU.12 NIST_SP_800-53_R5.1.1_AU.12 NIST SP 800-53 R5.1.1 AU.12 Audit Record Generation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring NIST_SP_800-53_R5.1.1 AU.12 NIST_SP_800-53_R5.1.1_AU.12 NIST SP 800-53 R5.1.1 AU.12 Audit Record Generation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring NIST_SP_800-53_R5.1.1 AU.12.1 NIST_SP_800-53_R5.1.1_AU.12.1 NIST SP 800-53 R5.1.1 AU.12.1 Audit Record Generation | System-wide and Time-correlated Audit Trail NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring NIST_SP_800-53_R5.1.1 AU.12.1 NIST_SP_800-53_R5.1.1_AU.12.1 NIST SP 800-53 R5.1.1 AU.12.1 Audit Record Generation | System-wide and Time-correlated Audit Trail NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration NIST_SP_800-53_R5.1.1 AU.12.1 NIST_SP_800-53_R5.1.1_AU.12.1 NIST SP 800-53 R5.1.1 AU.12.1 Audit Record Generation | System-wide and Time-correlated Audit Trail NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes NIST_SP_800-53_R5.1.1 AU.12.1 NIST_SP_800-53_R5.1.1_AU.12.1 NIST SP 800-53 R5.1.1 AU.12.1 Audit Record Generation | System-wide and Time-correlated Audit Trail NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning NIST_SP_800-53_R5.1.1 AU.12.1 NIST_SP_800-53_R5.1.1_AU.12.1 NIST SP 800-53 R5.1.1 AU.12.1 Audit Record Generation | System-wide and Time-correlated Audit Trail NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NIST_SP_800-53_R5.1.1 AU.12.1 NIST_SP_800-53_R5.1.1_AU.12.1 NIST SP 800-53 R5.1.1 AU.12.1 Audit Record Generation | System-wide and Time-correlated Audit Trail NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration NIST_SP_800-53_R5.1.1 AU.12.1 NIST_SP_800-53_R5.1.1_AU.12.1 NIST SP 800-53 R5.1.1 AU.12.1 Audit Record Generation | System-wide and Time-correlated Audit Trail NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NIST_SP_800-53_R5.1.1 AU.12.1 NIST_SP_800-53_R5.1.1_AU.12.1 NIST SP 800-53 R5.1.1 AU.12.1 Audit Record Generation | System-wide and Time-correlated Audit Trail NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration NIST_SP_800-53_R5.1.1 AU.12.3 NIST_SP_800-53_R5.1.1_AU.12.3 NIST SP 800-53 R5.1.1 AU.12.3 Audit Record Generation | Changes by Authorized Individuals NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault NIST_SP_800-53_R5.1.1 AU.13 NIST_SP_800-53_R5.1.1_AU.13 NIST SP 800-53 R5.1.1 AU.13 Monitoring for Information Disclosure NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NIST_SP_800-53_R5.1.1 AU.2 NIST_SP_800-53_R5.1.1_AU.2 NIST SP 800-53 R5.1.1 AU.2 Event Logging NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NIST_SP_800-53_R5.1.1 AU.2 NIST_SP_800-53_R5.1.1_AU.2 NIST SP 800-53 R5.1.1 AU.2 Event Logging NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring NIST_SP_800-53_R5.1.1 AU.2 NIST_SP_800-53_R5.1.1_AU.2 NIST SP 800-53 R5.1.1 AU.2 Event Logging NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration NIST_SP_800-53_R5.1.1 AU.2 NIST_SP_800-53_R5.1.1_AU.2 NIST SP 800-53 R5.1.1 AU.2 Event Logging NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NIST_SP_800-53_R5.1.1 AU.2 NIST_SP_800-53_R5.1.1_AU.2 NIST SP 800-53 R5.1.1 AU.2 Event Logging NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring NIST_SP_800-53_R5.1.1 AU.2 NIST_SP_800-53_R5.1.1_AU.2 NIST SP 800-53 R5.1.1 AU.2 Event Logging NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning NIST_SP_800-53_R5.1.1 AU.2 NIST_SP_800-53_R5.1.1_AU.2 NIST SP 800-53 R5.1.1 AU.2 Event Logging NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration NIST_SP_800-53_R5.1.1 AU.2 NIST_SP_800-53_R5.1.1_AU.2 NIST SP 800-53 R5.1.1 AU.2 Event Logging NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NIST_SP_800-53_R5.1.1 AU.2 NIST_SP_800-53_R5.1.1_AU.2 NIST SP 800-53 R5.1.1 AU.2 Event Logging NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NIST_SP_800-53_R5.1.1 AU.2 NIST_SP_800-53_R5.1.1_AU.2 NIST SP 800-53 R5.1.1 AU.2 Event Logging NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring NIST_SP_800-53_R5.1.1 AU.2 NIST_SP_800-53_R5.1.1_AU.2 NIST SP 800-53 R5.1.1 AU.2 Event Logging NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General NIST_SP_800-53_R5.1.1 AU.2 NIST_SP_800-53_R5.1.1_AU.2 NIST SP 800-53 R5.1.1 AU.2 Event Logging NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache NIST_SP_800-53_R5.1.1 AU.2 NIST_SP_800-53_R5.1.1_AU.2 NIST SP 800-53 R5.1.1 AU.2 Event Logging NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring NIST_SP_800-53_R5.1.1 AU.2 NIST_SP_800-53_R5.1.1_AU.2 NIST SP 800-53 R5.1.1 AU.2 Event Logging NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration NIST_SP_800-53_R5.1.1 AU.2 NIST_SP_800-53_R5.1.1_AU.2 NIST SP 800-53 R5.1.1 AU.2 Event Logging NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NIST_SP_800-53_R5.1.1 AU.2 NIST_SP_800-53_R5.1.1_AU.2 NIST SP 800-53 R5.1.1 AU.2 Event Logging NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring NIST_SP_800-53_R5.1.1 AU.2 NIST_SP_800-53_R5.1.1_AU.2 NIST SP 800-53 R5.1.1 AU.2 Event Logging NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes NIST_SP_800-53_R5.1.1 AU.2 NIST_SP_800-53_R5.1.1_AU.2 NIST SP 800-53 R5.1.1 AU.2 Event Logging NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NIST_SP_800-53_R5.1.1 AU.2 NIST_SP_800-53_R5.1.1_AU.2 NIST SP 800-53 R5.1.1 AU.2 Event Logging NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NIST_SP_800-53_R5.1.1 AU.2 NIST_SP_800-53_R5.1.1_AU.2 NIST SP 800-53 R5.1.1 AU.2 Event Logging NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring NIST_SP_800-53_R5.1.1 AU.2 NIST_SP_800-53_R5.1.1_AU.2 NIST SP 800-53 R5.1.1 AU.2 Event Logging NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NIST_SP_800-53_R5.1.1 AU.2 NIST_SP_800-53_R5.1.1_AU.2 NIST SP 800-53 R5.1.1 AU.2 Event Logging NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NIST_SP_800-53_R5.1.1 AU.2 NIST_SP_800-53_R5.1.1_AU.2 NIST SP 800-53 R5.1.1 AU.2 Event Logging NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration NIST_SP_800-53_R5.1.1 AU.2 NIST_SP_800-53_R5.1.1_AU.2 NIST SP 800-53 R5.1.1 AU.2 Event Logging NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring NIST_SP_800-53_R5.1.1 AU.3 NIST_SP_800-53_R5.1.1_AU.3 NIST SP 800-53 R5.1.1 AU.3 Content of Audit Records NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration NIST_SP_800-53_R5.1.1 AU.3 NIST_SP_800-53_R5.1.1_AU.3 NIST SP 800-53 R5.1.1 AU.3 Content of Audit Records NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General NIST_SP_800-53_R5.1.1 AU.3 NIST_SP_800-53_R5.1.1_AU.3 NIST SP 800-53 R5.1.1 AU.3 Content of Audit Records NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring NIST_SP_800-53_R5.1.1 AU.3 NIST_SP_800-53_R5.1.1_AU.3 NIST SP 800-53 R5.1.1 AU.3 Content of Audit Records NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NIST_SP_800-53_R5.1.1 AU.3 NIST_SP_800-53_R5.1.1_AU.3 NIST SP 800-53 R5.1.1 AU.3 Content of Audit Records NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network NIST_SP_800-53_R5.1.1 AU.3 NIST_SP_800-53_R5.1.1_AU.3 NIST SP 800-53 R5.1.1 AU.3 Content of Audit Records NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NIST_SP_800-53_R5.1.1 AU.3 NIST_SP_800-53_R5.1.1_AU.3 NIST SP 800-53 R5.1.1 AU.3 Content of Audit Records NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch NIST_SP_800-53_R5.1.1 AU.3 NIST_SP_800-53_R5.1.1_AU.3 NIST SP 800-53 R5.1.1 AU.3 Content of Audit Records NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration NIST_SP_800-53_R5.1.1 AU.3 NIST_SP_800-53_R5.1.1_AU.3 NIST SP 800-53 R5.1.1 AU.3 Content of Audit Records NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring NIST_SP_800-53_R5.1.1 AU.4 NIST_SP_800-53_R5.1.1_AU.4 NIST SP 800-53 R5.1.1 AU.4 Audit Log Storage Capacity NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration NIST_SP_800-53_R5.1.1 AU.5 NIST_SP_800-53_R5.1.1_AU.5 NIST SP 800-53 R5.1.1 AU.5 Response to Audit Logging Process Failures NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring NIST_SP_800-53_R5.1.1 AU.5.2 NIST_SP_800-53_R5.1.1_AU.5.2 NIST SP 800-53 R5.1.1 AU.5.2 Response to Audit Logging Process Failures | Real-time Alerts NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring NIST_SP_800-53_R5.1.1 AU.6 NIST_SP_800-53_R5.1.1_AU.6 NIST SP 800-53 R5.1.1 AU.6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring NIST_SP_800-53_R5.1.1 AU.6 NIST_SP_800-53_R5.1.1_AU.6 NIST SP 800-53 R5.1.1 AU.6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration NIST_SP_800-53_R5.1.1 AU.6 NIST_SP_800-53_R5.1.1_AU.6 NIST SP 800-53 R5.1.1 AU.6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring NIST_SP_800-53_R5.1.1 AU.6 NIST_SP_800-53_R5.1.1_AU.6 NIST SP 800-53 R5.1.1 AU.6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring NIST_SP_800-53_R5.1.1 AU.6 NIST_SP_800-53_R5.1.1_AU.6 NIST SP 800-53 R5.1.1 AU.6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring NIST_SP_800-53_R5.1.1 AU.6 NIST_SP_800-53_R5.1.1_AU.6 NIST SP 800-53 R5.1.1 AU.6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration NIST_SP_800-53_R5.1.1 AU.6 NIST_SP_800-53_R5.1.1_AU.6 NIST SP 800-53 R5.1.1 AU.6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault NIST_SP_800-53_R5.1.1 AU.6 NIST_SP_800-53_R5.1.1_AU.6 NIST SP 800-53 R5.1.1 AU.6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring NIST_SP_800-53_R5.1.1 AU.6 NIST_SP_800-53_R5.1.1_AU.6 NIST SP 800-53 R5.1.1 AU.6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring NIST_SP_800-53_R5.1.1 AU.7 NIST_SP_800-53_R5.1.1_AU.7 NIST SP 800-53 R5.1.1 AU.7 Audit Record Reduction and Report Generation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NIST_SP_800-53_R5.1.1 AU.9 NIST_SP_800-53_R5.1.1_AU.9 NIST SP 800-53 R5.1.1 AU.9 Protection of Audit Information NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring NIST_SP_800-53_R5.1.1 AU.9 NIST_SP_800-53_R5.1.1_AU.9 NIST SP 800-53 R5.1.1 AU.9 Protection of Audit Information NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring NIST_SP_800-53_R5.1.1 AU.9 NIST_SP_800-53_R5.1.1_AU.9 NIST SP 800-53 R5.1.1 AU.9 Protection of Audit Information NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring NIST_SP_800-53_R5.1.1 AU.9 NIST_SP_800-53_R5.1.1_AU.9 NIST SP 800-53 R5.1.1 AU.9 Protection of Audit Information NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring NIST_SP_800-53_R5.1.1 AU.9.4 NIST_SP_800-53_R5.1.1_AU.9.4 NIST SP 800-53 R5.1.1 AU.9.4 Protection of Audit Information | Access by Subset of Privileged Users NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring NIST_SP_800-53_R5.1.1 AU.9.4 NIST_SP_800-53_R5.1.1_AU.9.4 NIST SP 800-53 R5.1.1 AU.9.4 Protection of Audit Information | Access by Subset of Privileged Users NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center NIST_SP_800-53_R5.1.1 CA.7 NIST_SP_800-53_R5.1.1_CA.7 NIST SP 800-53 R5.1.1 CA.7 Continuous Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center NIST_SP_800-53_R5.1.1 CA.7 NIST_SP_800-53_R5.1.1_CA.7 NIST SP 800-53 R5.1.1 CA.7 Continuous Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center NIST_SP_800-53_R5.1.1 CA.7 NIST_SP_800-53_R5.1.1_CA.7 NIST SP 800-53 R5.1.1 CA.7 Continuous Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R5.1.1 CA.7 NIST_SP_800-53_R5.1.1_CA.7 NIST SP 800-53 R5.1.1 CA.7 Continuous Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R5.1.1 CA.7 NIST_SP_800-53_R5.1.1_CA.7 NIST SP 800-53 R5.1.1 CA.7 Continuous Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R5.1.1 CA.7 NIST_SP_800-53_R5.1.1_CA.7 NIST SP 800-53 R5.1.1 CA.7 Continuous Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NIST_SP_800-53_R5.1.1 CA.7 NIST_SP_800-53_R5.1.1_CA.7 NIST SP 800-53 R5.1.1 CA.7 Continuous Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R5.1.1 CA.7 NIST_SP_800-53_R5.1.1_CA.7 NIST SP 800-53 R5.1.1 CA.7 Continuous Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center NIST_SP_800-53_R5.1.1 CA.7 NIST_SP_800-53_R5.1.1_CA.7 NIST SP 800-53 R5.1.1 CA.7 Continuous Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center NIST_SP_800-53_R5.1.1 CA.7 NIST_SP_800-53_R5.1.1_CA.7 NIST SP 800-53 R5.1.1 CA.7 Continuous Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R5.1.1 CA.7 NIST_SP_800-53_R5.1.1_CA.7 NIST SP 800-53 R5.1.1 CA.7 Continuous Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center NIST_SP_800-53_R5.1.1 CA.7 NIST_SP_800-53_R5.1.1_CA.7 NIST SP 800-53 R5.1.1 CA.7 Continuous Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R5.1.1 CA.7 NIST_SP_800-53_R5.1.1_CA.7 NIST SP 800-53 R5.1.1 CA.7 Continuous Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R5.1.1 CA.7 NIST_SP_800-53_R5.1.1_CA.7 NIST SP 800-53 R5.1.1 CA.7 Continuous Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center NIST_SP_800-53_R5.1.1 CA.7 NIST_SP_800-53_R5.1.1_CA.7 NIST SP 800-53 R5.1.1 CA.7 Continuous Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R5.1.1 CA.7 NIST_SP_800-53_R5.1.1_CA.7 NIST SP 800-53 R5.1.1 CA.7 Continuous Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center NIST_SP_800-53_R5.1.1 CA.7 NIST_SP_800-53_R5.1.1_CA.7 NIST SP 800-53 R5.1.1 CA.7 Continuous Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center NIST_SP_800-53_R5.1.1 CA.7.4 NIST_SP_800-53_R5.1.1_CA.7.4 NIST SP 800-53 R5.1.1 CA.7.4 Continuous Monitoring | Risk Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R5.1.1 CA.7.4 NIST_SP_800-53_R5.1.1_CA.7.4 NIST SP 800-53 R5.1.1 CA.7.4 Continuous Monitoring | Risk Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center NIST_SP_800-53_R5.1.1 CA.7.4 NIST_SP_800-53_R5.1.1_CA.7.4 NIST SP 800-53 R5.1.1 CA.7.4 Continuous Monitoring | Risk Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center NIST_SP_800-53_R5.1.1 CA.7.4 NIST_SP_800-53_R5.1.1_CA.7.4 NIST SP 800-53 R5.1.1 CA.7.4 Continuous Monitoring | Risk Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center NIST_SP_800-53_R5.1.1 CA.7.4 NIST_SP_800-53_R5.1.1_CA.7.4 NIST SP 800-53 R5.1.1 CA.7.4 Continuous Monitoring | Risk Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R5.1.1 CA.7.4 NIST_SP_800-53_R5.1.1_CA.7.4 NIST SP 800-53 R5.1.1 CA.7.4 Continuous Monitoring | Risk Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R5.1.1 CA.7.4 NIST_SP_800-53_R5.1.1_CA.7.4 NIST SP 800-53 R5.1.1 CA.7.4 Continuous Monitoring | Risk Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R5.1.1 CA.7.4 NIST_SP_800-53_R5.1.1_CA.7.4 NIST SP 800-53 R5.1.1 CA.7.4 Continuous Monitoring | Risk Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R5.1.1 CA.7.4 NIST_SP_800-53_R5.1.1_CA.7.4 NIST SP 800-53 R5.1.1 CA.7.4 Continuous Monitoring | Risk Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center NIST_SP_800-53_R5.1.1 CA.7.4 NIST_SP_800-53_R5.1.1_CA.7.4 NIST SP 800-53 R5.1.1 CA.7.4 Continuous Monitoring | Risk Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R5.1.1 CA.7.4 NIST_SP_800-53_R5.1.1_CA.7.4 NIST SP 800-53 R5.1.1 CA.7.4 Continuous Monitoring | Risk Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center NIST_SP_800-53_R5.1.1 CA.7.4 NIST_SP_800-53_R5.1.1_CA.7.4 NIST SP 800-53 R5.1.1 CA.7.4 Continuous Monitoring | Risk Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R5.1.1 CA.7.4 NIST_SP_800-53_R5.1.1_CA.7.4 NIST SP 800-53 R5.1.1 CA.7.4 Continuous Monitoring | Risk Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R5.1.1 CA.7.4 NIST_SP_800-53_R5.1.1_CA.7.4 NIST SP 800-53 R5.1.1 CA.7.4 Continuous Monitoring | Risk Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration NIST_SP_800-53_R5.1.1 CM.11 NIST_SP_800-53_R5.1.1_CM.11 NIST SP 800-53 R5.1.1 CM.11 User-installed Software NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes NIST_SP_800-53_R5.1.1 CM.2 NIST_SP_800-53_R5.1.1_CM.2 NIST SP 800-53 R5.1.1 CM.2 Baseline Configuration NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-53_R5.1.1 CM.2 NIST_SP_800-53_R5.1.1_CM.2 NIST SP 800-53 R5.1.1 CM.2 Baseline Configuration NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration NIST_SP_800-53_R5.1.1 CM.2 NIST_SP_800-53_R5.1.1_CM.2 NIST SP 800-53 R5.1.1 CM.2 Baseline Configuration NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute NIST_SP_800-53_R5.1.1 CM.2 NIST_SP_800-53_R5.1.1_CM.2 NIST SP 800-53 R5.1.1 CM.2 Baseline Configuration NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network NIST_SP_800-53_R5.1.1 CM.2 NIST_SP_800-53_R5.1.1_CM.2 NIST SP 800-53 R5.1.1 CM.2 Baseline Configuration NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration NIST_SP_800-53_R5.1.1 CM.2 NIST_SP_800-53_R5.1.1_CM.2 NIST SP 800-53 R5.1.1 CM.2 Baseline Configuration NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NIST_SP_800-53_R5.1.1 CM.2 NIST_SP_800-53_R5.1.1_CM.2 NIST SP 800-53 R5.1.1 CM.2 Baseline Configuration NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network NIST_SP_800-53_R5.1.1 CM.2 NIST_SP_800-53_R5.1.1_CM.2 NIST SP 800-53 R5.1.1 CM.2 Baseline Configuration NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NIST_SP_800-53_R5.1.1 CM.2 NIST_SP_800-53_R5.1.1_CM.2 NIST SP 800-53 R5.1.1 CM.2 Baseline Configuration NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1dc2fc00-2245-4143-99f4-874c937f13ef Azure API Management platform version should be stv2 API Management NIST_SP_800-53_R5.1.1 CM.2.2 NIST_SP_800-53_R5.1.1_CM.2.2 NIST SP 800-53 R5.1.1 CM.2.2 Baseline Configuration | Automation Support for Accuracy and Currency NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center NIST_SP_800-53_R5.1.1 CM.3 NIST_SP_800-53_R5.1.1_CM.3 NIST SP 800-53 R5.1.1 CM.3 Configuration Change Control NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NIST_SP_800-53_R5.1.1 CM.3.6 NIST_SP_800-53_R5.1.1_CM.3.6 NIST SP 800-53 R5.1.1 CM.3.6 Configuration Change Control | Cryptography Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault NIST_SP_800-53_R5.1.1 CM.3.6 NIST_SP_800-53_R5.1.1_CM.3.6 NIST SP 800-53 R5.1.1 CM.3.6 Configuration Change Control | Cryptography Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault NIST_SP_800-53_R5.1.1 CM.3.6 NIST_SP_800-53_R5.1.1_CM.3.6 NIST SP 800-53 R5.1.1 CM.3.6 Configuration Change Control | Cryptography Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NIST_SP_800-53_R5.1.1 CM.3.8 NIST_SP_800-53_R5.1.1_CM.3.8 NIST SP 800-53 R5.1.1 CM.3.8 Configuration Change Control | Prevent or Restrict Configuration Changes NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NIST_SP_800-53_R5.1.1 CM.4 NIST_SP_800-53_R5.1.1_CM.4 NIST SP 800-53 R5.1.1 CM.4 Impact Analyses NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center NIST_SP_800-53_R5.1.1 CM.4.2 NIST_SP_800-53_R5.1.1_CM.4.2 NIST SP 800-53 R5.1.1 CM.4.2 Impact Analyses | Verification of Controls NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NIST_SP_800-53_R5.1.1 CM.5 NIST_SP_800-53_R5.1.1_CM.5 NIST SP 800-53 R5.1.1 CM.5 Access Restrictions for Change NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-53_R5.1.1 CM.5 NIST_SP_800-53_R5.1.1_CM.5 NIST SP 800-53 R5.1.1 CM.5 Access Restrictions for Change NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus NIST_SP_800-53_R5.1.1 CM.5 NIST_SP_800-53_R5.1.1_CM.5 NIST SP 800-53 R5.1.1 CM.5 Access Restrictions for Change NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration NIST_SP_800-53_R5.1.1 CM.6 NIST_SP_800-53_R5.1.1_CM.6 NIST SP 800-53 R5.1.1 CM.6 Configuration Settings NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration NIST_SP_800-53_R5.1.1 CM.6 NIST_SP_800-53_R5.1.1_CM.6 NIST SP 800-53 R5.1.1 CM.6 Configuration Settings NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network NIST_SP_800-53_R5.1.1 CM.6 NIST_SP_800-53_R5.1.1_CM.6 NIST SP 800-53 R5.1.1 CM.6 Configuration Settings NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-53_R5.1.1 CM.6 NIST_SP_800-53_R5.1.1_CM.6 NIST SP 800-53 R5.1.1 CM.6 Configuration Settings NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration NIST_SP_800-53_R5.1.1 CM.6 NIST_SP_800-53_R5.1.1_CM.6 NIST SP 800-53 R5.1.1 CM.6 Configuration Settings NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
6b2122c1-8120-4ff5-801b-17625a355590 Azure Arc enabled Kubernetes clusters should have the Azure Policy extension installed Kubernetes NIST_SP_800-53_R5.1.1 CM.6 NIST_SP_800-53_R5.1.1_CM.6 NIST SP 800-53 R5.1.1 CM.6 Configuration Settings NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network NIST_SP_800-53_R5.1.1 CM.6 NIST_SP_800-53_R5.1.1_CM.6 NIST SP 800-53 R5.1.1 CM.6 Configuration Settings NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R5.1.1 CM.6 NIST_SP_800-53_R5.1.1_CM.6 NIST SP 800-53 R5.1.1 CM.6 Configuration Settings NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes NIST_SP_800-53_R5.1.1 CM.6 NIST_SP_800-53_R5.1.1_CM.6 NIST SP 800-53 R5.1.1 CM.6 Configuration Settings NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-53_R5.1.1 CM.6 NIST_SP_800-53_R5.1.1_CM.6 NIST SP 800-53 R5.1.1 CM.6 Configuration Settings NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration NIST_SP_800-53_R5.1.1 CM.6 NIST_SP_800-53_R5.1.1_CM.6 NIST SP 800-53 R5.1.1 CM.6 Configuration Settings NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute NIST_SP_800-53_R5.1.1 CM.6.1 NIST_SP_800-53_R5.1.1_CM.6.1 NIST SP 800-53 R5.1.1 CM.6.1 Configuration Settings | Automated Management, Application, and Verification NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center NIST_SP_800-53_R5.1.1 CM.6.1 NIST_SP_800-53_R5.1.1_CM.6.1 NIST SP 800-53 R5.1.1 CM.6.1 Configuration Settings | Automated Management, Application, and Verification NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration NIST_SP_800-53_R5.1.1 CM.6.1 NIST_SP_800-53_R5.1.1_CM.6.1 NIST SP 800-53 R5.1.1 CM.6.1 Configuration Settings | Automated Management, Application, and Verification NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NIST_SP_800-53_R5.1.1 CM.7 NIST_SP_800-53_R5.1.1_CM.7 NIST SP 800-53 R5.1.1 CM.7 Least Functionality NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NIST_SP_800-53_R5.1.1 CM.7 NIST_SP_800-53_R5.1.1_CM.7 NIST SP 800-53 R5.1.1 CM.7 Least Functionality NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration NIST_SP_800-53_R5.1.1 CM.7 NIST_SP_800-53_R5.1.1_CM.7 NIST SP 800-53 R5.1.1 CM.7 Least Functionality NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-53_R5.1.1 CM.7 NIST_SP_800-53_R5.1.1_CM.7 NIST SP 800-53 R5.1.1 CM.7 Least Functionality NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-53_R5.1.1 CM.7 NIST_SP_800-53_R5.1.1_CM.7 NIST SP 800-53 R5.1.1 CM.7 Least Functionality NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NIST_SP_800-53_R5.1.1 CM.7 NIST_SP_800-53_R5.1.1_CM.7 NIST SP 800-53 R5.1.1 CM.7 Least Functionality NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network NIST_SP_800-53_R5.1.1 CM.7 NIST_SP_800-53_R5.1.1_CM.7 NIST SP 800-53 R5.1.1 CM.7 Least Functionality NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration NIST_SP_800-53_R5.1.1 CM.7 NIST_SP_800-53_R5.1.1_CM.7 NIST SP 800-53 R5.1.1 CM.7 Least Functionality NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration NIST_SP_800-53_R5.1.1 CM.7 NIST_SP_800-53_R5.1.1_CM.7 NIST SP 800-53 R5.1.1 CM.7 Least Functionality NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration NIST_SP_800-53_R5.1.1 CM.7 NIST_SP_800-53_R5.1.1_CM.7 NIST SP 800-53 R5.1.1 CM.7 Least Functionality NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes NIST_SP_800-53_R5.1.1 CM.7 NIST_SP_800-53_R5.1.1_CM.7 NIST SP 800-53 R5.1.1 CM.7 Least Functionality NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NIST_SP_800-53_R5.1.1 CM.7 NIST_SP_800-53_R5.1.1_CM.7 NIST SP 800-53 R5.1.1 CM.7 Least Functionality NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration NIST_SP_800-53_R5.1.1 CM.7 NIST_SP_800-53_R5.1.1_CM.7 NIST SP 800-53 R5.1.1 CM.7 Least Functionality NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes NIST_SP_800-53_R5.1.1 CM.7 NIST_SP_800-53_R5.1.1_CM.7 NIST SP 800-53 R5.1.1 CM.7 Least Functionality NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NIST_SP_800-53_R5.1.1 CM.7 NIST_SP_800-53_R5.1.1_CM.7 NIST SP 800-53 R5.1.1 CM.7 Least Functionality NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes NIST_SP_800-53_R5.1.1 CM.7 NIST_SP_800-53_R5.1.1_CM.7 NIST SP 800-53 R5.1.1 CM.7 Least Functionality NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network NIST_SP_800-53_R5.1.1 CM.7 NIST_SP_800-53_R5.1.1_CM.7 NIST SP 800-53 R5.1.1 CM.7 Least Functionality NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration NIST_SP_800-53_R5.1.1 CM.7.1 NIST_SP_800-53_R5.1.1_CM.7.1 NIST SP 800-53 R5.1.1 CM.7.1 Least Functionality | Periodic Review NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network NIST_SP_800-53_R5.1.1 CM.7.1 NIST_SP_800-53_R5.1.1_CM.7.1 NIST SP 800-53 R5.1.1 CM.7.1 Least Functionality | Periodic Review NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration NIST_SP_800-53_R5.1.1 CM.7.1 NIST_SP_800-53_R5.1.1_CM.7.1 NIST SP 800-53 R5.1.1 CM.7.1 Least Functionality | Periodic Review NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center NIST_SP_800-53_R5.1.1 CM.7.1 NIST_SP_800-53_R5.1.1_CM.7.1 NIST SP 800-53 R5.1.1 CM.7.1 Least Functionality | Periodic Review NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network NIST_SP_800-53_R5.1.1 CM.7.1 NIST_SP_800-53_R5.1.1_CM.7.1 NIST SP 800-53 R5.1.1 CM.7.1 Least Functionality | Periodic Review NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration NIST_SP_800-53_R5.1.1 CM.7.2 NIST_SP_800-53_R5.1.1_CM.7.2 NIST SP 800-53 R5.1.1 CM.7.2 Least Functionality | Prevent Program Execution NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration NIST_SP_800-53_R5.1.1 CM.7.2 NIST_SP_800-53_R5.1.1_CM.7.2 NIST SP 800-53 R5.1.1 CM.7.2 Least Functionality | Prevent Program Execution NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration NIST_SP_800-53_R5.1.1 CM.7.5 NIST_SP_800-53_R5.1.1_CM.7.5 NIST SP 800-53 R5.1.1 CM.7.5 Least Functionality | Authorized Software NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center NIST_SP_800-53_R5.1.1 CM.7.5 NIST_SP_800-53_R5.1.1_CM.7.5 NIST SP 800-53 R5.1.1 CM.7.5 Least Functionality | Authorized Software NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NIST_SP_800-53_R5.1.1 CM.7.9 NIST_SP_800-53_R5.1.1_CM.7.9 NIST SP 800-53 R5.1.1 CM.7.9 Least Functionality | Prohibiting The Use of Unauthorized Hardware NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-53_R5.1.1 CM.8 NIST_SP_800-53_R5.1.1_CM.8 NIST SP 800-53 R5.1.1 CM.8 System Component Inventory NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network NIST_SP_800-53_R5.1.1 CM.8 NIST_SP_800-53_R5.1.1_CM.8 NIST SP 800-53 R5.1.1 CM.8 System Component Inventory NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring NIST_SP_800-53_R5.1.1 CM.8 NIST_SP_800-53_R5.1.1_CM.8 NIST SP 800-53 R5.1.1 CM.8 System Component Inventory NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute NIST_SP_800-53_R5.1.1 CM.8 NIST_SP_800-53_R5.1.1_CM.8 NIST SP 800-53 R5.1.1 CM.8 System Component Inventory NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring NIST_SP_800-53_R5.1.1 CM.8 NIST_SP_800-53_R5.1.1_CM.8 NIST SP 800-53 R5.1.1 CM.8 System Component Inventory NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring NIST_SP_800-53_R5.1.1 CM.8 NIST_SP_800-53_R5.1.1_CM.8 NIST SP 800-53 R5.1.1 CM.8 System Component Inventory NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ebb67efd-3c46-49b0-adfe-5599eb944998 Audit Windows machines that don't have the specified applications installed Guest Configuration NIST_SP_800-53_R5.1.1 CM.8.1 NIST_SP_800-53_R5.1.1_CM.8.1 NIST SP 800-53 R5.1.1 CM.8.1 System Component Inventory | Updates During Installation and Removal NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL NIST_SP_800-53_R5.1.1 CM.8.2 NIST_SP_800-53_R5.1.1_CM.8.2 NIST SP 800-53 R5.1.1 CM.8.2 System Component Inventory | Automated Maintenance NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute NIST_SP_800-53_R5.1.1 CM.8.3 NIST_SP_800-53_R5.1.1_CM.8.3 NIST SP 800-53 R5.1.1 CM.8.3 System Component Inventory | Automated Unauthorized Component Detection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NIST_SP_800-53_R5.1.1 CM.9 NIST_SP_800-53_R5.1.1_CM.9 NIST SP 800-53 R5.1.1 CM.9 Configuration Management Plan NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL NIST_SP_800-53_R5.1.1 CP.10 NIST_SP_800-53_R5.1.1_CP.10 NIST SP 800-53 R5.1.1 CP.10 System Recovery and Reconstitution NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault NIST_SP_800-53_R5.1.1 CP.10 NIST_SP_800-53_R5.1.1_CP.10 NIST SP 800-53 R5.1.1 CP.10 System Recovery and Reconstitution NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL NIST_SP_800-53_R5.1.1 CP.12 NIST_SP_800-53_R5.1.1_CP.12 NIST SP 800-53 R5.1.1 CP.12 Safe Mode NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NIST_SP_800-53_R5.1.1 CP.2 NIST_SP_800-53_R5.1.1_CP.2 NIST SP 800-53 R5.1.1 CP.2 Contingency Plan NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance NIST_SP_800-53_R5.1.1 CP.6 NIST_SP_800-53_R5.1.1_CP.6 NIST SP 800-53 R5.1.1 CP.6 Alternate Storage Site NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance NIST_SP_800-53_R5.1.1 CP.6 NIST_SP_800-53_R5.1.1_CP.6 NIST SP 800-53 R5.1.1 CP.6 Alternate Storage Site NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance NIST_SP_800-53_R5.1.1 CP.6.1 NIST_SP_800-53_R5.1.1_CP.6.1 NIST SP 800-53 R5.1.1 CP.6.1 Alternate Storage Site | Separation from Primary Site NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance NIST_SP_800-53_R5.1.1 CP.6.1 NIST_SP_800-53_R5.1.1_CP.6.1 NIST SP 800-53 R5.1.1 CP.6.1 Alternate Storage Site | Separation from Primary Site NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault NIST_SP_800-53_R5.1.1 CP.9 NIST_SP_800-53_R5.1.1_CP.9 NIST SP 800-53 R5.1.1 CP.9 System Backup NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL NIST_SP_800-53_R5.1.1 CP.9 NIST_SP_800-53_R5.1.1_CP.9 NIST SP 800-53 R5.1.1 CP.9 System Backup NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup NIST_SP_800-53_R5.1.1 CP.9 NIST_SP_800-53_R5.1.1_CP.9 NIST SP 800-53 R5.1.1 CP.9 System Backup NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL NIST_SP_800-53_R5.1.1 CP.9 NIST_SP_800-53_R5.1.1_CP.9 NIST SP 800-53 R5.1.1 CP.9 System Backup NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL NIST_SP_800-53_R5.1.1 CP.9.5 NIST_SP_800-53_R5.1.1_CP.9.5 NIST SP 800-53 R5.1.1 CP.9.5 System Backup | Transfer to Alternate Storage Site NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL NIST_SP_800-53_R5.1.1 CP.9.5 NIST_SP_800-53_R5.1.1_CP.9.5 NIST SP 800-53 R5.1.1 CP.9.5 System Backup | Transfer to Alternate Storage Site NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance NIST_SP_800-53_R5.1.1 CP.9.5 NIST_SP_800-53_R5.1.1_CP.9.5 NIST SP 800-53 R5.1.1 CP.9.5 System Backup | Transfer to Alternate Storage Site NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL NIST_SP_800-53_R5.1.1 CP.9.5 NIST_SP_800-53_R5.1.1_CP.9.5 NIST SP 800-53 R5.1.1 CP.9.5 System Backup | Transfer to Alternate Storage Site NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL NIST_SP_800-53_R5.1.1 CP.9.6 NIST_SP_800-53_R5.1.1_CP.9.6 NIST SP 800-53 R5.1.1 CP.9.6 System Backup | Redundant Secondary System NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance NIST_SP_800-53_R5.1.1 CP.9.6 NIST_SP_800-53_R5.1.1_CP.9.6 NIST SP 800-53 R5.1.1 CP.9.6 System Backup | Redundant Secondary System NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL NIST_SP_800-53_R5.1.1 CP.9.6 NIST_SP_800-53_R5.1.1_CP.9.6 NIST SP 800-53 R5.1.1 CP.9.6 System Backup | Redundant Secondary System NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL NIST_SP_800-53_R5.1.1 CP.9.6 NIST_SP_800-53_R5.1.1_CP.9.6 NIST SP 800-53 R5.1.1 CP.9.6 System Backup | Redundant Secondary System NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute NIST_SP_800-53_R5.1.1 IA.13.1 NIST_SP_800-53_R5.1.1_IA.13.1 NIST SP 800-53 R5.1.1 IA.13.1 Protection of Cryptographic Keys NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL NIST_SP_800-53_R5.1.1 IA.2 NIST_SP_800-53_R5.1.1_IA.2 NIST SP 800-53 R5.1.1 IA.2 Identification and Authentication (organizational Users) NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network NIST_SP_800-53_R5.1.1 IA.2 NIST_SP_800-53_R5.1.1_IA.2 NIST SP 800-53 R5.1.1 IA.2 Identification and Authentication (organizational Users) NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NIST_SP_800-53_R5.1.1 IA.2 NIST_SP_800-53_R5.1.1_IA.2 NIST SP 800-53 R5.1.1 IA.2 Identification and Authentication (organizational Users) NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL NIST_SP_800-53_R5.1.1 IA.2 NIST_SP_800-53_R5.1.1_IA.2 NIST SP 800-53 R5.1.1 IA.2 Identification and Authentication (organizational Users) NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse NIST_SP_800-53_R5.1.1 IA.2 NIST_SP_800-53_R5.1.1_IA.2 NIST SP 800-53 R5.1.1 IA.2 Identification and Authentication (organizational Users) NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage NIST_SP_800-53_R5.1.1 IA.2 NIST_SP_800-53_R5.1.1_IA.2 NIST SP 800-53 R5.1.1 IA.2 Identification and Authentication (organizational Users) NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault NIST_SP_800-53_R5.1.1 IA.2 NIST_SP_800-53_R5.1.1_IA.2 NIST SP 800-53 R5.1.1 IA.2 Identification and Authentication (organizational Users) NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NIST_SP_800-53_R5.1.1 IA.2 NIST_SP_800-53_R5.1.1_IA.2 NIST SP 800-53 R5.1.1 IA.2 Identification and Authentication (organizational Users) NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network NIST_SP_800-53_R5.1.1 IA.2.1 NIST_SP_800-53_R5.1.1_IA.2.1 NIST SP 800-53 R5.1.1 IA.2.1 Identification and Authentication (organizational Users) | Multi-factor Authentication to Privileged Accounts NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network NIST_SP_800-53_R5.1.1 IA.2.2 NIST_SP_800-53_R5.1.1_IA.2.2 NIST SP 800-53 R5.1.1 IA.2.2 Identification and Authentication (organizational Users) | Multi-factor Authentication to Non-privileged Accounts NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NIST_SP_800-53_R5.1.1 IA.3 NIST_SP_800-53_R5.1.1_IA.3 NIST SP 800-53 R5.1.1 IA.3 Device Identification and Authentication NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL NIST_SP_800-53_R5.1.1 IA.5 NIST_SP_800-53_R5.1.1_IA.5 NIST SP 800-53 R5.1.1 IA.5 Authenticator Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration NIST_SP_800-53_R5.1.1 IA.5 NIST_SP_800-53_R5.1.1_IA.5 NIST SP 800-53 R5.1.1 IA.5 Authenticator Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-53_R5.1.1 IA.5 NIST_SP_800-53_R5.1.1_IA.5 NIST SP 800-53 R5.1.1 IA.5 Authenticator Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NIST_SP_800-53_R5.1.1 IA.5 NIST_SP_800-53_R5.1.1_IA.5 NIST SP 800-53 R5.1.1 IA.5 Authenticator Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service NIST_SP_800-53_R5.1.1 IA.5.1 NIST_SP_800-53_R5.1.1_IA.5.1 NIST SP 800-53 R5.1.1 IA.5.1 Authenticator Management | Password-based Authentication NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration NIST_SP_800-53_R5.1.1 IA.5.1 NIST_SP_800-53_R5.1.1_IA.5.1 NIST SP 800-53 R5.1.1 IA.5.1 Authenticator Management | Password-based Authentication NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration NIST_SP_800-53_R5.1.1 IA.5.2 NIST_SP_800-53_R5.1.1_IA.5.2 NIST SP 800-53 R5.1.1 IA.5.2 Authenticator Management | Public Key-based Authentication NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault NIST_SP_800-53_R5.1.1 IA.7 NIST_SP_800-53_R5.1.1_IA.7 NIST SP 800-53 R5.1.1 IA.7 Cryptographic Module Authentication NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault NIST_SP_800-53_R5.1.1 IA.7 NIST_SP_800-53_R5.1.1_IA.7 NIST SP 800-53 R5.1.1 IA.7 Cryptographic Module Authentication NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NIST_SP_800-53_R5.1.1 IA.8 NIST_SP_800-53_R5.1.1_IA.8 NIST SP 800-53 R5.1.1 IA.8 Identification and Authentication (non-organizational Users) NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-53_R5.1.1 IA.8 NIST_SP_800-53_R5.1.1_IA.8 NIST SP 800-53 R5.1.1 IA.8 Identification and Authentication (non-organizational Users) NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_SP_800-53_R5.1.1 IR.1 NIST_SP_800-53_R5.1.1_IR.1 NIST SP 800-53 R5.1.1 IR.1 Policy and Procedures NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NIST_SP_800-53_R5.1.1 IR.5 NIST_SP_800-53_R5.1.1_IR.5 NIST SP 800-53 R5.1.1 IR.5 Incident Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NIST_SP_800-53_R5.1.1 IR.6 NIST_SP_800-53_R5.1.1_IR.6 NIST SP 800-53 R5.1.1 IR.6 Incident Reporting NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_SP_800-53_R5.1.1 IR.6 NIST_SP_800-53_R5.1.1_IR.6 NIST SP 800-53 R5.1.1 IR.6 Incident Reporting NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_SP_800-53_R5.1.1 IR.8 NIST_SP_800-53_R5.1.1_IR.8 NIST SP 800-53 R5.1.1 IR.8 Incident Response Plan NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration NIST_SP_800-53_R5.1.1 MA.4.1 NIST_SP_800-53_R5.1.1_MA.4.1 NIST SP 800-53 R5.1.1 MA.4.1 Nonlocal Maintenance | Logging and Review NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring NIST_SP_800-53_R5.1.1 MA.4.1 NIST_SP_800-53_R5.1.1_MA.4.1 NIST SP 800-53 R5.1.1 MA.4.1 Nonlocal Maintenance | Logging and Review NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL NIST_SP_800-53_R5.1.1 MA.4.1 NIST_SP_800-53_R5.1.1_MA.4.1 NIST SP 800-53 R5.1.1 MA.4.1 Nonlocal Maintenance | Logging and Review NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration NIST_SP_800-53_R5.1.1 MA.4.1 NIST_SP_800-53_R5.1.1_MA.4.1 NIST SP 800-53 R5.1.1 MA.4.1 Nonlocal Maintenance | Logging and Review NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault NIST_SP_800-53_R5.1.1 MP.6 NIST_SP_800-53_R5.1.1_MP.6 NIST SP 800-53 R5.1.1 MP.6 Media Sanitization NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R5.1.1 RA.5 NIST_SP_800-53_R5.1.1_RA.5 NIST SP 800-53 R5.1.1 RA.5 Vulnerability Monitoring and Scanning NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R5.1.1 RA.5 NIST_SP_800-53_R5.1.1_RA.5 NIST SP 800-53 R5.1.1 RA.5 Vulnerability Monitoring and Scanning NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center NIST_SP_800-53_R5.1.1 RA.5 NIST_SP_800-53_R5.1.1_RA.5 NIST SP 800-53 R5.1.1 RA.5 Vulnerability Monitoring and Scanning NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center NIST_SP_800-53_R5.1.1 RA.5 NIST_SP_800-53_R5.1.1_RA.5 NIST SP 800-53 R5.1.1 RA.5 Vulnerability Monitoring and Scanning NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center NIST_SP_800-53_R5.1.1 RA.5 NIST_SP_800-53_R5.1.1_RA.5 NIST SP 800-53 R5.1.1 RA.5 Vulnerability Monitoring and Scanning NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NIST_SP_800-53_R5.1.1 RA.5 NIST_SP_800-53_R5.1.1_RA.5 NIST SP 800-53 R5.1.1 RA.5 Vulnerability Monitoring and Scanning NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center NIST_SP_800-53_R5.1.1 RA.5 NIST_SP_800-53_R5.1.1_RA.5 NIST SP 800-53 R5.1.1 RA.5 Vulnerability Monitoring and Scanning NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center NIST_SP_800-53_R5.1.1 RA.5 NIST_SP_800-53_R5.1.1_RA.5 NIST SP 800-53 R5.1.1 RA.5 Vulnerability Monitoring and Scanning NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center NIST_SP_800-53_R5.1.1 RA.5 NIST_SP_800-53_R5.1.1_RA.5 NIST SP 800-53 R5.1.1 RA.5 Vulnerability Monitoring and Scanning NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center NIST_SP_800-53_R5.1.1 RA.5 NIST_SP_800-53_R5.1.1_RA.5 NIST SP 800-53 R5.1.1 RA.5 Vulnerability Monitoring and Scanning NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL NIST_SP_800-53_R5.1.1 RA.5 NIST_SP_800-53_R5.1.1_RA.5 NIST SP 800-53 R5.1.1 RA.5 Vulnerability Monitoring and Scanning NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center NIST_SP_800-53_R5.1.1 RA.5 NIST_SP_800-53_R5.1.1_RA.5 NIST SP 800-53 R5.1.1 RA.5 Vulnerability Monitoring and Scanning NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center NIST_SP_800-53_R5.1.1 RA.5 NIST_SP_800-53_R5.1.1_RA.5 NIST SP 800-53 R5.1.1 RA.5 Vulnerability Monitoring and Scanning NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R5.1.1 RA.5.2 NIST_SP_800-53_R5.1.1_RA.5.2 NIST SP 800-53 R5.1.1 RA.5.2 Vulnerability Monitoring and Scanning | Update Vulnerabilities to Be Scanned NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R5.1.1 RA.5.3 NIST_SP_800-53_R5.1.1_RA.5.3 NIST SP 800-53 R5.1.1 RA.5.3 Vulnerability Monitoring and Scanning | Breadth and Depth of Coverage NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NIST_SP_800-53_R5.1.1 RA.5.3 NIST_SP_800-53_R5.1.1_RA.5.3 NIST SP 800-53 R5.1.1 RA.5.3 Vulnerability Monitoring and Scanning | Breadth and Depth of Coverage NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R5.1.1 RA.5.6 NIST_SP_800-53_R5.1.1_RA.5.6 NIST SP 800-53 R5.1.1 RA.5.6 Vulnerability Monitoring and Scanning | Automated Trend Analyses NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NIST_SP_800-53_R5.1.1 RA.5.8 NIST_SP_800-53_R5.1.1_RA.5.8 NIST SP 800-53 R5.1.1 RA.5.8 Vulnerability Monitoring and Scanning | Review Historic Audit Logs NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-53_R5.1.1 SA.10 NIST_SP_800-53_R5.1.1_SA.10 NIST SP 800-53 R5.1.1 SA.10 Developer Configuration Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NIST_SP_800-53_R5.1.1 SA.10.1 NIST_SP_800-53_R5.1.1_SA.10.1 NIST SP 800-53 R5.1.1 SA.10.1 Developer Configuration Management | Software and Firmware Integrity Verification NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL NIST_SP_800-53_R5.1.1 SA.11.2 NIST_SP_800-53_R5.1.1_SA.11.2 NIST SP 800-53 R5.1.1 SA.11.2 Developer Testing and Evaluation | Threat Modeling and Vulnerability Analyses NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL NIST_SP_800-53_R5.1.1 SA.11.2 NIST_SP_800-53_R5.1.1_SA.11.2 NIST SP 800-53 R5.1.1 SA.11.2 Developer Testing and Evaluation | Threat Modeling and Vulnerability Analyses NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL NIST_SP_800-53_R5.1.1 SA.15.7 NIST_SP_800-53_R5.1.1_SA.15.7 NIST SP 800-53 R5.1.1 SA.15.7 Development Process, Standards, and Tools | Automated Vulnerability Analysis NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL NIST_SP_800-53_R5.1.1 SA.15.7 NIST_SP_800-53_R5.1.1_SA.15.7 NIST SP 800-53 R5.1.1 SA.15.7 Development Process, Standards, and Tools | Automated Vulnerability Analysis NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-53_R5.1.1 SA.22 NIST_SP_800-53_R5.1.1_SA.22 NIST SP 800-53 R5.1.1 SA.22 Unsupported System Components NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center NIST_SP_800-53_R5.1.1 SA.4.8 NIST_SP_800-53_R5.1.1_SA.4.8 NIST SP 800-53 R5.1.1 SA.4.8 Acquisition Process | Continuous Monitoring Plan for Controls NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things NIST_SP_800-53_R5.1.1 SA.9.6 NIST_SP_800-53_R5.1.1_SA.9.6 NIST SP 800-53 R5.1.1 SA.9.6 External System Services | Organization-controlled Cryptographic Keys NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NIST_SP_800-53_R5.1.1 SC.12 NIST_SP_800-53_R5.1.1_SC.12 NIST SP 800-53 R5.1.1 SC.12 Cryptographic Key Establishment and Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance NIST_SP_800-53_R5.1.1 SC.12 NIST_SP_800-53_R5.1.1_SC.12 NIST SP 800-53 R5.1.1 SC.12 Cryptographic Key Establishment and Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation NIST_SP_800-53_R5.1.1 SC.12 NIST_SP_800-53_R5.1.1_SC.12 NIST SP 800-53 R5.1.1 SC.12 Cryptographic Key Establishment and Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NIST_SP_800-53_R5.1.1 SC.12 NIST_SP_800-53_R5.1.1_SC.12 NIST SP 800-53 R5.1.1 SC.12 Cryptographic Key Establishment and Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute NIST_SP_800-53_R5.1.1 SC.12 NIST_SP_800-53_R5.1.1_SC.12 NIST SP 800-53 R5.1.1 SC.12 Cryptographic Key Establishment and Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics NIST_SP_800-53_R5.1.1 SC.12 NIST_SP_800-53_R5.1.1_SC.12 NIST SP 800-53 R5.1.1 SC.12 Cryptographic Key Establishment and Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration NIST_SP_800-53_R5.1.1 SC.12 NIST_SP_800-53_R5.1.1_SC.12 NIST SP 800-53 R5.1.1 SC.12 Cryptographic Key Establishment and Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-53_R5.1.1 SC.12 NIST_SP_800-53_R5.1.1_SC.12 NIST SP 800-53 R5.1.1 SC.12 Cryptographic Key Establishment and Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-53_R5.1.1 SC.12 NIST_SP_800-53_R5.1.1_SC.12 NIST SP 800-53 R5.1.1 SC.12 Cryptographic Key Establishment and Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault NIST_SP_800-53_R5.1.1 SC.12 NIST_SP_800-53_R5.1.1_SC.12 NIST SP 800-53 R5.1.1 SC.12 Cryptographic Key Establishment and Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage NIST_SP_800-53_R5.1.1 SC.12 NIST_SP_800-53_R5.1.1_SC.12 NIST SP 800-53 R5.1.1 SC.12 Cryptographic Key Establishment and Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault NIST_SP_800-53_R5.1.1 SC.12 NIST_SP_800-53_R5.1.1_SC.12 NIST SP 800-53 R5.1.1 SC.12 Cryptographic Key Establishment and Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute NIST_SP_800-53_R5.1.1 SC.12 NIST_SP_800-53_R5.1.1_SC.12 NIST SP 800-53 R5.1.1 SC.12 Cryptographic Key Establishment and Management NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things NIST_SP_800-53_R5.1.1 SC.12.2 NIST_SP_800-53_R5.1.1_SC.12.2 NIST SP 800-53 R5.1.1 SC.12.2 Cryptographic Key Establishment and Management | Symmetric Keys NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault NIST_SP_800-53_R5.1.1 SC.12.2 NIST_SP_800-53_R5.1.1_SC.12.2 NIST SP 800-53 R5.1.1 SC.12.2 Cryptographic Key Establishment and Management | Symmetric Keys NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault NIST_SP_800-53_R5.1.1 SC.12.3 NIST_SP_800-53_R5.1.1_SC.12.3 NIST SP 800-53 R5.1.1 SC.12.3 Cryptographic Key Establishment and Management | Asymmetric Keys NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault NIST_SP_800-53_R5.1.1 SC.12.3 NIST_SP_800-53_R5.1.1_SC.12.3 NIST SP 800-53 R5.1.1 SC.12.3 Cryptographic Key Establishment and Management | Asymmetric Keys NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center NIST_SP_800-53_R5.1.1 SC.13 NIST_SP_800-53_R5.1.1_SC.13 NIST SP 800-53 R5.1.1 SC.13 Cryptographic Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-53_R5.1.1 SC.13 NIST_SP_800-53_R5.1.1_SC.13 NIST SP 800-53 R5.1.1 SC.13 Cryptographic Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration NIST_SP_800-53_R5.1.1 SC.13 NIST_SP_800-53_R5.1.1_SC.13 NIST SP 800-53 R5.1.1 SC.13 Cryptographic Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-53_R5.1.1 SC.13 NIST_SP_800-53_R5.1.1_SC.13 NIST SP 800-53 R5.1.1 SC.13 Cryptographic Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration NIST_SP_800-53_R5.1.1 SC.13 NIST_SP_800-53_R5.1.1_SC.13 NIST SP 800-53 R5.1.1 SC.13 Cryptographic Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NIST_SP_800-53_R5.1.1 SC.13 NIST_SP_800-53_R5.1.1_SC.13 NIST SP 800-53 R5.1.1 SC.13 Cryptographic Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer NIST_SP_800-53_R5.1.1 SC.13 NIST_SP_800-53_R5.1.1_SC.13 NIST SP 800-53 R5.1.1 SC.13 Cryptographic Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance NIST_SP_800-53_R5.1.1 SC.13 NIST_SP_800-53_R5.1.1_SC.13 NIST SP 800-53 R5.1.1 SC.13 Cryptographic Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault NIST_SP_800-53_R5.1.1 SC.13 NIST_SP_800-53_R5.1.1_SC.13 NIST SP 800-53 R5.1.1 SC.13 Cryptographic Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation NIST_SP_800-53_R5.1.1 SC.13 NIST_SP_800-53_R5.1.1_SC.13 NIST SP 800-53 R5.1.1 SC.13 Cryptographic Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer NIST_SP_800-53_R5.1.1 SC.13 NIST_SP_800-53_R5.1.1_SC.13 NIST SP 800-53 R5.1.1 SC.13 Cryptographic Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute NIST_SP_800-53_R5.1.1 SC.13 NIST_SP_800-53_R5.1.1_SC.13 NIST SP 800-53 R5.1.1 SC.13 Cryptographic Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute NIST_SP_800-53_R5.1.1 SC.13 NIST_SP_800-53_R5.1.1_SC.13 NIST SP 800-53 R5.1.1 SC.13 Cryptographic Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics NIST_SP_800-53_R5.1.1 SC.13 NIST_SP_800-53_R5.1.1_SC.13 NIST SP 800-53 R5.1.1 SC.13 Cryptographic Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration NIST_SP_800-53_R5.1.1 SC.13 NIST_SP_800-53_R5.1.1_SC.13 NIST SP 800-53 R5.1.1 SC.13 Cryptographic Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault NIST_SP_800-53_R5.1.1 SC.13 NIST_SP_800-53_R5.1.1_SC.13 NIST SP 800-53 R5.1.1 SC.13 Cryptographic Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL NIST_SP_800-53_R5.1.1 SC.13 NIST_SP_800-53_R5.1.1_SC.13 NIST SP 800-53 R5.1.1 SC.13 Cryptographic Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-53_R5.1.1 SC.13 NIST_SP_800-53_R5.1.1_SC.13 NIST SP 800-53 R5.1.1 SC.13 Cryptographic Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL NIST_SP_800-53_R5.1.1 SC.13 NIST_SP_800-53_R5.1.1_SC.13 NIST SP 800-53 R5.1.1 SC.13 Cryptographic Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center NIST_SP_800-53_R5.1.1 SC.17 NIST_SP_800-53_R5.1.1_SC.17 NIST SP 800-53 R5.1.1 SC.17 Public Key Infrastructure Certificates NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NIST_SP_800-53_R5.1.1 SC.18 NIST_SP_800-53_R5.1.1_SC.18 NIST SP 800-53 R5.1.1 SC.18 Mobile Code NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NIST_SP_800-53_R5.1.1 SC.23 NIST_SP_800-53_R5.1.1_SC.23 NIST SP 800-53 R5.1.1 SC.23 Session Authenticity NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NIST_SP_800-53_R5.1.1 SC.23 NIST_SP_800-53_R5.1.1_SC.23 NIST SP 800-53 R5.1.1 SC.23 Session Authenticity NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ab6a902f-9493-453b-928d-62c30b11b5a6 Function apps should have Client Certificates (Incoming client certificates) enabled App Service NIST_SP_800-53_R5.1.1 SC.23.5 NIST_SP_800-53_R5.1.1_SC.23.5 NIST SP 800-53 R5.1.1 SC.23.5 Session Authenticity | Allowed Certificate Authorities NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer NIST_SP_800-53_R5.1.1 SC.28 NIST_SP_800-53_R5.1.1_SC.28 NIST SP 800-53 R5.1.1 SC.28 Protection of Information at Rest NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance NIST_SP_800-53_R5.1.1 SC.28 NIST_SP_800-53_R5.1.1_SC.28 NIST SP 800-53 R5.1.1 SC.28 Protection of Information at Rest NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration NIST_SP_800-53_R5.1.1 SC.28 NIST_SP_800-53_R5.1.1_SC.28 NIST SP 800-53 R5.1.1 SC.28 Protection of Information at Rest NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-53_R5.1.1 SC.28 NIST_SP_800-53_R5.1.1_SC.28 NIST SP 800-53 R5.1.1 SC.28 Protection of Information at Rest NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer NIST_SP_800-53_R5.1.1 SC.28 NIST_SP_800-53_R5.1.1_SC.28 NIST SP 800-53 R5.1.1 SC.28 Protection of Information at Rest NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation NIST_SP_800-53_R5.1.1 SC.28 NIST_SP_800-53_R5.1.1_SC.28 NIST SP 800-53 R5.1.1 SC.28 Protection of Information at Rest NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute NIST_SP_800-53_R5.1.1 SC.28 NIST_SP_800-53_R5.1.1_SC.28 NIST SP 800-53 R5.1.1 SC.28 Protection of Information at Rest NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute NIST_SP_800-53_R5.1.1 SC.28 NIST_SP_800-53_R5.1.1_SC.28 NIST SP 800-53 R5.1.1 SC.28 Protection of Information at Rest NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics NIST_SP_800-53_R5.1.1 SC.28 NIST_SP_800-53_R5.1.1_SC.28 NIST SP 800-53 R5.1.1 SC.28 Protection of Information at Rest NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration NIST_SP_800-53_R5.1.1 SC.28 NIST_SP_800-53_R5.1.1_SC.28 NIST SP 800-53 R5.1.1 SC.28 Protection of Information at Rest NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-53_R5.1.1 SC.28 NIST_SP_800-53_R5.1.1_SC.28 NIST SP 800-53 R5.1.1 SC.28 Protection of Information at Rest NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center NIST_SP_800-53_R5.1.1 SC.28 NIST_SP_800-53_R5.1.1_SC.28 NIST SP 800-53 R5.1.1 SC.28 Protection of Information at Rest NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-53_R5.1.1 SC.28 NIST_SP_800-53_R5.1.1_SC.28 NIST SP 800-53 R5.1.1 SC.28 Protection of Information at Rest NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage NIST_SP_800-53_R5.1.1 SC.28 NIST_SP_800-53_R5.1.1_SC.28 NIST SP 800-53 R5.1.1 SC.28 Protection of Information at Rest NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR NIST_SP_800-53_R5.1.1 SC.28 NIST_SP_800-53_R5.1.1_SC.28 NIST SP 800-53 R5.1.1 SC.28 Protection of Information at Rest NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage NIST_SP_800-53_R5.1.1 SC.28 NIST_SP_800-53_R5.1.1_SC.28 NIST SP 800-53 R5.1.1 SC.28 Protection of Information at Rest NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ca88aadc-6e2b-416c-9de2-5a0f01d1693f Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration NIST_SP_800-53_R5.1.1 SC.28 NIST_SP_800-53_R5.1.1_SC.28 NIST SP 800-53 R5.1.1 SC.28 Protection of Information at Rest NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage NIST_SP_800-53_R5.1.1 SC.28.1 NIST_SP_800-53_R5.1.1_SC.28.1 NIST SP 800-53 R5.1.1 SC.28.1 Protection of Information at Rest | Cryptographic Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration NIST_SP_800-53_R5.1.1 SC.28.1 NIST_SP_800-53_R5.1.1_SC.28.1 NIST SP 800-53 R5.1.1 SC.28.1 Protection of Information at Rest | Cryptographic Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute NIST_SP_800-53_R5.1.1 SC.28.1 NIST_SP_800-53_R5.1.1_SC.28.1 NIST SP 800-53 R5.1.1 SC.28.1 Protection of Information at Rest | Cryptographic Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring NIST_SP_800-53_R5.1.1 SC.28.1 NIST_SP_800-53_R5.1.1_SC.28.1 NIST SP 800-53 R5.1.1 SC.28.1 Protection of Information at Rest | Cryptographic Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute NIST_SP_800-53_R5.1.1 SC.28.1 NIST_SP_800-53_R5.1.1_SC.28.1 NIST SP 800-53 R5.1.1 SC.28.1 Protection of Information at Rest | Cryptographic Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services NIST_SP_800-53_R5.1.1 SC.28.1 NIST_SP_800-53_R5.1.1_SC.28.1 NIST SP 800-53 R5.1.1 SC.28.1 Protection of Information at Rest | Cryptographic Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things NIST_SP_800-53_R5.1.1 SC.28.1 NIST_SP_800-53_R5.1.1_SC.28.1 NIST SP 800-53 R5.1.1 SC.28.1 Protection of Information at Rest | Cryptographic Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration NIST_SP_800-53_R5.1.1 SC.28.1 NIST_SP_800-53_R5.1.1_SC.28.1 NIST SP 800-53 R5.1.1 SC.28.1 Protection of Information at Rest | Cryptographic Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer NIST_SP_800-53_R5.1.1 SC.28.1 NIST_SP_800-53_R5.1.1_SC.28.1 NIST SP 800-53 R5.1.1 SC.28.1 Protection of Information at Rest | Cryptographic Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault NIST_SP_800-53_R5.1.1 SC.28.3 NIST_SP_800-53_R5.1.1_SC.28.3 NIST SP 800-53 R5.1.1 SC.28.3 Protection of Information at Rest | Cryptographic Keys NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration NIST_SP_800-53_R5.1.1 SC.31 NIST_SP_800-53_R5.1.1_SC.31 NIST SP 800-53 R5.1.1 SC.31 Covert Channel Analysis NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration NIST_SP_800-53_R5.1.1 SC.32 NIST_SP_800-53_R5.1.1_SC.32 NIST SP 800-53 R5.1.1 SC.32 System Partitioning NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance NIST_SP_800-53_R5.1.1 SC.32 NIST_SP_800-53_R5.1.1_SC.32 NIST SP 800-53 R5.1.1 SC.32 System Partitioning NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network NIST_SP_800-53_R5.1.1 SC.32 NIST_SP_800-53_R5.1.1_SC.32 NIST SP 800-53 R5.1.1 SC.32 System Partitioning NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL NIST_SP_800-53_R5.1.1 SC.36.2 NIST_SP_800-53_R5.1.1_SC.36.2 NIST SP 800-53 R5.1.1 SC.36.2 Distributed Processing and Storage | Synchronization NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL NIST_SP_800-53_R5.1.1 SC.36.2 NIST_SP_800-53_R5.1.1_SC.36.2 NIST SP 800-53 R5.1.1 SC.36.2 Distributed Processing and Storage | Synchronization NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL NIST_SP_800-53_R5.1.1 SC.36.2 NIST_SP_800-53_R5.1.1_SC.36.2 NIST SP 800-53 R5.1.1 SC.36.2 Distributed Processing and Storage | Synchronization NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center NIST_SP_800-53_R5.1.1 SC.39 NIST_SP_800-53_R5.1.1_SC.39 NIST SP 800-53 R5.1.1 SC.39 Process Isolation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network NIST_SP_800-53_R5.1.1 SC.5 NIST_SP_800-53_R5.1.1_SC.5 NIST SP 800-53 R5.1.1 SC.5 Denial-of-service Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NIST_SP_800-53_R5.1.1 SC.5 NIST_SP_800-53_R5.1.1_SC.5 NIST SP 800-53 R5.1.1 SC.5 Denial-of-service Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NIST_SP_800-53_R5.1.1 SC.5.1 NIST_SP_800-53_R5.1.1_SC.5.1 NIST SP 800-53 R5.1.1 SC.5.1 Denial-of-service Protection | Restrict Ability to Attack Other Systems NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center NIST_SP_800-53_R5.1.1 SC.5.3 NIST_SP_800-53_R5.1.1_SC.5.3 NIST SP 800-53 R5.1.1 SC.5.3 Denial-of-service Protection | Detection and Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center NIST_SP_800-53_R5.1.1 SC.5.3 NIST_SP_800-53_R5.1.1_SC.5.3 NIST SP 800-53 R5.1.1 SC.5.3 Denial-of-service Protection | Detection and Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center NIST_SP_800-53_R5.1.1 SC.5.3 NIST_SP_800-53_R5.1.1_SC.5.3 NIST SP 800-53 R5.1.1 SC.5.3 Denial-of-service Protection | Detection and Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes NIST_SP_800-53_R5.1.1 SC.7 NIST_SP_800-53_R5.1.1_SC.7 NIST SP 800-53 R5.1.1 SC.7 Boundary Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network NIST_SP_800-53_R5.1.1 SC.7.3 NIST_SP_800-53_R5.1.1_SC.7.3 NIST SP 800-53 R5.1.1 SC.7.3 Boundary Protection | Access Points NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NIST_SP_800-53_R5.1.1 SC.7.3 NIST_SP_800-53_R5.1.1_SC.7.3 NIST SP 800-53 R5.1.1 SC.7.3 Boundary Protection | Access Points NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration NIST_SP_800-53_R5.1.1 SC.7.3 NIST_SP_800-53_R5.1.1_SC.7.3 NIST SP 800-53 R5.1.1 SC.7.3 Boundary Protection | Access Points NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services NIST_SP_800-53_R5.1.1 SC.7.3 NIST_SP_800-53_R5.1.1_SC.7.3 NIST SP 800-53 R5.1.1 SC.7.3 Boundary Protection | Access Points NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning NIST_SP_800-53_R5.1.1 SC.7.3 NIST_SP_800-53_R5.1.1_SC.7.3 NIST SP 800-53 R5.1.1 SC.7.3 Boundary Protection | Access Points NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL NIST_SP_800-53_R5.1.1 SC.7.3 NIST_SP_800-53_R5.1.1_SC.7.3 NIST SP 800-53 R5.1.1 SC.7.3 Boundary Protection | Access Points NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL NIST_SP_800-53_R5.1.1 SC.7.3 NIST_SP_800-53_R5.1.1_SC.7.3 NIST SP 800-53 R5.1.1 SC.7.3 Boundary Protection | Access Points NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup NIST_SP_800-53_R5.1.1 SC.7.3 NIST_SP_800-53_R5.1.1_SC.7.3 NIST SP 800-53 R5.1.1 SC.7.3 Boundary Protection | Access Points NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL NIST_SP_800-53_R5.1.1 SC.7.3 NIST_SP_800-53_R5.1.1_SC.7.3 NIST SP 800-53 R5.1.1 SC.7.3 Boundary Protection | Access Points NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NIST_SP_800-53_R5.1.1 SC.7.3 NIST_SP_800-53_R5.1.1_SC.7.3 NIST SP 800-53 R5.1.1 SC.7.3 Boundary Protection | Access Points NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring NIST_SP_800-53_R5.1.1 SC.7.3 NIST_SP_800-53_R5.1.1_SC.7.3 NIST SP 800-53 R5.1.1 SC.7.3 Boundary Protection | Access Points NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute NIST_SP_800-53_R5.1.1 SC.7.3 NIST_SP_800-53_R5.1.1_SC.7.3 NIST SP 800-53 R5.1.1 SC.7.3 Boundary Protection | Access Points NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring NIST_SP_800-53_R5.1.1 SC.7.3 NIST_SP_800-53_R5.1.1_SC.7.3 NIST SP 800-53 R5.1.1 SC.7.3 Boundary Protection | Access Points NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery NIST_SP_800-53_R5.1.1 SC.7.3 NIST_SP_800-53_R5.1.1_SC.7.3 NIST SP 800-53 R5.1.1 SC.7.3 Boundary Protection | Access Points NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance NIST_SP_800-53_R5.1.1 SC.7.3 NIST_SP_800-53_R5.1.1_SC.7.3 NIST SP 800-53 R5.1.1 SC.7.3 Boundary Protection | Access Points NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network NIST_SP_800-53_R5.1.1 SC.7.3 NIST_SP_800-53_R5.1.1_SC.7.3 NIST SP 800-53 R5.1.1 SC.7.3 Boundary Protection | Access Points NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NIST_SP_800-53_R5.1.1 SC.7.3 NIST_SP_800-53_R5.1.1_SC.7.3 NIST SP 800-53 R5.1.1 SC.7.3 Boundary Protection | Access Points NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-53_R5.1.1 SC.7.3 NIST_SP_800-53_R5.1.1_SC.7.3 NIST SP 800-53 R5.1.1 SC.7.3 Boundary Protection | Access Points NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NIST_SP_800-53_R5.1.1 SC.7.3 NIST_SP_800-53_R5.1.1_SC.7.3 NIST SP 800-53 R5.1.1 SC.7.3 Boundary Protection | Access Points NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-53_R5.1.1 SC.7.3 NIST_SP_800-53_R5.1.1_SC.7.3 NIST SP 800-53 R5.1.1 SC.7.3 Boundary Protection | Access Points NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NIST_SP_800-53_R5.1.1 SC.7.3 NIST_SP_800-53_R5.1.1_SC.7.3 NIST SP 800-53 R5.1.1 SC.7.3 Boundary Protection | Access Points NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry NIST_SP_800-53_R5.1.1 SC.7.3 NIST_SP_800-53_R5.1.1_SC.7.3 NIST SP 800-53 R5.1.1 SC.7.3 Boundary Protection | Access Points NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB NIST_SP_800-53_R5.1.1 SC.7.3 NIST_SP_800-53_R5.1.1_SC.7.3 NIST SP 800-53 R5.1.1 SC.7.3 Boundary Protection | Access Points NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NIST_SP_800-53_R5.1.1 SC.7.3 NIST_SP_800-53_R5.1.1_SC.7.3 NIST SP 800-53 R5.1.1 SC.7.3 Boundary Protection | Access Points NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-53_R5.1.1 SC.7.3 NIST_SP_800-53_R5.1.1_SC.7.3 NIST SP 800-53 R5.1.1 SC.7.3 Boundary Protection | Access Points NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NIST_SP_800-53_R5.1.1 SC.7.4 NIST_SP_800-53_R5.1.1_SC.7.4 NIST SP 800-53 R5.1.1 SC.7.4 Boundary Protection | External Telecommunications Services NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NIST_SP_800-53_R5.1.1 SC.7.5 NIST_SP_800-53_R5.1.1_SC.7.5 NIST SP 800-53 R5.1.1 SC.7.5 Boundary Protection | Deny by Default — Allow by Exception NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NIST_SP_800-53_R5.1.1 SC.7.5 NIST_SP_800-53_R5.1.1_SC.7.5 NIST SP 800-53 R5.1.1 SC.7.5 Boundary Protection | Deny by Default — Allow by Exception NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration NIST_SP_800-53_R5.1.1 SC.7.5 NIST_SP_800-53_R5.1.1_SC.7.5 NIST SP 800-53 R5.1.1 SC.7.5 Boundary Protection | Deny by Default — Allow by Exception NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL NIST_SP_800-53_R5.1.1 SC.7.5 NIST_SP_800-53_R5.1.1_SC.7.5 NIST SP 800-53 R5.1.1 SC.7.5 Boundary Protection | Deny by Default — Allow by Exception NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network NIST_SP_800-53_R5.1.1 SC.7.7 NIST_SP_800-53_R5.1.1_SC.7.7 NIST SP 800-53 R5.1.1 SC.7.7 Boundary Protection | Split Tunneling for Remote Devices NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
f1776c76-f58c-4245-a8d0-2b207198dc8b Virtual networks should use specified virtual network gateway Network NIST_SP_800-53_R5.1.1 SC.7.7 NIST_SP_800-53_R5.1.1_SC.7.7 NIST SP 800-53 R5.1.1 SC.7.7 Boundary Protection | Split Tunneling for Remote Devices NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network NIST_SP_800-53_R5.1.1 SC.7.7 NIST_SP_800-53_R5.1.1_SC.7.7 NIST SP 800-53 R5.1.1 SC.7.7 Boundary Protection | Split Tunneling for Remote Devices NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
35f9c03a-cc27-418e-9c0c-539ff999d010 Gateway subnets should not be configured with a network security group Network NIST_SP_800-53_R5.1.1 SC.7.7 NIST_SP_800-53_R5.1.1_SC.7.7 NIST SP 800-53 R5.1.1 SC.7.7 Boundary Protection | Split Tunneling for Remote Devices NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network NIST_SP_800-53_R5.1.1 SC.7.8 NIST_SP_800-53_R5.1.1_SC.7.8 NIST SP 800-53 R5.1.1 SC.7.8 Boundary Protection | Route Traffic to Authenticated Proxy Servers NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-53_R5.1.1 SC.8 NIST_SP_800-53_R5.1.1_SC.8 NIST SP 800-53 R5.1.1 SC.8 Transmission Confidentiality and Integrity NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL NIST_SP_800-53_R5.1.1 SC.8 NIST_SP_800-53_R5.1.1_SC.8 NIST SP 800-53 R5.1.1 SC.8 Transmission Confidentiality and Integrity NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL NIST_SP_800-53_R5.1.1 SC.8 NIST_SP_800-53_R5.1.1_SC.8 NIST SP 800-53 R5.1.1 SC.8 Transmission Confidentiality and Integrity NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-53_R5.1.1 SC.8 NIST_SP_800-53_R5.1.1_SC.8 NIST SP 800-53 R5.1.1 SC.8 Transmission Confidentiality and Integrity NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-53_R5.1.1 SC.8 NIST_SP_800-53_R5.1.1_SC.8 NIST SP 800-53 R5.1.1 SC.8 Transmission Confidentiality and Integrity NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network NIST_SP_800-53_R5.1.1 SC.8 NIST_SP_800-53_R5.1.1_SC.8 NIST SP 800-53 R5.1.1 SC.8 Transmission Confidentiality and Integrity NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL NIST_SP_800-53_R5.1.1 SC.8.1 NIST_SP_800-53_R5.1.1_SC.8.1 NIST SP 800-53 R5.1.1 SC.8.1 Transmission Confidentiality and Integrity | Cryptographic Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache NIST_SP_800-53_R5.1.1 SC.8.1 NIST_SP_800-53_R5.1.1_SC.8.1 NIST SP 800-53 R5.1.1 SC.8.1 Transmission Confidentiality and Integrity | Cryptographic Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL NIST_SP_800-53_R5.1.1 SC.8.1 NIST_SP_800-53_R5.1.1_SC.8.1 NIST SP 800-53 R5.1.1 SC.8.1 Transmission Confidentiality and Integrity | Cryptographic Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network NIST_SP_800-53_R5.1.1 SI.14 NIST_SP_800-53_R5.1.1_SI.14 NIST SP 800-53 R5.1.1 SI.14 Non-persistence NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R5.1.1 SI.16 NIST_SP_800-53_R5.1.1_SI.16 NIST SP 800-53 R5.1.1 SI.16 Memory Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R5.1.1 SI.16 NIST_SP_800-53_R5.1.1_SI.16 NIST SP 800-53 R5.1.1 SI.16 Memory Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center NIST_SP_800-53_R5.1.1 SI.16 NIST_SP_800-53_R5.1.1_SI.16 NIST SP 800-53 R5.1.1 SI.16 Memory Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R5.1.1 SI.16 NIST_SP_800-53_R5.1.1_SI.16 NIST SP 800-53 R5.1.1 SI.16 Memory Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center NIST_SP_800-53_R5.1.1 SI.16 NIST_SP_800-53_R5.1.1_SI.16 NIST SP 800-53 R5.1.1 SI.16 Memory Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center NIST_SP_800-53_R5.1.1 SI.16 NIST_SP_800-53_R5.1.1_SI.16 NIST SP 800-53 R5.1.1 SI.16 Memory Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center NIST_SP_800-53_R5.1.1 SI.16 NIST_SP_800-53_R5.1.1_SI.16 NIST SP 800-53 R5.1.1 SI.16 Memory Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R5.1.1 SI.16 NIST_SP_800-53_R5.1.1_SI.16 NIST SP 800-53 R5.1.1 SI.16 Memory Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center NIST_SP_800-53_R5.1.1 SI.2 NIST_SP_800-53_R5.1.1_SI.2 NIST SP 800-53 R5.1.1 SI.2 Flaw Remediation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center NIST_SP_800-53_R5.1.1 SI.2 NIST_SP_800-53_R5.1.1_SI.2 NIST SP 800-53 R5.1.1 SI.2 Flaw Remediation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager NIST_SP_800-53_R5.1.1 SI.2 NIST_SP_800-53_R5.1.1_SI.2 NIST SP 800-53 R5.1.1 SI.2 Flaw Remediation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center NIST_SP_800-53_R5.1.1 SI.2 NIST_SP_800-53_R5.1.1_SI.2 NIST SP 800-53 R5.1.1 SI.2 Flaw Remediation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center NIST_SP_800-53_R5.1.1 SI.2 NIST_SP_800-53_R5.1.1_SI.2 NIST SP 800-53 R5.1.1 SI.2 Flaw Remediation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning NIST_SP_800-53_R5.1.1 SI.2 NIST_SP_800-53_R5.1.1_SI.2 NIST SP 800-53 R5.1.1 SI.2 Flaw Remediation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center NIST_SP_800-53_R5.1.1 SI.2 NIST_SP_800-53_R5.1.1_SI.2 NIST SP 800-53 R5.1.1 SI.2 Flaw Remediation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL NIST_SP_800-53_R5.1.1 SI.2 NIST_SP_800-53_R5.1.1_SI.2 NIST SP 800-53 R5.1.1 SI.2 Flaw Remediation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center NIST_SP_800-53_R5.1.1 SI.2 NIST_SP_800-53_R5.1.1_SI.2 NIST SP 800-53 R5.1.1 SI.2 Flaw Remediation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center NIST_SP_800-53_R5.1.1 SI.2 NIST_SP_800-53_R5.1.1_SI.2 NIST SP 800-53 R5.1.1 SI.2 Flaw Remediation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center NIST_SP_800-53_R5.1.1 SI.2 NIST_SP_800-53_R5.1.1_SI.2 NIST SP 800-53 R5.1.1 SI.2 Flaw Remediation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center NIST_SP_800-53_R5.1.1 SI.2 NIST_SP_800-53_R5.1.1_SI.2 NIST SP 800-53 R5.1.1 SI.2 Flaw Remediation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center NIST_SP_800-53_R5.1.1 SI.2 NIST_SP_800-53_R5.1.1_SI.2 NIST SP 800-53 R5.1.1 SI.2 Flaw Remediation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NIST_SP_800-53_R5.1.1 SI.2 NIST_SP_800-53_R5.1.1_SI.2 NIST SP 800-53 R5.1.1 SI.2 Flaw Remediation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R5.1.1 SI.2 NIST_SP_800-53_R5.1.1_SI.2 NIST SP 800-53 R5.1.1 SI.2 Flaw Remediation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL NIST_SP_800-53_R5.1.1 SI.2 NIST_SP_800-53_R5.1.1_SI.2 NIST SP 800-53 R5.1.1 SI.2 Flaw Remediation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse NIST_SP_800-53_R5.1.1 SI.2 NIST_SP_800-53_R5.1.1_SI.2 NIST SP 800-53 R5.1.1 SI.2 Flaw Remediation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute NIST_SP_800-53_R5.1.1 SI.2 NIST_SP_800-53_R5.1.1_SI.2 NIST SP 800-53 R5.1.1 SI.2 Flaw Remediation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NIST_SP_800-53_R5.1.1 SI.2 NIST_SP_800-53_R5.1.1_SI.2 NIST SP 800-53 R5.1.1 SI.2 Flaw Remediation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NIST_SP_800-53_R5.1.1 SI.2 NIST_SP_800-53_R5.1.1_SI.2 NIST SP 800-53 R5.1.1 SI.2 Flaw Remediation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center NIST_SP_800-53_R5.1.1 SI.2 NIST_SP_800-53_R5.1.1_SI.2 NIST SP 800-53 R5.1.1 SI.2 Flaw Remediation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R5.1.1 SI.2 NIST_SP_800-53_R5.1.1_SI.2 NIST SP 800-53 R5.1.1 SI.2 Flaw Remediation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center NIST_SP_800-53_R5.1.1 SI.2 NIST_SP_800-53_R5.1.1_SI.2 NIST SP 800-53 R5.1.1 SI.2 Flaw Remediation NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center NIST_SP_800-53_R5.1.1 SI.2.4 NIST_SP_800-53_R5.1.1_SI.2.4 NIST SP 800-53 R5.1.1 SI.2.4 Flaw Remediation | Automated Patch Management Tools NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager NIST_SP_800-53_R5.1.1 SI.2.4 NIST_SP_800-53_R5.1.1_SI.2.4 NIST SP 800-53 R5.1.1 SI.2.4 Flaw Remediation | Automated Patch Management Tools NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R5.1.1 SI.3 NIST_SP_800-53_R5.1.1_SI.3 NIST SP 800-53 R5.1.1 SI.3 Malicious Code Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NIST_SP_800-53_R5.1.1 SI.3 NIST_SP_800-53_R5.1.1_SI.3 NIST SP 800-53 R5.1.1 SI.3 Malicious Code Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R5.1.1 SI.3 NIST_SP_800-53_R5.1.1_SI.3 NIST SP 800-53 R5.1.1 SI.3 Malicious Code Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center NIST_SP_800-53_R5.1.1 SI.3 NIST_SP_800-53_R5.1.1_SI.3 NIST SP 800-53 R5.1.1 SI.3 Malicious Code Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R5.1.1 SI.3 NIST_SP_800-53_R5.1.1_SI.3 NIST SP 800-53 R5.1.1 SI.3 Malicious Code Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute NIST_SP_800-53_R5.1.1 SI.3 NIST_SP_800-53_R5.1.1_SI.3 NIST SP 800-53 R5.1.1 SI.3 Malicious Code Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center NIST_SP_800-53_R5.1.1 SI.3 NIST_SP_800-53_R5.1.1_SI.3 NIST SP 800-53 R5.1.1 SI.3 Malicious Code Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network NIST_SP_800-53_R5.1.1 SI.3 NIST_SP_800-53_R5.1.1_SI.3 NIST SP 800-53 R5.1.1 SI.3 Malicious Code Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R5.1.1 SI.3 NIST_SP_800-53_R5.1.1_SI.3 NIST SP 800-53 R5.1.1 SI.3 Malicious Code Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R5.1.1 SI.3 NIST_SP_800-53_R5.1.1_SI.3 NIST SP 800-53 R5.1.1 SI.3 Malicious Code Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center NIST_SP_800-53_R5.1.1 SI.3 NIST_SP_800-53_R5.1.1_SI.3 NIST SP 800-53 R5.1.1 SI.3 Malicious Code Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R5.1.1 SI.3 NIST_SP_800-53_R5.1.1_SI.3 NIST SP 800-53 R5.1.1 SI.3 Malicious Code Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute NIST_SP_800-53_R5.1.1 SI.3 NIST_SP_800-53_R5.1.1_SI.3 NIST SP 800-53 R5.1.1 SI.3 Malicious Code Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R5.1.1 SI.3 NIST_SP_800-53_R5.1.1_SI.3 NIST SP 800-53 R5.1.1 SI.3 Malicious Code Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R5.1.1 SI.3 NIST_SP_800-53_R5.1.1_SI.3 NIST SP 800-53 R5.1.1 SI.3 Malicious Code Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes NIST_SP_800-53_R5.1.1 SI.3 NIST_SP_800-53_R5.1.1_SI.3 NIST SP 800-53 R5.1.1 SI.3 Malicious Code Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NIST_SP_800-53_R5.1.1 SI.3 NIST_SP_800-53_R5.1.1_SI.3 NIST SP 800-53 R5.1.1 SI.3 Malicious Code Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R5.1.1 SI.3 NIST_SP_800-53_R5.1.1_SI.3 NIST SP 800-53 R5.1.1 SI.3 Malicious Code Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center NIST_SP_800-53_R5.1.1 SI.3 NIST_SP_800-53_R5.1.1_SI.3 NIST SP 800-53 R5.1.1 SI.3 Malicious Code Protection NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center NIST_SP_800-53_R5.1.1 SI.4 NIST_SP_800-53_R5.1.1_SI.4 NIST SP 800-53 R5.1.1 SI.4 System Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring NIST_SP_800-53_R5.1.1 SI.4 NIST_SP_800-53_R5.1.1_SI.4 NIST SP 800-53 R5.1.1 SI.4 System Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring NIST_SP_800-53_R5.1.1 SI.4 NIST_SP_800-53_R5.1.1_SI.4 NIST SP 800-53 R5.1.1 SI.4 System Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network NIST_SP_800-53_R5.1.1 SI.4 NIST_SP_800-53_R5.1.1_SI.4 NIST SP 800-53 R5.1.1 SI.4 System Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center NIST_SP_800-53_R5.1.1 SI.4 NIST_SP_800-53_R5.1.1_SI.4 NIST SP 800-53 R5.1.1 SI.4 System Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center NIST_SP_800-53_R5.1.1 SI.4 NIST_SP_800-53_R5.1.1_SI.4 NIST SP 800-53 R5.1.1 SI.4 System Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NIST_SP_800-53_R5.1.1 SI.4 NIST_SP_800-53_R5.1.1_SI.4 NIST SP 800-53 R5.1.1 SI.4 System Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center NIST_SP_800-53_R5.1.1 SI.4 NIST_SP_800-53_R5.1.1_SI.4 NIST SP 800-53 R5.1.1 SI.4 System Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring NIST_SP_800-53_R5.1.1 SI.4 NIST_SP_800-53_R5.1.1_SI.4 NIST SP 800-53 R5.1.1 SI.4 System Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring NIST_SP_800-53_R5.1.1 SI.4 NIST_SP_800-53_R5.1.1_SI.4 NIST SP 800-53 R5.1.1 SI.4 System Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NIST_SP_800-53_R5.1.1 SI.4 NIST_SP_800-53_R5.1.1_SI.4 NIST SP 800-53 R5.1.1 SI.4 System Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring NIST_SP_800-53_R5.1.1 SI.4 NIST_SP_800-53_R5.1.1_SI.4 NIST SP 800-53 R5.1.1 SI.4 System Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring NIST_SP_800-53_R5.1.1 SI.4 NIST_SP_800-53_R5.1.1_SI.4 NIST SP 800-53 R5.1.1 SI.4 System Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center NIST_SP_800-53_R5.1.1 SI.4 NIST_SP_800-53_R5.1.1_SI.4 NIST SP 800-53 R5.1.1 SI.4 System Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R5.1.1 SI.4 NIST_SP_800-53_R5.1.1_SI.4 NIST SP 800-53 R5.1.1 SI.4 System Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R5.1.1 SI.4 NIST_SP_800-53_R5.1.1_SI.4 NIST SP 800-53 R5.1.1 SI.4 System Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center NIST_SP_800-53_R5.1.1 SI.4 NIST_SP_800-53_R5.1.1_SI.4 NIST SP 800-53 R5.1.1 SI.4 System Monitoring NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NIST_SP_800-53_R5.1.1 SI.4.2 NIST_SP_800-53_R5.1.1_SI.4.2 NIST SP 800-53 R5.1.1 SI.4.2 System Monitoring | Automated Tools and Mechanisms for Real-time Analysis NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NIST_SP_800-53_R5.1.1 SI.4.4 NIST_SP_800-53_R5.1.1_SI.4.4 NIST SP 800-53 R5.1.1 SI.4.4 System Monitoring | Inbound and Outbound Communications Traffic NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring NIST_SP_800-53_R5.1.1 SI.4.5 NIST_SP_800-53_R5.1.1_SI.4.5 NIST SP 800-53 R5.1.1 SI.4.5 System Monitoring | System-generated Alerts NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-53_R5.1.1 SI.4.5 NIST_SP_800-53_R5.1.1_SI.4.5 NIST SP 800-53 R5.1.1 SI.4.5 System Monitoring | System-generated Alerts NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NIST_SP_800-53_R5.1.1 SI.4.5 NIST_SP_800-53_R5.1.1_SI.4.5 NIST SP 800-53 R5.1.1 SI.4.5 System Monitoring | System-generated Alerts NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring NIST_SP_800-53_R5.1.1 SI.7 NIST_SP_800-53_R5.1.1_SI.7 NIST SP 800-53 R5.1.1 SI.7 Software, Firmware, and Information Integrity NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center NIST_SP_800-53_R5.1.1 SI.7 NIST_SP_800-53_R5.1.1_SI.7 NIST SP 800-53 R5.1.1 SI.7 Software, Firmware, and Information Integrity NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R5.1.1 SI.7 NIST_SP_800-53_R5.1.1_SI.7 NIST SP 800-53 R5.1.1 SI.7 Software, Firmware, and Information Integrity NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center NIST_SP_800-53_R5.1.1 SI.7 NIST_SP_800-53_R5.1.1_SI.7 NIST SP 800-53 R5.1.1 SI.7 Software, Firmware, and Information Integrity NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center NIST_SP_800-53_R5.1.1 SI.7 NIST_SP_800-53_R5.1.1_SI.7 NIST SP 800-53 R5.1.1 SI.7 Software, Firmware, and Information Integrity NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NIST_SP_800-53_R5.1.1 SI.7 NIST_SP_800-53_R5.1.1_SI.7 NIST SP 800-53 R5.1.1 SI.7 Software, Firmware, and Information Integrity NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center NIST_SP_800-53_R5.1.1 SI.7 NIST_SP_800-53_R5.1.1_SI.7 NIST SP 800-53 R5.1.1 SI.7 Software, Firmware, and Information Integrity NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration NIST_SP_800-53_R5.1.1 SI.7.1 NIST_SP_800-53_R5.1.1_SI.7.1 NIST SP 800-53 R5.1.1 SI.7.1 Software, Firmware, and Information Integrity | Integrity Checks NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault NIST_SP_800-53_R5.1.1 SI.7.5 NIST_SP_800-53_R5.1.1_SI.7.5 NIST SP 800-53 R5.1.1 SI.7.5 Software, Firmware, and Information Integrity | Automated Response to Integrity Violations NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault NIST_SP_800-53_R5.1.1 SI.7.5 NIST_SP_800-53_R5.1.1_SI.7.5 NIST SP 800-53 R5.1.1 SI.7.5 Software, Firmware, and Information Integrity | Automated Response to Integrity Violations NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault NIST_SP_800-53_R5.1.1 SI.7.5 NIST_SP_800-53_R5.1.1_SI.7.5 NIST SP 800-53 R5.1.1 SI.7.5 Software, Firmware, and Information Integrity | Automated Response to Integrity Violations NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault NIST_SP_800-53_R5.1.1 SI.7.5 NIST_SP_800-53_R5.1.1_SI.7.5 NIST SP 800-53 R5.1.1 SI.7.5 Software, Firmware, and Information Integrity | Automated Response to Integrity Violations NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center NIST_SP_800-53_R5.1.1 SI.7.8 NIST_SP_800-53_R5.1.1_SI.7.8 NIST SP 800-53 R5.1.1 SI.7.8 Software, Firmware, and Information Integrity | Auditing Capability for Significant Events NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center NIST_SP_800-53_R5.1.1 SI.7.8 NIST_SP_800-53_R5.1.1_SI.7.8 NIST SP 800-53 R5.1.1 SI.7.8 Software, Firmware, and Information Integrity | Auditing Capability for Significant Events NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center NIST_SP_800-53_R5.1.1 SI.7.9 NIST_SP_800-53_R5.1.1_SI.7.9 NIST SP 800-53 R5.1.1 SI.7.9 Software, Firmware, and Information Integrity | Verify Boot Process NIST SP 800-53 R5.1.1 (60205a79-6280-4e20-a147-e2011e09dc78)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance NIST_SP_800-53_R5 AC-1 NIST_SP_800-53_R5_AC-1 NIST SP 800-53 Rev. 5 AC-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance NIST_SP_800-53_R5 AC-1 NIST_SP_800-53_R5_AC-1 NIST SP 800-53 Rev. 5 AC-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance NIST_SP_800-53_R5 AC-1 NIST_SP_800-53_R5_AC-1 NIST SP 800-53 Rev. 5 AC-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance NIST_SP_800-53_R5 AC-1 NIST_SP_800-53_R5_AC-1 NIST SP 800-53 Rev. 5 AC-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d8350d4c-9314-400b-288f-20ddfce04fbd Define and enforce the limit of concurrent sessions Regulatory Compliance NIST_SP_800-53_R5 AC-10 NIST_SP_800-53_R5_AC-10 NIST SP 800-53 Rev. 5 AC-10 Concurrent Session Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance NIST_SP_800-53_R5 AC-12 NIST_SP_800-53_R5_AC-12 NIST SP 800-53 Rev. 5 AC-12 Session Termination NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
db580551-0b3c-4ea1-8a4c-4cdb5feb340f Provide the logout capability Regulatory Compliance NIST_SP_800-53_R5 AC-12(1) NIST_SP_800-53_R5_AC-12(1) NIST SP 800-53 Rev. 5 AC-12 (1) User-initiated Logouts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0471c6b7-1588-701c-2713-1fade73b75f6 Display an explicit logout message Regulatory Compliance NIST_SP_800-53_R5 AC-12(1) NIST_SP_800-53_R5_AC-12(1) NIST SP 800-53 Rev. 5 AC-12 (1) User-initiated Logouts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication Regulatory Compliance NIST_SP_800-53_R5 AC-14 NIST_SP_800-53_R5_AC-14 NIST SP 800-53 Rev. 5 AC-14 Permitted Actions Without Identification or Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R5 AC-16 NIST_SP_800-53_R5_AC-16 NIST SP 800-53 Rev. 5 AC-16 Security and Privacy Attributes NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R5 AC-16 NIST_SP_800-53_R5_AC-16 NIST SP 800-53 Rev. 5 AC-16 Security and Privacy Attributes NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance NIST_SP_800-53_R5 AC-17(2) NIST_SP_800-53_R5_AC-17(2) NIST SP 800-53 Rev. 5 AC-17 (2) Protection of Confidentiality and Integrity Using Encryption NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance NIST_SP_800-53_R5 AC-17(2) NIST_SP_800-53_R5_AC-17(2) NIST SP 800-53 Rev. 5 AC-17 (2) Protection of Confidentiality and Integrity Using Encryption NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance NIST_SP_800-53_R5 AC-17(3) NIST_SP_800-53_R5_AC-17(3) NIST SP 800-53 Rev. 5 AC-17 (3) Managed Access Control Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance NIST_SP_800-53_R5 AC-17(4) NIST_SP_800-53_R5_AC-17(4) NIST SP 800-53 Rev. 5 AC-17 (4) Privileged Commands and Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance NIST_SP_800-53_R5 AC-17(4) NIST_SP_800-53_R5_AC-17(4) NIST SP 800-53 Rev. 5 AC-17 (4) Privileged Commands and Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance NIST_SP_800-53_R5 AC-17(4) NIST_SP_800-53_R5_AC-17(4) NIST SP 800-53 Rev. 5 AC-17 (4) Privileged Commands and Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance NIST_SP_800-53_R5 AC-17(4) NIST_SP_800-53_R5_AC-17(4) NIST SP 800-53 Rev. 5 AC-17 (4) Privileged Commands and Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
01c387ea-383d-4ca9-295a-977fab516b03 Authorize remote access to privileged commands Regulatory Compliance NIST_SP_800-53_R5 AC-17(4) NIST_SP_800-53_R5_AC-17(4) NIST SP 800-53 Rev. 5 AC-17 (4) Privileged Commands and Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4edaca8c-0912-1ac5-9eaa-6a1057740fae Provide capability to disconnect or disable remote access Regulatory Compliance NIST_SP_800-53_R5 AC-17(9) NIST_SP_800-53_R5_AC-17(9) NIST SP 800-53 Rev. 5 AC-17 (9) Disconnect or Disable Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance NIST_SP_800-53_R5 AC-18 NIST_SP_800-53_R5_AC-18 NIST SP 800-53 Rev. 5 AC-18 Wireless Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance NIST_SP_800-53_R5 AC-18 NIST_SP_800-53_R5_AC-18 NIST SP 800-53 Rev. 5 AC-18 Wireless Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance NIST_SP_800-53_R5 AC-18(1) NIST_SP_800-53_R5_AC-18(1) NIST SP 800-53 Rev. 5 AC-18 (1) Authentication and Encryption NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance NIST_SP_800-53_R5 AC-18(1) NIST_SP_800-53_R5_AC-18(1) NIST SP 800-53 Rev. 5 AC-18 (1) Authentication and Encryption NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance NIST_SP_800-53_R5 AC-18(1) NIST_SP_800-53_R5_AC-18(1) NIST SP 800-53 Rev. 5 AC-18 (1) Authentication and Encryption NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance NIST_SP_800-53_R5 AC-19 NIST_SP_800-53_R5_AC-19 NIST SP 800-53 Rev. 5 AC-19 Access Control for Mobile Devices NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance NIST_SP_800-53_R5 AC-19(5) NIST_SP_800-53_R5_AC-19(5) NIST SP 800-53 Rev. 5 AC-19 (5) Full Device or Container-based Encryption NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance NIST_SP_800-53_R5 AC-19(5) NIST_SP_800-53_R5_AC-19(5) NIST SP 800-53 Rev. 5 AC-19 (5) Full Device or Container-based Encryption NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts Regulatory Compliance NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance NIST_SP_800-53_R5 AC-2(1) NIST_SP_800-53_R5_AC-2(1) NIST SP 800-53 Rev. 5 AC-2 (1) Automated System Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance NIST_SP_800-53_R5 AC-2(1) NIST_SP_800-53_R5_AC-2(1) NIST SP 800-53 Rev. 5 AC-2 (1) Automated System Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance NIST_SP_800-53_R5 AC-2(1) NIST_SP_800-53_R5_AC-2(1) NIST SP 800-53 Rev. 5 AC-2 (1) Automated System Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance NIST_SP_800-53_R5 AC-2(1) NIST_SP_800-53_R5_AC-2(1) NIST SP 800-53 Rev. 5 AC-2 (1) Automated System Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-53_R5 AC-2(1) NIST_SP_800-53_R5_AC-2(1) NIST SP 800-53 Rev. 5 AC-2 (1) Automated System Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-53_R5 AC-2(1) NIST_SP_800-53_R5_AC-2(1) NIST SP 800-53 Rev. 5 AC-2 (1) Automated System Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-53_R5 AC-2(1) NIST_SP_800-53_R5_AC-2(1) NIST SP 800-53 Rev. 5 AC-2 (1) Automated System Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fd81a1b3-2d7a-107c-507e-29b87d040c19 Enforce appropriate usage of all accounts Regulatory Compliance NIST_SP_800-53_R5 AC-2(11) NIST_SP_800-53_R5_AC-2(11) NIST SP 800-53 Rev. 5 AC-2 (11) Usage Conditions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R5 AC-2(12) NIST_SP_800-53_R5_AC-2(12) NIST SP 800-53 Rev. 5 AC-2 (12) Account Monitoring for Atypical Usage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R5 AC-2(12) NIST_SP_800-53_R5_AC-2(12) NIST SP 800-53 Rev. 5 AC-2 (12) Account Monitoring for Atypical Usage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R5 AC-2(12) NIST_SP_800-53_R5_AC-2(12) NIST SP 800-53 Rev. 5 AC-2 (12) Account Monitoring for Atypical Usage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIST_SP_800-53_R5 AC-2(12) NIST_SP_800-53_R5_AC-2(12) NIST SP 800-53 Rev. 5 AC-2 (12) Account Monitoring for Atypical Usage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R5 AC-2(12) NIST_SP_800-53_R5_AC-2(12) NIST SP 800-53 Rev. 5 AC-2 (12) Account Monitoring for Atypical Usage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R5 AC-2(12) NIST_SP_800-53_R5_AC-2(12) NIST SP 800-53 Rev. 5 AC-2 (12) Account Monitoring for Atypical Usage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R5 AC-2(12) NIST_SP_800-53_R5_AC-2(12) NIST SP 800-53 Rev. 5 AC-2 (12) Account Monitoring for Atypical Usage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R5 AC-2(12) NIST_SP_800-53_R5_AC-2(12) NIST SP 800-53 Rev. 5 AC-2 (12) Account Monitoring for Atypical Usage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance NIST_SP_800-53_R5 AC-2(12) NIST_SP_800-53_R5_AC-2(12) NIST SP 800-53 Rev. 5 AC-2 (12) Account Monitoring for Atypical Usage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R5 AC-2(12) NIST_SP_800-53_R5_AC-2(12) NIST SP 800-53 Rev. 5 AC-2 (12) Account Monitoring for Atypical Usage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R5 AC-2(12) NIST_SP_800-53_R5_AC-2(12) NIST SP 800-53 Rev. 5 AC-2 (12) Account Monitoring for Atypical Usage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R5 AC-2(12) NIST_SP_800-53_R5_AC-2(12) NIST SP 800-53 Rev. 5 AC-2 (12) Account Monitoring for Atypical Usage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e4054c0e-1184-09e6-4c5e-701e0bc90f81 Report atypical behavior of user accounts Regulatory Compliance NIST_SP_800-53_R5 AC-2(12) NIST_SP_800-53_R5_AC-2(12) NIST SP 800-53 Rev. 5 AC-2 (12) Account Monitoring for Atypical Usage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
22c16ae4-19d0-29cb-422f-cb44061180ee Disable user accounts posing a significant risk Regulatory Compliance NIST_SP_800-53_R5 AC-2(13) NIST_SP_800-53_R5_AC-2(13) NIST SP 800-53 Rev. 5 AC-2 (13) Disable Accounts for High-risk Individuals NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance NIST_SP_800-53_R5 AC-2(3) NIST_SP_800-53_R5_AC-2(3) NIST SP 800-53 Rev. 5 AC-2 (3) Disable Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance NIST_SP_800-53_R5 AC-2(3) NIST_SP_800-53_R5_AC-2(3) NIST SP 800-53 Rev. 5 AC-2 (3) Disable Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance NIST_SP_800-53_R5 AC-2(4) NIST_SP_800-53_R5_AC-2(4) NIST SP 800-53 Rev. 5 AC-2 (4) Automated Audit Actions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance NIST_SP_800-53_R5 AC-2(4) NIST_SP_800-53_R5_AC-2(4) NIST SP 800-53 Rev. 5 AC-2 (4) Automated Audit Actions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance NIST_SP_800-53_R5 AC-2(4) NIST_SP_800-53_R5_AC-2(4) NIST SP 800-53 Rev. 5 AC-2 (4) Automated Audit Actions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance NIST_SP_800-53_R5 AC-2(4) NIST_SP_800-53_R5_AC-2(4) NIST SP 800-53 Rev. 5 AC-2 (4) Automated Audit Actions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance NIST_SP_800-53_R5 AC-2(4) NIST_SP_800-53_R5_AC-2(4) NIST SP 800-53 Rev. 5 AC-2 (4) Automated Audit Actions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2af4640d-11a6-a64b-5ceb-a468f4341c0c Define and enforce inactivity log policy Regulatory Compliance NIST_SP_800-53_R5 AC-2(5) NIST_SP_800-53_R5_AC-2(5) NIST SP 800-53 Rev. 5 AC-2 (5) Inactivity Logout NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance NIST_SP_800-53_R5 AC-2(7) NIST_SP_800-53_R5_AC-2(7) NIST SP 800-53 Rev. 5 AC-2 (7) Privileged User Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-53_R5 AC-2(7) NIST_SP_800-53_R5_AC-2(7) NIST SP 800-53 Rev. 5 AC-2 (7) Privileged User Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance NIST_SP_800-53_R5 AC-2(7) NIST_SP_800-53_R5_AC-2(7) NIST SP 800-53 Rev. 5 AC-2 (7) Privileged User Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance NIST_SP_800-53_R5 AC-2(7) NIST_SP_800-53_R5_AC-2(7) NIST SP 800-53 Rev. 5 AC-2 (7) Privileged User Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance NIST_SP_800-53_R5 AC-2(7) NIST_SP_800-53_R5_AC-2(7) NIST SP 800-53 Rev. 5 AC-2 (7) Privileged User Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance NIST_SP_800-53_R5 AC-2(7) NIST_SP_800-53_R5_AC-2(7) NIST SP 800-53 Rev. 5 AC-2 (7) Privileged User Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-53_R5 AC-2(7) NIST_SP_800-53_R5_AC-2(7) NIST SP 800-53 Rev. 5 AC-2 (7) Privileged User Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-53_R5 AC-2(7) NIST_SP_800-53_R5_AC-2(7) NIST SP 800-53 Rev. 5 AC-2 (7) Privileged User Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General NIST_SP_800-53_R5 AC-2(7) NIST_SP_800-53_R5_AC-2(7) NIST SP 800-53 Rev. 5 AC-2 (7) Privileged User Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance NIST_SP_800-53_R5 AC-2(7) NIST_SP_800-53_R5_AC-2(7) NIST SP 800-53 Rev. 5 AC-2 (7) Privileged User Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts Regulatory Compliance NIST_SP_800-53_R5 AC-2(9) NIST_SP_800-53_R5_AC-2(9) NIST SP 800-53 Rev. 5 AC-2 (9) Restrictions on Use of Shared and Group Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance NIST_SP_800-53_R5 AC-20 NIST_SP_800-53_R5_AC-20 NIST SP 800-53 Rev. 5 AC-20 Use of External Systems NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance NIST_SP_800-53_R5 AC-20 NIST_SP_800-53_R5_AC-20 NIST SP 800-53 Rev. 5 AC-20 Use of External Systems NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance NIST_SP_800-53_R5 AC-20(1) NIST_SP_800-53_R5_AC-20(1) NIST SP 800-53 Rev. 5 AC-20 (1) Limits on Authorized Use NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance NIST_SP_800-53_R5 AC-20(2) NIST_SP_800-53_R5_AC-20(2) NIST SP 800-53 Rev. 5 AC-20 (2) Portable Storage Devices ??? Restricted Use NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance NIST_SP_800-53_R5 AC-20(2) NIST_SP_800-53_R5_AC-20(2) NIST SP 800-53 Rev. 5 AC-20 (2) Portable Storage Devices ??? Restricted Use NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R5 AC-20(2) NIST_SP_800-53_R5_AC-20(2) NIST SP 800-53 Rev. 5 AC-20 (2) Portable Storage Devices ??? Restricted Use NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e54901fe-42c2-7f3b-3c5f-327aa5320a69 Automate information sharing decisions Regulatory Compliance NIST_SP_800-53_R5 AC-21 NIST_SP_800-53_R5_AC-21 NIST SP 800-53 Rev. 5 AC-21 Information Sharing NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a44c9fba-43f8-4b7b-7ee6-db52c96b4366 Facilitate information sharing Regulatory Compliance NIST_SP_800-53_R5 AC-21 NIST_SP_800-53_R5_AC-21 NIST SP 800-53 Rev. 5 AC-21 Information Sharing NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b4512986-80f5-1656-0c58-08866bd2673a Designate authorized personnel to post publicly accessible information Regulatory Compliance NIST_SP_800-53_R5 AC-22 NIST_SP_800-53_R5_AC-22 NIST SP 800-53 Rev. 5 AC-22 Publicly Accessible Content NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information Regulatory Compliance NIST_SP_800-53_R5 AC-22 NIST_SP_800-53_R5_AC-22 NIST SP 800-53 Rev. 5 AC-22 Publicly Accessible Content NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9e3c505e-7aeb-2096-3417-b132242731fc Review content prior to posting publicly accessible information Regulatory Compliance NIST_SP_800-53_R5 AC-22 NIST_SP_800-53_R5_AC-22 NIST SP 800-53 Rev. 5 AC-22 Publicly Accessible Content NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b5244f81-6cab-3188-2412-179162294996 Review publicly accessible content for nonpublic information Regulatory Compliance NIST_SP_800-53_R5 AC-22 NIST_SP_800-53_R5_AC-22 NIST SP 800-53 Rev. 5 AC-22 Publicly Accessible Content NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center NIST_SP_800-53_R5 AC-3(7) NIST_SP_800-53_R5_AC-3(7) NIST SP 800-53 Rev. 5 AC-3 (7) Role-based Access Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure AI Search services should disable public network access Search NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance NIST_SP_800-53_R5 AC-4(21) NIST_SP_800-53_R5_AC-4(21) NIST SP 800-53 Rev. 5 AC-4 (21) Physical or Logical Separation of Information Flows NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance NIST_SP_800-53_R5 AC-4(21) NIST_SP_800-53_R5_AC-4(21) NIST SP 800-53 Rev. 5 AC-4 (21) Physical or Logical Separation of Information Flows NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance NIST_SP_800-53_R5 AC-4(21) NIST_SP_800-53_R5_AC-4(21) NIST SP 800-53 Rev. 5 AC-4 (21) Physical or Logical Separation of Information Flows NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance NIST_SP_800-53_R5 AC-4(21) NIST_SP_800-53_R5_AC-4(21) NIST SP 800-53 Rev. 5 AC-4 (21) Physical or Logical Separation of Information Flows NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIST_SP_800-53_R5 AC-4(3) NIST_SP_800-53_R5_AC-4(3) NIST SP 800-53 Rev. 5 AC-4 (3) Dynamic Information Flow Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance NIST_SP_800-53_R5 AC-4(8) NIST_SP_800-53_R5_AC-4(8) NIST SP 800-53 Rev. 5 AC-4 (8) Security and Privacy Policy Filters NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center NIST_SP_800-53_R5 AC-5 NIST_SP_800-53_R5_AC-5 NIST SP 800-53 Rev. 5 AC-5 Separation of Duties NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance NIST_SP_800-53_R5 AC-5 NIST_SP_800-53_R5_AC-5 NIST SP 800-53 Rev. 5 AC-5 Separation of Duties NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance NIST_SP_800-53_R5 AC-5 NIST_SP_800-53_R5_AC-5 NIST SP 800-53 Rev. 5 AC-5 Separation of Duties NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance NIST_SP_800-53_R5 AC-5 NIST_SP_800-53_R5_AC-5 NIST SP 800-53 Rev. 5 AC-5 Separation of Duties NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General NIST_SP_800-53_R5 AC-6 NIST_SP_800-53_R5_AC-6 NIST SP 800-53 Rev. 5 AC-6 Least Privilege NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance NIST_SP_800-53_R5 AC-6 NIST_SP_800-53_R5_AC-6 NIST SP 800-53 Rev. 5 AC-6 Least Privilege NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance NIST_SP_800-53_R5 AC-6 NIST_SP_800-53_R5_AC-6 NIST SP 800-53 Rev. 5 AC-6 Least Privilege NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center NIST_SP_800-53_R5 AC-6 NIST_SP_800-53_R5_AC-6 NIST SP 800-53 Rev. 5 AC-6 Least Privilege NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance NIST_SP_800-53_R5 AC-6(1) NIST_SP_800-53_R5_AC-6(1) NIST SP 800-53 Rev. 5 AC-6 (1) Authorize Access to Security Functions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance NIST_SP_800-53_R5 AC-6(1) NIST_SP_800-53_R5_AC-6(1) NIST SP 800-53 Rev. 5 AC-6 (1) Authorize Access to Security Functions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance NIST_SP_800-53_R5 AC-6(1) NIST_SP_800-53_R5_AC-6(1) NIST SP 800-53 Rev. 5 AC-6 (1) Authorize Access to Security Functions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance NIST_SP_800-53_R5 AC-6(5) NIST_SP_800-53_R5_AC-6(5) NIST SP 800-53 Rev. 5 AC-6 (5) Privileged Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance NIST_SP_800-53_R5 AC-6(7) NIST_SP_800-53_R5_AC-6(7) NIST SP 800-53 Rev. 5 AC-6 (7) Review of User Privileges NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance NIST_SP_800-53_R5 AC-6(7) NIST_SP_800-53_R5_AC-6(7) NIST SP 800-53 Rev. 5 AC-6 (7) Review of User Privileges NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center NIST_SP_800-53_R5 AC-6(7) NIST_SP_800-53_R5_AC-6(7) NIST SP 800-53 Rev. 5 AC-6 (7) Review of User Privileges NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General NIST_SP_800-53_R5 AC-6(7) NIST_SP_800-53_R5_AC-6(7) NIST SP 800-53 Rev. 5 AC-6 (7) Review of User Privileges NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
68d2e478-3b19-23eb-1357-31b296547457 Enforce software execution privileges Regulatory Compliance NIST_SP_800-53_R5 AC-6(8) NIST_SP_800-53_R5_AC-6(8) NIST SP 800-53 Rev. 5 AC-6 (8) Privilege Levels for Code Execution NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance NIST_SP_800-53_R5 AC-6(9) NIST_SP_800-53_R5_AC-6(9) NIST SP 800-53 Rev. 5 AC-6 (9) Log Use of Privileged Functions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance NIST_SP_800-53_R5 AC-6(9) NIST_SP_800-53_R5_AC-6(9) NIST SP 800-53 Rev. 5 AC-6 (9) Log Use of Privileged Functions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance NIST_SP_800-53_R5 AC-6(9) NIST_SP_800-53_R5_AC-6(9) NIST SP 800-53 Rev. 5 AC-6 (9) Log Use of Privileged Functions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance NIST_SP_800-53_R5 AC-6(9) NIST_SP_800-53_R5_AC-6(9) NIST SP 800-53 Rev. 5 AC-6 (9) Log Use of Privileged Functions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance NIST_SP_800-53_R5 AC-6(9) NIST_SP_800-53_R5_AC-6(9) NIST SP 800-53 Rev. 5 AC-6 (9) Log Use of Privileged Functions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance NIST_SP_800-53_R5 AC-6(9) NIST_SP_800-53_R5_AC-6(9) NIST SP 800-53 Rev. 5 AC-6 (9) Log Use of Privileged Functions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b4409bff-2287-8407-05fd-c73175a68302 Enforce a limit of consecutive failed login attempts Regulatory Compliance NIST_SP_800-53_R5 AC-7 NIST_SP_800-53_R5_AC-7 NIST SP 800-53 Rev. 5 AC-7 Unsuccessful Logon Attempts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance NIST_SP_800-53_R5 AT-1 NIST_SP_800-53_R5_AT-1 NIST SP 800-53 Rev. 5 AT-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance NIST_SP_800-53_R5 AT-1 NIST_SP_800-53_R5_AT-1 NIST SP 800-53 Rev. 5 AT-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance NIST_SP_800-53_R5 AT-2 NIST_SP_800-53_R5_AT-2 NIST SP 800-53 Rev. 5 AT-2 Literacy Training and Awareness NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance NIST_SP_800-53_R5 AT-2 NIST_SP_800-53_R5_AT-2 NIST SP 800-53 Rev. 5 AT-2 Literacy Training and Awareness NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance NIST_SP_800-53_R5 AT-2 NIST_SP_800-53_R5_AT-2 NIST SP 800-53 Rev. 5 AT-2 Literacy Training and Awareness NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats Regulatory Compliance NIST_SP_800-53_R5 AT-2(2) NIST_SP_800-53_R5_AT-2(2) NIST SP 800-53 Rev. 5 AT-2 (2) Insider Threat NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance NIST_SP_800-53_R5 AT-3 NIST_SP_800-53_R5_AT-3 NIST SP 800-53 Rev. 5 AT-3 Role-based Training NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance NIST_SP_800-53_R5 AT-3 NIST_SP_800-53_R5_AT-3 NIST SP 800-53 Rev. 5 AT-3 Role-based Training NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance NIST_SP_800-53_R5 AT-3 NIST_SP_800-53_R5_AT-3 NIST SP 800-53 Rev. 5 AT-3 Role-based Training NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d041726f-00e0-41ca-368c-b1a122066482 Provide role-based practical exercises Regulatory Compliance NIST_SP_800-53_R5 AT-3(3) NIST_SP_800-53_R5_AT-3(3) NIST SP 800-53 Rev. 5 AT-3 (3) Practical Exercises NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3153d9c0-2584-14d3-362d-578b01358aeb Retain training records Regulatory Compliance NIST_SP_800-53_R5 AT-4 NIST_SP_800-53_R5_AT-4 NIST SP 800-53 Rev. 5 AT-4 Training Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance NIST_SP_800-53_R5 AT-4 NIST_SP_800-53_R5_AT-4 NIST SP 800-53 Rev. 5 AT-4 Training Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance NIST_SP_800-53_R5 AT-4 NIST_SP_800-53_R5_AT-4 NIST SP 800-53 Rev. 5 AT-4 Training Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance NIST_SP_800-53_R5 AU-1 NIST_SP_800-53_R5_AU-1 NIST SP 800-53 Rev. 5 AU-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance NIST_SP_800-53_R5 AU-1 NIST_SP_800-53_R5_AU-1 NIST SP 800-53 Rev. 5 AU-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance NIST_SP_800-53_R5 AU-1 NIST_SP_800-53_R5_AU-1 NIST SP 800-53 Rev. 5 AU-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance NIST_SP_800-53_R5 AU-1 NIST_SP_800-53_R5_AU-1 NIST SP 800-53 Rev. 5 AU-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance NIST_SP_800-53_R5 AU-10 NIST_SP_800-53_R5_AU-10 NIST SP 800-53 Rev. 5 AU-10 Non-repudiation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance NIST_SP_800-53_R5 AU-11 NIST_SP_800-53_R5_AU-11 NIST SP 800-53 Rev. 5 AU-11 Audit Record Retention NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance NIST_SP_800-53_R5 AU-11 NIST_SP_800-53_R5_AU-11 NIST SP 800-53 Rev. 5 AU-11 Audit Record Retention NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance NIST_SP_800-53_R5 AU-11 NIST_SP_800-53_R5_AU-11 NIST SP 800-53 Rev. 5 AU-11 Audit Record Retention NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL NIST_SP_800-53_R5 AU-11 NIST_SP_800-53_R5_AU-11 NIST SP 800-53 Rev. 5 AU-11 Audit Record Retention NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
214ea241-010d-8926-44cc-b90a96d52adc Compile Audit records into system wide audit Regulatory Compliance NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d200f199-69f4-95a6-90b0-37ff0cf1040c Provide the capability to extend or limit auditing on customer-deployed resources Regulatory Compliance NIST_SP_800-53_R5 AU-12(3) NIST_SP_800-53_R5_AU-12(3) NIST SP 800-53 Rev. 5 AU-12 (3) Changes by Authorized Individuals NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance NIST_SP_800-53_R5 AU-2 NIST_SP_800-53_R5_AU-2 NIST SP 800-53 Rev. 5 AU-2 Event Logging NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance NIST_SP_800-53_R5 AU-3 NIST_SP_800-53_R5_AU-3 NIST SP 800-53 Rev. 5 AU-3 Content of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance NIST_SP_800-53_R5 AU-3(1) NIST_SP_800-53_R5_AU-3(1) NIST SP 800-53 Rev. 5 AU-3 (1) Additional Audit Information NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance NIST_SP_800-53_R5 AU-4 NIST_SP_800-53_R5_AU-4 NIST SP 800-53 Rev. 5 AU-4 Audit Log Storage Capacity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance NIST_SP_800-53_R5 AU-5 NIST_SP_800-53_R5_AU-5 NIST SP 800-53 Rev. 5 AU-5 Response to Audit Logging Process Failures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0f4fa857-079d-9d3d-5c49-21f616189e03 Provide real-time alerts for audit event failures Regulatory Compliance NIST_SP_800-53_R5 AU-5(2) NIST_SP_800-53_R5_AU-5(2) NIST SP 800-53 Rev. 5 AU-5 (2) Real-time Alerts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance NIST_SP_800-53_R5 AU-6(1) NIST_SP_800-53_R5_AU-6(1) NIST SP 800-53 Rev. 5 AU-6 (1) Automated Process Integration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance NIST_SP_800-53_R5 AU-6(1) NIST_SP_800-53_R5_AU-6(1) NIST SP 800-53 Rev. 5 AU-6 (1) Automated Process Integration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance NIST_SP_800-53_R5 AU-6(1) NIST_SP_800-53_R5_AU-6(1) NIST SP 800-53 Rev. 5 AU-6 (1) Automated Process Integration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance NIST_SP_800-53_R5 AU-6(1) NIST_SP_800-53_R5_AU-6(1) NIST SP 800-53 Rev. 5 AU-6 (1) Automated Process Integration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance NIST_SP_800-53_R5 AU-6(1) NIST_SP_800-53_R5_AU-6(1) NIST SP 800-53 Rev. 5 AU-6 (1) Automated Process Integration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance NIST_SP_800-53_R5 AU-6(1) NIST_SP_800-53_R5_AU-6(1) NIST SP 800-53 Rev. 5 AU-6 (1) Automated Process Integration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance NIST_SP_800-53_R5 AU-6(1) NIST_SP_800-53_R5_AU-6(1) NIST SP 800-53 Rev. 5 AU-6 (1) Automated Process Integration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance NIST_SP_800-53_R5 AU-6(1) NIST_SP_800-53_R5_AU-6(1) NIST SP 800-53 Rev. 5 AU-6 (1) Automated Process Integration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance NIST_SP_800-53_R5 AU-6(1) NIST_SP_800-53_R5_AU-6(1) NIST SP 800-53 Rev. 5 AU-6 (1) Automated Process Integration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance NIST_SP_800-53_R5 AU-6(1) NIST_SP_800-53_R5_AU-6(1) NIST SP 800-53 Rev. 5 AU-6 (1) Automated Process Integration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance NIST_SP_800-53_R5 AU-6(1) NIST_SP_800-53_R5_AU-6(1) NIST SP 800-53 Rev. 5 AU-6 (1) Automated Process Integration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance NIST_SP_800-53_R5 AU-6(3) NIST_SP_800-53_R5_AU-6(3) NIST SP 800-53 Rev. 5 AU-6 (3) Correlate Audit Record Repositories NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance NIST_SP_800-53_R5 AU-6(3) NIST_SP_800-53_R5_AU-6(3) NIST SP 800-53 Rev. 5 AU-6 (3) Correlate Audit Record Repositories NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
85335602-93f5-7730-830b-d43426fd51fa Integrate Audit record analysis Regulatory Compliance NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3eecf628-a1c8-1b48-1b5c-7ca781e97970 Specify permitted actions associated with customer audit information Regulatory Compliance NIST_SP_800-53_R5 AU-6(7) NIST_SP_800-53_R5_AU-6(7) NIST SP 800-53 Rev. 5 AU-6 (7) Permitted Actions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
44f8a42d-739f-8030-89a8-4c2d5b3f6af3 Provide audit review, analysis, and reporting capability Regulatory Compliance NIST_SP_800-53_R5 AU-7 NIST_SP_800-53_R5_AU-7 NIST SP 800-53 Rev. 5 AU-7 Audit Record Reduction and Report Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
27ce30dd-3d56-8b54-6144-e26d9a37a541 Ensure audit records are not altered Regulatory Compliance NIST_SP_800-53_R5 AU-7 NIST_SP_800-53_R5_AU-7 NIST SP 800-53 Rev. 5 AU-7 Audit Record Reduction and Report Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
21633c09-804e-7fcd-78e3-635c6bfe2be7 Provide capability to process customer-controlled audit records Regulatory Compliance NIST_SP_800-53_R5 AU-7(1) NIST_SP_800-53_R5_AU-7(1) NIST SP 800-53 Rev. 5 AU-7 (1) Automatic Processing NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1ee4c7eb-480a-0007-77ff-4ba370776266 Use system clocks for audit records Regulatory Compliance NIST_SP_800-53_R5 AU-8 NIST_SP_800-53_R5_AU-8 NIST SP 800-53 Rev. 5 AU-8 Time Stamps NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance NIST_SP_800-53_R5 AU-9 NIST_SP_800-53_R5_AU-9 NIST SP 800-53 Rev. 5 AU-9 Protection of Audit Information NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance NIST_SP_800-53_R5 AU-9 NIST_SP_800-53_R5_AU-9 NIST SP 800-53 Rev. 5 AU-9 Protection of Audit Information NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance NIST_SP_800-53_R5 AU-9(2) NIST_SP_800-53_R5_AU-9(2) NIST SP 800-53 Rev. 5 AU-9 (2) Store on Separate Physical Systems or Components NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c0559109-6a27-a217-6821-5a6d44f92897 Maintain integrity of audit system Regulatory Compliance NIST_SP_800-53_R5 AU-9(3) NIST_SP_800-53_R5_AU-9(3) NIST SP 800-53 Rev. 5 AU-9 (3) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance NIST_SP_800-53_R5 AU-9(4) NIST_SP_800-53_R5_AU-9(4) NIST SP 800-53 Rev. 5 AU-9 (4) Access by Subset of Privileged Users NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance NIST_SP_800-53_R5 CA-1 NIST_SP_800-53_R5_CA-1 NIST SP 800-53 Rev. 5 CA-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance NIST_SP_800-53_R5 CA-2 NIST_SP_800-53_R5_CA-2 NIST SP 800-53 Rev. 5 CA-2 Control Assessments NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance NIST_SP_800-53_R5 CA-2 NIST_SP_800-53_R5_CA-2 NIST SP 800-53 Rev. 5 CA-2 Control Assessments NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance NIST_SP_800-53_R5 CA-2 NIST_SP_800-53_R5_CA-2 NIST SP 800-53 Rev. 5 CA-2 Control Assessments NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance NIST_SP_800-53_R5 CA-2 NIST_SP_800-53_R5_CA-2 NIST SP 800-53 Rev. 5 CA-2 Control Assessments NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b65c5d8e-9043-9612-2c17-65f231d763bb Employ independent assessors to conduct security control assessments Regulatory Compliance NIST_SP_800-53_R5 CA-2(1) NIST_SP_800-53_R5_CA-2(1) NIST SP 800-53 Rev. 5 CA-2 (1) Independent Assessors NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f78fc35e-1268-0bca-a798-afcba9d2330a Select additional testing for security control assessments Regulatory Compliance NIST_SP_800-53_R5 CA-2(2) NIST_SP_800-53_R5_CA-2(2) NIST SP 800-53 Rev. 5 CA-2 (2) Specialized Assessments NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3054c74b-9b45-2581-56cf-053a1a716c39 Accept assessment results Regulatory Compliance NIST_SP_800-53_R5 CA-2(3) NIST_SP_800-53_R5_CA-2(3) NIST SP 800-53 Rev. 5 CA-2 (3) Leveraging Results from External Organizations NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance NIST_SP_800-53_R5 CA-3 NIST_SP_800-53_R5_CA-3 NIST SP 800-53 Rev. 5 CA-3 Information Exchange NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance NIST_SP_800-53_R5 CA-3 NIST_SP_800-53_R5_CA-3 NIST SP 800-53 Rev. 5 CA-3 Information Exchange NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance NIST_SP_800-53_R5 CA-5 NIST_SP_800-53_R5_CA-5 NIST SP 800-53 Rev. 5 CA-5 Plan of Action and Milestones NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance NIST_SP_800-53_R5 CA-5 NIST_SP_800-53_R5_CA-5 NIST SP 800-53 Rev. 5 CA-5 Plan of Action and Milestones NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
449ebb52-945b-36e5-3446-af6f33770f8f Update the security authorization Regulatory Compliance NIST_SP_800-53_R5 CA-6 NIST_SP_800-53_R5_CA-6 NIST SP 800-53 Rev. 5 CA-6 Authorization NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0716f0f5-4955-2ccb-8d5e-c6be14d57c0f Ensure resources are authorized Regulatory Compliance NIST_SP_800-53_R5 CA-6 NIST_SP_800-53_R5_CA-6 NIST SP 800-53 Rev. 5 CA-6 Authorization NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e29a8f1b-149b-2fa3-969d-ebee1baa9472 Assign an authorizing official (AO) Regulatory Compliance NIST_SP_800-53_R5 CA-6 NIST_SP_800-53_R5_CA-6 NIST SP 800-53 Rev. 5 CA-6 Authorization NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance NIST_SP_800-53_R5 CA-7 NIST_SP_800-53_R5_CA-7 NIST SP 800-53 Rev. 5 CA-7 Continuous Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance NIST_SP_800-53_R5 CA-7 NIST_SP_800-53_R5_CA-7 NIST SP 800-53 Rev. 5 CA-7 Continuous Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance NIST_SP_800-53_R5 CA-7 NIST_SP_800-53_R5_CA-7 NIST SP 800-53 Rev. 5 CA-7 Continuous Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3baee3fd-30f5-882c-018c-cc78703a0106 Employ independent assessors for continuous monitoring Regulatory Compliance NIST_SP_800-53_R5 CA-7(1) NIST_SP_800-53_R5_CA-7(1) NIST SP 800-53 Rev. 5 CA-7 (1) Independent Assessment NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6a379d74-903b-244a-4c44-838728bea6b0 Analyse data obtained from continuous monitoring Regulatory Compliance NIST_SP_800-53_R5 CA-7(3) NIST_SP_800-53_R5_CA-7(3) NIST SP 800-53 Rev. 5 CA-7 (3) Trend Analyses NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
611ebc63-8600-50b6-a0e3-fef272457132 Employ independent team for penetration testing Regulatory Compliance NIST_SP_800-53_R5 CA-8(1) NIST_SP_800-53_R5_CA-8(1) NIST SP 800-53 Rev. 5 CA-8 (1) Independent Penetration Testing Agent or Team NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance NIST_SP_800-53_R5 CA-9 NIST_SP_800-53_R5_CA-9 NIST SP 800-53 Rev. 5 CA-9 Internal System Connections NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance NIST_SP_800-53_R5 CM-1 NIST_SP_800-53_R5_CM-1 NIST SP 800-53 Rev. 5 CM-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
725164e5-3b21-1ec2-7e42-14f077862841 Require compliance with intellectual property rights Regulatory Compliance NIST_SP_800-53_R5 CM-10 NIST_SP_800-53_R5_CM-10 NIST SP 800-53 Rev. 5 CM-10 Software Usage Restrictions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
77cc89bb-774f-48d7-8a84-fb8c322c3000 Track software license usage Regulatory Compliance NIST_SP_800-53_R5 CM-10 NIST_SP_800-53_R5_CM-10 NIST SP 800-53 Rev. 5 CM-10 Software Usage Restrictions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
08c11b48-8745-034d-1c1b-a144feec73b9 Restrict use of open source software Regulatory Compliance NIST_SP_800-53_R5 CM-10(1) NIST_SP_800-53_R5_CM-10(1) NIST SP 800-53 Rev. 5 CM-10 (1) Open-source Software NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance NIST_SP_800-53_R5 CM-2 NIST_SP_800-53_R5_CM-2 NIST SP 800-53 Rev. 5 CM-2 Baseline Configuration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance NIST_SP_800-53_R5 CM-2 NIST_SP_800-53_R5_CM-2 NIST SP 800-53 Rev. 5 CM-2 Baseline Configuration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance NIST_SP_800-53_R5 CM-2 NIST_SP_800-53_R5_CM-2 NIST SP 800-53 Rev. 5 CM-2 Baseline Configuration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance NIST_SP_800-53_R5 CM-2 NIST_SP_800-53_R5_CM-2 NIST SP 800-53 Rev. 5 CM-2 Baseline Configuration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance NIST_SP_800-53_R5 CM-2 NIST_SP_800-53_R5_CM-2 NIST SP 800-53 Rev. 5 CM-2 Baseline Configuration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance NIST_SP_800-53_R5 CM-2 NIST_SP_800-53_R5_CM-2 NIST SP 800-53 Rev. 5 CM-2 Baseline Configuration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance NIST_SP_800-53_R5 CM-2(2) NIST_SP_800-53_R5_CM-2(2) NIST SP 800-53 Rev. 5 CM-2 (2) Automation Support for Accuracy and Currency NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance NIST_SP_800-53_R5 CM-2(2) NIST_SP_800-53_R5_CM-2(2) NIST SP 800-53 Rev. 5 CM-2 (2) Automation Support for Accuracy and Currency NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance NIST_SP_800-53_R5 CM-2(2) NIST_SP_800-53_R5_CM-2(2) NIST SP 800-53 Rev. 5 CM-2 (2) Automation Support for Accuracy and Currency NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance NIST_SP_800-53_R5 CM-2(2) NIST_SP_800-53_R5_CM-2(2) NIST SP 800-53 Rev. 5 CM-2 (2) Automation Support for Accuracy and Currency NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance NIST_SP_800-53_R5 CM-2(2) NIST_SP_800-53_R5_CM-2(2) NIST SP 800-53 Rev. 5 CM-2 (2) Automation Support for Accuracy and Currency NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance NIST_SP_800-53_R5 CM-2(2) NIST_SP_800-53_R5_CM-2(2) NIST SP 800-53 Rev. 5 CM-2 (2) Automation Support for Accuracy and Currency NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5e4e9685-3818-5934-0071-2620c4fa2ca5 Retain previous versions of baseline configs Regulatory Compliance NIST_SP_800-53_R5 CM-2(3) NIST_SP_800-53_R5_CM-2(3) NIST SP 800-53 Rev. 5 CM-2 (3) Retention of Previous Configurations NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return Regulatory Compliance NIST_SP_800-53_R5 CM-2(7) NIST_SP_800-53_R5_CM-2(7) NIST SP 800-53 Rev. 5 CM-2 (7) Configure Systems and Components for High-risk Areas NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals Regulatory Compliance NIST_SP_800-53_R5 CM-2(7) NIST_SP_800-53_R5_CM-2(7) NIST SP 800-53 Rev. 5 CM-2 (7) Configure Systems and Components for High-risk Areas NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance NIST_SP_800-53_R5 CM-3 NIST_SP_800-53_R5_CM-3 NIST SP 800-53 Rev. 5 CM-3 Configuration Change Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance NIST_SP_800-53_R5 CM-3 NIST_SP_800-53_R5_CM-3 NIST SP 800-53 Rev. 5 CM-3 Configuration Change Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance NIST_SP_800-53_R5 CM-3 NIST_SP_800-53_R5_CM-3 NIST SP 800-53 Rev. 5 CM-3 Configuration Change Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance NIST_SP_800-53_R5 CM-3 NIST_SP_800-53_R5_CM-3 NIST SP 800-53 Rev. 5 CM-3 Configuration Change Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance NIST_SP_800-53_R5 CM-3 NIST_SP_800-53_R5_CM-3 NIST SP 800-53 Rev. 5 CM-3 Configuration Change Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance NIST_SP_800-53_R5 CM-3 NIST_SP_800-53_R5_CM-3 NIST SP 800-53 Rev. 5 CM-3 Configuration Change Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance NIST_SP_800-53_R5 CM-3 NIST_SP_800-53_R5_CM-3 NIST SP 800-53 Rev. 5 CM-3 Configuration Change Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance NIST_SP_800-53_R5 CM-3 NIST_SP_800-53_R5_CM-3 NIST SP 800-53 Rev. 5 CM-3 Configuration Change Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance NIST_SP_800-53_R5 CM-3(1) NIST_SP_800-53_R5_CM-3(1) NIST SP 800-53 Rev. 5 CM-3 (1) Automated Documentation, Notification, and Prohibition of Changes NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance NIST_SP_800-53_R5 CM-3(1) NIST_SP_800-53_R5_CM-3(1) NIST SP 800-53 Rev. 5 CM-3 (1) Automated Documentation, Notification, and Prohibition of Changes NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance NIST_SP_800-53_R5 CM-3(1) NIST_SP_800-53_R5_CM-3(1) NIST SP 800-53 Rev. 5 CM-3 (1) Automated Documentation, Notification, and Prohibition of Changes NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance NIST_SP_800-53_R5 CM-3(1) NIST_SP_800-53_R5_CM-3(1) NIST SP 800-53 Rev. 5 CM-3 (1) Automated Documentation, Notification, and Prohibition of Changes NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance NIST_SP_800-53_R5 CM-3(1) NIST_SP_800-53_R5_CM-3(1) NIST SP 800-53 Rev. 5 CM-3 (1) Automated Documentation, Notification, and Prohibition of Changes NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance NIST_SP_800-53_R5 CM-3(1) NIST_SP_800-53_R5_CM-3(1) NIST SP 800-53 Rev. 5 CM-3 (1) Automated Documentation, Notification, and Prohibition of Changes NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance NIST_SP_800-53_R5 CM-3(2) NIST_SP_800-53_R5_CM-3(2) NIST SP 800-53 Rev. 5 CM-3 (2) Testing, Validation, and Documentation of Changes NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance NIST_SP_800-53_R5 CM-3(2) NIST_SP_800-53_R5_CM-3(2) NIST SP 800-53 Rev. 5 CM-3 (2) Testing, Validation, and Documentation of Changes NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance NIST_SP_800-53_R5 CM-3(2) NIST_SP_800-53_R5_CM-3(2) NIST SP 800-53 Rev. 5 CM-3 (2) Testing, Validation, and Documentation of Changes NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6abdf7c7-362b-3f35-099e-533ed50988f9 Assign information security representative to change control Regulatory Compliance NIST_SP_800-53_R5 CM-3(4) NIST_SP_800-53_R5_CM-3(4) NIST SP 800-53 Rev. 5 CM-3 (4) Security and Privacy Representatives NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b8dad106-6444-5f55-307e-1e1cc9723e39 Ensure cryptographic mechanisms are under configuration management Regulatory Compliance NIST_SP_800-53_R5 CM-3(6) NIST_SP_800-53_R5_CM-3(6) NIST SP 800-53 Rev. 5 CM-3 (6) Cryptography Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance NIST_SP_800-53_R5 CM-4 NIST_SP_800-53_R5_CM-4 NIST SP 800-53 Rev. 5 CM-4 Impact Analyses NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance NIST_SP_800-53_R5 CM-4 NIST_SP_800-53_R5_CM-4 NIST SP 800-53 Rev. 5 CM-4 Impact Analyses NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance NIST_SP_800-53_R5 CM-4 NIST_SP_800-53_R5_CM-4 NIST SP 800-53 Rev. 5 CM-4 Impact Analyses NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance NIST_SP_800-53_R5 CM-4 NIST_SP_800-53_R5_CM-4 NIST SP 800-53 Rev. 5 CM-4 Impact Analyses NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance NIST_SP_800-53_R5 CM-4 NIST_SP_800-53_R5_CM-4 NIST SP 800-53 Rev. 5 CM-4 Impact Analyses NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance NIST_SP_800-53_R5 CM-4 NIST_SP_800-53_R5_CM-4 NIST SP 800-53 Rev. 5 CM-4 Impact Analyses NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance NIST_SP_800-53_R5 CM-4 NIST_SP_800-53_R5_CM-4 NIST SP 800-53 Rev. 5 CM-4 Impact Analyses NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance NIST_SP_800-53_R5 CM-4 NIST_SP_800-53_R5_CM-4 NIST SP 800-53 Rev. 5 CM-4 Impact Analyses NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance NIST_SP_800-53_R5 CM-4(1) NIST_SP_800-53_R5_CM-4(1) NIST SP 800-53 Rev. 5 CM-4 (1) Separate Test Environments NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance NIST_SP_800-53_R5 CM-4(1) NIST_SP_800-53_R5_CM-4(1) NIST SP 800-53 Rev. 5 CM-4 (1) Separate Test Environments NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance NIST_SP_800-53_R5 CM-4(1) NIST_SP_800-53_R5_CM-4(1) NIST SP 800-53 Rev. 5 CM-4 (1) Separate Test Environments NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance NIST_SP_800-53_R5 CM-4(1) NIST_SP_800-53_R5_CM-4(1) NIST SP 800-53 Rev. 5 CM-4 (1) Separate Test Environments NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance NIST_SP_800-53_R5 CM-4(1) NIST_SP_800-53_R5_CM-4(1) NIST SP 800-53 Rev. 5 CM-4 (1) Separate Test Environments NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance NIST_SP_800-53_R5 CM-5 NIST_SP_800-53_R5_CM-5 NIST SP 800-53 Rev. 5 CM-5 Access Restrictions for Change NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8cd815bf-97e1-5144-0735-11f6ddb50a59 Enforce and audit access restrictions Regulatory Compliance NIST_SP_800-53_R5 CM-5(1) NIST_SP_800-53_R5_CM-5(1) NIST SP 800-53 Rev. 5 CM-5 (1) Automated Access Enforcement and Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance NIST_SP_800-53_R5 CM-5(5) NIST_SP_800-53_R5_CM-5(5) NIST SP 800-53 Rev. 5 CM-5 (5) Privilege Limitation for Production and Operation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges Regulatory Compliance NIST_SP_800-53_R5 CM-5(5) NIST_SP_800-53_R5_CM-5(5) NIST SP 800-53 Rev. 5 CM-5 (5) Privilege Limitation for Production and Operation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Kubernetes NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Kubernetes NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Kubernetes NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance NIST_SP_800-53_R5 CM-6(1) NIST_SP_800-53_R5_CM-6(1) NIST SP 800-53 Rev. 5 CM-6 (1) Automated Management, Application, and Verification NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance NIST_SP_800-53_R5 CM-6(1) NIST_SP_800-53_R5_CM-6(1) NIST SP 800-53 Rev. 5 CM-6 (1) Automated Management, Application, and Verification NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers Regulatory Compliance NIST_SP_800-53_R5 CM-6(1) NIST_SP_800-53_R5_CM-6(1) NIST SP 800-53 Rev. 5 CM-6 (1) Automated Management, Application, and Verification NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R5 CM-7 NIST_SP_800-53_R5_CM-7 NIST SP 800-53 Rev. 5 CM-7 Least Functionality NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance NIST_SP_800-53_R5 CM-8 NIST_SP_800-53_R5_CM-8 NIST SP 800-53 Rev. 5 CM-8 System Component Inventory NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance NIST_SP_800-53_R5 CM-8 NIST_SP_800-53_R5_CM-8 NIST SP 800-53 Rev. 5 CM-8 System Component Inventory NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance NIST_SP_800-53_R5 CM-8(1) NIST_SP_800-53_R5_CM-8(1) NIST SP 800-53 Rev. 5 CM-8 (1) Updates During Installation and Removal NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance NIST_SP_800-53_R5 CM-8(1) NIST_SP_800-53_R5_CM-8(1) NIST SP 800-53 Rev. 5 CM-8 (1) Updates During Installation and Removal NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance NIST_SP_800-53_R5 CM-8(3) NIST_SP_800-53_R5_CM-8(3) NIST SP 800-53 Rev. 5 CM-8 (3) Automated Unauthorized Component Detection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices Regulatory Compliance NIST_SP_800-53_R5 CM-8(3) NIST_SP_800-53_R5_CM-8(3) NIST SP 800-53 Rev. 5 CM-8 (3) Automated Unauthorized Component Detection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance NIST_SP_800-53_R5 CM-8(4) NIST_SP_800-53_R5_CM-8(4) NIST SP 800-53 Rev. 5 CM-8 (4) Accountability Information NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance NIST_SP_800-53_R5 CM-8(4) NIST_SP_800-53_R5_CM-8(4) NIST SP 800-53 Rev. 5 CM-8 (4) Accountability Information NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance NIST_SP_800-53_R5 CM-9 NIST_SP_800-53_R5_CM-9 NIST SP 800-53 Rev. 5 CM-9 Configuration Management Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance NIST_SP_800-53_R5 CM-9 NIST_SP_800-53_R5_CM-9 NIST SP 800-53 Rev. 5 CM-9 Configuration Management Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
874a6f2e-2098-53bc-3a16-20dcdc425a7e Create configuration plan protection Regulatory Compliance NIST_SP_800-53_R5 CM-9 NIST_SP_800-53_R5_CM-9 NIST SP 800-53 Rev. 5 CM-9 Configuration Management Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance NIST_SP_800-53_R5 CM-9 NIST_SP_800-53_R5_CM-9 NIST SP 800-53 Rev. 5 CM-9 Configuration Management Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance NIST_SP_800-53_R5 CM-9 NIST_SP_800-53_R5_CM-9 NIST SP 800-53 Rev. 5 CM-9 Configuration Management Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
836f8406-3b8a-11bb-12cb-6c7fa0765668 Develop configuration item identification plan Regulatory Compliance NIST_SP_800-53_R5 CM-9 NIST_SP_800-53_R5_CM-9 NIST SP 800-53 Rev. 5 CM-9 Configuration Management Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance NIST_SP_800-53_R5 CP-1 NIST_SP_800-53_R5_CP-1 NIST SP 800-53 Rev. 5 CP-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f33c3238-11d2-508c-877c-4262ec1132e1 Recover and reconstitute resources after any disruption Regulatory Compliance NIST_SP_800-53_R5 CP-10 NIST_SP_800-53_R5_CP-10 NIST SP 800-53 Rev. 5 CP-10 System Recovery and Reconstitution NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ba02d0a0-566a-25dc-73f1-101c726a19c5 Implement transaction based recovery Regulatory Compliance NIST_SP_800-53_R5 CP-10(2) NIST_SP_800-53_R5_CP-10(2) NIST SP 800-53 Rev. 5 CP-10 (2) Transaction Recovery NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f801d58e-5659-9a4a-6e8d-02c9334732e5 Restore resources to operational state Regulatory Compliance NIST_SP_800-53_R5 CP-10(4) NIST_SP_800-53_R5_CP-10(4) NIST SP 800-53 Rev. 5 CP-10 (4) Restore Within Time Period NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance NIST_SP_800-53_R5 CP-2 NIST_SP_800-53_R5_CP-2 NIST SP 800-53 Rev. 5 CP-2 Contingency Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance NIST_SP_800-53_R5 CP-2 NIST_SP_800-53_R5_CP-2 NIST SP 800-53 Rev. 5 CP-2 Contingency Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures Regulatory Compliance NIST_SP_800-53_R5 CP-2 NIST_SP_800-53_R5_CP-2 NIST SP 800-53 Rev. 5 CP-2 Contingency Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance NIST_SP_800-53_R5 CP-2 NIST_SP_800-53_R5_CP-2 NIST SP 800-53 Rev. 5 CP-2 Contingency Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance NIST_SP_800-53_R5 CP-2 NIST_SP_800-53_R5_CP-2 NIST SP 800-53 Rev. 5 CP-2 Contingency Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance NIST_SP_800-53_R5 CP-2 NIST_SP_800-53_R5_CP-2 NIST SP 800-53 Rev. 5 CP-2 Contingency Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance NIST_SP_800-53_R5 CP-2 NIST_SP_800-53_R5_CP-2 NIST SP 800-53 Rev. 5 CP-2 Contingency Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan Regulatory Compliance NIST_SP_800-53_R5 CP-2 NIST_SP_800-53_R5_CP-2 NIST SP 800-53 Rev. 5 CP-2 Contingency Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance NIST_SP_800-53_R5 CP-2(1) NIST_SP_800-53_R5_CP-2(1) NIST SP 800-53 Rev. 5 CP-2 (1) Coordinate with Related Plans NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
33602e78-35e3-4f06-17fb-13dd887448e4 Conduct capacity planning Regulatory Compliance NIST_SP_800-53_R5 CP-2(2) NIST_SP_800-53_R5_CP-2(2) NIST SP 800-53 Rev. 5 CP-2 (2) Capacity Planning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance NIST_SP_800-53_R5 CP-2(3) NIST_SP_800-53_R5_CP-2(3) NIST SP 800-53 Rev. 5 CP-2 (3) Resume Mission and Business Functions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance NIST_SP_800-53_R5 CP-2(5) NIST_SP_800-53_R5_CP-2(5) NIST SP 800-53 Rev. 5 CP-2 (5) Continue Mission and Business Functions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cb8841d4-9d13-7292-1d06-ba4d68384681 Perform a business impact assessment and application criticality assessment Regulatory Compliance NIST_SP_800-53_R5 CP-2(8) NIST_SP_800-53_R5_CP-2(8) NIST SP 800-53 Rev. 5 CP-2 (8) Identify Critical Assets NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance NIST_SP_800-53_R5 CP-3 NIST_SP_800-53_R5_CP-3 NIST SP 800-53 Rev. 5 CP-3 Contingency Training NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9c954fcf-6dd8-81f1-41b5-832ae5c62caf Incorporate simulated contingency training Regulatory Compliance NIST_SP_800-53_R5 CP-3(1) NIST_SP_800-53_R5_CP-3(1) NIST SP 800-53 Rev. 5 CP-3 (1) Simulated Events NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8bfdbaa6-6824-3fec-9b06-7961bf7389a6 Initiate contingency plan testing corrective actions Regulatory Compliance NIST_SP_800-53_R5 CP-4 NIST_SP_800-53_R5_CP-4 NIST SP 800-53 Rev. 5 CP-4 Contingency Plan Testing NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
58a51cde-008b-1a5d-61b5-d95849770677 Test the business continuity and disaster recovery plan Regulatory Compliance NIST_SP_800-53_R5 CP-4 NIST_SP_800-53_R5_CP-4 NIST SP 800-53 Rev. 5 CP-4 Contingency Plan Testing NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5d3abfea-a130-1208-29c0-e57de80aa6b0 Review the results of contingency plan testing Regulatory Compliance NIST_SP_800-53_R5 CP-4 NIST_SP_800-53_R5_CP-4 NIST SP 800-53 Rev. 5 CP-4 Contingency Plan Testing NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance NIST_SP_800-53_R5 CP-4(1) NIST_SP_800-53_R5_CP-4(1) NIST SP 800-53 Rev. 5 CP-4 (1) Coordinate with Related Plans NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
60442979-6333-85f0-84c5-b887bac67448 Evaluate alternate processing site capabilities Regulatory Compliance NIST_SP_800-53_R5 CP-4(2) NIST_SP_800-53_R5_CP-4(2) NIST SP 800-53 Rev. 5 CP-4 (2) Alternate Processing Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ba99d512-3baa-1c38-8b0b-ae16bbd34274 Test contingency plan at an alternate processing location Regulatory Compliance NIST_SP_800-53_R5 CP-4(2) NIST_SP_800-53_R5_CP-4(2) NIST SP 800-53 Rev. 5 CP-4 (2) Alternate Processing Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL NIST_SP_800-53_R5 CP-6 NIST_SP_800-53_R5_CP-6 NIST SP 800-53 Rev. 5 CP-6 Alternate Storage Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL NIST_SP_800-53_R5 CP-6 NIST_SP_800-53_R5_CP-6 NIST SP 800-53 Rev. 5 CP-6 Alternate Storage Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL NIST_SP_800-53_R5 CP-6 NIST_SP_800-53_R5_CP-6 NIST SP 800-53 Rev. 5 CP-6 Alternate Storage Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL NIST_SP_800-53_R5 CP-6 NIST_SP_800-53_R5_CP-6 NIST SP 800-53 Rev. 5 CP-6 Alternate Storage Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance NIST_SP_800-53_R5 CP-6 NIST_SP_800-53_R5_CP-6 NIST SP 800-53 Rev. 5 CP-6 Alternate Storage Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance NIST_SP_800-53_R5 CP-6 NIST_SP_800-53_R5_CP-6 NIST SP 800-53 Rev. 5 CP-6 Alternate Storage Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bf045164-79ba-4215-8f95-f8048dc1780b Geo-redundant storage should be enabled for Storage Accounts Storage NIST_SP_800-53_R5 CP-6 NIST_SP_800-53_R5_CP-6 NIST SP 800-53 Rev. 5 CP-6 Alternate Storage Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL NIST_SP_800-53_R5 CP-6(1) NIST_SP_800-53_R5_CP-6(1) NIST SP 800-53 Rev. 5 CP-6 (1) Separation from Primary Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL NIST_SP_800-53_R5 CP-6(1) NIST_SP_800-53_R5_CP-6(1) NIST SP 800-53 Rev. 5 CP-6 (1) Separation from Primary Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL NIST_SP_800-53_R5 CP-6(1) NIST_SP_800-53_R5_CP-6(1) NIST SP 800-53 Rev. 5 CP-6 (1) Separation from Primary Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bf045164-79ba-4215-8f95-f8048dc1780b Geo-redundant storage should be enabled for Storage Accounts Storage NIST_SP_800-53_R5 CP-6(1) NIST_SP_800-53_R5_CP-6(1) NIST SP 800-53 Rev. 5 CP-6 (1) Separation from Primary Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL NIST_SP_800-53_R5 CP-6(1) NIST_SP_800-53_R5_CP-6(1) NIST SP 800-53 Rev. 5 CP-6 (1) Separation from Primary Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance NIST_SP_800-53_R5 CP-6(1) NIST_SP_800-53_R5_CP-6(1) NIST SP 800-53 Rev. 5 CP-6 (1) Separation from Primary Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
245fe58b-96f8-9f1e-48c5-7f49903f66fd Establish alternate storage site that facilitates recovery operations Regulatory Compliance NIST_SP_800-53_R5 CP-6(2) NIST_SP_800-53_R5_CP-6(2) NIST SP 800-53 Rev. 5 CP-6 (2) Recovery Time and Recovery Point Objectives NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site Regulatory Compliance NIST_SP_800-53_R5 CP-6(3) NIST_SP_800-53_R5_CP-6(3) NIST SP 800-53 Rev. 5 CP-6 (3) Accessibility NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NIST_SP_800-53_R5 CP-7 NIST_SP_800-53_R5_CP-7 NIST SP 800-53 Rev. 5 CP-7 Alternate Processing Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance NIST_SP_800-53_R5 CP-7 NIST_SP_800-53_R5_CP-7 NIST SP 800-53 Rev. 5 CP-7 Alternate Processing Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance NIST_SP_800-53_R5 CP-7(1) NIST_SP_800-53_R5_CP-7(1) NIST SP 800-53 Rev. 5 CP-7 (1) Separation from Primary Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance NIST_SP_800-53_R5 CP-7(2) NIST_SP_800-53_R5_CP-7(2) NIST SP 800-53 Rev. 5 CP-7 (2) Accessibility NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance NIST_SP_800-53_R5 CP-7(3) NIST_SP_800-53_R5_CP-7(3) NIST SP 800-53 Rev. 5 CP-7 (3) Priority of Service NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers Regulatory Compliance NIST_SP_800-53_R5 CP-7(3) NIST_SP_800-53_R5_CP-7(3) NIST SP 800-53 Rev. 5 CP-7 (3) Priority of Service NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0f31d98d-5ce2-705b-4aa5-b4f6705110dd Prepare alternate processing site for use as operational site Regulatory Compliance NIST_SP_800-53_R5 CP-7(4) NIST_SP_800-53_R5_CP-7(4) NIST SP 800-53 Rev. 5 CP-7 (4) Preparation for Use NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers Regulatory Compliance NIST_SP_800-53_R5 CP-8(1) NIST_SP_800-53_R5_CP-8(1) NIST SP 800-53 Rev. 5 CP-8 (1) Priority of Service Provisions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance NIST_SP_800-53_R5 CP-9 NIST_SP_800-53_R5_CP-9 NIST SP 800-53 Rev. 5 CP-9 System Backup NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance NIST_SP_800-53_R5 CP-9 NIST_SP_800-53_R5_CP-9 NIST SP 800-53 Rev. 5 CP-9 System Backup NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault NIST_SP_800-53_R5 CP-9 NIST_SP_800-53_R5_CP-9 NIST SP 800-53 Rev. 5 CP-9 System Backup NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault NIST_SP_800-53_R5 CP-9 NIST_SP_800-53_R5_CP-9 NIST SP 800-53 Rev. 5 CP-9 System Backup NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL NIST_SP_800-53_R5 CP-9 NIST_SP_800-53_R5_CP-9 NIST SP 800-53 Rev. 5 CP-9 System Backup NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup NIST_SP_800-53_R5 CP-9 NIST_SP_800-53_R5_CP-9 NIST SP 800-53 Rev. 5 CP-9 System Backup NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R5 CP-9 NIST_SP_800-53_R5_CP-9 NIST SP 800-53 Rev. 5 CP-9 System Backup NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL NIST_SP_800-53_R5 CP-9 NIST_SP_800-53_R5_CP-9 NIST SP 800-53 Rev. 5 CP-9 System Backup NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL NIST_SP_800-53_R5 CP-9 NIST_SP_800-53_R5_CP-9 NIST SP 800-53 Rev. 5 CP-9 System Backup NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance NIST_SP_800-53_R5 CP-9(3) NIST_SP_800-53_R5_CP-9(3) NIST SP 800-53 Rev. 5 CP-9 (3) Separate Storage for Critical Information NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance NIST_SP_800-53_R5 CP-9(5) NIST_SP_800-53_R5_CP-9(5) NIST SP 800-53 Rev. 5 CP-9 (5) Transfer to Alternate Storage Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures Regulatory Compliance NIST_SP_800-53_R5 IA-1 NIST_SP_800-53_R5_IA-1 NIST SP 800-53 Rev. 5 IA-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-53_R5 IA-2 NIST_SP_800-53_R5_IA-2 NIST SP 800-53 Rev. 5 IA-2 Identification and Authentication (organizational Users) NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-53_R5 IA-2 NIST_SP_800-53_R5_IA-2 NIST SP 800-53 Rev. 5 IA-2 Identification and Authentication (organizational Users) NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-53_R5 IA-2 NIST_SP_800-53_R5_IA-2 NIST SP 800-53 Rev. 5 IA-2 Identification and Authentication (organizational Users) NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance NIST_SP_800-53_R5 IA-2 NIST_SP_800-53_R5_IA-2 NIST SP 800-53 Rev. 5 IA-2 Identification and Authentication (organizational Users) NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance NIST_SP_800-53_R5 IA-2 NIST_SP_800-53_R5_IA-2 NIST SP 800-53 Rev. 5 IA-2 Identification and Authentication (organizational Users) NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NIST_SP_800-53_R5 IA-2 NIST_SP_800-53_R5_IA-2 NIST SP 800-53 Rev. 5 IA-2 Identification and Authentication (organizational Users) NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-53_R5 IA-2 NIST_SP_800-53_R5_IA-2 NIST SP 800-53 Rev. 5 IA-2 Identification and Authentication (organizational Users) NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance NIST_SP_800-53_R5 IA-2(1) NIST_SP_800-53_R5_IA-2(1) NIST SP 800-53 Rev. 5 IA-2 (1) Multi-factor Authentication to Privileged Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance NIST_SP_800-53_R5 IA-2(12) NIST_SP_800-53_R5_IA-2(12) NIST SP 800-53 Rev. 5 IA-2 (12) Acceptance of PIV Credentials NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance NIST_SP_800-53_R5 IA-2(2) NIST_SP_800-53_R5_IA-2(2) NIST SP 800-53 Rev. 5 IA-2 (2) Multi-factor Authentication to Non-privileged Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
08ad71d0-52be-6503-4908-e015460a16ae Require use of individual authenticators Regulatory Compliance NIST_SP_800-53_R5 IA-2(5) NIST_SP_800-53_R5_IA-2(5) NIST SP 800-53 Rev. 5 IA-2 (5) Individual Authentication with Group Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-53_R5 IA-4 NIST_SP_800-53_R5_IA-4 NIST SP 800-53 Rev. 5 IA-4 Identifier Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4781e5fd-76b8-7d34-6df3-a0a7fca47665 Prevent identifier reuse for the defined time period Regulatory Compliance NIST_SP_800-53_R5 IA-4 NIST_SP_800-53_R5_IA-4 NIST SP 800-53 Rev. 5 IA-4 Identifier Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f29b17a4-0df2-8a50-058a-8570f9979d28 Assign system identifiers Regulatory Compliance NIST_SP_800-53_R5 IA-4 NIST_SP_800-53_R5_IA-4 NIST SP 800-53 Rev. 5 IA-4 Identifier Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NIST_SP_800-53_R5 IA-4 NIST_SP_800-53_R5_IA-4 NIST SP 800-53 Rev. 5 IA-4 Identifier Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-53_R5 IA-4 NIST_SP_800-53_R5_IA-4 NIST SP 800-53 Rev. 5 IA-4 Identifier Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-53_R5 IA-4 NIST_SP_800-53_R5_IA-4 NIST SP 800-53 Rev. 5 IA-4 Identifier Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-53_R5 IA-4 NIST_SP_800-53_R5_IA-4 NIST SP 800-53 Rev. 5 IA-4 Identifier Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ca748dfe-3e28-1d18-4221-89aea30aa0a5 Identify status of individual users Regulatory Compliance NIST_SP_800-53_R5 IA-4(4) NIST_SP_800-53_R5_IA-4(4) NIST SP 800-53 Rev. 5 IA-4 (4) Identify User Status NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance NIST_SP_800-53_R5 IA-5(1) NIST_SP_800-53_R5_IA-5(1) NIST SP 800-53 Rev. 5 IA-5 (1) Password-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIST_SP_800-53_R5 IA-5(1) NIST_SP_800-53_R5_IA-5(1) NIST SP 800-53 Rev. 5 IA-5 (1) Password-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration NIST_SP_800-53_R5 IA-5(1) NIST_SP_800-53_R5_IA-5(1) NIST SP 800-53 Rev. 5 IA-5 (1) Password-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance NIST_SP_800-53_R5 IA-5(1) NIST_SP_800-53_R5_IA-5(1) NIST SP 800-53 Rev. 5 IA-5 (1) Password-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration NIST_SP_800-53_R5 IA-5(1) NIST_SP_800-53_R5_IA-5(1) NIST SP 800-53 Rev. 5 IA-5 (1) Password-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration NIST_SP_800-53_R5 IA-5(1) NIST_SP_800-53_R5_IA-5(1) NIST SP 800-53 Rev. 5 IA-5 (1) Password-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration NIST_SP_800-53_R5 IA-5(1) NIST_SP_800-53_R5_IA-5(1) NIST SP 800-53 Rev. 5 IA-5 (1) Password-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
237b38db-ca4d-4259-9e47-7882441ca2c0 Audit Windows machines that do not have the minimum password age set to specified number of days Guest Configuration NIST_SP_800-53_R5 IA-5(1) NIST_SP_800-53_R5_IA-5(1) NIST SP 800-53 Rev. 5 IA-5 (1) Password-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration NIST_SP_800-53_R5 IA-5(1) NIST_SP_800-53_R5_IA-5(1) NIST SP 800-53 Rev. 5 IA-5 (1) Password-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration NIST_SP_800-53_R5 IA-5(1) NIST_SP_800-53_R5_IA-5(1) NIST SP 800-53 Rev. 5 IA-5 (1) Password-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance NIST_SP_800-53_R5 IA-5(1) NIST_SP_800-53_R5_IA-5(1) NIST SP 800-53 Rev. 5 IA-5 (1) Password-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NIST_SP_800-53_R5 IA-5(1) NIST_SP_800-53_R5_IA-5(1) NIST SP 800-53 Rev. 5 IA-5 (1) Password-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration NIST_SP_800-53_R5 IA-5(1) NIST_SP_800-53_R5_IA-5(1) NIST SP 800-53 Rev. 5 IA-5 (1) Password-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance NIST_SP_800-53_R5 IA-5(1) NIST_SP_800-53_R5_IA-5(1) NIST SP 800-53 Rev. 5 IA-5 (1) Password-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIST_SP_800-53_R5 IA-5(1) NIST_SP_800-53_R5_IA-5(1) NIST SP 800-53 Rev. 5 IA-5 (1) Password-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c7e8ddc1-14aa-1814-7fe1-aad1742b27da Enforce expiration of cached authenticators Regulatory Compliance NIST_SP_800-53_R5 IA-5(13) NIST_SP_800-53_R5_IA-5(13) NIST SP 800-53 Rev. 5 IA-5 (13) Expiration of Cached Authenticators NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance NIST_SP_800-53_R5 IA-5(2) NIST_SP_800-53_R5_IA-5(2) NIST SP 800-53 Rev. 5 IA-5 (2) Public Key-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6f311b49-9b0d-8c67-3d6e-db80ae528173 Bind authenticators and identities dynamically Regulatory Compliance NIST_SP_800-53_R5 IA-5(2) NIST_SP_800-53_R5_IA-5(2) NIST SP 800-53 Rev. 5 IA-5 (2) Public Key-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance NIST_SP_800-53_R5 IA-5(2) NIST_SP_800-53_R5_IA-5(2) NIST SP 800-53 Rev. 5 IA-5 (2) Public Key-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance NIST_SP_800-53_R5 IA-5(2) NIST_SP_800-53_R5_IA-5(2) NIST SP 800-53 Rev. 5 IA-5 (2) Public Key-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0065241c-72e9-3b2c-556f-75de66332a94 Establish parameters for searching secret authenticators and verifiers Regulatory Compliance NIST_SP_800-53_R5 IA-5(2) NIST_SP_800-53_R5_IA-5(2) NIST SP 800-53 Rev. 5 IA-5 (2) Public Key-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4012c2b7-4e0e-a7ab-1688-4aab43f14420 Map authenticated identities to individuals Regulatory Compliance NIST_SP_800-53_R5 IA-5(2) NIST_SP_800-53_R5_IA-5(2) NIST SP 800-53 Rev. 5 IA-5 (2) Public Key-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance NIST_SP_800-53_R5 IA-5(2) NIST_SP_800-53_R5_IA-5(2) NIST SP 800-53 Rev. 5 IA-5 (2) Public Key-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
37dbe3dc-0e9c-24fa-36f2-11197cbfa207 Ensure authorized users protect provided authenticators Regulatory Compliance NIST_SP_800-53_R5 IA-5(6) NIST_SP_800-53_R5_IA-5(6) NIST SP 800-53 Rev. 5 IA-5 (6) Protection of Authenticators NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eda0cbb7-6043-05bf-645b-67411f1a59b3 Ensure there are no unencrypted static authenticators Regulatory Compliance NIST_SP_800-53_R5 IA-5(7) NIST_SP_800-53_R5_IA-5(7) NIST SP 800-53 Rev. 5 IA-5 (7) No Embedded Unencrypted Static Authenticators NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1ff03f2a-974b-3272-34f2-f6cd51420b30 Obscure feedback information during authentication process Regulatory Compliance NIST_SP_800-53_R5 IA-6 NIST_SP_800-53_R5_IA-6 NIST SP 800-53 Rev. 5 IA-6 Authentication Feedback NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance NIST_SP_800-53_R5 IA-7 NIST_SP_800-53_R5_IA-7 NIST SP 800-53 Rev. 5 IA-7 Cryptographic Module Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance NIST_SP_800-53_R5 IA-8 NIST_SP_800-53_R5_IA-8 NIST SP 800-53 Rev. 5 IA-8 Identification and Authentication (non-organizational Users) NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
55be3260-a7a2-3c06-7fe6-072d07525ab7 Accept PIV credentials Regulatory Compliance NIST_SP_800-53_R5 IA-8(1) NIST_SP_800-53_R5_IA-8(1) NIST SP 800-53 Rev. 5 IA-8 (1) Acceptance of PIV Credentials from Other Agencies NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2d2ca910-7957-23ee-2945-33f401606efc Accept only FICAM-approved third-party credentials Regulatory Compliance NIST_SP_800-53_R5 IA-8(2) NIST_SP_800-53_R5_IA-8(2) NIST SP 800-53 Rev. 5 IA-8 (2) Acceptance of External Authenticators NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a8df9c78-4044-98be-2c05-31a315ac8957 Conform to FICAM-issued profiles Regulatory Compliance NIST_SP_800-53_R5 IA-8(4) NIST_SP_800-53_R5_IA-8(4) NIST SP 800-53 Rev. 5 IA-8 (4) Use of Defined Profiles NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance NIST_SP_800-53_R5 IR-1 NIST_SP_800-53_R5_IR-1 NIST SP 800-53 Rev. 5 IR-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance NIST_SP_800-53_R5 IR-2 NIST_SP_800-53_R5_IR-2 NIST SP 800-53 Rev. 5 IR-2 Incident Response Training NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1fdeb7c4-4c93-8271-a135-17ebe85f1cc7 Incorporate simulated events into incident response training Regulatory Compliance NIST_SP_800-53_R5 IR-2(1) NIST_SP_800-53_R5_IR-2(1) NIST SP 800-53 Rev. 5 IR-2 (1) Simulated Events NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c8aa992d-76b7-7ca0-07b3-31a58d773fa9 Employ automated training environment Regulatory Compliance NIST_SP_800-53_R5 IR-2(2) NIST_SP_800-53_R5_IR-2(2) NIST SP 800-53 Rev. 5 IR-2 (2) Automated Training Environments NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance NIST_SP_800-53_R5 IR-3 NIST_SP_800-53_R5_IR-3 NIST SP 800-53 Rev. 5 IR-3 Incident Response Testing NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance NIST_SP_800-53_R5 IR-3 NIST_SP_800-53_R5_IR-3 NIST SP 800-53 Rev. 5 IR-3 Incident Response Testing NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance NIST_SP_800-53_R5 IR-3 NIST_SP_800-53_R5_IR-3 NIST SP 800-53 Rev. 5 IR-3 Incident Response Testing NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance NIST_SP_800-53_R5 IR-3(2) NIST_SP_800-53_R5_IR-3(2) NIST SP 800-53 Rev. 5 IR-3 (2) Coordination with Related Plans NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance NIST_SP_800-53_R5 IR-3(2) NIST_SP_800-53_R5_IR-3(2) NIST SP 800-53 Rev. 5 IR-3 (2) Coordination with Related Plans NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance NIST_SP_800-53_R5 IR-3(2) NIST_SP_800-53_R5_IR-3(2) NIST SP 800-53 Rev. 5 IR-3 (2) Coordination with Related Plans NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance NIST_SP_800-53_R5 IR-4(1) NIST_SP_800-53_R5_IR-4(1) NIST SP 800-53 Rev. 5 IR-4 (1) Automated Incident Handling Processes NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance NIST_SP_800-53_R5 IR-4(1) NIST_SP_800-53_R5_IR-4(1) NIST SP 800-53 Rev. 5 IR-4 (1) Automated Incident Handling Processes NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance NIST_SP_800-53_R5 IR-4(1) NIST_SP_800-53_R5_IR-4(1) NIST SP 800-53 Rev. 5 IR-4 (1) Automated Incident Handling Processes NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1e0d5ba8-a433-01aa-829c-86b06c9631ec Include dynamic reconfig of customer deployed resources Regulatory Compliance NIST_SP_800-53_R5 IR-4(2) NIST_SP_800-53_R5_IR-4(2) NIST SP 800-53 Rev. 5 IR-4 (2) Dynamic Reconfiguration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
23d1a569-2d1e-7f43-9e22-1f94115b7dd5 Identify classes of Incidents and Actions taken Regulatory Compliance NIST_SP_800-53_R5 IR-4(3) NIST_SP_800-53_R5_IR-4(3) NIST SP 800-53 Rev. 5 IR-4 (3) Continuity of Operations NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance NIST_SP_800-53_R5 IR-4(4) NIST_SP_800-53_R5_IR-4(4) NIST SP 800-53 Rev. 5 IR-4 (4) Information Correlation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
98e33927-8d7f-6d5f-44f5-2469b40b7215 Implement Incident handling capability Regulatory Compliance NIST_SP_800-53_R5 IR-4(6) NIST_SP_800-53_R5_IR-4(6) NIST SP 800-53 Rev. 5 IR-4 (6) Insider Threats NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d4e6a629-28eb-79a9-000b-88030e4823ca Coordinate with external organizations to achieve cross org perspective Regulatory Compliance NIST_SP_800-53_R5 IR-4(8) NIST_SP_800-53_R5_IR-4(8) NIST SP 800-53 Rev. 5 IR-4 (8) Correlation with External Organizations NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R5 IR-5 NIST_SP_800-53_R5_IR-5 NIST SP 800-53 Rev. 5 IR-5 Incident Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R5 IR-5 NIST_SP_800-53_R5_IR-5 NIST SP 800-53 Rev. 5 IR-5 Incident Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R5 IR-5 NIST_SP_800-53_R5_IR-5 NIST SP 800-53 Rev. 5 IR-5 Incident Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R5 IR-5 NIST_SP_800-53_R5_IR-5 NIST SP 800-53 Rev. 5 IR-5 Incident Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_SP_800-53_R5 IR-5 NIST_SP_800-53_R5_IR-5 NIST SP 800-53 Rev. 5 IR-5 Incident Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R5 IR-5 NIST_SP_800-53_R5_IR-5 NIST SP 800-53 Rev. 5 IR-5 Incident Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NIST_SP_800-53_R5 IR-5 NIST_SP_800-53_R5_IR-5 NIST SP 800-53 Rev. 5 IR-5 Incident Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R5 IR-5 NIST_SP_800-53_R5_IR-5 NIST SP 800-53 Rev. 5 IR-5 Incident Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R5 IR-5 NIST_SP_800-53_R5_IR-5 NIST SP 800-53 Rev. 5 IR-5 Incident Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R5 IR-5 NIST_SP_800-53_R5_IR-5 NIST SP 800-53 Rev. 5 IR-5 Incident Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center NIST_SP_800-53_R5 IR-5 NIST_SP_800-53_R5_IR-5 NIST SP 800-53 Rev. 5 IR-5 Incident Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R5 IR-5 NIST_SP_800-53_R5_IR-5 NIST SP 800-53 Rev. 5 IR-5 Incident Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R5 IR-5 NIST_SP_800-53_R5_IR-5 NIST SP 800-53 Rev. 5 IR-5 Incident Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance NIST_SP_800-53_R5 IR-6(1) NIST_SP_800-53_R5_IR-6(1) NIST SP 800-53 Rev. 5 IR-6 (1) Automated Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NIST_SP_800-53_R5 IR-6(2) NIST_SP_800-53_R5_IR-6(2) NIST SP 800-53 Rev. 5 IR-6 (2) Vulnerabilities Related to Incidents NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_SP_800-53_R5 IR-6(2) NIST_SP_800-53_R5_IR-6(2) NIST SP 800-53 Rev. 5 IR-6 (2) Vulnerabilities Related to Incidents NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center NIST_SP_800-53_R5 IR-6(2) NIST_SP_800-53_R5_IR-6(2) NIST SP 800-53 Rev. 5 IR-6 (2) Vulnerabilities Related to Incidents NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance NIST_SP_800-53_R5 IR-7 NIST_SP_800-53_R5_IR-7 NIST SP 800-53 Rev. 5 IR-7 Incident Response Assistance NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance NIST_SP_800-53_R5 IR-7(1) NIST_SP_800-53_R5_IR-7(1) NIST SP 800-53 Rev. 5 IR-7 (1) Automation Support for Availability of Information and Support NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance NIST_SP_800-53_R5 IR-7(1) NIST_SP_800-53_R5_IR-7(1) NIST SP 800-53 Rev. 5 IR-7 (1) Automation Support for Availability of Information and Support NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance NIST_SP_800-53_R5 IR-7(1) NIST_SP_800-53_R5_IR-7(1) NIST SP 800-53 Rev. 5 IR-7 (1) Automation Support for Availability of Information and Support NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance NIST_SP_800-53_R5 IR-7(1) NIST_SP_800-53_R5_IR-7(1) NIST SP 800-53 Rev. 5 IR-7 (1) Automation Support for Availability of Information and Support NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance NIST_SP_800-53_R5 IR-7(1) NIST_SP_800-53_R5_IR-7(1) NIST SP 800-53 Rev. 5 IR-7 (1) Automation Support for Availability of Information and Support NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-53_R5 IR-7(1) NIST_SP_800-53_R5_IR-7(1) NIST SP 800-53 Rev. 5 IR-7 (1) Automation Support for Availability of Information and Support NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance NIST_SP_800-53_R5 IR-7(1) NIST_SP_800-53_R5_IR-7(1) NIST SP 800-53 Rev. 5 IR-7 (1) Automation Support for Availability of Information and Support NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b470a37a-7a47-3792-34dd-7a793140702e Establish relationship between incident response capability and external providers Regulatory Compliance NIST_SP_800-53_R5 IR-7(2) NIST_SP_800-53_R5_IR-7(2) NIST SP 800-53 Rev. 5 IR-7 (2) Coordination with External Providers NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
037c0089-6606-2dab-49ad-437005b5035f Identify incident response personnel Regulatory Compliance NIST_SP_800-53_R5 IR-7(2) NIST_SP_800-53_R5_IR-7(2) NIST SP 800-53 Rev. 5 IR-7 (2) Coordination with External Providers NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance NIST_SP_800-53_R5 IR-8 NIST_SP_800-53_R5_IR-8 NIST SP 800-53 Rev. 5 IR-8 Incident Response Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance NIST_SP_800-53_R5 IR-8 NIST_SP_800-53_R5_IR-8 NIST SP 800-53 Rev. 5 IR-8 Incident Response Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records Regulatory Compliance NIST_SP_800-53_R5 IR-8 NIST_SP_800-53_R5_IR-8 NIST SP 800-53 Rev. 5 IR-8 Incident Response Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance NIST_SP_800-53_R5 IR-8 NIST_SP_800-53_R5_IR-8 NIST SP 800-53 Rev. 5 IR-8 Incident Response Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance NIST_SP_800-53_R5 IR-8 NIST_SP_800-53_R5_IR-8 NIST SP 800-53 Rev. 5 IR-8 Incident Response Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance NIST_SP_800-53_R5 IR-8 NIST_SP_800-53_R5_IR-8 NIST SP 800-53 Rev. 5 IR-8 Incident Response Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance NIST_SP_800-53_R5 IR-9 NIST_SP_800-53_R5_IR-9 NIST SP 800-53 Rev. 5 IR-9 Information Spillage Response NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance NIST_SP_800-53_R5 IR-9 NIST_SP_800-53_R5_IR-9 NIST SP 800-53 Rev. 5 IR-9 Information Spillage Response NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
69d90ee6-9f9f-262a-2038-d909fb4e5723 Identify spilled information Regulatory Compliance NIST_SP_800-53_R5 IR-9 NIST_SP_800-53_R5_IR-9 NIST SP 800-53 Rev. 5 IR-9 Information Spillage Response NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance NIST_SP_800-53_R5 IR-9 NIST_SP_800-53_R5_IR-9 NIST SP 800-53 Rev. 5 IR-9 Information Spillage Response NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
22457e81-3ec6-5271-a786-c3ca284601dd Isolate information spills Regulatory Compliance NIST_SP_800-53_R5 IR-9 NIST_SP_800-53_R5_IR-9 NIST SP 800-53 Rev. 5 IR-9 Information Spillage Response NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
279052a0-8238-694d-9661-bf649f951747 Identify contaminated systems and components Regulatory Compliance NIST_SP_800-53_R5 IR-9 NIST_SP_800-53_R5_IR-9 NIST SP 800-53 Rev. 5 IR-9 Information Spillage Response NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance NIST_SP_800-53_R5 IR-9 NIST_SP_800-53_R5_IR-9 NIST SP 800-53 Rev. 5 IR-9 Information Spillage Response NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance NIST_SP_800-53_R5 IR-9(2) NIST_SP_800-53_R5_IR-9(2) NIST SP 800-53 Rev. 5 IR-9 (2) Training NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bb048641-6017-7272-7772-a008f285a520 Develop spillage response procedures Regulatory Compliance NIST_SP_800-53_R5 IR-9(3) NIST_SP_800-53_R5_IR-9(3) NIST SP 800-53 Rev. 5 IR-9 (3) Post-spill Operations NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance NIST_SP_800-53_R5 IR-9(4) NIST_SP_800-53_R5_IR-9(4) NIST SP 800-53 Rev. 5 IR-9 (4) Exposure to Unauthorized Personnel NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance NIST_SP_800-53_R5 MA-1 NIST_SP_800-53_R5_MA-1 NIST SP 800-53 Rev. 5 MA-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R5 MA-2 NIST_SP_800-53_R5_MA-2 NIST SP 800-53 Rev. 5 MA-2 Controlled Maintenance NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance NIST_SP_800-53_R5 MA-2 NIST_SP_800-53_R5_MA-2 NIST SP 800-53 Rev. 5 MA-2 Controlled Maintenance NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-53_R5 MA-2 NIST_SP_800-53_R5_MA-2 NIST SP 800-53 Rev. 5 MA-2 Controlled Maintenance NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-53_R5 MA-2 NIST_SP_800-53_R5_MA-2 NIST SP 800-53 Rev. 5 MA-2 Controlled Maintenance NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
74041cfe-3f87-1d17-79ec-34ca5f895542 Produce complete records of remote maintenance activities Regulatory Compliance NIST_SP_800-53_R5 MA-2(2) NIST_SP_800-53_R5_MA-2(2) NIST SP 800-53 Rev. 5 MA-2 (2) Automated Maintenance Activities NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b8587fce-138f-86e8-33a3-c60768bf1da6 Automate remote maintenance activities Regulatory Compliance NIST_SP_800-53_R5 MA-2(2) NIST_SP_800-53_R5_MA-2(2) NIST SP 800-53 Rev. 5 MA-2 (2) Automated Maintenance Activities NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance NIST_SP_800-53_R5 MA-3 NIST_SP_800-53_R5_MA-3 NIST SP 800-53 Rev. 5 MA-3 Maintenance Tools NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-53_R5 MA-3 NIST_SP_800-53_R5_MA-3 NIST SP 800-53 Rev. 5 MA-3 Maintenance Tools NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance NIST_SP_800-53_R5 MA-3(1) NIST_SP_800-53_R5_MA-3(1) NIST SP 800-53 Rev. 5 MA-3 (1) Inspect Tools NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-53_R5 MA-3(1) NIST_SP_800-53_R5_MA-3(1) NIST SP 800-53 Rev. 5 MA-3 (1) Inspect Tools NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance NIST_SP_800-53_R5 MA-3(2) NIST_SP_800-53_R5_MA-3(2) NIST SP 800-53 Rev. 5 MA-3 (2) Inspect Media NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-53_R5 MA-3(2) NIST_SP_800-53_R5_MA-3(2) NIST SP 800-53 Rev. 5 MA-3 (2) Inspect Media NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-53_R5 MA-3(3) NIST_SP_800-53_R5_MA-3(3) NIST SP 800-53 Rev. 5 MA-3 (3) Prevent Unauthorized Removal NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-53_R5 MA-3(3) NIST_SP_800-53_R5_MA-3(3) NIST SP 800-53 Rev. 5 MA-3 (3) Prevent Unauthorized Removal NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance NIST_SP_800-53_R5 MA-3(3) NIST_SP_800-53_R5_MA-3(3) NIST SP 800-53 Rev. 5 MA-3 (3) Prevent Unauthorized Removal NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R5 MA-3(3) NIST_SP_800-53_R5_MA-3(3) NIST SP 800-53 Rev. 5 MA-3 (3) Prevent Unauthorized Removal NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-53_R5 MA-4 NIST_SP_800-53_R5_MA-4 NIST SP 800-53 Rev. 5 MA-4 Nonlocal Maintenance NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5bac5fb7-7735-357b-767d-02264bfe5c3b Perform all non-local maintenance Regulatory Compliance NIST_SP_800-53_R5 MA-4(3) NIST_SP_800-53_R5_MA-4(3) NIST SP 800-53 Rev. 5 MA-4 (3) Comparable Security and Sanitization NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
10c3a1b1-29b0-a2d5-8f4c-a284b0f07830 Implement cryptographic mechanisms Regulatory Compliance NIST_SP_800-53_R5 MA-4(6) NIST_SP_800-53_R5_MA-4(6) NIST SP 800-53 Rev. 5 MA-4 (6) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7a489c62-242c-5db9-74df-c073056d6fa3 Designate personnel to supervise unauthorized maintenance activities Regulatory Compliance NIST_SP_800-53_R5 MA-5 NIST_SP_800-53_R5_MA-5 NIST SP 800-53 Rev. 5 MA-5 Maintenance Personnel NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d Manage maintenance personnel Regulatory Compliance NIST_SP_800-53_R5 MA-5 NIST_SP_800-53_R5_MA-5 NIST SP 800-53 Rev. 5 MA-5 Maintenance Personnel NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4ce91e4e-6dab-3c46-011a-aa14ae1561bf Maintain list of authorized remote maintenance personnel Regulatory Compliance NIST_SP_800-53_R5 MA-5 NIST_SP_800-53_R5_MA-5 NIST SP 800-53 Rev. 5 MA-5 Maintenance Personnel NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R5 MA-5(1) NIST_SP_800-53_R5_MA-5(1) NIST SP 800-53 Rev. 5 MA-5 (1) Individuals Without Appropriate Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-53_R5 MA-5(1) NIST_SP_800-53_R5_MA-5(1) NIST SP 800-53 Rev. 5 MA-5 (1) Individuals Without Appropriate Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eb598832-4bcc-658d-4381-3ecbe17b9866 Provide timely maintenance support Regulatory Compliance NIST_SP_800-53_R5 MA-6 NIST_SP_800-53_R5_MA-6 NIST SP 800-53 Rev. 5 MA-6 Timely Maintenance NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance NIST_SP_800-53_R5 MP-1 NIST_SP_800-53_R5_MP-1 NIST SP 800-53 Rev. 5 MP-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R5 MP-2 NIST_SP_800-53_R5_MP-2 NIST SP 800-53 Rev. 5 MP-2 Media Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R5 MP-3 NIST_SP_800-53_R5_MP-3 NIST SP 800-53 Rev. 5 MP-3 Media Marking NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R5 MP-4 NIST_SP_800-53_R5_MP-4 NIST SP 800-53 Rev. 5 MP-4 Media Storage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-53_R5 MP-4 NIST_SP_800-53_R5_MP-4 NIST SP 800-53 Rev. 5 MP-4 Media Storage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R5 MP-5 NIST_SP_800-53_R5_MP-5 NIST SP 800-53 Rev. 5 MP-5 Media Transport NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance NIST_SP_800-53_R5 MP-5 NIST_SP_800-53_R5_MP-5 NIST SP 800-53 Rev. 5 MP-5 Media Transport NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R5 MP-6 NIST_SP_800-53_R5_MP-6 NIST SP 800-53 Rev. 5 MP-6 Media Sanitization NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-53_R5 MP-6 NIST_SP_800-53_R5_MP-6 NIST SP 800-53 Rev. 5 MP-6 Media Sanitization NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-53_R5 MP-6(1) NIST_SP_800-53_R5_MP-6(1) NIST SP 800-53 Rev. 5 MP-6 (1) Review, Approve, Track, Document, and Verify NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R5 MP-6(1) NIST_SP_800-53_R5_MP-6(1) NIST SP 800-53 Rev. 5 MP-6 (1) Review, Approve, Track, Document, and Verify NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R5 MP-6(2) NIST_SP_800-53_R5_MP-6(2) NIST SP 800-53 Rev. 5 MP-6 (2) Equipment Testing NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-53_R5 MP-6(2) NIST_SP_800-53_R5_MP-6(2) NIST SP 800-53 Rev. 5 MP-6 (2) Equipment Testing NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance NIST_SP_800-53_R5 MP-7 NIST_SP_800-53_R5_MP-7 NIST SP 800-53 Rev. 5 MP-7 Media Use NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance NIST_SP_800-53_R5 MP-7 NIST_SP_800-53_R5_MP-7 NIST SP 800-53 Rev. 5 MP-7 Media Use NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance NIST_SP_800-53_R5 MP-7 NIST_SP_800-53_R5_MP-7 NIST SP 800-53 Rev. 5 MP-7 Media Use NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R5 MP-7 NIST_SP_800-53_R5_MP-7 NIST SP 800-53 Rev. 5 MP-7 Media Use NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance NIST_SP_800-53_R5 PE-1 NIST_SP_800-53_R5_PE-1 NIST SP 800-53 Rev. 5 PE-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
aa892c0d-2c40-200c-0dd8-eac8c4748ede Employ automatic emergency lighting Regulatory Compliance NIST_SP_800-53_R5 PE-12 NIST_SP_800-53_R5_PE-12 NIST SP 800-53 Rev. 5 PE-12 Emergency Lighting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R5 PE-13 NIST_SP_800-53_R5_PE-13 NIST SP 800-53 Rev. 5 PE-13 Fire Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance NIST_SP_800-53_R5 PE-13(1) NIST_SP_800-53_R5_PE-13(1) NIST SP 800-53 Rev. 5 PE-13 (1) Detection Systems ??? Automatic Activation and Notification NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c2eabc28-1e5c-78a2-a712-7cc176c44c07 Implement a penetration testing methodology Regulatory Compliance NIST_SP_800-53_R5 PE-13(1) NIST_SP_800-53_R5_PE-13(1) NIST SP 800-53 Rev. 5 PE-13 (1) Detection Systems ??? Automatic Activation and Notification NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R5 PE-13(1) NIST_SP_800-53_R5_PE-13(1) NIST SP 800-53 Rev. 5 PE-13 (1) Detection Systems ??? Automatic Activation and Notification NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R5 PE-13(2) NIST_SP_800-53_R5_PE-13(2) NIST SP 800-53 Rev. 5 PE-13 (2) Suppression Systems ??? Automatic Activation and Notification NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R5 PE-14 NIST_SP_800-53_R5_PE-14 NIST SP 800-53 Rev. 5 PE-14 Environmental Controls NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R5 PE-14(2) NIST_SP_800-53_R5_PE-14(2) NIST SP 800-53 Rev. 5 PE-14 (2) Monitoring with Alarms and Notifications NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance NIST_SP_800-53_R5 PE-14(2) NIST_SP_800-53_R5_PE-14(2) NIST SP 800-53 Rev. 5 PE-14 (2) Monitoring with Alarms and Notifications NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R5 PE-15 NIST_SP_800-53_R5_PE-15 NIST SP 800-53 Rev. 5 PE-15 Water Damage Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
25a1f840-65d0-900a-43e4-bee253de04de Define requirements for managing assets Regulatory Compliance NIST_SP_800-53_R5 PE-16 NIST_SP_800-53_R5_PE-16 NIST SP 800-53 Rev. 5 PE-16 Delivery and Removal NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance NIST_SP_800-53_R5 PE-16 NIST_SP_800-53_R5_PE-16 NIST SP 800-53 Rev. 5 PE-16 Delivery and Removal NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance NIST_SP_800-53_R5 PE-17 NIST_SP_800-53_R5_PE-17 NIST SP 800-53 Rev. 5 PE-17 Alternate Work Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R5 PE-18 NIST_SP_800-53_R5_PE-18 NIST SP 800-53 Rev. 5 PE-18 Location of System Components NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance NIST_SP_800-53_R5 PE-2 NIST_SP_800-53_R5_PE-2 NIST SP 800-53 Rev. 5 PE-2 Physical Access Authorizations NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R5 PE-3 NIST_SP_800-53_R5_PE-3 NIST SP 800-53 Rev. 5 PE-3 Physical Access Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance NIST_SP_800-53_R5 PE-3 NIST_SP_800-53_R5_PE-3 NIST SP 800-53 Rev. 5 PE-3 Physical Access Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance NIST_SP_800-53_R5 PE-3 NIST_SP_800-53_R5_PE-3 NIST SP 800-53 Rev. 5 PE-3 Physical Access Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance NIST_SP_800-53_R5 PE-3 NIST_SP_800-53_R5_PE-3 NIST SP 800-53 Rev. 5 PE-3 Physical Access Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance NIST_SP_800-53_R5 PE-4 NIST_SP_800-53_R5_PE-4 NIST SP 800-53 Rev. 5 PE-4 Access Control for Transmission NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R5 PE-4 NIST_SP_800-53_R5_PE-4 NIST SP 800-53 Rev. 5 PE-4 Access Control for Transmission NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance NIST_SP_800-53_R5 PE-5 NIST_SP_800-53_R5_PE-5 NIST SP 800-53 Rev. 5 PE-5 Access Control for Output Devices NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R5 PE-5 NIST_SP_800-53_R5_PE-5 NIST SP 800-53 Rev. 5 PE-5 Access Control for Output Devices NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance NIST_SP_800-53_R5 PE-5 NIST_SP_800-53_R5_PE-5 NIST SP 800-53 Rev. 5 PE-5 Access Control for Output Devices NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance NIST_SP_800-53_R5 PE-6(1) NIST_SP_800-53_R5_PE-6(1) NIST SP 800-53 Rev. 5 PE-6 (1) Intrusion Alarms and Surveillance Equipment NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance NIST_SP_800-53_R5 PE-6(1) NIST_SP_800-53_R5_PE-6(1) NIST SP 800-53 Rev. 5 PE-6 (1) Intrusion Alarms and Surveillance Equipment NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R5 PE-8 NIST_SP_800-53_R5_PE-8 NIST SP 800-53 Rev. 5 PE-8 Visitor Access Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance NIST_SP_800-53_R5 PE-8 NIST_SP_800-53_R5_PE-8 NIST SP 800-53 Rev. 5 PE-8 Visitor Access Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance NIST_SP_800-53_R5 PL-1 NIST_SP_800-53_R5_PL-1 NIST SP 800-53 Rev. 5 PL-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance NIST_SP_800-53_R5 PL-2 NIST_SP_800-53_R5_PL-2 NIST SP 800-53 Rev. 5 PL-2 System Security and Privacy Plans NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance NIST_SP_800-53_R5 PL-2 NIST_SP_800-53_R5_PL-2 NIST SP 800-53 Rev. 5 PL-2 System Security and Privacy Plans NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance NIST_SP_800-53_R5 PL-2 NIST_SP_800-53_R5_PL-2 NIST SP 800-53 Rev. 5 PL-2 System Security and Privacy Plans NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance NIST_SP_800-53_R5 PL-2 NIST_SP_800-53_R5_PL-2 NIST SP 800-53 Rev. 5 PL-2 System Security and Privacy Plans NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance NIST_SP_800-53_R5 PL-2 NIST_SP_800-53_R5_PL-2 NIST SP 800-53 Rev. 5 PL-2 System Security and Privacy Plans NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance NIST_SP_800-53_R5 PL-2 NIST_SP_800-53_R5_PL-2 NIST SP 800-53 Rev. 5 PL-2 System Security and Privacy Plans NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance NIST_SP_800-53_R5 PL-4 NIST_SP_800-53_R5_PL-4 NIST SP 800-53 Rev. 5 PL-4 Rules of Behavior NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance NIST_SP_800-53_R5 PL-4 NIST_SP_800-53_R5_PL-4 NIST SP 800-53 Rev. 5 PL-4 Rules of Behavior NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance NIST_SP_800-53_R5 PL-4 NIST_SP_800-53_R5_PL-4 NIST SP 800-53 Rev. 5 PL-4 Rules of Behavior NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance NIST_SP_800-53_R5 PL-4 NIST_SP_800-53_R5_PL-4 NIST SP 800-53 Rev. 5 PL-4 Rules of Behavior NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance NIST_SP_800-53_R5 PL-4 NIST_SP_800-53_R5_PL-4 NIST SP 800-53 Rev. 5 PL-4 Rules of Behavior NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance NIST_SP_800-53_R5 PL-4 NIST_SP_800-53_R5_PL-4 NIST SP 800-53 Rev. 5 PL-4 Rules of Behavior NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance NIST_SP_800-53_R5 PL-4 NIST_SP_800-53_R5_PL-4 NIST SP 800-53 Rev. 5 PL-4 Rules of Behavior NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance NIST_SP_800-53_R5 PL-4 NIST_SP_800-53_R5_PL-4 NIST SP 800-53 Rev. 5 PL-4 Rules of Behavior NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance NIST_SP_800-53_R5 PL-4 NIST_SP_800-53_R5_PL-4 NIST SP 800-53 Rev. 5 PL-4 Rules of Behavior NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance NIST_SP_800-53_R5 PL-4(1) NIST_SP_800-53_R5_PL-4(1) NIST SP 800-53 Rev. 5 PL-4 (1) Social Media and External Site/application Usage Restrictions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ced291b8-1d3d-7e27-40cf-829e9dd523c8 Review and update the information security architecture Regulatory Compliance NIST_SP_800-53_R5 PL-8 NIST_SP_800-53_R5_PL-8 NIST SP 800-53 Rev. 5 PL-8 Security and Privacy Architectures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e7422f08-65b4-50e4-3779-d793156e0079 Develop a concept of operations (CONOPS) Regulatory Compliance NIST_SP_800-53_R5 PL-8 NIST_SP_800-53_R5_PL-8 NIST SP 800-53 Rev. 5 PL-8 Security and Privacy Architectures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance NIST_SP_800-53_R5 PS-1 NIST_SP_800-53_R5_PS-1 NIST SP 800-53 Rev. 5 PS-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b7897ddc-9716-2460-96f7-7757ad038cc4 Assign risk designations Regulatory Compliance NIST_SP_800-53_R5 PS-2 NIST_SP_800-53_R5_PS-2 NIST SP 800-53 Rev. 5 PS-2 Position Risk Designation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c42f19c9-5d88-92da-0742-371a0ea03126 Clear personnel with access to classified information Regulatory Compliance NIST_SP_800-53_R5 PS-3 NIST_SP_800-53_R5_PS-3 NIST SP 800-53 Rev. 5 PS-3 Personnel Screening NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e0c480bf-0d68-a42d-4cbb-b60f851f8716 Implement personnel screening Regulatory Compliance NIST_SP_800-53_R5 PS-3 NIST_SP_800-53_R5_PS-3 NIST SP 800-53 Rev. 5 PS-3 Personnel Screening NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c6aeb800-0b19-944d-92dc-59b893722329 Rescreen individuals at a defined frequency Regulatory Compliance NIST_SP_800-53_R5 PS-3 NIST_SP_800-53_R5_PS-3 NIST SP 800-53 Rev. 5 PS-3 Personnel Screening NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance NIST_SP_800-53_R5 PS-3(3) NIST_SP_800-53_R5_PS-3(3) NIST SP 800-53 Rev. 5 PS-3 (3) Information Requiring Special Protective Measures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance NIST_SP_800-53_R5 PS-4 NIST_SP_800-53_R5_PS-4 NIST SP 800-53 Rev. 5 PS-4 Personnel Termination NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance NIST_SP_800-53_R5 PS-4 NIST_SP_800-53_R5_PS-4 NIST SP 800-53 Rev. 5 PS-4 Personnel Termination NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance NIST_SP_800-53_R5 PS-4 NIST_SP_800-53_R5_PS-4 NIST SP 800-53 Rev. 5 PS-4 Personnel Termination NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance NIST_SP_800-53_R5 PS-4 NIST_SP_800-53_R5_PS-4 NIST SP 800-53 Rev. 5 PS-4 Personnel Termination NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance NIST_SP_800-53_R5 PS-4 NIST_SP_800-53_R5_PS-4 NIST SP 800-53 Rev. 5 PS-4 Personnel Termination NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
729c8708-2bec-093c-8427-2e87d2cd426d Automate notification of employee termination Regulatory Compliance NIST_SP_800-53_R5 PS-4(2) NIST_SP_800-53_R5_PS-4(2) NIST SP 800-53 Rev. 5 PS-4 (2) Automated Actions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance NIST_SP_800-53_R5 PS-5 NIST_SP_800-53_R5_PS-5 NIST SP 800-53 Rev. 5 PS-5 Personnel Transfer NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance NIST_SP_800-53_R5 PS-5 NIST_SP_800-53_R5_PS-5 NIST SP 800-53 Rev. 5 PS-5 Personnel Transfer NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance NIST_SP_800-53_R5 PS-5 NIST_SP_800-53_R5_PS-5 NIST SP 800-53 Rev. 5 PS-5 Personnel Transfer NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance NIST_SP_800-53_R5 PS-5 NIST_SP_800-53_R5_PS-5 NIST SP 800-53 Rev. 5 PS-5 Personnel Transfer NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e7589f4e-1e8b-72c2-3692-1e14d7f3699f Ensure access agreements are signed or resigned timely Regulatory Compliance NIST_SP_800-53_R5 PS-6 NIST_SP_800-53_R5_PS-6 NIST SP 800-53 Rev. 5 PS-6 Access Agreements NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c981fa70-2e58-8141-1457-e7f62ebc2ade Document organizational access agreements Regulatory Compliance NIST_SP_800-53_R5 PS-6 NIST_SP_800-53_R5_PS-6 NIST SP 800-53 Rev. 5 PS-6 Access Agreements NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3af53f59-979f-24a8-540f-d7cdbc366607 Require users to sign access agreement Regulatory Compliance NIST_SP_800-53_R5 PS-6 NIST_SP_800-53_R5_PS-6 NIST SP 800-53 Rev. 5 PS-6 Access Agreements NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e21f91d1-2803-0282-5f2d-26ebc4b170ef Update organizational access agreements Regulatory Compliance NIST_SP_800-53_R5 PS-6 NIST_SP_800-53_R5_PS-6 NIST SP 800-53 Rev. 5 PS-6 Access Agreements NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance NIST_SP_800-53_R5 PS-6 NIST_SP_800-53_R5_PS-6 NIST SP 800-53 Rev. 5 PS-6 Access Agreements NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance NIST_SP_800-53_R5 PS-7 NIST_SP_800-53_R5_PS-7 NIST SP 800-53 Rev. 5 PS-7 External Personnel Security NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance NIST_SP_800-53_R5 PS-7 NIST_SP_800-53_R5_PS-7 NIST SP 800-53 Rev. 5 PS-7 External Personnel Security NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance NIST_SP_800-53_R5 PS-7 NIST_SP_800-53_R5_PS-7 NIST SP 800-53 Rev. 5 PS-7 External Personnel Security NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance NIST_SP_800-53_R5 PS-7 NIST_SP_800-53_R5_PS-7 NIST SP 800-53 Rev. 5 PS-7 External Personnel Security NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
afd5d60a-48d2-8073-1ec2-6687e22f2ddd Require notification of third-party personnel transfer or termination Regulatory Compliance NIST_SP_800-53_R5 PS-7 NIST_SP_800-53_R5_PS-7 NIST SP 800-53 Rev. 5 PS-7 External Personnel Security NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions Regulatory Compliance NIST_SP_800-53_R5 PS-8 NIST_SP_800-53_R5_PS-8 NIST SP 800-53 Rev. 5 PS-8 Personnel Sanctions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process Regulatory Compliance NIST_SP_800-53_R5 PS-8 NIST_SP_800-53_R5_PS-8 NIST SP 800-53 Rev. 5 PS-8 Personnel Sanctions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance NIST_SP_800-53_R5 RA-1 NIST_SP_800-53_R5_RA-1 NIST SP 800-53 Rev. 5 RA-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
11ba0508-58a8-44de-5f3a-9e05d80571da Develop business classification schemes Regulatory Compliance NIST_SP_800-53_R5 RA-2 NIST_SP_800-53_R5_RA-2 NIST SP 800-53 Rev. 5 RA-2 Security Categorization NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance NIST_SP_800-53_R5 RA-2 NIST_SP_800-53_R5_RA-2 NIST SP 800-53 Rev. 5 RA-2 Security Categorization NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6c79c3e5-5f7b-a48a-5c7b-8c158bc01115 Ensure security categorization is approved Regulatory Compliance NIST_SP_800-53_R5 RA-2 NIST_SP_800-53_R5_RA-2 NIST SP 800-53 Rev. 5 RA-2 Security Categorization NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
93fa357f-2e38-22a9-5138-8cc5124e1923 Categorize information Regulatory Compliance NIST_SP_800-53_R5 RA-2 NIST_SP_800-53_R5_RA-2 NIST SP 800-53 Rev. 5 RA-2 Security Categorization NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance NIST_SP_800-53_R5 RA-3 NIST_SP_800-53_R5_RA-3 NIST SP 800-53 Rev. 5 RA-3 Risk Assessment NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance NIST_SP_800-53_R5 RA-3 NIST_SP_800-53_R5_RA-3 NIST SP 800-53 Rev. 5 RA-3 Risk Assessment NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance NIST_SP_800-53_R5 RA-3 NIST_SP_800-53_R5_RA-3 NIST SP 800-53 Rev. 5 RA-3 Risk Assessment NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance NIST_SP_800-53_R5 RA-3 NIST_SP_800-53_R5_RA-3 NIST SP 800-53 Rev. 5 RA-3 Risk Assessment NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance NIST_SP_800-53_R5 RA-5(10) NIST_SP_800-53_R5_RA-5(10) NIST SP 800-53 Rev. 5 RA-5 (10) Correlate Scanning Information NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R5 RA-5(2) NIST_SP_800-53_R5_RA-5(2) NIST SP 800-53 Rev. 5 RA-5 (2) Update Vulnerabilities to Be Scanned NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R5 RA-5(2) NIST_SP_800-53_R5_RA-5(2) NIST SP 800-53 Rev. 5 RA-5 (2) Update Vulnerabilities to Be Scanned NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R5 RA-5(3) NIST_SP_800-53_R5_RA-5(3) NIST SP 800-53 Rev. 5 RA-5 (3) Breadth and Depth of Coverage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R5 RA-5(3) NIST_SP_800-53_R5_RA-5(3) NIST SP 800-53 Rev. 5 RA-5 (3) Breadth and Depth of Coverage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d25cbded-121e-0ed6-1857-dc698c9095b1 Take action in response to customer information Regulatory Compliance NIST_SP_800-53_R5 RA-5(4) NIST_SP_800-53_R5_RA-5(4) NIST SP 800-53 Rev. 5 RA-5 (4) Discoverable Information NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5b802722-71dd-a13d-2e7e-231e09589efb Implement privileged access for executing vulnerability scanning activities Regulatory Compliance NIST_SP_800-53_R5 RA-5(5) NIST_SP_800-53_R5_RA-5(5) NIST SP 800-53 Rev. 5 RA-5 (5) Privileged Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-53_R5 RA-5(6) NIST_SP_800-53_R5_RA-5(6) NIST SP 800-53 Rev. 5 RA-5 (6) Automated Trend Analyses NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ff136354-1c92-76dc-2dab-80fb7c6a9f1a Observe and report security weaknesses Regulatory Compliance NIST_SP_800-53_R5 RA-5(6) NIST_SP_800-53_R5_RA-5(6) NIST SP 800-53 Rev. 5 RA-5 (6) Automated Trend Analyses NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bf883b14-9c19-0f37-8825-5e39a8b66d5b Perform threat modeling Regulatory Compliance NIST_SP_800-53_R5 RA-5(6) NIST_SP_800-53_R5_RA-5(6) NIST SP 800-53 Rev. 5 RA-5 (6) Automated Trend Analyses NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R5 RA-5(6) NIST_SP_800-53_R5_RA-5(6) NIST SP 800-53 Rev. 5 RA-5 (6) Automated Trend Analyses NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R5 RA-5(6) NIST_SP_800-53_R5_RA-5(6) NIST SP 800-53 Rev. 5 RA-5 (6) Automated Trend Analyses NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance NIST_SP_800-53_R5 RA-5(8) NIST_SP_800-53_R5_RA-5(8) NIST SP 800-53 Rev. 5 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a30bd8e9-7064-312a-0e1f-e1b485d59f6e Review exploit protection events Regulatory Compliance NIST_SP_800-53_R5 RA-5(8) NIST_SP_800-53_R5_RA-5(8) NIST SP 800-53 Rev. 5 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance NIST_SP_800-53_R5 RA-5(8) NIST_SP_800-53_R5_RA-5(8) NIST SP 800-53 Rev. 5 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance NIST_SP_800-53_R5 RA-5(8) NIST_SP_800-53_R5_RA-5(8) NIST SP 800-53 Rev. 5 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance NIST_SP_800-53_R5 RA-5(8) NIST_SP_800-53_R5_RA-5(8) NIST SP 800-53 Rev. 5 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance NIST_SP_800-53_R5 RA-5(8) NIST_SP_800-53_R5_RA-5(8) NIST SP 800-53 Rev. 5 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance NIST_SP_800-53_R5 RA-5(8) NIST_SP_800-53_R5_RA-5(8) NIST SP 800-53 Rev. 5 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance NIST_SP_800-53_R5 RA-5(8) NIST_SP_800-53_R5_RA-5(8) NIST SP 800-53 Rev. 5 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance NIST_SP_800-53_R5 RA-5(8) NIST_SP_800-53_R5_RA-5(8) NIST SP 800-53 Rev. 5 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance NIST_SP_800-53_R5 RA-5(8) NIST_SP_800-53_R5_RA-5(8) NIST SP 800-53 Rev. 5 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance NIST_SP_800-53_R5 RA-5(8) NIST_SP_800-53_R5_RA-5(8) NIST SP 800-53 Rev. 5 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance NIST_SP_800-53_R5 RA-5(8) NIST_SP_800-53_R5_RA-5(8) NIST SP 800-53 Rev. 5 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance NIST_SP_800-53_R5 RA-5(8) NIST_SP_800-53_R5_RA-5(8) NIST SP 800-53 Rev. 5 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance NIST_SP_800-53_R5 RA-5(8) NIST_SP_800-53_R5_RA-5(8) NIST SP 800-53 Rev. 5 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance NIST_SP_800-53_R5 RA-5(8) NIST_SP_800-53_R5_RA-5(8) NIST SP 800-53 Rev. 5 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance NIST_SP_800-53_R5 SA-1 NIST_SP_800-53_R5_SA-1 NIST SP 800-53 Rev. 5 SA-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R5 SA-10 NIST_SP_800-53_R5_SA-10 NIST SP 800-53 Rev. 5 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance NIST_SP_800-53_R5 SA-10 NIST_SP_800-53_R5_SA-10 NIST SP 800-53 Rev. 5 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R5 SA-10 NIST_SP_800-53_R5_SA-10 NIST SP 800-53 Rev. 5 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance NIST_SP_800-53_R5 SA-10 NIST_SP_800-53_R5_SA-10 NIST SP 800-53 Rev. 5 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance NIST_SP_800-53_R5 SA-10 NIST_SP_800-53_R5_SA-10 NIST SP 800-53 Rev. 5 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance NIST_SP_800-53_R5 SA-10 NIST_SP_800-53_R5_SA-10 NIST SP 800-53 Rev. 5 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance NIST_SP_800-53_R5 SA-10 NIST_SP_800-53_R5_SA-10 NIST SP 800-53 Rev. 5 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance NIST_SP_800-53_R5 SA-10 NIST_SP_800-53_R5_SA-10 NIST SP 800-53 Rev. 5 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance NIST_SP_800-53_R5 SA-10 NIST_SP_800-53_R5_SA-10 NIST SP 800-53 Rev. 5 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance NIST_SP_800-53_R5 SA-10(1) NIST_SP_800-53_R5_SA-10(1) NIST SP 800-53 Rev. 5 SA-10 (1) Software and Firmware Integrity Verification NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R5 SA-11 NIST_SP_800-53_R5_SA-11 NIST SP 800-53 Rev. 5 SA-11 Developer Testing and Evaluation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R5 SA-11 NIST_SP_800-53_R5_SA-11 NIST SP 800-53 Rev. 5 SA-11 Developer Testing and Evaluation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f8a63511-66f1-503f-196d-d6217ee0823a Require developers to produce evidence of security assessment plan execution Regulatory Compliance NIST_SP_800-53_R5 SA-11 NIST_SP_800-53_R5_SA-11 NIST SP 800-53 Rev. 5 SA-11 Developer Testing and Evaluation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 Review development process, standards and tools Regulatory Compliance NIST_SP_800-53_R5 SA-15 NIST_SP_800-53_R5_SA-15 NIST SP 800-53 Rev. 5 SA-15 Development Process, Standards, and Tools NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
676c3c35-3c36-612c-9523-36d266a65000 Require developers to provide training Regulatory Compliance NIST_SP_800-53_R5 SA-16 NIST_SP_800-53_R5_SA-16 NIST SP 800-53 Rev. 5 SA-16 Developer-provided Training NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7a114735-a420-057d-a651-9a73cd0416ef Require developers to provide unified security protection approach Regulatory Compliance NIST_SP_800-53_R5 SA-17 NIST_SP_800-53_R5_SA-17 NIST SP 800-53 Rev. 5 SA-17 Developer Security and Privacy Architecture and Design NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3e37c891-840c-3eb4-78d2-e2e0bb5063e0 Require developers to describe accurate security functionality Regulatory Compliance NIST_SP_800-53_R5 SA-17 NIST_SP_800-53_R5_SA-17 NIST SP 800-53 Rev. 5 SA-17 Developer Security and Privacy Architecture and Design NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f131c8c5-a54a-4888-1efc-158928924bc1 Require developers to build security architecture Regulatory Compliance NIST_SP_800-53_R5 SA-17 NIST_SP_800-53_R5_SA-17 NIST SP 800-53 Rev. 5 SA-17 Developer Security and Privacy Architecture and Design NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ab02bb73-4ce1-89dd-3905-d93042809ba0 Align business objectives and IT goals Regulatory Compliance NIST_SP_800-53_R5 SA-2 NIST_SP_800-53_R5_SA-2 NIST SP 800-53 Rev. 5 SA-2 Allocation of Resources NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources Regulatory Compliance NIST_SP_800-53_R5 SA-2 NIST_SP_800-53_R5_SA-2 NIST SP 800-53 Rev. 5 SA-2 Allocation of Resources NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership Regulatory Compliance NIST_SP_800-53_R5 SA-2 NIST_SP_800-53_R5_SA-2 NIST SP 800-53 Rev. 5 SA-2 Allocation of Resources NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
06af77de-02ca-0f3e-838a-a9420fe466f5 Establish a discrete line item in budgeting documentation Regulatory Compliance NIST_SP_800-53_R5 SA-2 NIST_SP_800-53_R5_SA-2 NIST SP 800-53 Rev. 5 SA-2 Allocation of Resources NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance NIST_SP_800-53_R5 SA-2 NIST_SP_800-53_R5_SA-2 NIST SP 800-53 Rev. 5 SA-2 Allocation of Resources NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
90a156a6-49ed-18d1-1052-69aac27c05cd Allocate resources in determining information system requirements Regulatory Compliance NIST_SP_800-53_R5 SA-2 NIST_SP_800-53_R5_SA-2 NIST SP 800-53 Rev. 5 SA-2 Allocation of Resources NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance NIST_SP_800-53_R5 SA-3 NIST_SP_800-53_R5_SA-3 NIST SP 800-53 Rev. 5 SA-3 System Development Life Cycle NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance NIST_SP_800-53_R5 SA-3 NIST_SP_800-53_R5_SA-3 NIST SP 800-53 Rev. 5 SA-3 System Development Life Cycle NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance NIST_SP_800-53_R5 SA-3 NIST_SP_800-53_R5_SA-3 NIST SP 800-53 Rev. 5 SA-3 System Development Life Cycle NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance NIST_SP_800-53_R5 SA-4 NIST_SP_800-53_R5_SA-4 NIST SP 800-53 Rev. 5 SA-4 Acquisition Process NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance NIST_SP_800-53_R5 SA-4 NIST_SP_800-53_R5_SA-4 NIST SP 800-53 Rev. 5 SA-4 Acquisition Process NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance NIST_SP_800-53_R5 SA-4 NIST_SP_800-53_R5_SA-4 NIST SP 800-53 Rev. 5 SA-4 Acquisition Process NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance NIST_SP_800-53_R5 SA-4 NIST_SP_800-53_R5_SA-4 NIST SP 800-53 Rev. 5 SA-4 Acquisition Process NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance NIST_SP_800-53_R5 SA-4 NIST_SP_800-53_R5_SA-4 NIST SP 800-53 Rev. 5 SA-4 Acquisition Process NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance NIST_SP_800-53_R5 SA-4 NIST_SP_800-53_R5_SA-4 NIST SP 800-53 Rev. 5 SA-4 Acquisition Process NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance NIST_SP_800-53_R5 SA-4 NIST_SP_800-53_R5_SA-4 NIST SP 800-53 Rev. 5 SA-4 Acquisition Process NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance NIST_SP_800-53_R5 SA-4 NIST_SP_800-53_R5_SA-4 NIST SP 800-53 Rev. 5 SA-4 Acquisition Process NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance NIST_SP_800-53_R5 SA-4 NIST_SP_800-53_R5_SA-4 NIST SP 800-53 Rev. 5 SA-4 Acquisition Process NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance NIST_SP_800-53_R5 SA-4 NIST_SP_800-53_R5_SA-4 NIST SP 800-53 Rev. 5 SA-4 Acquisition Process NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance NIST_SP_800-53_R5 SA-4 NIST_SP_800-53_R5_SA-4 NIST SP 800-53 Rev. 5 SA-4 Acquisition Process NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
44b71aa8-099d-8b97-1557-0e853ec38e0d Obtain functional properties of security controls Regulatory Compliance NIST_SP_800-53_R5 SA-4(1) NIST_SP_800-53_R5_SA-4(1) NIST SP 800-53 Rev. 5 SA-4 (1) Functional Properties of Controls NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8b333332-6efd-7c0d-5a9f-d1eb95105214 Employ FIPS 201-approved technology for PIV Regulatory Compliance NIST_SP_800-53_R5 SA-4(10) NIST_SP_800-53_R5_SA-4(10) NIST SP 800-53 Rev. 5 SA-4 (10) Use of Approved PIV Products NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
22a02c9a-49e4-5dc9-0d14-eb35ad717154 Obtain design and implementation information for the security controls Regulatory Compliance NIST_SP_800-53_R5 SA-4(2) NIST_SP_800-53_R5_SA-4(2) NIST SP 800-53 Rev. 5 SA-4 (2) Design and Implementation Information for Controls NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ca6d7878-3189-1833-4620-6c7254ed1607 Obtain continuous monitoring plan for security controls Regulatory Compliance NIST_SP_800-53_R5 SA-4(8) NIST_SP_800-53_R5_SA-4(8) NIST SP 800-53 Rev. 5 SA-4 (8) Continuous Monitoring Plan for Controls NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f6da5cca-5795-60ff-49e1-4972567815fe Require developer to identify SDLC ports, protocols, and services Regulatory Compliance NIST_SP_800-53_R5 SA-4(9) NIST_SP_800-53_R5_SA-4(9) NIST SP 800-53 Rev. 5 SA-4 (9) Functions, Ports, Protocols, and Services in Use NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3f1216b0-30ee-1ac9-3899-63eb744e85f5 Obtain Admin documentation Regulatory Compliance NIST_SP_800-53_R5 SA-5 NIST_SP_800-53_R5_SA-5 NIST SP 800-53 Rev. 5 SA-5 System Documentation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8c44a0ea-9b09-4d9c-0e91-f9bee3d05bfb Document customer-defined actions Regulatory Compliance NIST_SP_800-53_R5 SA-5 NIST_SP_800-53_R5_SA-5 NIST SP 800-53 Rev. 5 SA-5 System Documentation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
be1c34ab-295a-07a6-785c-36f63c1d223e Obtain user security function documentation Regulatory Compliance NIST_SP_800-53_R5 SA-5 NIST_SP_800-53_R5_SA-5 NIST SP 800-53 Rev. 5 SA-5 System Documentation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
84a01872-5318-049e-061e-d56734183e84 Distribute information system documentation Regulatory Compliance NIST_SP_800-53_R5 SA-5 NIST_SP_800-53_R5_SA-5 NIST SP 800-53 Rev. 5 SA-5 System Documentation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
09960521-759e-5d12-086f-4192a72a5e92 Protect administrator and user documentation Regulatory Compliance NIST_SP_800-53_R5 SA-5 NIST_SP_800-53_R5_SA-5 NIST SP 800-53 Rev. 5 SA-5 System Documentation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance NIST_SP_800-53_R5 SA-9 NIST_SP_800-53_R5_SA-9 NIST SP 800-53 Rev. 5 SA-9 External System Services NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance NIST_SP_800-53_R5 SA-9 NIST_SP_800-53_R5_SA-9 NIST SP 800-53 Rev. 5 SA-9 External System Services NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance NIST_SP_800-53_R5 SA-9 NIST_SP_800-53_R5_SA-9 NIST SP 800-53 Rev. 5 SA-9 External System Services NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance NIST_SP_800-53_R5 SA-9 NIST_SP_800-53_R5_SA-9 NIST SP 800-53 Rev. 5 SA-9 External System Services NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance NIST_SP_800-53_R5 SA-9(1) NIST_SP_800-53_R5_SA-9(1) NIST SP 800-53 Rev. 5 SA-9 (1) Risk Assessments and Organizational Approvals NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
92b94485-1c49-3350-9ada-dffe94f08e87 Obtain approvals for acquisitions and outsourcing Regulatory Compliance NIST_SP_800-53_R5 SA-9(1) NIST_SP_800-53_R5_SA-9(1) NIST SP 800-53 Rev. 5 SA-9 (1) Risk Assessments and Organizational Approvals NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance NIST_SP_800-53_R5 SA-9(2) NIST_SP_800-53_R5_SA-9(2) NIST SP 800-53 Rev. 5 SA-9 (2) Identification of Functions, Ports, Protocols, and Services NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3eabed6d-1912-2d3c-858b-f438d08d0412 Ensure external providers consistently meet interests of the customers Regulatory Compliance NIST_SP_800-53_R5 SA-9(4) NIST_SP_800-53_R5_SA-9(4) NIST SP 800-53 Rev. 5 SA-9 (4) Consistent Interests of Consumers and Providers NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0040d2e5-2779-170d-6a2c-1f5fca353335 Restrict location of information processing, storage and services Regulatory Compliance NIST_SP_800-53_R5 SA-9(5) NIST_SP_800-53_R5_SA-9(5) NIST SP 800-53 Rev. 5 SA-9 (5) Processing, Storage, and Service Location NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance NIST_SP_800-53_R5 SC-1 NIST_SP_800-53_R5_SC-1 NIST SP 800-53 Rev. 5 SC-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance NIST_SP_800-53_R5 SC-10 NIST_SP_800-53_R5_SC-10 NIST SP 800-53 Rev. 5 SC-10 Network Disconnect NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
51522a96-0869-4791-82f3-981000c2c67f Bot Service should be encrypted with a customer-managed key Bot Service NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
970f84d8-71b6-4091-9979-ace7e3fb6dbb HPC Cache accounts should use customer-managed key for encryption Storage NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5 Logic Apps Integration Service Environment should be encrypted with customer-managed keys Logic Apps NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
99e9ccd8-3db9-4592-b0d1-14b1715a4d8a Azure Batch account should use customer-managed keys to encrypt data Batch NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
702dd420-7fcc-42c5-afe8-4026edd20fe0 OS and data disks should be encrypted with a customer-managed key Compute NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys Kubernetes NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f7d52b2d-e161-4dfa-a82b-55e564167385 Azure Synapse workspaces should use customer-managed keys to encrypt data at rest Synapse NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Azure AI Services resources should encrypt data at rest with a customer-managed key (CMK) Cognitive Services NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
86efb160-8de7-451d-bc08-5d475b0aadae Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password Data Box NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a1ad735a-e96f-45d2-a7b2-9a4932cab7ec Event Hub namespaces should use a customer-managed key for encryption Event Hub NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
295fc8b1-dc9f-4f53-9c61-3f313ceab40a Service Bus Premium namespaces should use a customer-managed key for encryption Service Bus NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4ec52d6d-beb7-40c4-9a9e-fe753254690e Azure data factories should be encrypted with a customer-managed key Data Factory NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
64d314f6-6062-4780-a861-c23e8951bee5 Azure HDInsight clusters should use customer-managed keys to encrypt data at rest HDInsight NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6 Azure HDInsight clusters should use encryption at host to encrypt data at rest HDInsight NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fa298e57-9444-42ba-bf04-86e8470e32c7 Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption Monitoring NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1f68a601-6e6d-4e42-babf-3f643a047ea2 Azure Monitor Logs clusters should be encrypted with customer-managed key Monitoring NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3ad7f0bc-3d03-0585-4d24-529779bb02c2 Maintain availability of information Regulatory Compliance NIST_SP_800-53_R5 SC-12(1) NIST_SP_800-53_R5_SC-12(1) NIST SP 800-53 Rev. 5 SC-12 (1) Availability NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
16c54e01-9e65-7524-7c33-beda48a75779 Produce, control and distribute symmetric cryptographic keys Regulatory Compliance NIST_SP_800-53_R5 SC-12(2) NIST_SP_800-53_R5_SC-12(2) NIST SP 800-53 Rev. 5 SC-12 (2) Symmetric Keys NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance NIST_SP_800-53_R5 SC-12(3) NIST_SP_800-53_R5_SC-12(3) NIST SP 800-53 Rev. 5 SC-12 (3) Asymmetric Keys NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance NIST_SP_800-53_R5 SC-13 NIST_SP_800-53_R5_SC-13 NIST SP 800-53 Rev. 5 SC-13 Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
62fa14f0-4cbe-762d-5469-0899a99b98aa Explicitly notify use of collaborative computing devices Regulatory Compliance NIST_SP_800-53_R5 SC-15 NIST_SP_800-53_R5_SC-15 NIST SP 800-53 Rev. 5 SC-15 Collaborative Computing Devices and Applications NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
678ca228-042d-6d8e-a598-c58d5670437d Prohibit remote activation of collaborative computing devices Regulatory Compliance NIST_SP_800-53_R5 SC-15 NIST_SP_800-53_R5_SC-15 NIST SP 800-53 Rev. 5 SC-15 Collaborative Computing Devices and Applications NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance NIST_SP_800-53_R5 SC-17 NIST_SP_800-53_R5_SC-17 NIST SP 800-53 Rev. 5 SC-17 Public Key Infrastructure Certificates NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance NIST_SP_800-53_R5 SC-18 NIST_SP_800-53_R5_SC-18 NIST SP 800-53 Rev. 5 SC-18 Mobile Code NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ffdaa742-0d6f-726f-3eac-6e6c34e36c93 Establish usage restrictions for mobile code technologies Regulatory Compliance NIST_SP_800-53_R5 SC-18 NIST_SP_800-53_R5_SC-18 NIST SP 800-53 Rev. 5 SC-18 Mobile Code NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
291f20d4-8d93-1d73-89f3-6ce28b825563 Authorize, monitor, and control usage of mobile code technologies Regulatory Compliance NIST_SP_800-53_R5 SC-18 NIST_SP_800-53_R5_SC-18 NIST SP 800-53 Rev. 5 SC-18 Mobile Code NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance NIST_SP_800-53_R5 SC-2 NIST_SP_800-53_R5_SC-2 NIST SP 800-53 Rev. 5 SC-2 Separation of System and User Functionality NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance NIST_SP_800-53_R5 SC-2 NIST_SP_800-53_R5_SC-2 NIST SP 800-53 Rev. 5 SC-2 Separation of System and User Functionality NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance NIST_SP_800-53_R5 SC-2 NIST_SP_800-53_R5_SC-2 NIST SP 800-53 Rev. 5 SC-2 Separation of System and User Functionality NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance NIST_SP_800-53_R5 SC-20 NIST_SP_800-53_R5_SC-20 NIST SP 800-53 Rev. 5 SC-20 Secure Name/address Resolution Service (authoritative Source) NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance NIST_SP_800-53_R5 SC-20 NIST_SP_800-53_R5_SC-20 NIST SP 800-53 Rev. 5 SC-20 Secure Name/address Resolution Service (authoritative Source) NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance NIST_SP_800-53_R5 SC-21 NIST_SP_800-53_R5_SC-21 NIST SP 800-53 Rev. 5 SC-21 Secure Name/address Resolution Service (recursive or Caching Resolver) NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance NIST_SP_800-53_R5 SC-21 NIST_SP_800-53_R5_SC-21 NIST SP 800-53 Rev. 5 SC-21 Secure Name/address Resolution Service (recursive or Caching Resolver) NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance NIST_SP_800-53_R5 SC-22 NIST_SP_800-53_R5_SC-22 NIST SP 800-53 Rev. 5 SC-22 Architecture and Provisioning for Name/address Resolution Service NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance NIST_SP_800-53_R5 SC-23 NIST_SP_800-53_R5_SC-23 NIST SP 800-53 Rev. 5 SC-23 Session Authenticity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c7d57a6a-7cc2-66c0-299f-83bf90558f5d Enforce random unique session identifiers Regulatory Compliance NIST_SP_800-53_R5 SC-23 NIST_SP_800-53_R5_SC-23 NIST SP 800-53 Rev. 5 SC-23 Session Authenticity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
396f465d-375e-57de-58ba-021adb008191 Invalidate session identifiers at logout Regulatory Compliance NIST_SP_800-53_R5 SC-23(1) NIST_SP_800-53_R5_SC-23(1) NIST SP 800-53 Rev. 5 SC-23 (1) Invalidate Session Identifiers at Logout NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance NIST_SP_800-53_R5 SC-24 NIST_SP_800-53_R5_SC-24 NIST SP 800-53 Rev. 5 SC-24 Fail in Known State NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ea0dfaed-95fb-448c-934e-d6e713ce393d Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) Monitoring NIST_SP_800-53_R5 SC-28 NIST_SP_800-53_R5_SC-28 NIST SP 800-53 Rev. 5 SC-28 Protection of Information at Rest NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance NIST_SP_800-53_R5 SC-28 NIST_SP_800-53_R5_SC-28 NIST SP 800-53 Rev. 5 SC-28 Protection of Information at Rest NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation NIST_SP_800-53_R5 SC-28 NIST_SP_800-53_R5_SC-28 NIST SP 800-53 Rev. 5 SC-28 Protection of Information at Rest NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fb74e86f-d351-4b8d-b034-93da7391c01f App Service Environment should have internal encryption enabled App Service NIST_SP_800-53_R5 SC-28 NIST_SP_800-53_R5_SC-28 NIST SP 800-53 Rev. 5 SC-28 Protection of Information at Rest NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c349d81b-9985-44ae-a8da-ff98d108ede8 Azure Data Box jobs should enable double encryption for data at rest on the device Data Box NIST_SP_800-53_R5 SC-28 NIST_SP_800-53_R5_SC-28 NIST SP 800-53 Rev. 5 SC-28 Protection of Information at Rest NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL NIST_SP_800-53_R5 SC-28 NIST_SP_800-53_R5_SC-28 NIST SP 800-53 Rev. 5 SC-28 Protection of Information at Rest NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL NIST_SP_800-53_R5 SC-28 NIST_SP_800-53_R5_SC-28 NIST SP 800-53 Rev. 5 SC-28 Protection of Information at Rest NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Double encryption should be enabled on Azure Data Explorer Azure Data Explorer NIST_SP_800-53_R5 SC-28 NIST_SP_800-53_R5_SC-28 NIST SP 800-53 Rev. 5 SC-28 Protection of Information at Rest NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric NIST_SP_800-53_R5 SC-28 NIST_SP_800-53_R5_SC-28 NIST SP 800-53 Rev. 5 SC-28 Protection of Information at Rest NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer NIST_SP_800-53_R5 SC-28 NIST_SP_800-53_R5_SC-28 NIST SP 800-53 Rev. 5 SC-28 Protection of Information at Rest NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
41425d9f-d1a5-499a-9932-f8ed8453932c Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host Kubernetes NIST_SP_800-53_R5 SC-28 NIST_SP_800-53_R5_SC-28 NIST SP 800-53 Rev. 5 SC-28 Protection of Information at Rest NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute NIST_SP_800-53_R5 SC-28 NIST_SP_800-53_R5_SC-28 NIST SP 800-53 Rev. 5 SC-28 Protection of Information at Rest NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3a58212a-c829-4f13-9872-6371df2fd0b4 Infrastructure encryption should be enabled for Azure Database for MySQL servers SQL NIST_SP_800-53_R5 SC-28 NIST_SP_800-53_R5_SC-28 NIST SP 800-53 Rev. 5 SC-28 Protection of Information at Rest NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance NIST_SP_800-53_R5 SC-28 NIST_SP_800-53_R5_SC-28 NIST SP 800-53 Rev. 5 SC-28 Protection of Information at Rest NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage NIST_SP_800-53_R5 SC-28 NIST_SP_800-53_R5_SC-28 NIST SP 800-53 Rev. 5 SC-28 Protection of Information at Rest NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b4ac1030-89c5-4697-8e00-28b5ba6a8811 Azure Stack Edge devices should use double-encryption Azure Stack Edge NIST_SP_800-53_R5 SC-28 NIST_SP_800-53_R5_SC-28 NIST SP 800-53 Rev. 5 SC-28 Protection of Information at Rest NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL NIST_SP_800-53_R5 SC-28(1) NIST_SP_800-53_R5_SC-28(1) NIST SP 800-53 Rev. 5 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance NIST_SP_800-53_R5 SC-28(1) NIST_SP_800-53_R5_SC-28(1) NIST SP 800-53 Rev. 5 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R5 SC-28(1) NIST_SP_800-53_R5_SC-28(1) NIST SP 800-53 Rev. 5 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute NIST_SP_800-53_R5 SC-28(1) NIST_SP_800-53_R5_SC-28(1) NIST SP 800-53 Rev. 5 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fb74e86f-d351-4b8d-b034-93da7391c01f App Service Environment should have internal encryption enabled App Service NIST_SP_800-53_R5 SC-28(1) NIST_SP_800-53_R5_SC-28(1) NIST SP 800-53 Rev. 5 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer NIST_SP_800-53_R5 SC-28(1) NIST_SP_800-53_R5_SC-28(1) NIST SP 800-53 Rev. 5 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ea0dfaed-95fb-448c-934e-d6e713ce393d Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) Monitoring NIST_SP_800-53_R5 SC-28(1) NIST_SP_800-53_R5_SC-28(1) NIST SP 800-53 Rev. 5 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
41425d9f-d1a5-499a-9932-f8ed8453932c Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host Kubernetes NIST_SP_800-53_R5 SC-28(1) NIST_SP_800-53_R5_SC-28(1) NIST SP 800-53 Rev. 5 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage NIST_SP_800-53_R5 SC-28(1) NIST_SP_800-53_R5_SC-28(1) NIST SP 800-53 Rev. 5 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation NIST_SP_800-53_R5 SC-28(1) NIST_SP_800-53_R5_SC-28(1) NIST SP 800-53 Rev. 5 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b4ac1030-89c5-4697-8e00-28b5ba6a8811 Azure Stack Edge devices should use double-encryption Azure Stack Edge NIST_SP_800-53_R5 SC-28(1) NIST_SP_800-53_R5_SC-28(1) NIST SP 800-53 Rev. 5 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Double encryption should be enabled on Azure Data Explorer Azure Data Explorer NIST_SP_800-53_R5 SC-28(1) NIST_SP_800-53_R5_SC-28(1) NIST SP 800-53 Rev. 5 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric NIST_SP_800-53_R5 SC-28(1) NIST_SP_800-53_R5_SC-28(1) NIST SP 800-53 Rev. 5 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c349d81b-9985-44ae-a8da-ff98d108ede8 Azure Data Box jobs should enable double encryption for data at rest on the device Data Box NIST_SP_800-53_R5 SC-28(1) NIST_SP_800-53_R5_SC-28(1) NIST SP 800-53 Rev. 5 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL NIST_SP_800-53_R5 SC-28(1) NIST_SP_800-53_R5_SC-28(1) NIST SP 800-53 Rev. 5 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3a58212a-c829-4f13-9872-6371df2fd0b4 Infrastructure encryption should be enabled for Azure Database for MySQL servers SQL NIST_SP_800-53_R5 SC-28(1) NIST_SP_800-53_R5_SC-28(1) NIST SP 800-53 Rev. 5 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R5 SC-3 NIST_SP_800-53_R5_SC-3 NIST SP 800-53 Rev. 5 SC-3 Security Function Isolation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration NIST_SP_800-53_R5 SC-3 NIST_SP_800-53_R5_SC-3 NIST SP 800-53 Rev. 5 SC-3 Security Function Isolation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bfc540fe-376c-2eef-4355-121312fa4437 Maintain separate execution domains for running processes Regulatory Compliance NIST_SP_800-53_R5 SC-39 NIST_SP_800-53_R5_SC-39 NIST SP 800-53 Rev. 5 SC-39 Process Isolation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center NIST_SP_800-53_R5 SC-5 NIST_SP_800-53_R5_SC-5 NIST SP 800-53 Rev. 5 SC-5 Denial-of-service Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b7306e73-0494-83a2-31f5-280e934a8f70 Develop and document a DDoS response plan Regulatory Compliance NIST_SP_800-53_R5 SC-5 NIST_SP_800-53_R5_SC-5 NIST SP 800-53 Rev. 5 SC-5 Denial-of-service Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center NIST_SP_800-53_R5 SC-5 NIST_SP_800-53_R5_SC-5 NIST SP 800-53 Rev. 5 SC-5 Denial-of-service Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NIST_SP_800-53_R5 SC-5 NIST_SP_800-53_R5_SC-5 NIST SP 800-53 Rev. 5 SC-5 Denial-of-service Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NIST_SP_800-53_R5 SC-5 NIST_SP_800-53_R5_SC-5 NIST SP 800-53 Rev. 5 SC-5 Denial-of-service Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources Regulatory Compliance NIST_SP_800-53_R5 SC-6 NIST_SP_800-53_R5_SC-6 NIST SP 800-53 Rev. 5 SC-6 Resource Availability NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
edcc36f1-511b-81e0-7125-abee29752fe7 Manage availability and capacity Regulatory Compliance NIST_SP_800-53_R5 SC-6 NIST_SP_800-53_R5_SC-6 NIST SP 800-53 Rev. 5 SC-6 Resource Availability NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership Regulatory Compliance NIST_SP_800-53_R5 SC-6 NIST_SP_800-53_R5_SC-6 NIST SP 800-53 Rev. 5 SC-6 Resource Availability NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure AI Search services should disable public network access Search NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance NIST_SP_800-53_R5 SC-7(12) NIST_SP_800-53_R5_SC-7(12) NIST SP 800-53 Rev. 5 SC-7 (12) Host-based Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
dd6d00a8-701a-5935-a22b-c7b9c0c698b2 Isolate SecurID systems, Security Incident Management systems Regulatory Compliance NIST_SP_800-53_R5 SC-7(13) NIST_SP_800-53_R5_SC-7(13) NIST SP 800-53 Rev. 5 SC-7 (13) Isolation of Security Tools, Mechanisms, and Support Components NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance NIST_SP_800-53_R5 SC-7(18) NIST_SP_800-53_R5_SC-7(18) NIST SP 800-53 Rev. 5 SC-7 (18) Fail Secure NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
df54d34f-65f3-39f1-103c-a0464b8615df Manage transfers between standby and active system components Regulatory Compliance NIST_SP_800-53_R5 SC-7(18) NIST_SP_800-53_R5_SC-7(18) NIST SP 800-53 Rev. 5 SC-7 (18) Fail Secure NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
83eea3d3-0d2c-9ccd-1021-2111b29b2a62 Ensure system capable of dynamic isolation of resources Regulatory Compliance NIST_SP_800-53_R5 SC-7(20) NIST_SP_800-53_R5_SC-7(20) NIST SP 800-53 Rev. 5 SC-7 (20) Dynamic Isolation and Segregation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance NIST_SP_800-53_R5 SC-7(21) NIST_SP_800-53_R5_SC-7(21) NIST SP 800-53 Rev. 5 SC-7 (21) Isolation of System Components NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure AI Search services should disable public network access Search NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance NIST_SP_800-53_R5 SC-7(4) NIST_SP_800-53_R5_SC-7(4) NIST SP 800-53 Rev. 5 SC-7 (4) External Telecommunications Services NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance NIST_SP_800-53_R5 SC-7(4) NIST_SP_800-53_R5_SC-7(4) NIST SP 800-53 Rev. 5 SC-7 (4) External Telecommunications Services NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance NIST_SP_800-53_R5 SC-7(4) NIST_SP_800-53_R5_SC-7(4) NIST SP 800-53 Rev. 5 SC-7 (4) External Telecommunications Services NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance NIST_SP_800-53_R5 SC-7(7) NIST_SP_800-53_R5_SC-7(7) NIST SP 800-53 Rev. 5 SC-7 (7) Split Tunneling for Remote Devices NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d91558ce-5a5c-551b-8fbb-83f793255e09 Route traffic through authenticated proxy network Regulatory Compliance NIST_SP_800-53_R5 SC-7(8) NIST_SP_800-53_R5_SC-7(8) NIST SP 800-53 Rev. 5 SC-7 (8) Route Traffic to Authenticated Proxy Servers NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service NIST_SP_800-53_R5 SC-8 NIST_SP_800-53_R5_SC-8 NIST SP 800-53 Rev. 5 SC-8 Transmission Confidentiality and Integrity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance NIST_SP_800-53_R5 SC-8 NIST_SP_800-53_R5_SC-8 NIST SP 800-53 Rev. 5 SC-8 Transmission Confidentiality and Integrity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service NIST_SP_800-53_R5 SC-8 NIST_SP_800-53_R5_SC-8 NIST SP 800-53 Rev. 5 SC-8 Transmission Confidentiality and Integrity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service NIST_SP_800-53_R5 SC-8 NIST_SP_800-53_R5_SC-8 NIST SP 800-53 Rev. 5 SC-8 Transmission Confidentiality and Integrity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL NIST_SP_800-53_R5 SC-8 NIST_SP_800-53_R5_SC-8 NIST SP 800-53 Rev. 5 SC-8 Transmission Confidentiality and Integrity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL NIST_SP_800-53_R5 SC-8 NIST_SP_800-53_R5_SC-8 NIST SP 800-53 Rev. 5 SC-8 Transmission Confidentiality and Integrity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service NIST_SP_800-53_R5 SC-8 NIST_SP_800-53_R5_SC-8 NIST SP 800-53 Rev. 5 SC-8 Transmission Confidentiality and Integrity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance NIST_SP_800-53_R5 SC-8 NIST_SP_800-53_R5_SC-8 NIST SP 800-53 Rev. 5 SC-8 Transmission Confidentiality and Integrity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NIST_SP_800-53_R5 SC-8 NIST_SP_800-53_R5_SC-8 NIST SP 800-53 Rev. 5 SC-8 Transmission Confidentiality and Integrity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache NIST_SP_800-53_R5 SC-8 NIST_SP_800-53_R5_SC-8 NIST SP 800-53 Rev. 5 SC-8 Transmission Confidentiality and Integrity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d9da03a1-f3c3-412a-9709-947156872263 Azure HDInsight clusters should use encryption in transit to encrypt communication between Azure HDInsight cluster nodes HDInsight NIST_SP_800-53_R5 SC-8 NIST_SP_800-53_R5_SC-8 NIST SP 800-53 Rev. 5 SC-8 Transmission Confidentiality and Integrity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service NIST_SP_800-53_R5 SC-8 NIST_SP_800-53_R5_SC-8 NIST SP 800-53 Rev. 5 SC-8 Transmission Confidentiality and Integrity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration NIST_SP_800-53_R5 SC-8 NIST_SP_800-53_R5_SC-8 NIST SP 800-53 Rev. 5 SC-8 Transmission Confidentiality and Integrity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes NIST_SP_800-53_R5 SC-8 NIST_SP_800-53_R5_SC-8 NIST SP 800-53 Rev. 5 SC-8 Transmission Confidentiality and Integrity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service NIST_SP_800-53_R5 SC-8 NIST_SP_800-53_R5_SC-8 NIST SP 800-53 Rev. 5 SC-8 Transmission Confidentiality and Integrity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service NIST_SP_800-53_R5 SC-8(1) NIST_SP_800-53_R5_SC-8(1) NIST SP 800-53 Rev. 5 SC-8 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL NIST_SP_800-53_R5 SC-8(1) NIST_SP_800-53_R5_SC-8(1) NIST SP 800-53 Rev. 5 SC-8 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service NIST_SP_800-53_R5 SC-8(1) NIST_SP_800-53_R5_SC-8(1) NIST SP 800-53 Rev. 5 SC-8 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance NIST_SP_800-53_R5 SC-8(1) NIST_SP_800-53_R5_SC-8(1) NIST SP 800-53 Rev. 5 SC-8 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service NIST_SP_800-53_R5 SC-8(1) NIST_SP_800-53_R5_SC-8(1) NIST SP 800-53 Rev. 5 SC-8 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service NIST_SP_800-53_R5 SC-8(1) NIST_SP_800-53_R5_SC-8(1) NIST SP 800-53 Rev. 5 SC-8 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d9da03a1-f3c3-412a-9709-947156872263 Azure HDInsight clusters should use encryption in transit to encrypt communication between Azure HDInsight cluster nodes HDInsight NIST_SP_800-53_R5 SC-8(1) NIST_SP_800-53_R5_SC-8(1) NIST SP 800-53 Rev. 5 SC-8 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache NIST_SP_800-53_R5 SC-8(1) NIST_SP_800-53_R5_SC-8(1) NIST SP 800-53 Rev. 5 SC-8 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NIST_SP_800-53_R5 SC-8(1) NIST_SP_800-53_R5_SC-8(1) NIST SP 800-53 Rev. 5 SC-8 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes NIST_SP_800-53_R5 SC-8(1) NIST_SP_800-53_R5_SC-8(1) NIST SP 800-53 Rev. 5 SC-8 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration NIST_SP_800-53_R5 SC-8(1) NIST_SP_800-53_R5_SC-8(1) NIST SP 800-53 Rev. 5 SC-8 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL NIST_SP_800-53_R5 SC-8(1) NIST_SP_800-53_R5_SC-8(1) NIST SP 800-53 Rev. 5 SC-8 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service NIST_SP_800-53_R5 SC-8(1) NIST_SP_800-53_R5_SC-8(1) NIST SP 800-53 Rev. 5 SC-8 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service NIST_SP_800-53_R5 SC-8(1) NIST_SP_800-53_R5_SC-8(1) NIST SP 800-53 Rev. 5 SC-8 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance NIST_SP_800-53_R5 SI-1 NIST_SP_800-53_R5_SI-1 NIST SP 800-53 Rev. 5 SI-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8b1f29eb-1b22-4217-5337-9207cb55231e Perform information input validation Regulatory Compliance NIST_SP_800-53_R5 SI-10 NIST_SP_800-53_R5_SI-10 NIST SP 800-53 Rev. 5 SI-10 Information Input Validation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
20762f1e-85fb-31b0-a600-e833633f10fe Reveal error messages Regulatory Compliance NIST_SP_800-53_R5 SI-11 NIST_SP_800-53_R5_SI-11 NIST SP 800-53 Rev. 5 SI-11 Error Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c2cb4658-44dc-9d11-3dad-7c6802dd5ba3 Generate error messages Regulatory Compliance NIST_SP_800-53_R5 SI-11 NIST_SP_800-53_R5_SI-11 NIST SP 800-53 Rev. 5 SI-11 Error Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance NIST_SP_800-53_R5 SI-12 NIST_SP_800-53_R5_SI-12 NIST SP 800-53 Rev. 5 SI-12 Information Management and Retention NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance NIST_SP_800-53_R5 SI-12 NIST_SP_800-53_R5_SI-12 NIST SP 800-53 Rev. 5 SI-12 Information Management and Retention NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance NIST_SP_800-53_R5 SI-12 NIST_SP_800-53_R5_SI-12 NIST SP 800-53 Rev. 5 SI-12 Information Management and Retention NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R5 SI-16 NIST_SP_800-53_R5_SI-16 NIST SP 800-53 Rev. 5 SI-16 Memory Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration NIST_SP_800-53_R5 SI-16 NIST_SP_800-53_R5_SI-16 NIST SP 800-53 Rev. 5 SI-16 Memory Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a90c4d44-7fac-8e02-6d5b-0d92046b20e6 Automate flaw remediation Regulatory Compliance NIST_SP_800-53_R5 SI-2(2) NIST_SP_800-53_R5_SI-2(2) NIST SP 800-53 Rev. 5 SI-2 (2) Automated Flaw Remediation Status NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R5 SI-2(2) NIST_SP_800-53_R5_SI-2(2) NIST SP 800-53 Rev. 5 SI-2 (2) Automated Flaw Remediation Status NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
dd2523d5-2db3-642b-a1cf-83ac973b32c2 Establish benchmarks for flaw remediation Regulatory Compliance NIST_SP_800-53_R5 SI-2(3) NIST_SP_800-53_R5_SI-2(3) NIST SP 800-53 Rev. 5 SI-2 (3) Time to Remediate Flaws and Benchmarks for Corrective Actions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
dad1887d-161b-7b61-2e4d-5124a7b5724e Measure the time between flaw identification and flaw remediation Regulatory Compliance NIST_SP_800-53_R5 SI-2(3) NIST_SP_800-53_R5_SI-2(3) NIST SP 800-53 Rev. 5 SI-2 (3) Time to Remediate Flaws and Benchmarks for Corrective Actions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service NIST_SP_800-53_R5 SI-2(6) NIST_SP_800-53_R5_SI-2(6) NIST SP 800-53 Rev. 5 SI-2 (6) Removal of Previous Versions of Software and Firmware NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center NIST_SP_800-53_R5 SI-2(6) NIST_SP_800-53_R5_SI-2(6) NIST SP 800-53 Rev. 5 SI-2 (6) Removal of Previous Versions of Software and Firmware NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service NIST_SP_800-53_R5 SI-2(6) NIST_SP_800-53_R5_SI-2(6) NIST SP 800-53 Rev. 5 SI-2 (6) Removal of Previous Versions of Software and Firmware NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance NIST_SP_800-53_R5 SI-3 NIST_SP_800-53_R5_SI-3 NIST SP 800-53 Rev. 5 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-53_R5 SI-3 NIST_SP_800-53_R5_SI-3 NIST SP 800-53 Rev. 5 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R5 SI-3 NIST_SP_800-53_R5_SI-3 NIST SP 800-53 Rev. 5 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R5 SI-3 NIST_SP_800-53_R5_SI-3 NIST SP 800-53 Rev. 5 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance NIST_SP_800-53_R5 SI-3 NIST_SP_800-53_R5_SI-3 NIST SP 800-53 Rev. 5 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance NIST_SP_800-53_R5 SI-3 NIST_SP_800-53_R5_SI-3 NIST SP 800-53 Rev. 5 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance NIST_SP_800-53_R5 SI-3 NIST_SP_800-53_R5_SI-3 NIST SP 800-53 Rev. 5 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance NIST_SP_800-53_R5 SI-3 NIST_SP_800-53_R5_SI-3 NIST SP 800-53 Rev. 5 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration NIST_SP_800-53_R5 SI-3 NIST_SP_800-53_R5_SI-3 NIST SP 800-53 Rev. 5 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7fc1f0da-0050-19bb-3d75-81ae15940df6 Provide monitoring information as needed Regulatory Compliance NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d9af7f88-686a-5a8b-704b-eafdab278977 Obtain legal opinion for monitoring system activities Regulatory Compliance NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_SP_800-53_R5 SI-4(12) NIST_SP_800-53_R5_SI-4(12) NIST SP 800-53 Rev. 5 SI-4 (12) Automated Organization-generated Alerts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center NIST_SP_800-53_R5 SI-4(12) NIST_SP_800-53_R5_SI-4(12) NIST SP 800-53 Rev. 5 SI-4 (12) Automated Organization-generated Alerts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NIST_SP_800-53_R5 SI-4(12) NIST_SP_800-53_R5_SI-4(12) NIST SP 800-53 Rev. 5 SI-4 (12) Automated Organization-generated Alerts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls Regulatory Compliance NIST_SP_800-53_R5 SI-4(14) NIST_SP_800-53_R5_SI-4(14) NIST SP 800-53 Rev. 5 SI-4 (14) Wireless Intrusion Detection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance NIST_SP_800-53_R5 SI-4(2) NIST_SP_800-53_R5_SI-4(2) NIST SP 800-53 Rev. 5 SI-4 (2) Automated Tools and Mechanisms for Real-time Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance NIST_SP_800-53_R5 SI-4(2) NIST_SP_800-53_R5_SI-4(2) NIST SP 800-53 Rev. 5 SI-4 (2) Automated Tools and Mechanisms for Real-time Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance NIST_SP_800-53_R5 SI-4(22) NIST_SP_800-53_R5_SI-4(22) NIST SP 800-53 Rev. 5 SI-4 (22) Unauthorized Network Services NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
07b42fb5-027e-5a3c-4915-9d9ef3020ec7 Discover any indicators of compromise Regulatory Compliance NIST_SP_800-53_R5 SI-4(24) NIST_SP_800-53_R5_SI-4(24) NIST SP 800-53 Rev. 5 SI-4 (24) Indicators of Compromise NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance NIST_SP_800-53_R5 SI-4(4) NIST_SP_800-53_R5_SI-4(4) NIST SP 800-53 Rev. 5 SI-4 (4) Inbound and Outbound Communications Traffic NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance NIST_SP_800-53_R5 SI-4(4) NIST_SP_800-53_R5_SI-4(4) NIST SP 800-53 Rev. 5 SI-4 (4) Inbound and Outbound Communications Traffic NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance NIST_SP_800-53_R5 SI-4(4) NIST_SP_800-53_R5_SI-4(4) NIST SP 800-53 Rev. 5 SI-4 (4) Inbound and Outbound Communications Traffic NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance NIST_SP_800-53_R5 SI-4(4) NIST_SP_800-53_R5_SI-4(4) NIST SP 800-53 Rev. 5 SI-4 (4) Inbound and Outbound Communications Traffic NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance NIST_SP_800-53_R5 SI-4(5) NIST_SP_800-53_R5_SI-4(5) NIST SP 800-53 Rev. 5 SI-4 (5) System-generated Alerts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance NIST_SP_800-53_R5 SI-4(5) NIST_SP_800-53_R5_SI-4(5) NIST SP 800-53 Rev. 5 SI-4 (5) System-generated Alerts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance NIST_SP_800-53_R5 SI-4(5) NIST_SP_800-53_R5_SI-4(5) NIST SP 800-53 Rev. 5 SI-4 (5) System-generated Alerts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Disseminate security alerts to personnel Regulatory Compliance NIST_SP_800-53_R5 SI-5 NIST_SP_800-53_R5_SI-5 NIST SP 800-53 Rev. 5 SI-5 Security Alerts, Advisories, and Directives NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
26d178a4-9261-6f04-a100-47ed85314c6e Implement security directives Regulatory Compliance NIST_SP_800-53_R5 SI-5 NIST_SP_800-53_R5_SI-5 NIST SP 800-53 Rev. 5 SI-5 Security Alerts, Advisories, and Directives NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b0e3035d-6366-2e37-796e-8bcab9c649e6 Establish a threat intelligence program Regulatory Compliance NIST_SP_800-53_R5 SI-5 NIST_SP_800-53_R5_SI-5 NIST SP 800-53 Rev. 5 SI-5 Security Alerts, Advisories, and Directives NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
171e377b-5224-4a97-1eaa-62a3b5231dac Generate internal security alerts Regulatory Compliance NIST_SP_800-53_R5 SI-5 NIST_SP_800-53_R5_SI-5 NIST SP 800-53 Rev. 5 SI-5 Security Alerts, Advisories, and Directives NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b8689b2e-4308-a58b-a0b4-6f3343a000df Use automated mechanisms for security alerts Regulatory Compliance NIST_SP_800-53_R5 SI-5(1) NIST_SP_800-53_R5_SI-5(1) NIST SP 800-53 Rev. 5 SI-5 (1) Automated Alerts and Advisories NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
18e9d748-73d4-0c96-55ab-b108bfbd5bc3 Notify personnel of any failed security verification tests Regulatory Compliance NIST_SP_800-53_R5 SI-6 NIST_SP_800-53_R5_SI-6 NIST SP 800-53 Rev. 5 SI-6 Security and Privacy Function Verification NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ece8bb17-4080-5127-915f-dc7267ee8549 Verify security functions Regulatory Compliance NIST_SP_800-53_R5 SI-6 NIST_SP_800-53_R5_SI-6 NIST SP 800-53 Rev. 5 SI-6 Security and Privacy Function Verification NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2 Create alternative actions for identified anomalies Regulatory Compliance NIST_SP_800-53_R5 SI-6 NIST_SP_800-53_R5_SI-6 NIST SP 800-53 Rev. 5 SI-6 Security and Privacy Function Verification NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f30edfad-4e1d-1eef-27ee-9292d6d89842 Perform security function verification at a defined frequency Regulatory Compliance NIST_SP_800-53_R5 SI-6 NIST_SP_800-53_R5_SI-6 NIST SP 800-53 Rev. 5 SI-6 Security and Privacy Function Verification NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance NIST_SP_800-53_R5 SI-7 NIST_SP_800-53_R5_SI-7 NIST SP 800-53 Rev. 5 SI-7 Software, Firmware, and Information Integrity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance NIST_SP_800-53_R5 SI-7(1) NIST_SP_800-53_R5_SI-7(1) NIST SP 800-53 Rev. 5 SI-7 (1) Integrity Checks NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance NIST_SP_800-53_R5 SI-7(1) NIST_SP_800-53_R5_SI-7(1) NIST SP 800-53 Rev. 5 SI-7 (1) Integrity Checks NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Employ automatic shutdown/restart when violations are detected Regulatory Compliance NIST_SP_800-53_R5 SI-7(5) NIST_SP_800-53_R5_SI-7(5) NIST SP 800-53 Rev. 5 SI-7 (5) Automated Response to Integrity Violations NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NZ_ISM_v3.5 AC-11 NZ_ISM_v3.5_AC-11 NZISM Security Benchmark AC-11 16.4.30 Privileged Access Management [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
931e118d-50a1-4457-a5e4-78550e086c52 [Deprecated]: Accounts with write permissions on Azure resources should be MFA enabled Security Center NZ_ISM_v3.5 AC-11 NZ_ISM_v3.5_AC-11 NZISM Security Benchmark AC-11 16.4.30 Privileged Access Management [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center NZ_ISM_v3.5 AC-11 NZ_ISM_v3.5_AC-11 NZISM Security Benchmark AC-11 16.4.30 Privileged Access Management [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
e3e008c3-56b9-4133-8fd7-d3347377402a [Deprecated]: Accounts with owner permissions on Azure resources should be MFA enabled Security Center NZ_ISM_v3.5 AC-11 NZ_ISM_v3.5_AC-11 NZISM Security Benchmark AC-11 16.4.30 Privileged Access Management [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center NZ_ISM_v3.5 AC-11 NZ_ISM_v3.5_AC-11 NZISM Security Benchmark AC-11 16.4.30 Privileged Access Management [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center NZ_ISM_v3.5 AC-11 NZ_ISM_v3.5_AC-11 NZISM Security Benchmark AC-11 16.4.30 Privileged Access Management [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center NZ_ISM_v3.5 AC-11 NZ_ISM_v3.5_AC-11 NZISM Security Benchmark AC-11 16.4.30 Privileged Access Management [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NZ_ISM_v3.5 AC-13 NZ_ISM_v3.5_AC-13 NZISM Security Benchmark AC-13 16.5.10 Authentication [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e442 Log connections should be enabled for PostgreSQL database servers SQL NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e446 Disconnections should be logged for PostgreSQL database servers. SQL NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
fbb99e8e-e444-4da0-9ff1-75c92f5a85b2 Storage account containing the container with activity logs must be encrypted with BYOK Monitoring NZ_ISM_v3.5 AC-19 NZ_ISM_v3.5_AC-19 NZISM Security Benchmark AC-19 16.6.12 Event log protection [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NZ_ISM_v3.5 AC-2 NZ_ISM_v3.5_AC-2 NZISM Security Benchmark AC-2 16.1.32 System User Identitfication [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NZ_ISM_v3.5 AC-2 NZ_ISM_v3.5_AC-2 NZISM Security Benchmark AC-2 16.1.32 System User Identitfication [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NZ_ISM_v3.5 AC-2 NZ_ISM_v3.5_AC-2 NZISM Security Benchmark AC-2 16.1.32 System User Identitfication [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 [Deprecated]: Accounts with read permissions on Azure resources should be MFA enabled Security Center NZ_ISM_v3.5 AC-3 NZ_ISM_v3.5_AC-3 NZISM Security Benchmark AC-3 16.1.35 Methods for system user identification and authentication [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center NZ_ISM_v3.5 AC-5 NZ_ISM_v3.5_AC-5 NZISM Security Benchmark AC-5 16.1.46 Suspension of access [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center NZ_ISM_v3.5 AC-5 NZ_ISM_v3.5_AC-5 NZISM Security Benchmark AC-5 16.1.46 Suspension of access [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center NZ_ISM_v3.5 AC-9 NZ_ISM_v3.5_AC-9 NZISM Security Benchmark AC-9 16.3.5 Use of Privileged Accounts [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration NZ_ISM_v3.5 CR-10 NZ_ISM_v3.5_CR-10 NZISM Security Benchmark CR-10 17.5.7 Authentication mechanisms [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault NZ_ISM_v3.5 CR-15 NZ_ISM_v3.5_CR-15 NZISM Security Benchmark CR-15 17.9.25 Contents of KMPs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL NZ_ISM_v3.5 CR-15 NZ_ISM_v3.5_CR-15 NZISM Security Benchmark CR-15 17.9.25 Contents of KMPs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NZ_ISM_v3.5 CR-15 NZ_ISM_v3.5_CR-15 NZISM Security Benchmark CR-15 17.9.25 Contents of KMPs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center NZ_ISM_v3.5 CR-15 NZ_ISM_v3.5_CR-15 NZISM Security Benchmark CR-15 17.9.25 Contents of KMPs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault NZ_ISM_v3.5 CR-2 NZ_ISM_v3.5_CR-2 NZISM Security Benchmark CR-2 17.1.52 Data Recovery [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault NZ_ISM_v3.5 CR-2 NZ_ISM_v3.5_CR-2 NZISM Security Benchmark CR-2 17.1.52 Data Recovery [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage NZ_ISM_v3.5 CR-3 NZ_ISM_v3.5_CR-3 NZISM Security Benchmark CR-3 17.1.53 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB NZ_ISM_v3.5 CR-3 NZ_ISM_v3.5_CR-3 NZISM Security Benchmark CR-3 17.1.53 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric NZ_ISM_v3.5 CR-3 NZ_ISM_v3.5_CR-3 NZISM Security Benchmark CR-3 17.1.53 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Azure AI Services resources should encrypt data at rest with a customer-managed key (CMK) Cognitive Services NZ_ISM_v3.5 CR-3 NZ_ISM_v3.5_CR-3 NZISM Security Benchmark CR-3 17.1.53 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL NZ_ISM_v3.5 CR-3 NZ_ISM_v3.5_CR-3 NZISM Security Benchmark CR-3 17.1.53 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry NZ_ISM_v3.5 CR-3 NZ_ISM_v3.5_CR-3 NZISM Security Benchmark CR-3 17.1.53 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL NZ_ISM_v3.5 CR-3 NZ_ISM_v3.5_CR-3 NZISM Security Benchmark CR-3 17.1.53 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation NZ_ISM_v3.5 CR-3 NZ_ISM_v3.5_CR-3 NZISM Security Benchmark CR-3 17.1.53 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning NZ_ISM_v3.5 CR-3 NZ_ISM_v3.5_CR-3 NZISM Security Benchmark CR-3 17.1.53 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
0961003e-5a0a-4549-abde-af6a37f2724d [Deprecated]: Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources Security Center NZ_ISM_v3.5 CR-3 NZ_ISM_v3.5_CR-3 NZISM Security Benchmark CR-3 17.1.53 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL NZ_ISM_v3.5 CR-3 NZ_ISM_v3.5_CR-3 NZISM Security Benchmark CR-3 17.1.53 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL NZ_ISM_v3.5 CR-3 NZ_ISM_v3.5_CR-3 NZISM Security Benchmark CR-3 17.1.53 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
cee51871-e572-4576-855c-047c820360f0 Certificates using RSA cryptography should have the specified minimum key size Key Vault NZ_ISM_v3.5 CR-5 NZ_ISM_v3.5_CR-5 NZISM Security Benchmark CR-5 17.2.24 Using RSA [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration NZ_ISM_v3.5 CR-8 NZ_ISM_v3.5_CR-8 NZISM Security Benchmark CR-8 17.4.16 Using TLS [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service NZ_ISM_v3.5 CR-8 NZ_ISM_v3.5_CR-8 NZISM Security Benchmark CR-8 17.4.16 Using TLS [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service NZ_ISM_v3.5 CR-8 NZ_ISM_v3.5_CR-8 NZISM Security Benchmark CR-8 17.4.16 Using TLS [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage NZ_ISM_v3.5 GS-2 NZ_ISM_v3.5_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault NZ_ISM_v3.5 GS-2 NZ_ISM_v3.5_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus NZ_ISM_v3.5 GS-2 NZ_ISM_v3.5_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NZ_ISM_v3.5 GS-2 NZ_ISM_v3.5_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NZ_ISM_v3.5 GS-2 NZ_ISM_v3.5_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NZ_ISM_v3.5 GS-2 NZ_ISM_v3.5_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NZ_ISM_v3.5 GS-2 NZ_ISM_v3.5_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center NZ_ISM_v3.5 GS-2 NZ_ISM_v3.5_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center NZ_ISM_v3.5 GS-2 NZ_ISM_v3.5_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NZ_ISM_v3.5 GS-2 NZ_ISM_v3.5_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry NZ_ISM_v3.5 GS-3 NZ_ISM_v3.5_GS-3 NZISM Security Benchmark GS-3 19.1.12 Configuration of Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NZ_ISM_v3.5 GS-3 NZ_ISM_v3.5_GS-3 NZISM Security Benchmark GS-3 19.1.12 Configuration of Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NZ_ISM_v3.5 GS-3 NZ_ISM_v3.5_GS-3 NZISM Security Benchmark GS-3 19.1.12 Configuration of Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services NZ_ISM_v3.5 GS-3 NZ_ISM_v3.5_GS-3 NZISM Security Benchmark GS-3 19.1.12 Configuration of Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NZ_ISM_v3.5 GS-3 NZ_ISM_v3.5_GS-3 NZISM Security Benchmark GS-3 19.1.12 Configuration of Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NZ_ISM_v3.5 GS-3 NZ_ISM_v3.5_GS-3 NZISM Security Benchmark GS-3 19.1.12 Configuration of Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NZ_ISM_v3.5 ISI-2 NZ_ISM_v3.5_ISI-2 NZISM Security Benchmark ISI-2 7.1.7 Preventing and detecting information security incidents [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NZ_ISM_v3.5 ISI-2 NZ_ISM_v3.5_ISI-2 NZISM Security Benchmark ISI-2 7.1.7 Preventing and detecting information security incidents [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NZ_ISM_v3.5 ISI-2 NZ_ISM_v3.5_ISI-2 NZISM Security Benchmark ISI-2 7.1.7 Preventing and detecting information security incidents [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NZ_ISM_v3.5 ISI-2 NZ_ISM_v3.5_ISI-2 NZISM Security Benchmark ISI-2 7.1.7 Preventing and detecting information security incidents [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NZ_ISM_v3.5 ISI-2 NZ_ISM_v3.5_ISI-2 NZISM Security Benchmark ISI-2 7.1.7 Preventing and detecting information security incidents [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NZ_ISM_v3.5 ISI-2 NZ_ISM_v3.5_ISI-2 NZISM Security Benchmark ISI-2 7.1.7 Preventing and detecting information security incidents [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NZ_ISM_v3.5 ISI-2 NZ_ISM_v3.5_ISI-2 NZISM Security Benchmark ISI-2 7.1.7 Preventing and detecting information security incidents [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center NZ_ISM_v3.5 ISI-2 NZ_ISM_v3.5_ISI-2 NZISM Security Benchmark ISI-2 7.1.7 Preventing and detecting information security incidents [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NZ_ISM_v3.5 ISI-2 NZ_ISM_v3.5_ISI-2 NZISM Security Benchmark ISI-2 7.1.7 Preventing and detecting information security incidents [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NZ_ISM_v3.5 ISI-2 NZ_ISM_v3.5_ISI-2 NZISM Security Benchmark ISI-2 7.1.7 Preventing and detecting information security incidents [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NZ_ISM_v3.5 ISI-2 NZ_ISM_v3.5_ISI-2 NZISM Security Benchmark ISI-2 7.1.7 Preventing and detecting information security incidents [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL NZ_ISM_v3.5 ISM-3 NZ_ISM_v3.5_ISM-3 NZISM Security Benchmark ISM-3 6.2.5 Conducting vulnerability assessments [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL NZ_ISM_v3.5 ISM-3 NZ_ISM_v3.5_ISM-3 NZISM Security Benchmark ISM-3 6.2.5 Conducting vulnerability assessments [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NZ_ISM_v3.5 ISM-3 NZ_ISM_v3.5_ISM-3 NZISM Security Benchmark ISM-3 6.2.5 Conducting vulnerability assessments [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center NZ_ISM_v3.5 ISM-4 NZ_ISM_v3.5_ISM-4 NZISM Security Benchmark ISM-4 6.2.6 Resolving vulnerabilities [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL NZ_ISM_v3.5 ISM-4 NZ_ISM_v3.5_ISM-4 NZISM Security Benchmark ISM-4 6.2.6 Resolving vulnerabilities [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NZ_ISM_v3.5 ISM-4 NZ_ISM_v3.5_ISM-4 NZISM Security Benchmark ISM-4 6.2.6 Resolving vulnerabilities [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NZ_ISM_v3.5 ISM-4 NZ_ISM_v3.5_ISM-4 NZISM Security Benchmark ISM-4 6.2.6 Resolving vulnerabilities [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center NZ_ISM_v3.5 ISM-4 NZ_ISM_v3.5_ISM-4 NZISM Security Benchmark ISM-4 6.2.6 Resolving vulnerabilities [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center NZ_ISM_v3.5 ISM-4 NZ_ISM_v3.5_ISM-4 NZISM Security Benchmark ISM-4 6.2.6 Resolving vulnerabilities [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL NZ_ISM_v3.5 ISM-4 NZ_ISM_v3.5_ISM-4 NZISM Security Benchmark ISM-4 6.2.6 Resolving vulnerabilities [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NZ_ISM_v3.5 ISM-7 NZ_ISM_v3.5_ISM-7 NZISM Security Benchmark ISM-7 6.4.5 Availability requirements [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center NZ_ISM_v3.5 NS-5 NZ_ISM_v3.5_NS-5 NZISM Security Benchmark NS-5 18.3.19 Content of a Denial of Service (DoS) response plan [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
5345bb39-67dc-4960-a1bf-427e16b9a0bd Connection throttling should be enabled for PostgreSQL database servers SQL NZ_ISM_v3.5 NS-7 NZ_ISM_v3.5_NS-7 NZISM Security Benchmark NS-7 18.4.7 Intrusion Detection and Prevention strategy (IDS/IPS) [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network NZ_ISM_v3.5 NS-8 NZ_ISM_v3.5_NS-8 NZISM Security Benchmark NS-8 18.4.8 IDS/IPSs on gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
425bea59-a659-4cbb-8d31-34499bd030b8 Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service Network NZ_ISM_v3.5 NS-8 NZ_ISM_v3.5_NS-8 NZISM Security Benchmark NS-8 18.4.8 IDS/IPSs on gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NZ_ISM_v3.5 NS-8 NZ_ISM_v3.5_NS-8 NZISM Security Benchmark NS-8 18.4.8 IDS/IPSs on gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NZ_ISM_v3.5 NS-8 NZ_ISM_v3.5_NS-8 NZISM Security Benchmark NS-8 18.4.8 IDS/IPSs on gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache NZ_ISM_v3.5 PS-4 NZ_ISM_v3.5_PS-4 NZISM Security Benchmark PS-4 8.3.5 Network infrastructure in unsecure areas [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NZ_ISM_v3.5 PS-4 NZ_ISM_v3.5_PS-4 NZISM Security Benchmark PS-4 8.3.5 Network infrastructure in unsecure areas [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NZ_ISM_v3.5 SS-2 NZ_ISM_v3.5_SS-2 NZISM Security Benchmark SS-2 14.1.8 Developing hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NZ_ISM_v3.5 SS-2 NZ_ISM_v3.5_SS-2 NZISM Security Benchmark SS-2 14.1.8 Developing hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NZ_ISM_v3.5 SS-2 NZ_ISM_v3.5_SS-2 NZISM Security Benchmark SS-2 14.1.8 Developing hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
8e42c1f2-a2ab-49bc-994a-12bcd0dc4ac2 [Deprecated]: Endpoint protection health issues should be resolved on your machines Security Center NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
1f7c564c-0a90-4d44-b7e1-9d456cffaee8 [Deprecated]: Endpoint protection should be installed on your machines Security Center NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities Kubernetes NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service NZ_ISM_v3.5 SS-9 NZ_ISM_v3.5_SS-9 NZISM Security Benchmark SS-9 14.5.8 Web applications [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service NZ_ISM_v3.5 SS-9 NZ_ISM_v3.5_SS-9 NZISM Security Benchmark SS-9 14.5.8 Web applications [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service NZ_ISM_v3.5 SS-9 NZ_ISM_v3.5_SS-9 NZISM Security Benchmark SS-9 14.5.8 Web applications [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NZ_ISM_v3.5 SS-9 NZ_ISM_v3.5_SS-9 NZISM Security Benchmark SS-9 14.5.8 Web applications [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service NZ_ISM_v3.5 SS-9 NZ_ISM_v3.5_SS-9 NZISM Security Benchmark SS-9 14.5.8 Web applications [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service NZ_ISM_v3.5 SS-9 NZ_ISM_v3.5_SS-9 NZISM Security Benchmark SS-9 14.5.8 Web applications [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service NZ_ISM_v3.5 SS-9 NZ_ISM_v3.5_SS-9 NZISM Security Benchmark SS-9 14.5.8 Web applications [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NZ_ISM_v3.5 SS-9 NZ_ISM_v3.5_SS-9 NZISM Security Benchmark SS-9 14.5.8 Web applications [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service NZ_ISM_v3.5 SS-9 NZ_ISM_v3.5_SS-9 NZISM Security Benchmark SS-9 14.5.8 Web applications [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service NZ_ISM_v3.5 SS-9 NZ_ISM_v3.5_SS-9 NZISM Security Benchmark SS-9 14.5.8 Web applications [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service NZ_ISM_v3.5 SS-9 NZ_ISM_v3.5_SS-9 NZISM Security Benchmark SS-9 14.5.8 Web applications [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service NZ_ISM_v3.5 SS-9 NZ_ISM_v3.5_SS-9 NZISM Security Benchmark SS-9 14.5.8 Web applications [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration NZISM_Security_Benchmark_v1.1 AC-11 NZISM_Security_Benchmark_v1.1_AC-11 NZISM Security Benchmark AC-11 16.4.30 Privileged Access Management [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center NZISM_Security_Benchmark_v1.1 AC-11 NZISM_Security_Benchmark_v1.1_AC-11 NZISM Security Benchmark AC-11 16.4.30 Privileged Access Management [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center NZISM_Security_Benchmark_v1.1 AC-11 NZISM_Security_Benchmark_v1.1_AC-11 NZISM Security Benchmark AC-11 16.4.30 Privileged Access Management [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
e3e008c3-56b9-4133-8fd7-d3347377402a [Deprecated]: Accounts with owner permissions on Azure resources should be MFA enabled Security Center NZISM_Security_Benchmark_v1.1 AC-11 NZISM_Security_Benchmark_v1.1_AC-11 NZISM Security Benchmark AC-11 16.4.30 Privileged Access Management [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration NZISM_Security_Benchmark_v1.1 AC-11 NZISM_Security_Benchmark_v1.1_AC-11 NZISM Security Benchmark AC-11 16.4.30 Privileged Access Management [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center NZISM_Security_Benchmark_v1.1 AC-11 NZISM_Security_Benchmark_v1.1_AC-11 NZISM Security Benchmark AC-11 16.4.30 Privileged Access Management [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NZISM_Security_Benchmark_v1.1 AC-11 NZISM_Security_Benchmark_v1.1_AC-11 NZISM Security Benchmark AC-11 16.4.30 Privileged Access Management [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration NZISM_Security_Benchmark_v1.1 AC-11 NZISM_Security_Benchmark_v1.1_AC-11 NZISM Security Benchmark AC-11 16.4.30 Privileged Access Management [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
931e118d-50a1-4457-a5e4-78550e086c52 [Deprecated]: Accounts with write permissions on Azure resources should be MFA enabled Security Center NZISM_Security_Benchmark_v1.1 AC-11 NZISM_Security_Benchmark_v1.1_AC-11 NZISM Security Benchmark AC-11 16.4.30 Privileged Access Management [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NZISM_Security_Benchmark_v1.1 AC-13 NZISM_Security_Benchmark_v1.1_AC-13 NZISM Security Benchmark AC-13 16.5.10 Authentication [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NZISM_Security_Benchmark_v1.1 AC-17 NZISM_Security_Benchmark_v1.1_AC-17 NZISM Security Benchmark AC-17 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NZISM_Security_Benchmark_v1.1 AC-17 NZISM_Security_Benchmark_v1.1_AC-17 NZISM Security Benchmark AC-17 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NZISM_Security_Benchmark_v1.1 AC-17 NZISM_Security_Benchmark_v1.1_AC-17 NZISM Security Benchmark AC-17 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NZISM_Security_Benchmark_v1.1 AC-17 NZISM_Security_Benchmark_v1.1_AC-17 NZISM Security Benchmark AC-17 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NZISM_Security_Benchmark_v1.1 AC-17 NZISM_Security_Benchmark_v1.1_AC-17 NZISM Security Benchmark AC-17 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General NZISM_Security_Benchmark_v1.1 AC-17 NZISM_Security_Benchmark_v1.1_AC-17 NZISM Security Benchmark AC-17 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NZISM_Security_Benchmark_v1.1 AC-17 NZISM_Security_Benchmark_v1.1_AC-17 NZISM Security Benchmark AC-17 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NZISM_Security_Benchmark_v1.1 AC-17 NZISM_Security_Benchmark_v1.1_AC-17 NZISM Security Benchmark AC-17 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NZISM_Security_Benchmark_v1.1 AC-17 NZISM_Security_Benchmark_v1.1_AC-17 NZISM Security Benchmark AC-17 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch NZISM_Security_Benchmark_v1.1 AC-17 NZISM_Security_Benchmark_v1.1_AC-17 NZISM Security Benchmark AC-17 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NZISM_Security_Benchmark_v1.1 AC-17 NZISM_Security_Benchmark_v1.1_AC-17 NZISM Security Benchmark AC-17 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NZISM_Security_Benchmark_v1.1 AC-17 NZISM_Security_Benchmark_v1.1_AC-17 NZISM Security Benchmark AC-17 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search NZISM_Security_Benchmark_v1.1 AC-17 NZISM_Security_Benchmark_v1.1_AC-17 NZISM Security Benchmark AC-17 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NZISM_Security_Benchmark_v1.1 AC-17 NZISM_Security_Benchmark_v1.1_AC-17 NZISM Security Benchmark AC-17 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NZISM_Security_Benchmark_v1.1 AC-2 NZISM_Security_Benchmark_v1.1_AC-2 NZISM Security Benchmark AC-2 16.1.32 System User Identitfication [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NZISM_Security_Benchmark_v1.1 AC-2 NZISM_Security_Benchmark_v1.1_AC-2 NZISM Security Benchmark AC-2 16.1.32 System User Identitfication [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NZISM_Security_Benchmark_v1.1 AC-2 NZISM_Security_Benchmark_v1.1_AC-2 NZISM Security Benchmark AC-2 16.1.32 System User Identitfication [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 [Deprecated]: Accounts with read permissions on Azure resources should be MFA enabled Security Center NZISM_Security_Benchmark_v1.1 AC-3 NZISM_Security_Benchmark_v1.1_AC-3 NZISM Security Benchmark AC-3 16.1.35 Methods for system user identification and authentication [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration NZISM_Security_Benchmark_v1.1 AC-4 NZISM_Security_Benchmark_v1.1_AC-4 NZISM Security Benchmark AC-4 16.1.40 Password selection policy [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration NZISM_Security_Benchmark_v1.1 AC-4 NZISM_Security_Benchmark_v1.1_AC-4 NZISM Security Benchmark AC-4 16.1.40 Password selection policy [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center NZISM_Security_Benchmark_v1.1 AC-5 NZISM_Security_Benchmark_v1.1_AC-5 NZISM Security Benchmark AC-5 16.1.46 Suspension of access [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center NZISM_Security_Benchmark_v1.1 AC-5 NZISM_Security_Benchmark_v1.1_AC-5 NZISM Security Benchmark AC-5 16.1.46 Suspension of access [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center NZISM_Security_Benchmark_v1.1 AC-9 NZISM_Security_Benchmark_v1.1_AC-9 NZISM Security Benchmark AC-9 16.3.5 Use of Privileged Accounts [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_Security_Benchmark_v1.1 CR-14 NZISM_Security_Benchmark_v1.1_CR-14 NZISM Security Benchmark CR-14 17.9.25 Contents of KMPs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center NZISM_Security_Benchmark_v1.1 CR-14 NZISM_Security_Benchmark_v1.1_CR-14 NZISM Security Benchmark CR-14 17.9.25 Contents of KMPs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault NZISM_Security_Benchmark_v1.1 CR-2 NZISM_Security_Benchmark_v1.1_CR-2 NZISM Security Benchmark CR-2 17.1.45 Data Recovery [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault NZISM_Security_Benchmark_v1.1 CR-2 NZISM_Security_Benchmark_v1.1_CR-2 NZISM Security Benchmark CR-2 17.1.45 Data Recovery [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage NZISM_Security_Benchmark_v1.1 CR-3 NZISM_Security_Benchmark_v1.1_CR-3 NZISM Security Benchmark CR-3 17.1.46 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL NZISM_Security_Benchmark_v1.1 CR-3 NZISM_Security_Benchmark_v1.1_CR-3 NZISM Security Benchmark CR-3 17.1.46 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_Security_Benchmark_v1.1 CR-3 NZISM_Security_Benchmark_v1.1_CR-3 NZISM Security Benchmark CR-3 17.1.46 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry NZISM_Security_Benchmark_v1.1 CR-3 NZISM_Security_Benchmark_v1.1_CR-3 NZISM Security Benchmark CR-3 17.1.46 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_Security_Benchmark_v1.1 CR-3 NZISM_Security_Benchmark_v1.1_CR-3 NZISM Security Benchmark CR-3 17.1.46 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Azure AI Services resources should encrypt data at rest with a customer-managed key (CMK) Cognitive Services NZISM_Security_Benchmark_v1.1 CR-3 NZISM_Security_Benchmark_v1.1_CR-3 NZISM Security Benchmark CR-3 17.1.46 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning NZISM_Security_Benchmark_v1.1 CR-3 NZISM_Security_Benchmark_v1.1_CR-3 NZISM Security Benchmark CR-3 17.1.46 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB NZISM_Security_Benchmark_v1.1 CR-3 NZISM_Security_Benchmark_v1.1_CR-3 NZISM Security Benchmark CR-3 17.1.46 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL NZISM_Security_Benchmark_v1.1 CR-3 NZISM_Security_Benchmark_v1.1_CR-3 NZISM Security Benchmark CR-3 17.1.46 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
0961003e-5a0a-4549-abde-af6a37f2724d [Deprecated]: Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources Security Center NZISM_Security_Benchmark_v1.1 CR-3 NZISM_Security_Benchmark_v1.1_CR-3 NZISM Security Benchmark CR-3 17.1.46 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_Security_Benchmark_v1.1 CR-3 NZISM_Security_Benchmark_v1.1_CR-3 NZISM Security Benchmark CR-3 17.1.46 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service NZISM_Security_Benchmark_v1.1 CR-7 NZISM_Security_Benchmark_v1.1_CR-7 NZISM Security Benchmark CR-7 17.4.16 Using TLS [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service NZISM_Security_Benchmark_v1.1 CR-7 NZISM_Security_Benchmark_v1.1_CR-7 NZISM Security Benchmark CR-7 17.4.16 Using TLS [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service NZISM_Security_Benchmark_v1.1 CR-7 NZISM_Security_Benchmark_v1.1_CR-7 NZISM Security Benchmark CR-7 17.4.16 Using TLS [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service NZISM_Security_Benchmark_v1.1 CR-7 NZISM_Security_Benchmark_v1.1_CR-7 NZISM Security Benchmark CR-7 17.4.16 Using TLS [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration NZISM_Security_Benchmark_v1.1 CR-7 NZISM_Security_Benchmark_v1.1_CR-7 NZISM Security Benchmark CR-7 17.4.16 Using TLS [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration NZISM_Security_Benchmark_v1.1 CR-9 NZISM_Security_Benchmark_v1.1_CR-9 NZISM Security Benchmark CR-9 17.5.7 Authentication mechanisms [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NZISM_Security_Benchmark_v1.1 DM-6 NZISM_Security_Benchmark_v1.1_DM-6 NZISM Security Benchmark DM-6 20.4.4 Database files [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NZISM_Security_Benchmark_v1.1 DM-6 NZISM_Security_Benchmark_v1.1_DM-6 NZISM Security Benchmark DM-6 20.4.4 Database files [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NZISM_Security_Benchmark_v1.1 GS-2 NZISM_Security_Benchmark_v1.1_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus NZISM_Security_Benchmark_v1.1 GS-2 NZISM_Security_Benchmark_v1.1_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NZISM_Security_Benchmark_v1.1 GS-2 NZISM_Security_Benchmark_v1.1_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NZISM_Security_Benchmark_v1.1 GS-2 NZISM_Security_Benchmark_v1.1_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NZISM_Security_Benchmark_v1.1 GS-2 NZISM_Security_Benchmark_v1.1_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NZISM_Security_Benchmark_v1.1 GS-2 NZISM_Security_Benchmark_v1.1_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault NZISM_Security_Benchmark_v1.1 GS-2 NZISM_Security_Benchmark_v1.1_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage NZISM_Security_Benchmark_v1.1 GS-2 NZISM_Security_Benchmark_v1.1_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NZISM_Security_Benchmark_v1.1 GS-3 NZISM_Security_Benchmark_v1.1_GS-3 NZISM Security Benchmark GS-3 19.1.12 Configuration of Gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NZISM_Security_Benchmark_v1.1 GS-3 NZISM_Security_Benchmark_v1.1_GS-3 NZISM Security Benchmark GS-3 19.1.12 Configuration of Gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry NZISM_Security_Benchmark_v1.1 GS-3 NZISM_Security_Benchmark_v1.1_GS-3 NZISM Security Benchmark GS-3 19.1.12 Configuration of Gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services NZISM_Security_Benchmark_v1.1 GS-3 NZISM_Security_Benchmark_v1.1_GS-3 NZISM Security Benchmark GS-3 19.1.12 Configuration of Gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NZISM_Security_Benchmark_v1.1 GS-3 NZISM_Security_Benchmark_v1.1_GS-3 NZISM Security Benchmark GS-3 19.1.12 Configuration of Gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NZISM_Security_Benchmark_v1.1 GS-3 NZISM_Security_Benchmark_v1.1_GS-3 NZISM Security Benchmark GS-3 19.1.12 Configuration of Gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NZISM_Security_Benchmark_v1.1 INF-9 NZISM_Security_Benchmark_v1.1_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NZISM_Security_Benchmark_v1.1 INF-9 NZISM_Security_Benchmark_v1.1_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management NZISM_Security_Benchmark_v1.1 INF-9 NZISM_Security_Benchmark_v1.1_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NZISM_Security_Benchmark_v1.1 INF-9 NZISM_Security_Benchmark_v1.1_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage NZISM_Security_Benchmark_v1.1 INF-9 NZISM_Security_Benchmark_v1.1_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NZISM_Security_Benchmark_v1.1 INF-9 NZISM_Security_Benchmark_v1.1_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NZISM_Security_Benchmark_v1.1 INF-9 NZISM_Security_Benchmark_v1.1_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NZISM_Security_Benchmark_v1.1 INF-9 NZISM_Security_Benchmark_v1.1_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NZISM_Security_Benchmark_v1.1 INF-9 NZISM_Security_Benchmark_v1.1_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NZISM_Security_Benchmark_v1.1 INF-9 NZISM_Security_Benchmark_v1.1_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NZISM_Security_Benchmark_v1.1 INF-9 NZISM_Security_Benchmark_v1.1_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NZISM_Security_Benchmark_v1.1 INF-9 NZISM_Security_Benchmark_v1.1_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NZISM_Security_Benchmark_v1.1 INF-9 NZISM_Security_Benchmark_v1.1_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NZISM_Security_Benchmark_v1.1 INF-9 NZISM_Security_Benchmark_v1.1_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NZISM_Security_Benchmark_v1.1 INF-9 NZISM_Security_Benchmark_v1.1_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NZISM_Security_Benchmark_v1.1 INF-9 NZISM_Security_Benchmark_v1.1_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL NZISM_Security_Benchmark_v1.1 ISM-3 NZISM_Security_Benchmark_v1.1_ISM-3 NZISM Security Benchmark ISM-3 6.2.5 Conducting vulnerability assessments [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL NZISM_Security_Benchmark_v1.1 ISM-3 NZISM_Security_Benchmark_v1.1_ISM-3 NZISM Security Benchmark ISM-3 6.2.5 Conducting vulnerability assessments [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NZISM_Security_Benchmark_v1.1 ISM-3 NZISM_Security_Benchmark_v1.1_ISM-3 NZISM Security Benchmark ISM-3 6.2.5 Conducting vulnerability assessments [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center NZISM_Security_Benchmark_v1.1 ISM-4 NZISM_Security_Benchmark_v1.1_ISM-4 NZISM Security Benchmark ISM-4 6.2.6 Resolving vulnerabilities [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center NZISM_Security_Benchmark_v1.1 ISM-4 NZISM_Security_Benchmark_v1.1_ISM-4 NZISM Security Benchmark ISM-4 6.2.6 Resolving vulnerabilities [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NZISM_Security_Benchmark_v1.1 ISM-7 NZISM_Security_Benchmark_v1.1_ISM-7 NZISM Security Benchmark ISM-7 6.4.5 Availability requirements [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center NZISM_Security_Benchmark_v1.1 NS-5 NZISM_Security_Benchmark_v1.1_NS-5 NZISM Security Benchmark NS-5 18.3.19 Content of a Denial of Service (DoS) response plan [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
425bea59-a659-4cbb-8d31-34499bd030b8 Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service Network NZISM_Security_Benchmark_v1.1 NS-7 NZISM_Security_Benchmark_v1.1_NS-7 NZISM Security Benchmark NS-7 18.4.8 IDS/IPSs on gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NZISM_Security_Benchmark_v1.1 NS-7 NZISM_Security_Benchmark_v1.1_NS-7 NZISM Security Benchmark NS-7 18.4.8 IDS/IPSs on gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network NZISM_Security_Benchmark_v1.1 NS-7 NZISM_Security_Benchmark_v1.1_NS-7 NZISM Security Benchmark NS-7 18.4.8 IDS/IPSs on gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache NZISM_Security_Benchmark_v1.1 PS-4 NZISM_Security_Benchmark_v1.1_PS-4 NZISM Security Benchmark PS-4 8.3.5 Network infrastructure in unsecure areas [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NZISM_Security_Benchmark_v1.1 PS-4 NZISM_Security_Benchmark_v1.1_PS-4 NZISM Security Benchmark PS-4 8.3.5 Network infrastructure in unsecure areas [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NZISM_Security_Benchmark_v1.1 SS-2 NZISM_Security_Benchmark_v1.1_SS-2 NZISM Security Benchmark SS-2 14.1.8 Developing hardened SOEs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NZISM_Security_Benchmark_v1.1 SS-2 NZISM_Security_Benchmark_v1.1_SS-2 NZISM Security Benchmark SS-2 14.1.8 Developing hardened SOEs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NZISM_Security_Benchmark_v1.1 SS-2 NZISM_Security_Benchmark_v1.1_SS-2 NZISM Security Benchmark SS-2 14.1.8 Developing hardened SOEs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NZISM_Security_Benchmark_v1.1 SS-3 NZISM_Security_Benchmark_v1.1_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NZISM_Security_Benchmark_v1.1 SS-3 NZISM_Security_Benchmark_v1.1_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration NZISM_Security_Benchmark_v1.1 SS-3 NZISM_Security_Benchmark_v1.1_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NZISM_Security_Benchmark_v1.1 SS-3 NZISM_Security_Benchmark_v1.1_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NZISM_Security_Benchmark_v1.1 SS-3 NZISM_Security_Benchmark_v1.1_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NZISM_Security_Benchmark_v1.1 SS-3 NZISM_Security_Benchmark_v1.1_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NZISM_Security_Benchmark_v1.1 SS-3 NZISM_Security_Benchmark_v1.1_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NZISM_Security_Benchmark_v1.1 SS-3 NZISM_Security_Benchmark_v1.1_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NZISM_Security_Benchmark_v1.1 SS-3 NZISM_Security_Benchmark_v1.1_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NZISM_Security_Benchmark_v1.1 SS-3 NZISM_Security_Benchmark_v1.1_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NZISM_Security_Benchmark_v1.1 SS-3 NZISM_Security_Benchmark_v1.1_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service NZISM_Security_Benchmark_v1.1 SS-9 NZISM_Security_Benchmark_v1.1_SS-9 NZISM Security Benchmark SS-9 14.5.8 Web applications [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NZISM_Security_Benchmark_v1.1 SS-9 NZISM_Security_Benchmark_v1.1_SS-9 NZISM Security Benchmark SS-9 14.5.8 Web applications [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service NZISM_Security_Benchmark_v1.1 SS-9 NZISM_Security_Benchmark_v1.1_SS-9 NZISM Security Benchmark SS-9 14.5.8 Web applications [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service NZISM_Security_Benchmark_v1.1 SS-9 NZISM_Security_Benchmark_v1.1_SS-9 NZISM Security Benchmark SS-9 14.5.8 Web applications [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub NZISM_v3.7 10.8.36.C.01. NZISM_v3.7_10.8.36.C.01. NZISM v3.7 10.8.36.C.01. 10.8.36.C.01. - ensure adherence to security protocols and mitigate the risk of unauthorized access or disclosure. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub NZISM_v3.7 10.8.37.C.01. NZISM_v3.7_10.8.37.C.01. NZISM v3.7 10.8.37.C.01. 10.8.37.C.01. - prevent unauthorized access or inadvertent incorrect handling of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub NZISM_v3.7 11.3.6.C.01. NZISM_v3.7_11.3.6.C.01. NZISM v3.7 11.3.6.C.01. 11.3.6.C.01. - ensure compliance with security protocols and minimise the risk of unauthorized disclosure of classified information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub NZISM_v3.7 11.4.10.C.01. NZISM_v3.7_11.4.10.C.01. NZISM v3.7 11.4.10.C.01. 11.4.10.C.01. - ensure adherence to security protocols and minimise the risk of unauthorized disclosure of classified information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub NZISM_v3.7 11.4.10.C.02. NZISM_v3.7_11.4.10.C.02. NZISM v3.7 11.4.10.C.02. 11.4.10.C.02. - promote awareness and mitigate potential threats to the confidentiality of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration NZISM_v3.7 11.4.11.C.01. NZISM_v3.7_11.4.11.C.01. NZISM v3.7 11.4.11.C.01. 11.4.11.C.01. - enhance security awareness and minimise risks associated with mobile communication. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration NZISM_v3.7 11.4.12.C.01. NZISM_v3.7_11.4.12.C.01. NZISM v3.7 11.4.12.C.01. 11.4.12.C.01. - maintain the integrity of secure environments. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration NZISM_v3.7 11.4.9.C.01. NZISM_v3.7_11.4.9.C.01. NZISM v3.7 11.4.9.C.01. 11.4.9.C.01. - ensure standardized practices, security protocols, and compliance with relevant regulations regarding the handling of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center NZISM_v3.7 12.4.4.C.01. NZISM_v3.7_12.4.4.C.01. NZISM v3.7 12.4.4.C.01. 12.4.4.C.01. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration NZISM_v3.7 12.4.4.C.01. NZISM_v3.7_12.4.4.C.01. NZISM v3.7 12.4.4.C.01. 12.4.4.C.01. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NZISM_v3.7 12.4.4.C.01. NZISM_v3.7_12.4.4.C.01. NZISM v3.7 12.4.4.C.01. 12.4.4.C.01. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute NZISM_v3.7 12.4.4.C.01. NZISM_v3.7_12.4.4.C.01. NZISM v3.7 12.4.4.C.01. 12.4.4.C.01. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse NZISM_v3.7 12.4.4.C.01. NZISM_v3.7_12.4.4.C.01. NZISM v3.7 12.4.4.C.01. 12.4.4.C.01. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center NZISM_v3.7 12.4.4.C.01. NZISM_v3.7_12.4.4.C.01. NZISM v3.7 12.4.4.C.01. 12.4.4.C.01. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL NZISM_v3.7 12.4.4.C.01. NZISM_v3.7_12.4.4.C.01. NZISM v3.7 12.4.4.C.01. 12.4.4.C.01. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NZISM_v3.7 12.4.4.C.01. NZISM_v3.7_12.4.4.C.01. NZISM v3.7 12.4.4.C.01. 12.4.4.C.01. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center NZISM_v3.7 12.4.4.C.01. NZISM_v3.7_12.4.4.C.01. NZISM v3.7 12.4.4.C.01. 12.4.4.C.01. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NZISM_v3.7 12.4.4.C.01. NZISM_v3.7_12.4.4.C.01. NZISM v3.7 12.4.4.C.01. 12.4.4.C.01. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager NZISM_v3.7 12.4.4.C.01. NZISM_v3.7_12.4.4.C.01. NZISM v3.7 12.4.4.C.01. 12.4.4.C.01. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center NZISM_v3.7 12.4.4.C.01. NZISM_v3.7_12.4.4.C.01. NZISM v3.7 12.4.4.C.01. 12.4.4.C.01. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center NZISM_v3.7 12.4.4.C.01. NZISM_v3.7_12.4.4.C.01. NZISM v3.7 12.4.4.C.01. 12.4.4.C.01. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center NZISM_v3.7 12.4.4.C.01. NZISM_v3.7_12.4.4.C.01. NZISM v3.7 12.4.4.C.01. 12.4.4.C.01. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center NZISM_v3.7 12.4.4.C.01. NZISM_v3.7_12.4.4.C.01. NZISM v3.7 12.4.4.C.01. 12.4.4.C.01. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center NZISM_v3.7 12.4.4.C.01. NZISM_v3.7_12.4.4.C.01. NZISM v3.7 12.4.4.C.01. 12.4.4.C.01. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL NZISM_v3.7 12.4.4.C.01. NZISM_v3.7_12.4.4.C.01. NZISM v3.7 12.4.4.C.01. 12.4.4.C.01. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center NZISM_v3.7 12.4.4.C.01. NZISM_v3.7_12.4.4.C.01. NZISM v3.7 12.4.4.C.01. 12.4.4.C.01. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning NZISM_v3.7 12.4.4.C.01. NZISM_v3.7_12.4.4.C.01. NZISM v3.7 12.4.4.C.01. 12.4.4.C.01. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center NZISM_v3.7 12.4.4.C.01. NZISM_v3.7_12.4.4.C.01. NZISM v3.7 12.4.4.C.01. 12.4.4.C.01. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NZISM_v3.7 12.4.4.C.01. NZISM_v3.7_12.4.4.C.01. NZISM v3.7 12.4.4.C.01. 12.4.4.C.01. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center NZISM_v3.7 12.4.4.C.01. NZISM_v3.7_12.4.4.C.01. NZISM v3.7 12.4.4.C.01. 12.4.4.C.01. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center NZISM_v3.7 12.4.4.C.01. NZISM_v3.7_12.4.4.C.01. NZISM v3.7 12.4.4.C.01. 12.4.4.C.01. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NZISM_v3.7 12.4.4.C.01. NZISM_v3.7_12.4.4.C.01. NZISM v3.7 12.4.4.C.01. 12.4.4.C.01. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes NZISM_v3.7 12.4.4.C.02. NZISM_v3.7_12.4.4.C.02. NZISM v3.7 12.4.4.C.02. 12.4.4.C.02. - minimise the risk of disruptions or vulnerabilities introduced by the patches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NZISM_v3.7 12.4.4.C.02. NZISM_v3.7_12.4.4.C.02. NZISM v3.7 12.4.4.C.02. 12.4.4.C.02. - minimise the risk of disruptions or vulnerabilities introduced by the patches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center NZISM_v3.7 12.4.4.C.02. NZISM_v3.7_12.4.4.C.02. NZISM v3.7 12.4.4.C.02. 12.4.4.C.02. - minimise the risk of disruptions or vulnerabilities introduced by the patches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center NZISM_v3.7 12.4.4.C.02. NZISM_v3.7_12.4.4.C.02. NZISM v3.7 12.4.4.C.02. 12.4.4.C.02. - minimise the risk of disruptions or vulnerabilities introduced by the patches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NZISM_v3.7 12.4.4.C.02. NZISM_v3.7_12.4.4.C.02. NZISM v3.7 12.4.4.C.02. 12.4.4.C.02. - minimise the risk of disruptions or vulnerabilities introduced by the patches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center NZISM_v3.7 12.4.4.C.02. NZISM_v3.7_12.4.4.C.02. NZISM v3.7 12.4.4.C.02. 12.4.4.C.02. - minimise the risk of disruptions or vulnerabilities introduced by the patches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration NZISM_v3.7 12.4.4.C.02. NZISM_v3.7_12.4.4.C.02. NZISM v3.7 12.4.4.C.02. 12.4.4.C.02. - minimise the risk of disruptions or vulnerabilities introduced by the patches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager NZISM_v3.7 12.4.4.C.02. NZISM_v3.7_12.4.4.C.02. NZISM v3.7 12.4.4.C.02. 12.4.4.C.02. - minimise the risk of disruptions or vulnerabilities introduced by the patches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center NZISM_v3.7 12.4.4.C.02. NZISM_v3.7_12.4.4.C.02. NZISM v3.7 12.4.4.C.02. 12.4.4.C.02. - minimise the risk of disruptions or vulnerabilities introduced by the patches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center NZISM_v3.7 12.4.4.C.02. NZISM_v3.7_12.4.4.C.02. NZISM v3.7 12.4.4.C.02. 12.4.4.C.02. - minimise the risk of disruptions or vulnerabilities introduced by the patches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center NZISM_v3.7 12.4.4.C.02. NZISM_v3.7_12.4.4.C.02. NZISM v3.7 12.4.4.C.02. 12.4.4.C.02. - minimise the risk of disruptions or vulnerabilities introduced by the patches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center NZISM_v3.7 12.4.4.C.02. NZISM_v3.7_12.4.4.C.02. NZISM v3.7 12.4.4.C.02. 12.4.4.C.02. - minimise the risk of disruptions or vulnerabilities introduced by the patches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center NZISM_v3.7 12.4.4.C.02. NZISM_v3.7_12.4.4.C.02. NZISM v3.7 12.4.4.C.02. 12.4.4.C.02. - minimise the risk of disruptions or vulnerabilities introduced by the patches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute NZISM_v3.7 12.4.4.C.02. NZISM_v3.7_12.4.4.C.02. NZISM v3.7 12.4.4.C.02. 12.4.4.C.02. - minimise the risk of disruptions or vulnerabilities introduced by the patches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NZISM_v3.7 12.4.4.C.02. NZISM_v3.7_12.4.4.C.02. NZISM v3.7 12.4.4.C.02. 12.4.4.C.02. - minimise the risk of disruptions or vulnerabilities introduced by the patches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse NZISM_v3.7 12.4.4.C.02. NZISM_v3.7_12.4.4.C.02. NZISM v3.7 12.4.4.C.02. 12.4.4.C.02. - minimise the risk of disruptions or vulnerabilities introduced by the patches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL NZISM_v3.7 12.4.4.C.02. NZISM_v3.7_12.4.4.C.02. NZISM v3.7 12.4.4.C.02. 12.4.4.C.02. - minimise the risk of disruptions or vulnerabilities introduced by the patches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NZISM_v3.7 12.4.4.C.02. NZISM_v3.7_12.4.4.C.02. NZISM v3.7 12.4.4.C.02. 12.4.4.C.02. - minimise the risk of disruptions or vulnerabilities introduced by the patches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL NZISM_v3.7 12.4.4.C.02. NZISM_v3.7_12.4.4.C.02. NZISM v3.7 12.4.4.C.02. 12.4.4.C.02. - minimise the risk of disruptions or vulnerabilities introduced by the patches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center NZISM_v3.7 12.4.4.C.02. NZISM_v3.7_12.4.4.C.02. NZISM v3.7 12.4.4.C.02. 12.4.4.C.02. - minimise the risk of disruptions or vulnerabilities introduced by the patches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning NZISM_v3.7 12.4.4.C.02. NZISM_v3.7_12.4.4.C.02. NZISM v3.7 12.4.4.C.02. 12.4.4.C.02. - minimise the risk of disruptions or vulnerabilities introduced by the patches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center NZISM_v3.7 12.4.4.C.02. NZISM_v3.7_12.4.4.C.02. NZISM v3.7 12.4.4.C.02. 12.4.4.C.02. - minimise the risk of disruptions or vulnerabilities introduced by the patches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NZISM_v3.7 12.4.4.C.02. NZISM_v3.7_12.4.4.C.02. NZISM v3.7 12.4.4.C.02. 12.4.4.C.02. - minimise the risk of disruptions or vulnerabilities introduced by the patches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center NZISM_v3.7 12.4.4.C.02. NZISM_v3.7_12.4.4.C.02. NZISM v3.7 12.4.4.C.02. 12.4.4.C.02. - minimise the risk of disruptions or vulnerabilities introduced by the patches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NZISM_v3.7 12.4.4.C.02. NZISM_v3.7_12.4.4.C.02. NZISM v3.7 12.4.4.C.02. 12.4.4.C.02. - minimise the risk of disruptions or vulnerabilities introduced by the patches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes NZISM_v3.7 12.4.4.C.02. NZISM_v3.7_12.4.4.C.02. NZISM v3.7 12.4.4.C.02. 12.4.4.C.02. - minimise the risk of disruptions or vulnerabilities introduced by the patches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NZISM_v3.7 12.4.4.C.02. NZISM_v3.7_12.4.4.C.02. NZISM v3.7 12.4.4.C.02. 12.4.4.C.02. - minimise the risk of disruptions or vulnerabilities introduced by the patches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center NZISM_v3.7 12.4.4.C.02. NZISM_v3.7_12.4.4.C.02. NZISM v3.7 12.4.4.C.02. 12.4.4.C.02. - minimise the risk of disruptions or vulnerabilities introduced by the patches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration NZISM_v3.7 12.4.4.C.04. NZISM_v3.7_12.4.4.C.04. NZISM v3.7 12.4.4.C.04. 12.4.4.C.04. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes NZISM_v3.7 12.4.4.C.04. NZISM_v3.7_12.4.4.C.04. NZISM v3.7 12.4.4.C.04. 12.4.4.C.04. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center NZISM_v3.7 12.4.4.C.04. NZISM_v3.7_12.4.4.C.04. NZISM v3.7 12.4.4.C.04. 12.4.4.C.04. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NZISM_v3.7 12.4.4.C.04. NZISM_v3.7_12.4.4.C.04. NZISM v3.7 12.4.4.C.04. 12.4.4.C.04. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center NZISM_v3.7 12.4.4.C.04. NZISM_v3.7_12.4.4.C.04. NZISM v3.7 12.4.4.C.04. 12.4.4.C.04. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes NZISM_v3.7 12.4.4.C.04. NZISM_v3.7_12.4.4.C.04. NZISM v3.7 12.4.4.C.04. 12.4.4.C.04. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NZISM_v3.7 12.4.4.C.04. NZISM_v3.7_12.4.4.C.04. NZISM v3.7 12.4.4.C.04. 12.4.4.C.04. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center NZISM_v3.7 12.4.4.C.04. NZISM_v3.7_12.4.4.C.04. NZISM v3.7 12.4.4.C.04. 12.4.4.C.04. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NZISM_v3.7 12.4.4.C.04. NZISM_v3.7_12.4.4.C.04. NZISM v3.7 12.4.4.C.04. 12.4.4.C.04. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center NZISM_v3.7 12.4.4.C.04. NZISM_v3.7_12.4.4.C.04. NZISM v3.7 12.4.4.C.04. 12.4.4.C.04. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning NZISM_v3.7 12.4.4.C.04. NZISM_v3.7_12.4.4.C.04. NZISM v3.7 12.4.4.C.04. 12.4.4.C.04. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center NZISM_v3.7 12.4.4.C.04. NZISM_v3.7_12.4.4.C.04. NZISM v3.7 12.4.4.C.04. 12.4.4.C.04. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL NZISM_v3.7 12.4.4.C.04. NZISM_v3.7_12.4.4.C.04. NZISM v3.7 12.4.4.C.04. 12.4.4.C.04. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center NZISM_v3.7 12.4.4.C.04. NZISM_v3.7_12.4.4.C.04. NZISM v3.7 12.4.4.C.04. 12.4.4.C.04. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center NZISM_v3.7 12.4.4.C.04. NZISM_v3.7_12.4.4.C.04. NZISM v3.7 12.4.4.C.04. 12.4.4.C.04. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center NZISM_v3.7 12.4.4.C.04. NZISM_v3.7_12.4.4.C.04. NZISM v3.7 12.4.4.C.04. 12.4.4.C.04. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center NZISM_v3.7 12.4.4.C.04. NZISM_v3.7_12.4.4.C.04. NZISM v3.7 12.4.4.C.04. 12.4.4.C.04. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center NZISM_v3.7 12.4.4.C.04. NZISM_v3.7_12.4.4.C.04. NZISM v3.7 12.4.4.C.04. 12.4.4.C.04. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager NZISM_v3.7 12.4.4.C.04. NZISM_v3.7_12.4.4.C.04. NZISM v3.7 12.4.4.C.04. 12.4.4.C.04. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NZISM_v3.7 12.4.4.C.04. NZISM_v3.7_12.4.4.C.04. NZISM v3.7 12.4.4.C.04. 12.4.4.C.04. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL NZISM_v3.7 12.4.4.C.04. NZISM_v3.7_12.4.4.C.04. NZISM v3.7 12.4.4.C.04. 12.4.4.C.04. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse NZISM_v3.7 12.4.4.C.04. NZISM_v3.7_12.4.4.C.04. NZISM v3.7 12.4.4.C.04. 12.4.4.C.04. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NZISM_v3.7 12.4.4.C.04. NZISM_v3.7_12.4.4.C.04. NZISM v3.7 12.4.4.C.04. 12.4.4.C.04. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute NZISM_v3.7 12.4.4.C.04. NZISM_v3.7_12.4.4.C.04. NZISM v3.7 12.4.4.C.04. 12.4.4.C.04. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NZISM_v3.7 12.4.4.C.04. NZISM_v3.7_12.4.4.C.04. NZISM v3.7 12.4.4.C.04. 12.4.4.C.04. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center NZISM_v3.7 12.4.4.C.04. NZISM_v3.7_12.4.4.C.04. NZISM v3.7 12.4.4.C.04. 12.4.4.C.04. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center NZISM_v3.7 12.4.4.C.04. NZISM_v3.7_12.4.4.C.04. NZISM v3.7 12.4.4.C.04. 12.4.4.C.04. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NZISM_v3.7 12.4.4.C.04. NZISM_v3.7_12.4.4.C.04. NZISM v3.7 12.4.4.C.04. 12.4.4.C.04. - mitigate the risk of exploitation by malicious actors and to ensure the ongoing security and integrity of the agency's IT systems and data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center NZISM_v3.7 12.4.4.C.05. NZISM_v3.7_12.4.4.C.05. NZISM v3.7 12.4.4.C.05. 12.4.4.C.05. - reduce the potential attack surface for malicious actors. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NZISM_v3.7 12.4.4.C.05. NZISM_v3.7_12.4.4.C.05. NZISM v3.7 12.4.4.C.05. 12.4.4.C.05. - reduce the potential attack surface for malicious actors. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center NZISM_v3.7 12.4.4.C.05. NZISM_v3.7_12.4.4.C.05. NZISM v3.7 12.4.4.C.05. 12.4.4.C.05. - reduce the potential attack surface for malicious actors. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL NZISM_v3.7 12.4.4.C.05. NZISM_v3.7_12.4.4.C.05. NZISM v3.7 12.4.4.C.05. 12.4.4.C.05. - reduce the potential attack surface for malicious actors. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NZISM_v3.7 12.4.4.C.05. NZISM_v3.7_12.4.4.C.05. NZISM v3.7 12.4.4.C.05. 12.4.4.C.05. - reduce the potential attack surface for malicious actors. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center NZISM_v3.7 12.4.4.C.05. NZISM_v3.7_12.4.4.C.05. NZISM v3.7 12.4.4.C.05. 12.4.4.C.05. - reduce the potential attack surface for malicious actors. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes NZISM_v3.7 12.4.4.C.05. NZISM_v3.7_12.4.4.C.05. NZISM v3.7 12.4.4.C.05. 12.4.4.C.05. - reduce the potential attack surface for malicious actors. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NZISM_v3.7 12.4.4.C.05. NZISM_v3.7_12.4.4.C.05. NZISM v3.7 12.4.4.C.05. 12.4.4.C.05. - reduce the potential attack surface for malicious actors. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL NZISM_v3.7 12.4.4.C.05. NZISM_v3.7_12.4.4.C.05. NZISM v3.7 12.4.4.C.05. 12.4.4.C.05. - reduce the potential attack surface for malicious actors. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse NZISM_v3.7 12.4.4.C.05. NZISM_v3.7_12.4.4.C.05. NZISM v3.7 12.4.4.C.05. 12.4.4.C.05. - reduce the potential attack surface for malicious actors. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NZISM_v3.7 12.4.4.C.05. NZISM_v3.7_12.4.4.C.05. NZISM v3.7 12.4.4.C.05. 12.4.4.C.05. - reduce the potential attack surface for malicious actors. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute NZISM_v3.7 12.4.4.C.05. NZISM_v3.7_12.4.4.C.05. NZISM v3.7 12.4.4.C.05. 12.4.4.C.05. - reduce the potential attack surface for malicious actors. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning NZISM_v3.7 12.4.4.C.05. NZISM_v3.7_12.4.4.C.05. NZISM v3.7 12.4.4.C.05. 12.4.4.C.05. - reduce the potential attack surface for malicious actors. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center NZISM_v3.7 12.4.4.C.05. NZISM_v3.7_12.4.4.C.05. NZISM v3.7 12.4.4.C.05. 12.4.4.C.05. - reduce the potential attack surface for malicious actors. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center NZISM_v3.7 12.4.4.C.05. NZISM_v3.7_12.4.4.C.05. NZISM v3.7 12.4.4.C.05. 12.4.4.C.05. - reduce the potential attack surface for malicious actors. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center NZISM_v3.7 12.4.4.C.05. NZISM_v3.7_12.4.4.C.05. NZISM v3.7 12.4.4.C.05. 12.4.4.C.05. - reduce the potential attack surface for malicious actors. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration NZISM_v3.7 12.4.4.C.05. NZISM_v3.7_12.4.4.C.05. NZISM v3.7 12.4.4.C.05. 12.4.4.C.05. - reduce the potential attack surface for malicious actors. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager NZISM_v3.7 12.4.4.C.05. NZISM_v3.7_12.4.4.C.05. NZISM v3.7 12.4.4.C.05. 12.4.4.C.05. - reduce the potential attack surface for malicious actors. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center NZISM_v3.7 12.4.4.C.05. NZISM_v3.7_12.4.4.C.05. NZISM v3.7 12.4.4.C.05. 12.4.4.C.05. - reduce the potential attack surface for malicious actors. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center NZISM_v3.7 12.4.4.C.05. NZISM_v3.7_12.4.4.C.05. NZISM v3.7 12.4.4.C.05. 12.4.4.C.05. - reduce the potential attack surface for malicious actors. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center NZISM_v3.7 12.4.4.C.05. NZISM_v3.7_12.4.4.C.05. NZISM v3.7 12.4.4.C.05. 12.4.4.C.05. - reduce the potential attack surface for malicious actors. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes NZISM_v3.7 12.4.4.C.05. NZISM_v3.7_12.4.4.C.05. NZISM v3.7 12.4.4.C.05. 12.4.4.C.05. - reduce the potential attack surface for malicious actors. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NZISM_v3.7 12.4.4.C.05. NZISM_v3.7_12.4.4.C.05. NZISM v3.7 12.4.4.C.05. 12.4.4.C.05. - reduce the potential attack surface for malicious actors. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center NZISM_v3.7 12.4.4.C.05. NZISM_v3.7_12.4.4.C.05. NZISM v3.7 12.4.4.C.05. 12.4.4.C.05. - reduce the potential attack surface for malicious actors. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NZISM_v3.7 12.4.4.C.05. NZISM_v3.7_12.4.4.C.05. NZISM v3.7 12.4.4.C.05. 12.4.4.C.05. - reduce the potential attack surface for malicious actors. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NZISM_v3.7 12.4.4.C.05. NZISM_v3.7_12.4.4.C.05. NZISM v3.7 12.4.4.C.05. 12.4.4.C.05. - reduce the potential attack surface for malicious actors. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NZISM_v3.7 12.4.4.C.06. NZISM_v3.7_12.4.4.C.06. NZISM v3.7 12.4.4.C.06. 12.4.4.C.06. - maintain the integrity and effectiveness of the patching process. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute NZISM_v3.7 12.4.4.C.06. NZISM_v3.7_12.4.4.C.06. NZISM v3.7 12.4.4.C.06. 12.4.4.C.06. - maintain the integrity and effectiveness of the patching process. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NZISM_v3.7 12.4.4.C.06. NZISM_v3.7_12.4.4.C.06. NZISM v3.7 12.4.4.C.06. 12.4.4.C.06. - maintain the integrity and effectiveness of the patching process. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center NZISM_v3.7 12.4.4.C.06. NZISM_v3.7_12.4.4.C.06. NZISM v3.7 12.4.4.C.06. 12.4.4.C.06. - maintain the integrity and effectiveness of the patching process. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center NZISM_v3.7 12.4.4.C.06. NZISM_v3.7_12.4.4.C.06. NZISM v3.7 12.4.4.C.06. 12.4.4.C.06. - maintain the integrity and effectiveness of the patching process. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center NZISM_v3.7 12.4.4.C.06. NZISM_v3.7_12.4.4.C.06. NZISM v3.7 12.4.4.C.06. 12.4.4.C.06. - maintain the integrity and effectiveness of the patching process. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager NZISM_v3.7 12.4.4.C.06. NZISM_v3.7_12.4.4.C.06. NZISM v3.7 12.4.4.C.06. 12.4.4.C.06. - maintain the integrity and effectiveness of the patching process. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NZISM_v3.7 12.4.4.C.06. NZISM_v3.7_12.4.4.C.06. NZISM v3.7 12.4.4.C.06. 12.4.4.C.06. - maintain the integrity and effectiveness of the patching process. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NZISM_v3.7 12.4.4.C.06. NZISM_v3.7_12.4.4.C.06. NZISM v3.7 12.4.4.C.06. 12.4.4.C.06. - maintain the integrity and effectiveness of the patching process. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NZISM_v3.7 12.4.4.C.06. NZISM_v3.7_12.4.4.C.06. NZISM v3.7 12.4.4.C.06. 12.4.4.C.06. - maintain the integrity and effectiveness of the patching process. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center NZISM_v3.7 12.4.4.C.06. NZISM_v3.7_12.4.4.C.06. NZISM v3.7 12.4.4.C.06. 12.4.4.C.06. - maintain the integrity and effectiveness of the patching process. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes NZISM_v3.7 12.4.4.C.06. NZISM_v3.7_12.4.4.C.06. NZISM v3.7 12.4.4.C.06. 12.4.4.C.06. - maintain the integrity and effectiveness of the patching process. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NZISM_v3.7 12.4.4.C.06. NZISM_v3.7_12.4.4.C.06. NZISM v3.7 12.4.4.C.06. 12.4.4.C.06. - maintain the integrity and effectiveness of the patching process. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration NZISM_v3.7 12.4.4.C.06. NZISM_v3.7_12.4.4.C.06. NZISM v3.7 12.4.4.C.06. 12.4.4.C.06. - maintain the integrity and effectiveness of the patching process. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NZISM_v3.7 12.4.4.C.06. NZISM_v3.7_12.4.4.C.06. NZISM v3.7 12.4.4.C.06. 12.4.4.C.06. - maintain the integrity and effectiveness of the patching process. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center NZISM_v3.7 12.4.4.C.06. NZISM_v3.7_12.4.4.C.06. NZISM v3.7 12.4.4.C.06. 12.4.4.C.06. - maintain the integrity and effectiveness of the patching process. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning NZISM_v3.7 12.4.4.C.06. NZISM_v3.7_12.4.4.C.06. NZISM v3.7 12.4.4.C.06. 12.4.4.C.06. - maintain the integrity and effectiveness of the patching process. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center NZISM_v3.7 12.4.4.C.06. NZISM_v3.7_12.4.4.C.06. NZISM v3.7 12.4.4.C.06. 12.4.4.C.06. - maintain the integrity and effectiveness of the patching process. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL NZISM_v3.7 12.4.4.C.06. NZISM_v3.7_12.4.4.C.06. NZISM v3.7 12.4.4.C.06. 12.4.4.C.06. - maintain the integrity and effectiveness of the patching process. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL NZISM_v3.7 12.4.4.C.06. NZISM_v3.7_12.4.4.C.06. NZISM v3.7 12.4.4.C.06. 12.4.4.C.06. - maintain the integrity and effectiveness of the patching process. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center NZISM_v3.7 12.4.4.C.06. NZISM_v3.7_12.4.4.C.06. NZISM v3.7 12.4.4.C.06. 12.4.4.C.06. - maintain the integrity and effectiveness of the patching process. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center NZISM_v3.7 12.4.4.C.06. NZISM_v3.7_12.4.4.C.06. NZISM v3.7 12.4.4.C.06. 12.4.4.C.06. - maintain the integrity and effectiveness of the patching process. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse NZISM_v3.7 12.4.4.C.06. NZISM_v3.7_12.4.4.C.06. NZISM v3.7 12.4.4.C.06. 12.4.4.C.06. - maintain the integrity and effectiveness of the patching process. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center NZISM_v3.7 12.4.4.C.06. NZISM_v3.7_12.4.4.C.06. NZISM v3.7 12.4.4.C.06. 12.4.4.C.06. - maintain the integrity and effectiveness of the patching process. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes NZISM_v3.7 12.4.4.C.06. NZISM_v3.7_12.4.4.C.06. NZISM v3.7 12.4.4.C.06. 12.4.4.C.06. - maintain the integrity and effectiveness of the patching process. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault NZISM_v3.7 12.6.4.C.01. NZISM_v3.7_12.6.4.C.01. NZISM v3.7 12.6.4.C.01. 12.6.4.C.01. - safeguard classified information and mitigate risks during disposal. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault NZISM_v3.7 12.6.4.C.02. NZISM_v3.7_12.6.4.C.02. NZISM v3.7 12.6.4.C.02. 12.6.4.C.02. - ensure the protection of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault NZISM_v3.7 13.1.12.C.03. NZISM_v3.7_13.1.12.C.03. NZISM v3.7 13.1.12.C.03. 13.1.12.C.03. - ensure continuity and resilience in the event of system failures or data loss. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault NZISM_v3.7 13.1.9.C.01. NZISM_v3.7_13.1.9.C.01. NZISM v3.7 13.1.9.C.01. 13.1.9.C.01. - safeguard sensitive data and minimise security risks during the transition process. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NZISM_v3.7 14.1.10.C.01. NZISM_v3.7_14.1.10.C.01. NZISM v3.7 14.1.10.C.01. 14.1.10.C.01. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration NZISM_v3.7 14.1.10.C.02. NZISM_v3.7_14.1.10.C.02. NZISM v3.7 14.1.10.C.02. 14.1.10.C.02. - reduce potential vulnerabilities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring NZISM_v3.7 14.1.12.C.01. NZISM_v3.7_14.1.12.C.01. NZISM v3.7 14.1.12.C.01. 14.1.12.C.01. - reduce the risk of security incidents and safeguard sensitive information from unauthorized access or tampering NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring NZISM_v3.7 14.1.12.C.01. NZISM_v3.7_14.1.12.C.01. NZISM v3.7 14.1.12.C.01. 14.1.12.C.01. - reduce the risk of security incidents and safeguard sensitive information from unauthorized access or tampering NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring NZISM_v3.7 14.1.12.C.01. NZISM_v3.7_14.1.12.C.01. NZISM v3.7 14.1.12.C.01. 14.1.12.C.01. - reduce the risk of security incidents and safeguard sensitive information from unauthorized access or tampering NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring NZISM_v3.7 14.1.12.C.01. NZISM_v3.7_14.1.12.C.01. NZISM v3.7 14.1.12.C.01. 14.1.12.C.01. - reduce the risk of security incidents and safeguard sensitive information from unauthorized access or tampering NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault NZISM_v3.7 14.1.12.C.01. NZISM_v3.7_14.1.12.C.01. NZISM v3.7 14.1.12.C.01. 14.1.12.C.01. - reduce the risk of security incidents and safeguard sensitive information from unauthorized access or tampering NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes NZISM_v3.7 14.1.13.C.01. NZISM_v3.7_14.1.13.C.01. NZISM v3.7 14.1.13.C.01. 14.1.13.C.01. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NZISM_v3.7 14.1.13.C.01. NZISM_v3.7_14.1.13.C.01. NZISM v3.7 14.1.13.C.01. 14.1.13.C.01. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring NZISM_v3.7 14.1.13.C.01. NZISM_v3.7_14.1.13.C.01. NZISM v3.7 14.1.13.C.01. 14.1.13.C.01. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring NZISM_v3.7 14.1.13.C.01. NZISM_v3.7_14.1.13.C.01. NZISM v3.7 14.1.13.C.01. 14.1.13.C.01. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network NZISM_v3.7 14.1.13.C.01. NZISM_v3.7_14.1.13.C.01. NZISM v3.7 14.1.13.C.01. 14.1.13.C.01. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning NZISM_v3.7 14.1.13.C.01. NZISM_v3.7_14.1.13.C.01. NZISM v3.7 14.1.13.C.01. 14.1.13.C.01. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration NZISM_v3.7 14.1.13.C.01. NZISM_v3.7_14.1.13.C.01. NZISM v3.7 14.1.13.C.01. 14.1.13.C.01. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration NZISM_v3.7 14.1.13.C.01. NZISM_v3.7_14.1.13.C.01. NZISM v3.7 14.1.13.C.01. 14.1.13.C.01. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NZISM_v3.7 14.1.13.C.01. NZISM_v3.7_14.1.13.C.01. NZISM v3.7 14.1.13.C.01. 14.1.13.C.01. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning NZISM_v3.7 14.1.13.C.02. NZISM_v3.7_14.1.13.C.02. NZISM v3.7 14.1.13.C.02. 14.1.13.C.02. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration NZISM_v3.7 14.1.13.C.02. NZISM_v3.7_14.1.13.C.02. NZISM v3.7 14.1.13.C.02. 14.1.13.C.02. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network NZISM_v3.7 14.1.13.C.02. NZISM_v3.7_14.1.13.C.02. NZISM v3.7 14.1.13.C.02. 14.1.13.C.02. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring NZISM_v3.7 14.1.13.C.02. NZISM_v3.7_14.1.13.C.02. NZISM v3.7 14.1.13.C.02. 14.1.13.C.02. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring NZISM_v3.7 14.1.13.C.02. NZISM_v3.7_14.1.13.C.02. NZISM v3.7 14.1.13.C.02. 14.1.13.C.02. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes NZISM_v3.7 14.1.13.C.02. NZISM_v3.7_14.1.13.C.02. NZISM v3.7 14.1.13.C.02. 14.1.13.C.02. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NZISM_v3.7 14.1.13.C.02. NZISM_v3.7_14.1.13.C.02. NZISM v3.7 14.1.13.C.02. 14.1.13.C.02. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NZISM_v3.7 14.1.13.C.02. NZISM_v3.7_14.1.13.C.02. NZISM v3.7 14.1.13.C.02. 14.1.13.C.02. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration NZISM_v3.7 14.1.13.C.02. NZISM_v3.7_14.1.13.C.02. NZISM v3.7 14.1.13.C.02. 14.1.13.C.02. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes NZISM_v3.7 14.1.13.C.03. NZISM_v3.7_14.1.13.C.03. NZISM v3.7 14.1.13.C.03. 14.1.13.C.03. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration NZISM_v3.7 14.1.13.C.03. NZISM_v3.7_14.1.13.C.03. NZISM v3.7 14.1.13.C.03. 14.1.13.C.03. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring NZISM_v3.7 14.1.13.C.03. NZISM_v3.7_14.1.13.C.03. NZISM v3.7 14.1.13.C.03. 14.1.13.C.03. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring NZISM_v3.7 14.1.13.C.03. NZISM_v3.7_14.1.13.C.03. NZISM v3.7 14.1.13.C.03. 14.1.13.C.03. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NZISM_v3.7 14.1.13.C.03. NZISM_v3.7_14.1.13.C.03. NZISM v3.7 14.1.13.C.03. 14.1.13.C.03. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network NZISM_v3.7 14.1.13.C.03. NZISM_v3.7_14.1.13.C.03. NZISM v3.7 14.1.13.C.03. 14.1.13.C.03. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration NZISM_v3.7 14.1.13.C.03. NZISM_v3.7_14.1.13.C.03. NZISM v3.7 14.1.13.C.03. 14.1.13.C.03. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning NZISM_v3.7 14.1.13.C.03. NZISM_v3.7_14.1.13.C.03. NZISM v3.7 14.1.13.C.03. 14.1.13.C.03. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NZISM_v3.7 14.1.13.C.03. NZISM_v3.7_14.1.13.C.03. NZISM v3.7 14.1.13.C.03. 14.1.13.C.03. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning NZISM_v3.7 14.1.14.C.01. NZISM_v3.7_14.1.14.C.01. NZISM v3.7 14.1.14.C.01. 14.1.14.C.01. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration NZISM_v3.7 14.1.14.C.01. NZISM_v3.7_14.1.14.C.01. NZISM v3.7 14.1.14.C.01. 14.1.14.C.01. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network NZISM_v3.7 14.1.14.C.01. NZISM_v3.7_14.1.14.C.01. NZISM v3.7 14.1.14.C.01. 14.1.14.C.01. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring NZISM_v3.7 14.1.14.C.01. NZISM_v3.7_14.1.14.C.01. NZISM v3.7 14.1.14.C.01. 14.1.14.C.01. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring NZISM_v3.7 14.1.14.C.01. NZISM_v3.7_14.1.14.C.01. NZISM v3.7 14.1.14.C.01. 14.1.14.C.01. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration NZISM_v3.7 14.1.14.C.01. NZISM_v3.7_14.1.14.C.01. NZISM v3.7 14.1.14.C.01. 14.1.14.C.01. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes NZISM_v3.7 14.1.14.C.01. NZISM_v3.7_14.1.14.C.01. NZISM v3.7 14.1.14.C.01. 14.1.14.C.01. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NZISM_v3.7 14.1.14.C.01. NZISM_v3.7_14.1.14.C.01. NZISM v3.7 14.1.14.C.01. 14.1.14.C.01. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NZISM_v3.7 14.1.14.C.01. NZISM_v3.7_14.1.14.C.01. NZISM v3.7 14.1.14.C.01. 14.1.14.C.01. - maintain the confidentiality and integrity of critical system information, thereby enhancing overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring NZISM_v3.7 14.1.8.C.01. NZISM_v3.7_14.1.8.C.01. NZISM v3.7 14.1.8.C.01. 14.1.8.C.01. - minimise vulnerabilities and enhance system security NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NZISM_v3.7 14.1.8.C.01. NZISM_v3.7_14.1.8.C.01. NZISM v3.7 14.1.8.C.01. 14.1.8.C.01. - minimise vulnerabilities and enhance system security NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes NZISM_v3.7 14.1.8.C.01. NZISM_v3.7_14.1.8.C.01. NZISM v3.7 14.1.8.C.01. 14.1.8.C.01. - minimise vulnerabilities and enhance system security NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NZISM_v3.7 14.1.8.C.01. NZISM_v3.7_14.1.8.C.01. NZISM v3.7 14.1.8.C.01. 14.1.8.C.01. - minimise vulnerabilities and enhance system security NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NZISM_v3.7 14.1.8.C.01. NZISM_v3.7_14.1.8.C.01. NZISM v3.7 14.1.8.C.01. 14.1.8.C.01. - minimise vulnerabilities and enhance system security NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NZISM_v3.7 14.1.8.C.01. NZISM_v3.7_14.1.8.C.01. NZISM v3.7 14.1.8.C.01. 14.1.8.C.01. - minimise vulnerabilities and enhance system security NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NZISM_v3.7 14.1.8.C.01. NZISM_v3.7_14.1.8.C.01. NZISM v3.7 14.1.8.C.01. 14.1.8.C.01. - minimise vulnerabilities and enhance system security NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center NZISM_v3.7 14.1.8.C.01. NZISM_v3.7_14.1.8.C.01. NZISM v3.7 14.1.8.C.01. 14.1.8.C.01. - minimise vulnerabilities and enhance system security NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NZISM_v3.7 14.1.8.C.01. NZISM_v3.7_14.1.8.C.01. NZISM v3.7 14.1.8.C.01. 14.1.8.C.01. - minimise vulnerabilities and enhance system security NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NZISM_v3.7 14.1.8.C.01. NZISM_v3.7_14.1.8.C.01. NZISM v3.7 14.1.8.C.01. 14.1.8.C.01. - minimise vulnerabilities and enhance system security NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes NZISM_v3.7 14.1.8.C.01. NZISM_v3.7_14.1.8.C.01. NZISM v3.7 14.1.8.C.01. 14.1.8.C.01. - minimise vulnerabilities and enhance system security NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes NZISM_v3.7 14.1.8.C.01. NZISM_v3.7_14.1.8.C.01. NZISM v3.7 14.1.8.C.01. 14.1.8.C.01. - minimise vulnerabilities and enhance system security NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring NZISM_v3.7 14.1.8.C.01. NZISM_v3.7_14.1.8.C.01. NZISM v3.7 14.1.8.C.01. 14.1.8.C.01. - minimise vulnerabilities and enhance system security NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NZISM_v3.7 14.1.8.C.01. NZISM_v3.7_14.1.8.C.01. NZISM v3.7 14.1.8.C.01. 14.1.8.C.01. - minimise vulnerabilities and enhance system security NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault NZISM_v3.7 14.1.8.C.01. NZISM_v3.7_14.1.8.C.01. NZISM v3.7 14.1.8.C.01. 14.1.8.C.01. - minimise vulnerabilities and enhance system security NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring NZISM_v3.7 14.1.8.C.01. NZISM_v3.7_14.1.8.C.01. NZISM v3.7 14.1.8.C.01. 14.1.8.C.01. - minimise vulnerabilities and enhance system security NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring NZISM_v3.7 14.1.8.C.01. NZISM_v3.7_14.1.8.C.01. NZISM v3.7 14.1.8.C.01. 14.1.8.C.01. - minimise vulnerabilities and enhance system security NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration NZISM_v3.7 14.1.8.C.01. NZISM_v3.7_14.1.8.C.01. NZISM v3.7 14.1.8.C.01. 14.1.8.C.01. - minimise vulnerabilities and enhance system security NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NZISM_v3.7 14.1.8.C.01. NZISM_v3.7_14.1.8.C.01. NZISM v3.7 14.1.8.C.01. 14.1.8.C.01. - minimise vulnerabilities and enhance system security NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NZISM_v3.7 14.1.8.C.01. NZISM_v3.7_14.1.8.C.01. NZISM v3.7 14.1.8.C.01. 14.1.8.C.01. - minimise vulnerabilities and enhance system security NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes NZISM_v3.7 14.1.8.C.01. NZISM_v3.7_14.1.8.C.01. NZISM v3.7 14.1.8.C.01. 14.1.8.C.01. - minimise vulnerabilities and enhance system security NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center NZISM_v3.7 14.1.8.C.01. NZISM_v3.7_14.1.8.C.01. NZISM v3.7 14.1.8.C.01. 14.1.8.C.01. - minimise vulnerabilities and enhance system security NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NZISM_v3.7 14.1.8.C.01. NZISM_v3.7_14.1.8.C.01. NZISM v3.7 14.1.8.C.01. 14.1.8.C.01. - minimise vulnerabilities and enhance system security NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center NZISM_v3.7 14.1.8.C.01. NZISM_v3.7_14.1.8.C.01. NZISM v3.7 14.1.8.C.01. 14.1.8.C.01. - minimise vulnerabilities and enhance system security NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute NZISM_v3.7 14.1.8.C.01. NZISM_v3.7_14.1.8.C.01. NZISM v3.7 14.1.8.C.01. 14.1.8.C.01. - minimise vulnerabilities and enhance system security NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute NZISM_v3.7 14.1.8.C.01. NZISM_v3.7_14.1.8.C.01. NZISM v3.7 14.1.8.C.01. 14.1.8.C.01. - minimise vulnerabilities and enhance system security NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration NZISM_v3.7 14.1.8.C.01. NZISM_v3.7_14.1.8.C.01. NZISM v3.7 14.1.8.C.01. 14.1.8.C.01. - minimise vulnerabilities and enhance system security NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration NZISM_v3.7 14.1.8.C.01. NZISM_v3.7_14.1.8.C.01. NZISM v3.7 14.1.8.C.01. 14.1.8.C.01. - minimise vulnerabilities and enhance system security NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center NZISM_v3.7 14.1.8.C.01. NZISM_v3.7_14.1.8.C.01. NZISM v3.7 14.1.8.C.01. 14.1.8.C.01. - minimise vulnerabilities and enhance system security NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NZISM_v3.7 14.1.8.C.01. NZISM_v3.7_14.1.8.C.01. NZISM v3.7 14.1.8.C.01. 14.1.8.C.01. - minimise vulnerabilities and enhance system security NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes NZISM_v3.7 14.1.8.C.01. NZISM_v3.7_14.1.8.C.01. NZISM v3.7 14.1.8.C.01. 14.1.8.C.01. - minimise vulnerabilities and enhance system security NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute NZISM_v3.7 14.1.9.C.01. NZISM_v3.7_14.1.9.C.01. NZISM v3.7 14.1.9.C.01. 14.1.9.C.01. - maintain system reliability, protect sensitive information, and fulfill security requirements. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring NZISM_v3.7 14.1.9.C.01. NZISM_v3.7_14.1.9.C.01. NZISM v3.7 14.1.9.C.01. 14.1.9.C.01. - maintain system reliability, protect sensitive information, and fulfill security requirements. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring NZISM_v3.7 14.1.9.C.01. NZISM_v3.7_14.1.9.C.01. NZISM v3.7 14.1.9.C.01. 14.1.9.C.01. - maintain system reliability, protect sensitive information, and fulfill security requirements. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring NZISM_v3.7 14.1.9.C.01. NZISM_v3.7_14.1.9.C.01. NZISM v3.7 14.1.9.C.01. 14.1.9.C.01. - maintain system reliability, protect sensitive information, and fulfill security requirements. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring NZISM_v3.7 14.1.9.C.01. NZISM_v3.7_14.1.9.C.01. NZISM v3.7 14.1.9.C.01. 14.1.9.C.01. - maintain system reliability, protect sensitive information, and fulfill security requirements. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning NZISM_v3.7 14.1.9.C.02. NZISM_v3.7_14.1.9.C.02. NZISM v3.7 14.1.9.C.02. 14.1.9.C.02. - maintaining the integrity and reliability of servers and workstations within the agency's environment NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network NZISM_v3.7 14.1.9.C.02. NZISM_v3.7_14.1.9.C.02. NZISM v3.7 14.1.9.C.02. 14.1.9.C.02. - maintaining the integrity and reliability of servers and workstations within the agency's environment NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring NZISM_v3.7 14.1.9.C.02. NZISM_v3.7_14.1.9.C.02. NZISM v3.7 14.1.9.C.02. 14.1.9.C.02. - maintaining the integrity and reliability of servers and workstations within the agency's environment NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NZISM_v3.7 14.1.9.C.02. NZISM_v3.7_14.1.9.C.02. NZISM v3.7 14.1.9.C.02. 14.1.9.C.02. - maintaining the integrity and reliability of servers and workstations within the agency's environment NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes NZISM_v3.7 14.1.9.C.02. NZISM_v3.7_14.1.9.C.02. NZISM v3.7 14.1.9.C.02. 14.1.9.C.02. - maintaining the integrity and reliability of servers and workstations within the agency's environment NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring NZISM_v3.7 14.1.9.C.02. NZISM_v3.7_14.1.9.C.02. NZISM v3.7 14.1.9.C.02. 14.1.9.C.02. - maintaining the integrity and reliability of servers and workstations within the agency's environment NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration NZISM_v3.7 14.1.9.C.02. NZISM_v3.7_14.1.9.C.02. NZISM v3.7 14.1.9.C.02. 14.1.9.C.02. - maintaining the integrity and reliability of servers and workstations within the agency's environment NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration NZISM_v3.7 14.1.9.C.02. NZISM_v3.7_14.1.9.C.02. NZISM v3.7 14.1.9.C.02. 14.1.9.C.02. - maintaining the integrity and reliability of servers and workstations within the agency's environment NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NZISM_v3.7 14.1.9.C.02. NZISM_v3.7_14.1.9.C.02. NZISM v3.7 14.1.9.C.02. 14.1.9.C.02. - maintaining the integrity and reliability of servers and workstations within the agency's environment NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration NZISM_v3.7 14.2.4.C.01. NZISM_v3.7_14.2.4.C.01. NZISM v3.7 14.2.4.C.01. 14.2.4.C.01. - mitigate security risks, and ensure compliance with security policies and standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring NZISM_v3.7 14.2.4.C.01. NZISM_v3.7_14.2.4.C.01. NZISM v3.7 14.2.4.C.01. 14.2.4.C.01. - mitigate security risks, and ensure compliance with security policies and standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center NZISM_v3.7 14.2.4.C.01. NZISM_v3.7_14.2.4.C.01. NZISM v3.7 14.2.4.C.01. 14.2.4.C.01. - mitigate security risks, and ensure compliance with security policies and standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring NZISM_v3.7 14.2.4.C.01. NZISM_v3.7_14.2.4.C.01. NZISM v3.7 14.2.4.C.01. 14.2.4.C.01. - mitigate security risks, and ensure compliance with security policies and standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration NZISM_v3.7 14.2.4.C.01. NZISM_v3.7_14.2.4.C.01. NZISM v3.7 14.2.4.C.01. 14.2.4.C.01. - mitigate security risks, and ensure compliance with security policies and standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network NZISM_v3.7 14.2.4.C.01. NZISM_v3.7_14.2.4.C.01. NZISM v3.7 14.2.4.C.01. 14.2.4.C.01. - mitigate security risks, and ensure compliance with security policies and standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NZISM_v3.7 14.2.4.C.01. NZISM_v3.7_14.2.4.C.01. NZISM v3.7 14.2.4.C.01. 14.2.4.C.01. - mitigate security risks, and ensure compliance with security policies and standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NZISM_v3.7 14.2.4.C.01. NZISM_v3.7_14.2.4.C.01. NZISM v3.7 14.2.4.C.01. 14.2.4.C.01. - mitigate security risks, and ensure compliance with security policies and standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NZISM_v3.7 14.2.4.C.01. NZISM_v3.7_14.2.4.C.01. NZISM v3.7 14.2.4.C.01. 14.2.4.C.01. - mitigate security risks, and ensure compliance with security policies and standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center NZISM_v3.7 14.2.4.C.01. NZISM_v3.7_14.2.4.C.01. NZISM v3.7 14.2.4.C.01. 14.2.4.C.01. - mitigate security risks, and ensure compliance with security policies and standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center NZISM_v3.7 14.2.4.C.01. NZISM_v3.7_14.2.4.C.01. NZISM v3.7 14.2.4.C.01. 14.2.4.C.01. - mitigate security risks, and ensure compliance with security policies and standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NZISM_v3.7 14.2.4.C.01. NZISM_v3.7_14.2.4.C.01. NZISM v3.7 14.2.4.C.01. 14.2.4.C.01. - mitigate security risks, and ensure compliance with security policies and standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center NZISM_v3.7 14.2.4.C.01. NZISM_v3.7_14.2.4.C.01. NZISM v3.7 14.2.4.C.01. 14.2.4.C.01. - mitigate security risks, and ensure compliance with security policies and standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NZISM_v3.7 14.2.4.C.01. NZISM_v3.7_14.2.4.C.01. NZISM v3.7 14.2.4.C.01. 14.2.4.C.01. - mitigate security risks, and ensure compliance with security policies and standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center NZISM_v3.7 14.2.4.C.01. NZISM_v3.7_14.2.4.C.01. NZISM v3.7 14.2.4.C.01. 14.2.4.C.01. - mitigate security risks, and ensure compliance with security policies and standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning NZISM_v3.7 14.2.4.C.01. NZISM_v3.7_14.2.4.C.01. NZISM v3.7 14.2.4.C.01. 14.2.4.C.01. - mitigate security risks, and ensure compliance with security policies and standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NZISM_v3.7 14.2.4.C.01. NZISM_v3.7_14.2.4.C.01. NZISM v3.7 14.2.4.C.01. 14.2.4.C.01. - mitigate security risks, and ensure compliance with security policies and standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center NZISM_v3.7 14.2.4.C.01. NZISM_v3.7_14.2.4.C.01. NZISM v3.7 14.2.4.C.01. 14.2.4.C.01. - mitigate security risks, and ensure compliance with security policies and standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes NZISM_v3.7 14.2.4.C.01. NZISM_v3.7_14.2.4.C.01. NZISM v3.7 14.2.4.C.01. 14.2.4.C.01. - mitigate security risks, and ensure compliance with security policies and standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NZISM_v3.7 14.2.4.C.01. NZISM_v3.7_14.2.4.C.01. NZISM v3.7 14.2.4.C.01. 14.2.4.C.01. - mitigate security risks, and ensure compliance with security policies and standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NZISM_v3.7 14.2.4.C.01. NZISM_v3.7_14.2.4.C.01. NZISM v3.7 14.2.4.C.01. 14.2.4.C.01. - mitigate security risks, and ensure compliance with security policies and standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NZISM_v3.7 14.2.4.C.01. NZISM_v3.7_14.2.4.C.01. NZISM v3.7 14.2.4.C.01. 14.2.4.C.01. - mitigate security risks, and ensure compliance with security policies and standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NZISM_v3.7 14.2.4.C.01. NZISM_v3.7_14.2.4.C.01. NZISM v3.7 14.2.4.C.01. 14.2.4.C.01. - mitigate security risks, and ensure compliance with security policies and standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center NZISM_v3.7 14.2.4.C.01. NZISM_v3.7_14.2.4.C.01. NZISM v3.7 14.2.4.C.01. 14.2.4.C.01. - mitigate security risks, and ensure compliance with security policies and standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center NZISM_v3.7 14.2.4.C.01. NZISM_v3.7_14.2.4.C.01. NZISM v3.7 14.2.4.C.01. 14.2.4.C.01. - mitigate security risks, and ensure compliance with security policies and standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services NZISM_v3.7 14.3.10.C.01. NZISM_v3.7_14.3.10.C.01. NZISM v3.7 14.3.10.C.01. 14.3.10.C.01. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NZISM_v3.7 14.3.10.C.01. NZISM_v3.7_14.3.10.C.01. NZISM v3.7 14.3.10.C.01. 14.3.10.C.01. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault NZISM_v3.7 14.3.10.C.01. NZISM_v3.7_14.3.10.C.01. NZISM v3.7 14.3.10.C.01. 14.3.10.C.01. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network NZISM_v3.7 14.3.10.C.01. NZISM_v3.7_14.3.10.C.01. NZISM v3.7 14.3.10.C.01. 14.3.10.C.01. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NZISM_v3.7 14.3.10.C.01. NZISM_v3.7_14.3.10.C.01. NZISM v3.7 14.3.10.C.01. 14.3.10.C.01. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NZISM_v3.7 14.3.10.C.01. NZISM_v3.7_14.3.10.C.01. NZISM v3.7 14.3.10.C.01. 14.3.10.C.01. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration NZISM_v3.7 14.3.10.C.01. NZISM_v3.7_14.3.10.C.01. NZISM v3.7 14.3.10.C.01. 14.3.10.C.01. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance NZISM_v3.7 14.3.10.C.01. NZISM_v3.7_14.3.10.C.01. NZISM v3.7 14.3.10.C.01. 14.3.10.C.01. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry NZISM_v3.7 14.3.10.C.01. NZISM_v3.7_14.3.10.C.01. NZISM v3.7 14.3.10.C.01. 14.3.10.C.01. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance NZISM_v3.7 14.3.10.C.01. NZISM_v3.7_14.3.10.C.01. NZISM v3.7 14.3.10.C.01. 14.3.10.C.01. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NZISM_v3.7 14.3.10.C.01. NZISM_v3.7_14.3.10.C.01. NZISM v3.7 14.3.10.C.01. 14.3.10.C.01. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration NZISM_v3.7 14.3.10.C.01. NZISM_v3.7_14.3.10.C.01. NZISM v3.7 14.3.10.C.01. 14.3.10.C.01. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL NZISM_v3.7 14.3.10.C.01. NZISM_v3.7_14.3.10.C.01. NZISM v3.7 14.3.10.C.01. 14.3.10.C.01. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NZISM_v3.7 14.3.10.C.01. NZISM_v3.7_14.3.10.C.01. NZISM v3.7 14.3.10.C.01. 14.3.10.C.01. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center NZISM_v3.7 14.3.10.C.01. NZISM_v3.7_14.3.10.C.01. NZISM v3.7 14.3.10.C.01. 14.3.10.C.01. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR NZISM_v3.7 14.3.10.C.01. NZISM_v3.7_14.3.10.C.01. NZISM v3.7 14.3.10.C.01. 14.3.10.C.01. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage NZISM_v3.7 14.3.10.C.01. NZISM_v3.7_14.3.10.C.01. NZISM v3.7 14.3.10.C.01. 14.3.10.C.01. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NZISM_v3.7 14.3.10.C.01. NZISM_v3.7_14.3.10.C.01. NZISM v3.7 14.3.10.C.01. 14.3.10.C.01. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring NZISM_v3.7 14.3.10.C.01. NZISM_v3.7_14.3.10.C.01. NZISM v3.7 14.3.10.C.01. 14.3.10.C.01. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NZISM_v3.7 14.3.10.C.01. NZISM_v3.7_14.3.10.C.01. NZISM v3.7 14.3.10.C.01. 14.3.10.C.01. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes NZISM_v3.7 14.3.10.C.01. NZISM_v3.7_14.3.10.C.01. NZISM v3.7 14.3.10.C.01. 14.3.10.C.01. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things NZISM_v3.7 14.3.10.C.01. NZISM_v3.7_14.3.10.C.01. NZISM v3.7 14.3.10.C.01. 14.3.10.C.01. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NZISM_v3.7 14.3.10.C.01. NZISM_v3.7_14.3.10.C.01. NZISM v3.7 14.3.10.C.01. 14.3.10.C.01. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NZISM_v3.7 14.3.10.C.01. NZISM_v3.7_14.3.10.C.01. NZISM v3.7 14.3.10.C.01. 14.3.10.C.01. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NZISM_v3.7 14.3.10.C.02. NZISM_v3.7_14.3.10.C.02. NZISM v3.7 14.3.10.C.02. 14.3.10.C.02. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NZISM_v3.7 14.3.10.C.02. NZISM_v3.7_14.3.10.C.02. NZISM v3.7 14.3.10.C.02. 14.3.10.C.02. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NZISM_v3.7 14.3.10.C.02. NZISM_v3.7_14.3.10.C.02. NZISM v3.7 14.3.10.C.02. 14.3.10.C.02. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NZISM_v3.7 14.3.10.C.02. NZISM_v3.7_14.3.10.C.02. NZISM v3.7 14.3.10.C.02. 14.3.10.C.02. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things NZISM_v3.7 14.3.10.C.02. NZISM_v3.7_14.3.10.C.02. NZISM v3.7 14.3.10.C.02. 14.3.10.C.02. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes NZISM_v3.7 14.3.10.C.02. NZISM_v3.7_14.3.10.C.02. NZISM v3.7 14.3.10.C.02. 14.3.10.C.02. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring NZISM_v3.7 14.3.10.C.02. NZISM_v3.7_14.3.10.C.02. NZISM v3.7 14.3.10.C.02. 14.3.10.C.02. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network NZISM_v3.7 14.3.10.C.02. NZISM_v3.7_14.3.10.C.02. NZISM v3.7 14.3.10.C.02. 14.3.10.C.02. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance NZISM_v3.7 14.3.10.C.02. NZISM_v3.7_14.3.10.C.02. NZISM v3.7 14.3.10.C.02. 14.3.10.C.02. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center NZISM_v3.7 14.3.10.C.02. NZISM_v3.7_14.3.10.C.02. NZISM v3.7 14.3.10.C.02. 14.3.10.C.02. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry NZISM_v3.7 14.3.10.C.02. NZISM_v3.7_14.3.10.C.02. NZISM v3.7 14.3.10.C.02. 14.3.10.C.02. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services NZISM_v3.7 14.3.10.C.02. NZISM_v3.7_14.3.10.C.02. NZISM v3.7 14.3.10.C.02. 14.3.10.C.02. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NZISM_v3.7 14.3.10.C.02. NZISM_v3.7_14.3.10.C.02. NZISM v3.7 14.3.10.C.02. 14.3.10.C.02. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR NZISM_v3.7 14.3.10.C.02. NZISM_v3.7_14.3.10.C.02. NZISM v3.7 14.3.10.C.02. 14.3.10.C.02. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance NZISM_v3.7 14.3.10.C.02. NZISM_v3.7_14.3.10.C.02. NZISM v3.7 14.3.10.C.02. 14.3.10.C.02. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage NZISM_v3.7 14.3.10.C.02. NZISM_v3.7_14.3.10.C.02. NZISM v3.7 14.3.10.C.02. 14.3.10.C.02. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NZISM_v3.7 14.3.10.C.02. NZISM_v3.7_14.3.10.C.02. NZISM v3.7 14.3.10.C.02. 14.3.10.C.02. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL NZISM_v3.7 14.3.10.C.02. NZISM_v3.7_14.3.10.C.02. NZISM v3.7 14.3.10.C.02. 14.3.10.C.02. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration NZISM_v3.7 14.3.10.C.02. NZISM_v3.7_14.3.10.C.02. NZISM v3.7 14.3.10.C.02. 14.3.10.C.02. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NZISM_v3.7 14.3.10.C.02. NZISM_v3.7_14.3.10.C.02. NZISM v3.7 14.3.10.C.02. 14.3.10.C.02. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration NZISM_v3.7 14.3.10.C.02. NZISM_v3.7_14.3.10.C.02. NZISM v3.7 14.3.10.C.02. 14.3.10.C.02. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault NZISM_v3.7 14.3.10.C.02. NZISM_v3.7_14.3.10.C.02. NZISM v3.7 14.3.10.C.02. 14.3.10.C.02. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NZISM_v3.7 14.3.10.C.02. NZISM_v3.7_14.3.10.C.02. NZISM v3.7 14.3.10.C.02. 14.3.10.C.02. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL NZISM_v3.7 14.3.10.C.03. NZISM_v3.7_14.3.10.C.03. NZISM v3.7 14.3.10.C.03. 14.3.10.C.03. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NZISM_v3.7 14.3.10.C.03. NZISM_v3.7_14.3.10.C.03. NZISM v3.7 14.3.10.C.03. 14.3.10.C.03. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center NZISM_v3.7 14.3.10.C.03. NZISM_v3.7_14.3.10.C.03. NZISM v3.7 14.3.10.C.03. 14.3.10.C.03. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things NZISM_v3.7 14.3.10.C.03. NZISM_v3.7_14.3.10.C.03. NZISM v3.7 14.3.10.C.03. 14.3.10.C.03. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage NZISM_v3.7 14.3.10.C.03. NZISM_v3.7_14.3.10.C.03. NZISM v3.7 14.3.10.C.03. 14.3.10.C.03. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NZISM_v3.7 14.3.10.C.03. NZISM_v3.7_14.3.10.C.03. NZISM v3.7 14.3.10.C.03. 14.3.10.C.03. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes NZISM_v3.7 14.3.10.C.03. NZISM_v3.7_14.3.10.C.03. NZISM v3.7 14.3.10.C.03. 14.3.10.C.03. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration NZISM_v3.7 14.3.10.C.03. NZISM_v3.7_14.3.10.C.03. NZISM v3.7 14.3.10.C.03. 14.3.10.C.03. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR NZISM_v3.7 14.3.10.C.03. NZISM_v3.7_14.3.10.C.03. NZISM v3.7 14.3.10.C.03. 14.3.10.C.03. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NZISM_v3.7 14.3.10.C.03. NZISM_v3.7_14.3.10.C.03. NZISM v3.7 14.3.10.C.03. 14.3.10.C.03. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry NZISM_v3.7 14.3.10.C.03. NZISM_v3.7_14.3.10.C.03. NZISM v3.7 14.3.10.C.03. 14.3.10.C.03. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NZISM_v3.7 14.3.10.C.03. NZISM_v3.7_14.3.10.C.03. NZISM v3.7 14.3.10.C.03. 14.3.10.C.03. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NZISM_v3.7 14.3.10.C.03. NZISM_v3.7_14.3.10.C.03. NZISM v3.7 14.3.10.C.03. 14.3.10.C.03. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance NZISM_v3.7 14.3.10.C.03. NZISM_v3.7_14.3.10.C.03. NZISM v3.7 14.3.10.C.03. 14.3.10.C.03. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance NZISM_v3.7 14.3.10.C.03. NZISM_v3.7_14.3.10.C.03. NZISM v3.7 14.3.10.C.03. 14.3.10.C.03. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services NZISM_v3.7 14.3.10.C.03. NZISM_v3.7_14.3.10.C.03. NZISM v3.7 14.3.10.C.03. 14.3.10.C.03. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NZISM_v3.7 14.3.10.C.03. NZISM_v3.7_14.3.10.C.03. NZISM v3.7 14.3.10.C.03. 14.3.10.C.03. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NZISM_v3.7 14.3.10.C.03. NZISM_v3.7_14.3.10.C.03. NZISM v3.7 14.3.10.C.03. 14.3.10.C.03. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault NZISM_v3.7 14.3.10.C.03. NZISM_v3.7_14.3.10.C.03. NZISM v3.7 14.3.10.C.03. 14.3.10.C.03. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network NZISM_v3.7 14.3.10.C.03. NZISM_v3.7_14.3.10.C.03. NZISM v3.7 14.3.10.C.03. 14.3.10.C.03. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration NZISM_v3.7 14.3.10.C.03. NZISM_v3.7_14.3.10.C.03. NZISM v3.7 14.3.10.C.03. 14.3.10.C.03. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NZISM_v3.7 14.3.10.C.03. NZISM_v3.7_14.3.10.C.03. NZISM v3.7 14.3.10.C.03. 14.3.10.C.03. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR NZISM_v3.7 14.3.10.C.04. NZISM_v3.7_14.3.10.C.04. NZISM v3.7 14.3.10.C.04. 14.3.10.C.04. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center NZISM_v3.7 14.3.10.C.04. NZISM_v3.7_14.3.10.C.04. NZISM v3.7 14.3.10.C.04. 14.3.10.C.04. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes NZISM_v3.7 14.3.10.C.04. NZISM_v3.7_14.3.10.C.04. NZISM v3.7 14.3.10.C.04. 14.3.10.C.04. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NZISM_v3.7 14.3.10.C.04. NZISM_v3.7_14.3.10.C.04. NZISM v3.7 14.3.10.C.04. 14.3.10.C.04. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL NZISM_v3.7 14.3.10.C.04. NZISM_v3.7_14.3.10.C.04. NZISM v3.7 14.3.10.C.04. 14.3.10.C.04. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NZISM_v3.7 14.3.10.C.04. NZISM_v3.7_14.3.10.C.04. NZISM v3.7 14.3.10.C.04. 14.3.10.C.04. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network NZISM_v3.7 14.3.10.C.04. NZISM_v3.7_14.3.10.C.04. NZISM v3.7 14.3.10.C.04. 14.3.10.C.04. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault NZISM_v3.7 14.3.10.C.04. NZISM_v3.7_14.3.10.C.04. NZISM v3.7 14.3.10.C.04. 14.3.10.C.04. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NZISM_v3.7 14.3.10.C.04. NZISM_v3.7_14.3.10.C.04. NZISM v3.7 14.3.10.C.04. 14.3.10.C.04. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NZISM_v3.7 14.3.10.C.04. NZISM_v3.7_14.3.10.C.04. NZISM v3.7 14.3.10.C.04. 14.3.10.C.04. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NZISM_v3.7 14.3.10.C.04. NZISM_v3.7_14.3.10.C.04. NZISM v3.7 14.3.10.C.04. 14.3.10.C.04. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration NZISM_v3.7 14.3.10.C.04. NZISM_v3.7_14.3.10.C.04. NZISM v3.7 14.3.10.C.04. 14.3.10.C.04. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage NZISM_v3.7 14.3.10.C.04. NZISM_v3.7_14.3.10.C.04. NZISM v3.7 14.3.10.C.04. 14.3.10.C.04. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration NZISM_v3.7 14.3.10.C.04. NZISM_v3.7_14.3.10.C.04. NZISM v3.7 14.3.10.C.04. 14.3.10.C.04. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance NZISM_v3.7 14.3.10.C.04. NZISM_v3.7_14.3.10.C.04. NZISM v3.7 14.3.10.C.04. 14.3.10.C.04. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NZISM_v3.7 14.3.10.C.04. NZISM_v3.7_14.3.10.C.04. NZISM v3.7 14.3.10.C.04. 14.3.10.C.04. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NZISM_v3.7 14.3.10.C.04. NZISM_v3.7_14.3.10.C.04. NZISM v3.7 14.3.10.C.04. 14.3.10.C.04. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance NZISM_v3.7 14.3.10.C.04. NZISM_v3.7_14.3.10.C.04. NZISM v3.7 14.3.10.C.04. 14.3.10.C.04. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services NZISM_v3.7 14.3.10.C.04. NZISM_v3.7_14.3.10.C.04. NZISM v3.7 14.3.10.C.04. 14.3.10.C.04. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things NZISM_v3.7 14.3.10.C.04. NZISM_v3.7_14.3.10.C.04. NZISM v3.7 14.3.10.C.04. 14.3.10.C.04. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NZISM_v3.7 14.3.10.C.04. NZISM_v3.7_14.3.10.C.04. NZISM v3.7 14.3.10.C.04. 14.3.10.C.04. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry NZISM_v3.7 14.3.10.C.04. NZISM_v3.7_14.3.10.C.04. NZISM v3.7 14.3.10.C.04. 14.3.10.C.04. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
56fd377d-098c-4f02-8406-81eb055902b8 IP firewall rules on Azure Synapse workspaces should be removed Synapse NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities Kubernetes NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute NZISM_v3.7 14.3.12.C.01. NZISM_v3.7_14.3.12.C.01. NZISM v3.7 14.3.12.C.01. 14.3.12.C.01. - strengthening the overall security posture of the agency's network environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring NZISM_v3.7 16.1.31.C.01. NZISM_v3.7_16.1.31.C.01. NZISM v3.7 16.1.31.C.01. 16.1.31.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NZISM_v3.7 16.1.31.C.01. NZISM_v3.7_16.1.31.C.01. NZISM v3.7 16.1.31.C.01. 16.1.31.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network NZISM_v3.7 16.1.31.C.01. NZISM_v3.7_16.1.31.C.01. NZISM v3.7 16.1.31.C.01. 16.1.31.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center NZISM_v3.7 16.1.31.C.01. NZISM_v3.7_16.1.31.C.01. NZISM v3.7 16.1.31.C.01. 16.1.31.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring NZISM_v3.7 16.1.31.C.01. NZISM_v3.7_16.1.31.C.01. NZISM v3.7 16.1.31.C.01. 16.1.31.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NZISM_v3.7 16.1.31.C.01. NZISM_v3.7_16.1.31.C.01. NZISM v3.7 16.1.31.C.01. 16.1.31.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration NZISM_v3.7 16.1.31.C.01. NZISM_v3.7_16.1.31.C.01. NZISM v3.7 16.1.31.C.01. 16.1.31.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NZISM_v3.7 16.1.31.C.01. NZISM_v3.7_16.1.31.C.01. NZISM v3.7 16.1.31.C.01. 16.1.31.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NZISM_v3.7 16.1.31.C.01. NZISM_v3.7_16.1.31.C.01. NZISM v3.7 16.1.31.C.01. 16.1.31.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration NZISM_v3.7 16.1.31.C.01. NZISM_v3.7_16.1.31.C.01. NZISM v3.7 16.1.31.C.01. 16.1.31.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL NZISM_v3.7 16.1.31.C.01. NZISM_v3.7_16.1.31.C.01. NZISM v3.7 16.1.31.C.01. 16.1.31.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration NZISM_v3.7 16.1.31.C.01. NZISM_v3.7_16.1.31.C.01. NZISM v3.7 16.1.31.C.01. 16.1.31.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration NZISM_v3.7 16.1.31.C.01. NZISM_v3.7_16.1.31.C.01. NZISM v3.7 16.1.31.C.01. 16.1.31.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring NZISM_v3.7 16.1.31.C.01. NZISM_v3.7_16.1.31.C.01. NZISM v3.7 16.1.31.C.01. 16.1.31.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration NZISM_v3.7 16.1.31.C.01. NZISM_v3.7_16.1.31.C.01. NZISM v3.7 16.1.31.C.01. 16.1.31.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning NZISM_v3.7 16.1.31.C.01. NZISM_v3.7_16.1.31.C.01. NZISM v3.7 16.1.31.C.01. 16.1.31.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration NZISM_v3.7 16.1.31.C.01. NZISM_v3.7_16.1.31.C.01. NZISM v3.7 16.1.31.C.01. 16.1.31.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub NZISM_v3.7 16.1.31.C.01. NZISM_v3.7_16.1.31.C.01. NZISM v3.7 16.1.31.C.01. 16.1.31.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring NZISM_v3.7 16.1.31.C.01. NZISM_v3.7_16.1.31.C.01. NZISM v3.7 16.1.31.C.01. 16.1.31.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NZISM_v3.7 16.1.31.C.01. NZISM_v3.7_16.1.31.C.01. NZISM v3.7 16.1.31.C.01. 16.1.31.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage NZISM_v3.7 16.1.31.C.01. NZISM_v3.7_16.1.31.C.01. NZISM v3.7 16.1.31.C.01. 16.1.31.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NZISM_v3.7 16.1.31.C.01. NZISM_v3.7_16.1.31.C.01. NZISM v3.7 16.1.31.C.01. 16.1.31.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring NZISM_v3.7 16.1.31.C.01. NZISM_v3.7_16.1.31.C.01. NZISM v3.7 16.1.31.C.01. 16.1.31.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center NZISM_v3.7 16.1.31.C.01. NZISM_v3.7_16.1.31.C.01. NZISM v3.7 16.1.31.C.01. 16.1.31.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration NZISM_v3.7 16.1.31.C.01. NZISM_v3.7_16.1.31.C.01. NZISM v3.7 16.1.31.C.01. 16.1.31.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault NZISM_v3.7 16.1.31.C.01. NZISM_v3.7_16.1.31.C.01. NZISM v3.7 16.1.31.C.01. 16.1.31.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration NZISM_v3.7 16.1.32.C.01. NZISM_v3.7_16.1.32.C.01. NZISM v3.7 16.1.32.C.01. 16.1.32.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning NZISM_v3.7 16.1.32.C.01. NZISM_v3.7_16.1.32.C.01. NZISM v3.7 16.1.32.C.01. 16.1.32.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration NZISM_v3.7 16.1.32.C.01. NZISM_v3.7_16.1.32.C.01. NZISM v3.7 16.1.32.C.01. 16.1.32.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage NZISM_v3.7 16.1.32.C.01. NZISM_v3.7_16.1.32.C.01. NZISM v3.7 16.1.32.C.01. 16.1.32.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration NZISM_v3.7 16.1.32.C.01. NZISM_v3.7_16.1.32.C.01. NZISM v3.7 16.1.32.C.01. 16.1.32.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring NZISM_v3.7 16.1.32.C.01. NZISM_v3.7_16.1.32.C.01. NZISM v3.7 16.1.32.C.01. 16.1.32.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NZISM_v3.7 16.1.32.C.01. NZISM_v3.7_16.1.32.C.01. NZISM v3.7 16.1.32.C.01. 16.1.32.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration NZISM_v3.7 16.1.32.C.01. NZISM_v3.7_16.1.32.C.01. NZISM v3.7 16.1.32.C.01. 16.1.32.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring NZISM_v3.7 16.1.32.C.01. NZISM_v3.7_16.1.32.C.01. NZISM v3.7 16.1.32.C.01. 16.1.32.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring NZISM_v3.7 16.1.32.C.01. NZISM_v3.7_16.1.32.C.01. NZISM v3.7 16.1.32.C.01. 16.1.32.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center NZISM_v3.7 16.1.32.C.01. NZISM_v3.7_16.1.32.C.01. NZISM v3.7 16.1.32.C.01. 16.1.32.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NZISM_v3.7 16.1.32.C.01. NZISM_v3.7_16.1.32.C.01. NZISM v3.7 16.1.32.C.01. 16.1.32.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NZISM_v3.7 16.1.32.C.01. NZISM_v3.7_16.1.32.C.01. NZISM v3.7 16.1.32.C.01. 16.1.32.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration NZISM_v3.7 16.1.32.C.01. NZISM_v3.7_16.1.32.C.01. NZISM v3.7 16.1.32.C.01. 16.1.32.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL NZISM_v3.7 16.1.32.C.01. NZISM_v3.7_16.1.32.C.01. NZISM v3.7 16.1.32.C.01. 16.1.32.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault NZISM_v3.7 16.1.32.C.01. NZISM_v3.7_16.1.32.C.01. NZISM v3.7 16.1.32.C.01. 16.1.32.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub NZISM_v3.7 16.1.32.C.01. NZISM_v3.7_16.1.32.C.01. NZISM v3.7 16.1.32.C.01. 16.1.32.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NZISM_v3.7 16.1.32.C.01. NZISM_v3.7_16.1.32.C.01. NZISM v3.7 16.1.32.C.01. 16.1.32.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring NZISM_v3.7 16.1.32.C.01. NZISM_v3.7_16.1.32.C.01. NZISM v3.7 16.1.32.C.01. 16.1.32.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration NZISM_v3.7 16.1.32.C.01. NZISM_v3.7_16.1.32.C.01. NZISM v3.7 16.1.32.C.01. 16.1.32.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration NZISM_v3.7 16.1.32.C.01. NZISM_v3.7_16.1.32.C.01. NZISM v3.7 16.1.32.C.01. 16.1.32.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NZISM_v3.7 16.1.32.C.01. NZISM_v3.7_16.1.32.C.01. NZISM v3.7 16.1.32.C.01. 16.1.32.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network NZISM_v3.7 16.1.32.C.01. NZISM_v3.7_16.1.32.C.01. NZISM v3.7 16.1.32.C.01. 16.1.32.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center NZISM_v3.7 16.1.32.C.01. NZISM_v3.7_16.1.32.C.01. NZISM v3.7 16.1.32.C.01. 16.1.32.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring NZISM_v3.7 16.1.32.C.01. NZISM_v3.7_16.1.32.C.01. NZISM v3.7 16.1.32.C.01. 16.1.32.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning NZISM_v3.7 16.1.33.C.01. NZISM_v3.7_16.1.33.C.01. NZISM v3.7 16.1.33.C.01. 16.1.33.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring NZISM_v3.7 16.1.33.C.01. NZISM_v3.7_16.1.33.C.01. NZISM v3.7 16.1.33.C.01. 16.1.33.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring NZISM_v3.7 16.1.33.C.01. NZISM_v3.7_16.1.33.C.01. NZISM v3.7 16.1.33.C.01. 16.1.33.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute NZISM_v3.7 16.1.33.C.01. NZISM_v3.7_16.1.33.C.01. NZISM v3.7 16.1.33.C.01. 16.1.33.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring NZISM_v3.7 16.1.33.C.01. NZISM_v3.7_16.1.33.C.01. NZISM v3.7 16.1.33.C.01. 16.1.33.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL NZISM_v3.7 16.1.33.C.01. NZISM_v3.7_16.1.33.C.01. NZISM v3.7 16.1.33.C.01. 16.1.33.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes NZISM_v3.7 16.1.33.C.01. NZISM_v3.7_16.1.33.C.01. NZISM v3.7 16.1.33.C.01. 16.1.33.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NZISM_v3.7 16.1.33.C.01. NZISM_v3.7_16.1.33.C.01. NZISM v3.7 16.1.33.C.01. 16.1.33.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NZISM_v3.7 16.1.33.C.01. NZISM_v3.7_16.1.33.C.01. NZISM v3.7 16.1.33.C.01. 16.1.33.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes NZISM_v3.7 16.1.33.C.01. NZISM_v3.7_16.1.33.C.01. NZISM v3.7 16.1.33.C.01. 16.1.33.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus NZISM_v3.7 16.1.33.C.01. NZISM_v3.7_16.1.33.C.01. NZISM v3.7 16.1.33.C.01. 16.1.33.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NZISM_v3.7 16.1.33.C.01. NZISM_v3.7_16.1.33.C.01. NZISM v3.7 16.1.33.C.01. 16.1.33.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL NZISM_v3.7 16.1.33.C.01. NZISM_v3.7_16.1.33.C.01. NZISM v3.7 16.1.33.C.01. 16.1.33.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NZISM_v3.7 16.1.33.C.01. NZISM_v3.7_16.1.33.C.01. NZISM v3.7 16.1.33.C.01. 16.1.33.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB NZISM_v3.7 16.1.33.C.01. NZISM_v3.7_16.1.33.C.01. NZISM v3.7 16.1.33.C.01. 16.1.33.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NZISM_v3.7 16.1.33.C.01. NZISM_v3.7_16.1.33.C.01. NZISM v3.7 16.1.33.C.01. 16.1.33.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL NZISM_v3.7 16.1.33.C.01. NZISM_v3.7_16.1.33.C.01. NZISM v3.7 16.1.33.C.01. 16.1.33.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NZISM_v3.7 16.1.33.C.01. NZISM_v3.7_16.1.33.C.01. NZISM v3.7 16.1.33.C.01. 16.1.33.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL NZISM_v3.7 16.1.33.C.01. NZISM_v3.7_16.1.33.C.01. NZISM v3.7 16.1.33.C.01. 16.1.33.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NZISM_v3.7 16.1.33.C.01. NZISM_v3.7_16.1.33.C.01. NZISM v3.7 16.1.33.C.01. 16.1.33.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NZISM_v3.7 16.1.33.C.01. NZISM_v3.7_16.1.33.C.01. NZISM v3.7 16.1.33.C.01. 16.1.33.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NZISM_v3.7 16.1.33.C.01. NZISM_v3.7_16.1.33.C.01. NZISM v3.7 16.1.33.C.01. 16.1.33.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration NZISM_v3.7 16.1.33.C.01. NZISM_v3.7_16.1.33.C.01. NZISM v3.7 16.1.33.C.01. 16.1.33.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes NZISM_v3.7 16.1.33.C.01. NZISM_v3.7_16.1.33.C.01. NZISM v3.7 16.1.33.C.01. 16.1.33.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network NZISM_v3.7 16.1.33.C.01. NZISM_v3.7_16.1.33.C.01. NZISM v3.7 16.1.33.C.01. 16.1.33.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NZISM_v3.7 16.1.33.C.02. NZISM_v3.7_16.1.33.C.02. NZISM v3.7 16.1.33.C.02. 16.1.33.C.02. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring NZISM_v3.7 16.1.33.C.02. NZISM_v3.7_16.1.33.C.02. NZISM v3.7 16.1.33.C.02. 16.1.33.C.02. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute NZISM_v3.7 16.1.33.C.02. NZISM_v3.7_16.1.33.C.02. NZISM v3.7 16.1.33.C.02. 16.1.33.C.02. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring NZISM_v3.7 16.1.33.C.02. NZISM_v3.7_16.1.33.C.02. NZISM v3.7 16.1.33.C.02. 16.1.33.C.02. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NZISM_v3.7 16.1.33.C.02. NZISM_v3.7_16.1.33.C.02. NZISM v3.7 16.1.33.C.02. 16.1.33.C.02. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NZISM_v3.7 16.1.33.C.02. NZISM_v3.7_16.1.33.C.02. NZISM v3.7 16.1.33.C.02. 16.1.33.C.02. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network NZISM_v3.7 16.1.33.C.02. NZISM_v3.7_16.1.33.C.02. NZISM v3.7 16.1.33.C.02. 16.1.33.C.02. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NZISM_v3.7 16.1.33.C.02. NZISM_v3.7_16.1.33.C.02. NZISM v3.7 16.1.33.C.02. 16.1.33.C.02. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL NZISM_v3.7 16.1.33.C.02. NZISM_v3.7_16.1.33.C.02. NZISM v3.7 16.1.33.C.02. 16.1.33.C.02. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning NZISM_v3.7 16.1.33.C.02. NZISM_v3.7_16.1.33.C.02. NZISM v3.7 16.1.33.C.02. 16.1.33.C.02. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes NZISM_v3.7 16.1.33.C.02. NZISM_v3.7_16.1.33.C.02. NZISM v3.7 16.1.33.C.02. 16.1.33.C.02. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL NZISM_v3.7 16.1.33.C.02. NZISM_v3.7_16.1.33.C.02. NZISM v3.7 16.1.33.C.02. 16.1.33.C.02. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL NZISM_v3.7 16.1.33.C.02. NZISM_v3.7_16.1.33.C.02. NZISM v3.7 16.1.33.C.02. 16.1.33.C.02. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus NZISM_v3.7 16.1.33.C.02. NZISM_v3.7_16.1.33.C.02. NZISM v3.7 16.1.33.C.02. 16.1.33.C.02. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes NZISM_v3.7 16.1.33.C.02. NZISM_v3.7_16.1.33.C.02. NZISM v3.7 16.1.33.C.02. 16.1.33.C.02. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NZISM_v3.7 16.1.33.C.02. NZISM_v3.7_16.1.33.C.02. NZISM v3.7 16.1.33.C.02. 16.1.33.C.02. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring NZISM_v3.7 16.1.33.C.02. NZISM_v3.7_16.1.33.C.02. NZISM v3.7 16.1.33.C.02. 16.1.33.C.02. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB NZISM_v3.7 16.1.33.C.02. NZISM_v3.7_16.1.33.C.02. NZISM v3.7 16.1.33.C.02. 16.1.33.C.02. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NZISM_v3.7 16.1.33.C.02. NZISM_v3.7_16.1.33.C.02. NZISM v3.7 16.1.33.C.02. 16.1.33.C.02. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes NZISM_v3.7 16.1.33.C.02. NZISM_v3.7_16.1.33.C.02. NZISM v3.7 16.1.33.C.02. 16.1.33.C.02. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration NZISM_v3.7 16.1.33.C.02. NZISM_v3.7_16.1.33.C.02. NZISM v3.7 16.1.33.C.02. 16.1.33.C.02. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NZISM_v3.7 16.1.33.C.02. NZISM_v3.7_16.1.33.C.02. NZISM v3.7 16.1.33.C.02. 16.1.33.C.02. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL NZISM_v3.7 16.1.33.C.02. NZISM_v3.7_16.1.33.C.02. NZISM v3.7 16.1.33.C.02. 16.1.33.C.02. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NZISM_v3.7 16.1.33.C.02. NZISM_v3.7_16.1.33.C.02. NZISM v3.7 16.1.33.C.02. 16.1.33.C.02. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NZISM_v3.7 16.1.33.C.02. NZISM_v3.7_16.1.33.C.02. NZISM v3.7 16.1.33.C.02. 16.1.33.C.02. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL NZISM_v3.7 16.1.34.C.01. NZISM_v3.7_16.1.34.C.01. NZISM v3.7 16.1.34.C.01. 16.1.34.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning NZISM_v3.7 16.1.34.C.01. NZISM_v3.7_16.1.34.C.01. NZISM v3.7 16.1.34.C.01. 16.1.34.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus NZISM_v3.7 16.1.34.C.01. NZISM_v3.7_16.1.34.C.01. NZISM v3.7 16.1.34.C.01. 16.1.34.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes NZISM_v3.7 16.1.34.C.01. NZISM_v3.7_16.1.34.C.01. NZISM v3.7 16.1.34.C.01. 16.1.34.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NZISM_v3.7 16.1.34.C.01. NZISM_v3.7_16.1.34.C.01. NZISM v3.7 16.1.34.C.01. 16.1.34.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NZISM_v3.7 16.1.34.C.01. NZISM_v3.7_16.1.34.C.01. NZISM v3.7 16.1.34.C.01. 16.1.34.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes NZISM_v3.7 16.1.34.C.01. NZISM_v3.7_16.1.34.C.01. NZISM v3.7 16.1.34.C.01. 16.1.34.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL NZISM_v3.7 16.1.34.C.01. NZISM_v3.7_16.1.34.C.01. NZISM v3.7 16.1.34.C.01. 16.1.34.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NZISM_v3.7 16.1.34.C.01. NZISM_v3.7_16.1.34.C.01. NZISM v3.7 16.1.34.C.01. 16.1.34.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL NZISM_v3.7 16.1.34.C.01. NZISM_v3.7_16.1.34.C.01. NZISM v3.7 16.1.34.C.01. 16.1.34.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NZISM_v3.7 16.1.34.C.01. NZISM_v3.7_16.1.34.C.01. NZISM v3.7 16.1.34.C.01. 16.1.34.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring NZISM_v3.7 16.1.34.C.01. NZISM_v3.7_16.1.34.C.01. NZISM v3.7 16.1.34.C.01. 16.1.34.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute NZISM_v3.7 16.1.34.C.01. NZISM_v3.7_16.1.34.C.01. NZISM v3.7 16.1.34.C.01. 16.1.34.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NZISM_v3.7 16.1.34.C.01. NZISM_v3.7_16.1.34.C.01. NZISM v3.7 16.1.34.C.01. 16.1.34.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring NZISM_v3.7 16.1.34.C.01. NZISM_v3.7_16.1.34.C.01. NZISM v3.7 16.1.34.C.01. 16.1.34.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring NZISM_v3.7 16.1.34.C.01. NZISM_v3.7_16.1.34.C.01. NZISM v3.7 16.1.34.C.01. 16.1.34.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network NZISM_v3.7 16.1.34.C.01. NZISM_v3.7_16.1.34.C.01. NZISM v3.7 16.1.34.C.01. 16.1.34.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB NZISM_v3.7 16.1.34.C.01. NZISM_v3.7_16.1.34.C.01. NZISM v3.7 16.1.34.C.01. 16.1.34.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NZISM_v3.7 16.1.34.C.01. NZISM_v3.7_16.1.34.C.01. NZISM v3.7 16.1.34.C.01. 16.1.34.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes NZISM_v3.7 16.1.34.C.01. NZISM_v3.7_16.1.34.C.01. NZISM v3.7 16.1.34.C.01. 16.1.34.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL NZISM_v3.7 16.1.34.C.01. NZISM_v3.7_16.1.34.C.01. NZISM v3.7 16.1.34.C.01. 16.1.34.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration NZISM_v3.7 16.1.34.C.01. NZISM_v3.7_16.1.34.C.01. NZISM v3.7 16.1.34.C.01. 16.1.34.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NZISM_v3.7 16.1.34.C.01. NZISM_v3.7_16.1.34.C.01. NZISM v3.7 16.1.34.C.01. 16.1.34.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NZISM_v3.7 16.1.34.C.01. NZISM_v3.7_16.1.34.C.01. NZISM v3.7 16.1.34.C.01. 16.1.34.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NZISM_v3.7 16.1.34.C.01. NZISM_v3.7_16.1.34.C.01. NZISM v3.7 16.1.34.C.01. 16.1.34.C.01. - promote security and accountability within the agency's systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NZISM_v3.7 16.1.35.C.02. NZISM_v3.7_16.1.35.C.02. NZISM v3.7 16.1.35.C.02. 16.1.35.C.02. - implement additional authentication factors to enhance security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL NZISM_v3.7 16.1.35.C.02. NZISM_v3.7_16.1.35.C.02. NZISM v3.7 16.1.35.C.02. 16.1.35.C.02. - implement additional authentication factors to enhance security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NZISM_v3.7 16.1.35.C.02. NZISM_v3.7_16.1.35.C.02. NZISM v3.7 16.1.35.C.02. 16.1.35.C.02. - implement additional authentication factors to enhance security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning NZISM_v3.7 16.1.35.C.02. NZISM_v3.7_16.1.35.C.02. NZISM v3.7 16.1.35.C.02. 16.1.35.C.02. - implement additional authentication factors to enhance security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring NZISM_v3.7 16.1.35.C.02. NZISM_v3.7_16.1.35.C.02. NZISM v3.7 16.1.35.C.02. 16.1.35.C.02. - implement additional authentication factors to enhance security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL NZISM_v3.7 16.1.35.C.02. NZISM_v3.7_16.1.35.C.02. NZISM v3.7 16.1.35.C.02. 16.1.35.C.02. - implement additional authentication factors to enhance security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NZISM_v3.7 16.1.35.C.02. NZISM_v3.7_16.1.35.C.02. NZISM v3.7 16.1.35.C.02. 16.1.35.C.02. - implement additional authentication factors to enhance security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL NZISM_v3.7 16.1.35.C.02. NZISM_v3.7_16.1.35.C.02. NZISM v3.7 16.1.35.C.02. 16.1.35.C.02. - implement additional authentication factors to enhance security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration NZISM_v3.7 16.1.35.C.02. NZISM_v3.7_16.1.35.C.02. NZISM v3.7 16.1.35.C.02. 16.1.35.C.02. - implement additional authentication factors to enhance security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes NZISM_v3.7 16.1.35.C.02. NZISM_v3.7_16.1.35.C.02. NZISM v3.7 16.1.35.C.02. 16.1.35.C.02. - implement additional authentication factors to enhance security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NZISM_v3.7 16.1.35.C.02. NZISM_v3.7_16.1.35.C.02. NZISM v3.7 16.1.35.C.02. 16.1.35.C.02. - implement additional authentication factors to enhance security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB NZISM_v3.7 16.1.35.C.02. NZISM_v3.7_16.1.35.C.02. NZISM v3.7 16.1.35.C.02. 16.1.35.C.02. - implement additional authentication factors to enhance security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL NZISM_v3.7 16.1.35.C.02. NZISM_v3.7_16.1.35.C.02. NZISM v3.7 16.1.35.C.02. 16.1.35.C.02. - implement additional authentication factors to enhance security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus NZISM_v3.7 16.1.35.C.02. NZISM_v3.7_16.1.35.C.02. NZISM v3.7 16.1.35.C.02. 16.1.35.C.02. - implement additional authentication factors to enhance security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes NZISM_v3.7 16.1.35.C.02. NZISM_v3.7_16.1.35.C.02. NZISM v3.7 16.1.35.C.02. 16.1.35.C.02. - implement additional authentication factors to enhance security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NZISM_v3.7 16.1.35.C.02. NZISM_v3.7_16.1.35.C.02. NZISM v3.7 16.1.35.C.02. 16.1.35.C.02. - implement additional authentication factors to enhance security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NZISM_v3.7 16.1.35.C.02. NZISM_v3.7_16.1.35.C.02. NZISM v3.7 16.1.35.C.02. 16.1.35.C.02. - implement additional authentication factors to enhance security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes NZISM_v3.7 16.1.35.C.02. NZISM_v3.7_16.1.35.C.02. NZISM v3.7 16.1.35.C.02. 16.1.35.C.02. - implement additional authentication factors to enhance security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network NZISM_v3.7 16.1.35.C.02. NZISM_v3.7_16.1.35.C.02. NZISM v3.7 16.1.35.C.02. 16.1.35.C.02. - implement additional authentication factors to enhance security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NZISM_v3.7 16.1.35.C.02. NZISM_v3.7_16.1.35.C.02. NZISM v3.7 16.1.35.C.02. 16.1.35.C.02. - implement additional authentication factors to enhance security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NZISM_v3.7 16.1.35.C.02. NZISM_v3.7_16.1.35.C.02. NZISM v3.7 16.1.35.C.02. 16.1.35.C.02. - implement additional authentication factors to enhance security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring NZISM_v3.7 16.1.35.C.02. NZISM_v3.7_16.1.35.C.02. NZISM v3.7 16.1.35.C.02. 16.1.35.C.02. - implement additional authentication factors to enhance security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring NZISM_v3.7 16.1.35.C.02. NZISM_v3.7_16.1.35.C.02. NZISM v3.7 16.1.35.C.02. 16.1.35.C.02. - implement additional authentication factors to enhance security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute NZISM_v3.7 16.1.35.C.02. NZISM_v3.7_16.1.35.C.02. NZISM v3.7 16.1.35.C.02. 16.1.35.C.02. - implement additional authentication factors to enhance security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NZISM_v3.7 16.1.35.C.02. NZISM_v3.7_16.1.35.C.02. NZISM v3.7 16.1.35.C.02. 16.1.35.C.02. - implement additional authentication factors to enhance security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NZISM_v3.7 16.1.36.C.01. NZISM_v3.7_16.1.36.C.01. NZISM v3.7 16.1.36.C.01. 16.1.36.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL NZISM_v3.7 16.1.36.C.01. NZISM_v3.7_16.1.36.C.01. NZISM v3.7 16.1.36.C.01. 16.1.36.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring NZISM_v3.7 16.1.36.C.01. NZISM_v3.7_16.1.36.C.01. NZISM v3.7 16.1.36.C.01. 16.1.36.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NZISM_v3.7 16.1.36.C.01. NZISM_v3.7_16.1.36.C.01. NZISM v3.7 16.1.36.C.01. 16.1.36.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL NZISM_v3.7 16.1.36.C.01. NZISM_v3.7_16.1.36.C.01. NZISM v3.7 16.1.36.C.01. 16.1.36.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NZISM_v3.7 16.1.36.C.01. NZISM_v3.7_16.1.36.C.01. NZISM v3.7 16.1.36.C.01. 16.1.36.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network NZISM_v3.7 16.1.36.C.01. NZISM_v3.7_16.1.36.C.01. NZISM v3.7 16.1.36.C.01. 16.1.36.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NZISM_v3.7 16.1.36.C.01. NZISM_v3.7_16.1.36.C.01. NZISM v3.7 16.1.36.C.01. 16.1.36.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring NZISM_v3.7 16.1.36.C.01. NZISM_v3.7_16.1.36.C.01. NZISM v3.7 16.1.36.C.01. 16.1.36.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes NZISM_v3.7 16.1.36.C.01. NZISM_v3.7_16.1.36.C.01. NZISM v3.7 16.1.36.C.01. 16.1.36.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL NZISM_v3.7 16.1.36.C.01. NZISM_v3.7_16.1.36.C.01. NZISM v3.7 16.1.36.C.01. 16.1.36.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes NZISM_v3.7 16.1.36.C.01. NZISM_v3.7_16.1.36.C.01. NZISM v3.7 16.1.36.C.01. 16.1.36.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NZISM_v3.7 16.1.36.C.01. NZISM_v3.7_16.1.36.C.01. NZISM v3.7 16.1.36.C.01. 16.1.36.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL NZISM_v3.7 16.1.36.C.01. NZISM_v3.7_16.1.36.C.01. NZISM v3.7 16.1.36.C.01. 16.1.36.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring NZISM_v3.7 16.1.36.C.01. NZISM_v3.7_16.1.36.C.01. NZISM v3.7 16.1.36.C.01. 16.1.36.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NZISM_v3.7 16.1.36.C.01. NZISM_v3.7_16.1.36.C.01. NZISM v3.7 16.1.36.C.01. 16.1.36.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes NZISM_v3.7 16.1.36.C.01. NZISM_v3.7_16.1.36.C.01. NZISM v3.7 16.1.36.C.01. 16.1.36.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes NZISM_v3.7 16.1.37.C.01. NZISM_v3.7_16.1.37.C.01. NZISM v3.7 16.1.37.C.01. 16.1.37.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NZISM_v3.7 16.1.37.C.01. NZISM_v3.7_16.1.37.C.01. NZISM v3.7 16.1.37.C.01. 16.1.37.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes NZISM_v3.7 16.1.37.C.01. NZISM_v3.7_16.1.37.C.01. NZISM v3.7 16.1.37.C.01. 16.1.37.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NZISM_v3.7 16.1.37.C.01. NZISM_v3.7_16.1.37.C.01. NZISM v3.7 16.1.37.C.01. 16.1.37.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes NZISM_v3.7 16.1.37.C.01. NZISM_v3.7_16.1.37.C.01. NZISM v3.7 16.1.37.C.01. 16.1.37.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL NZISM_v3.7 16.1.37.C.01. NZISM_v3.7_16.1.37.C.01. NZISM v3.7 16.1.37.C.01. 16.1.37.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring NZISM_v3.7 16.1.37.C.01. NZISM_v3.7_16.1.37.C.01. NZISM v3.7 16.1.37.C.01. 16.1.37.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring NZISM_v3.7 16.1.37.C.01. NZISM_v3.7_16.1.37.C.01. NZISM v3.7 16.1.37.C.01. 16.1.37.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NZISM_v3.7 16.1.37.C.01. NZISM_v3.7_16.1.37.C.01. NZISM v3.7 16.1.37.C.01. 16.1.37.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network NZISM_v3.7 16.1.37.C.01. NZISM_v3.7_16.1.37.C.01. NZISM v3.7 16.1.37.C.01. 16.1.37.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NZISM_v3.7 16.1.37.C.01. NZISM_v3.7_16.1.37.C.01. NZISM v3.7 16.1.37.C.01. 16.1.37.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL NZISM_v3.7 16.1.37.C.01. NZISM_v3.7_16.1.37.C.01. NZISM v3.7 16.1.37.C.01. 16.1.37.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NZISM_v3.7 16.1.37.C.01. NZISM_v3.7_16.1.37.C.01. NZISM v3.7 16.1.37.C.01. 16.1.37.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL NZISM_v3.7 16.1.37.C.01. NZISM_v3.7_16.1.37.C.01. NZISM v3.7 16.1.37.C.01. 16.1.37.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL NZISM_v3.7 16.1.37.C.01. NZISM_v3.7_16.1.37.C.01. NZISM v3.7 16.1.37.C.01. 16.1.37.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring NZISM_v3.7 16.1.37.C.01. NZISM_v3.7_16.1.37.C.01. NZISM v3.7 16.1.37.C.01. 16.1.37.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NZISM_v3.7 16.1.37.C.01. NZISM_v3.7_16.1.37.C.01. NZISM v3.7 16.1.37.C.01. 16.1.37.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL NZISM_v3.7 16.1.38.C.01. NZISM_v3.7_16.1.38.C.01. NZISM v3.7 16.1.38.C.01. 16.1.38.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NZISM_v3.7 16.1.38.C.01. NZISM_v3.7_16.1.38.C.01. NZISM v3.7 16.1.38.C.01. 16.1.38.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL NZISM_v3.7 16.1.39.C.01. NZISM_v3.7_16.1.39.C.01. NZISM v3.7 16.1.39.C.01. 16.1.39.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring NZISM_v3.7 16.1.39.C.01. NZISM_v3.7_16.1.39.C.01. NZISM v3.7 16.1.39.C.01. 16.1.39.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring NZISM_v3.7 16.1.39.C.01. NZISM_v3.7_16.1.39.C.01. NZISM v3.7 16.1.39.C.01. 16.1.39.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NZISM_v3.7 16.1.39.C.01. NZISM_v3.7_16.1.39.C.01. NZISM v3.7 16.1.39.C.01. 16.1.39.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL NZISM_v3.7 16.1.39.C.01. NZISM_v3.7_16.1.39.C.01. NZISM v3.7 16.1.39.C.01. 16.1.39.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes NZISM_v3.7 16.1.39.C.01. NZISM_v3.7_16.1.39.C.01. NZISM v3.7 16.1.39.C.01. 16.1.39.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes NZISM_v3.7 16.1.39.C.01. NZISM_v3.7_16.1.39.C.01. NZISM v3.7 16.1.39.C.01. 16.1.39.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NZISM_v3.7 16.1.39.C.01. NZISM_v3.7_16.1.39.C.01. NZISM v3.7 16.1.39.C.01. 16.1.39.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes NZISM_v3.7 16.1.39.C.01. NZISM_v3.7_16.1.39.C.01. NZISM v3.7 16.1.39.C.01. 16.1.39.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NZISM_v3.7 16.1.39.C.01. NZISM_v3.7_16.1.39.C.01. NZISM v3.7 16.1.39.C.01. 16.1.39.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NZISM_v3.7 16.1.39.C.01. NZISM_v3.7_16.1.39.C.01. NZISM v3.7 16.1.39.C.01. 16.1.39.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL NZISM_v3.7 16.1.39.C.01. NZISM_v3.7_16.1.39.C.01. NZISM v3.7 16.1.39.C.01. 16.1.39.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NZISM_v3.7 16.1.39.C.01. NZISM_v3.7_16.1.39.C.01. NZISM v3.7 16.1.39.C.01. 16.1.39.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL NZISM_v3.7 16.1.39.C.01. NZISM_v3.7_16.1.39.C.01. NZISM v3.7 16.1.39.C.01. 16.1.39.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network NZISM_v3.7 16.1.39.C.01. NZISM_v3.7_16.1.39.C.01. NZISM v3.7 16.1.39.C.01. 16.1.39.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring NZISM_v3.7 16.1.39.C.01. NZISM_v3.7_16.1.39.C.01. NZISM v3.7 16.1.39.C.01. 16.1.39.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NZISM_v3.7 16.1.39.C.01. NZISM_v3.7_16.1.39.C.01. NZISM v3.7 16.1.39.C.01. 16.1.39.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes NZISM_v3.7 16.1.39.C.02. NZISM_v3.7_16.1.39.C.02. NZISM v3.7 16.1.39.C.02. 16.1.39.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring NZISM_v3.7 16.1.39.C.02. NZISM_v3.7_16.1.39.C.02. NZISM v3.7 16.1.39.C.02. 16.1.39.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL NZISM_v3.7 16.1.39.C.02. NZISM_v3.7_16.1.39.C.02. NZISM v3.7 16.1.39.C.02. 16.1.39.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NZISM_v3.7 16.1.39.C.02. NZISM_v3.7_16.1.39.C.02. NZISM v3.7 16.1.39.C.02. 16.1.39.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes NZISM_v3.7 16.1.39.C.02. NZISM_v3.7_16.1.39.C.02. NZISM v3.7 16.1.39.C.02. 16.1.39.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NZISM_v3.7 16.1.39.C.02. NZISM_v3.7_16.1.39.C.02. NZISM v3.7 16.1.39.C.02. 16.1.39.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes NZISM_v3.7 16.1.39.C.02. NZISM_v3.7_16.1.39.C.02. NZISM v3.7 16.1.39.C.02. 16.1.39.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL NZISM_v3.7 16.1.39.C.02. NZISM_v3.7_16.1.39.C.02. NZISM v3.7 16.1.39.C.02. 16.1.39.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NZISM_v3.7 16.1.39.C.02. NZISM_v3.7_16.1.39.C.02. NZISM v3.7 16.1.39.C.02. 16.1.39.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL NZISM_v3.7 16.1.39.C.02. NZISM_v3.7_16.1.39.C.02. NZISM v3.7 16.1.39.C.02. 16.1.39.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NZISM_v3.7 16.1.39.C.02. NZISM_v3.7_16.1.39.C.02. NZISM v3.7 16.1.39.C.02. 16.1.39.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NZISM_v3.7 16.1.39.C.02. NZISM_v3.7_16.1.39.C.02. NZISM v3.7 16.1.39.C.02. 16.1.39.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network NZISM_v3.7 16.1.39.C.02. NZISM_v3.7_16.1.39.C.02. NZISM v3.7 16.1.39.C.02. 16.1.39.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NZISM_v3.7 16.1.39.C.02. NZISM_v3.7_16.1.39.C.02. NZISM v3.7 16.1.39.C.02. 16.1.39.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring NZISM_v3.7 16.1.39.C.02. NZISM_v3.7_16.1.39.C.02. NZISM v3.7 16.1.39.C.02. 16.1.39.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring NZISM_v3.7 16.1.39.C.02. NZISM_v3.7_16.1.39.C.02. NZISM v3.7 16.1.39.C.02. 16.1.39.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL NZISM_v3.7 16.1.39.C.02. NZISM_v3.7_16.1.39.C.02. NZISM v3.7 16.1.39.C.02. 16.1.39.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NZISM_v3.7 16.1.41.C.01. NZISM_v3.7_16.1.41.C.01. NZISM v3.7 16.1.41.C.01. 16.1.41.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL NZISM_v3.7 16.1.41.C.01. NZISM_v3.7_16.1.41.C.01. NZISM v3.7 16.1.41.C.01. 16.1.41.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NZISM_v3.7 16.1.41.C.02. NZISM_v3.7_16.1.41.C.02. NZISM v3.7 16.1.41.C.02. 16.1.41.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes NZISM_v3.7 16.1.41.C.02. NZISM_v3.7_16.1.41.C.02. NZISM v3.7 16.1.41.C.02. 16.1.41.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NZISM_v3.7 16.1.41.C.02. NZISM_v3.7_16.1.41.C.02. NZISM v3.7 16.1.41.C.02. 16.1.41.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes NZISM_v3.7 16.1.41.C.02. NZISM_v3.7_16.1.41.C.02. NZISM v3.7 16.1.41.C.02. 16.1.41.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NZISM_v3.7 16.1.41.C.02. NZISM_v3.7_16.1.41.C.02. NZISM v3.7 16.1.41.C.02. 16.1.41.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring NZISM_v3.7 16.1.41.C.02. NZISM_v3.7_16.1.41.C.02. NZISM v3.7 16.1.41.C.02. 16.1.41.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NZISM_v3.7 16.1.41.C.02. NZISM_v3.7_16.1.41.C.02. NZISM v3.7 16.1.41.C.02. 16.1.41.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network NZISM_v3.7 16.1.41.C.02. NZISM_v3.7_16.1.41.C.02. NZISM v3.7 16.1.41.C.02. 16.1.41.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NZISM_v3.7 16.1.41.C.02. NZISM_v3.7_16.1.41.C.02. NZISM v3.7 16.1.41.C.02. 16.1.41.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL NZISM_v3.7 16.1.41.C.02. NZISM_v3.7_16.1.41.C.02. NZISM v3.7 16.1.41.C.02. 16.1.41.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NZISM_v3.7 16.1.41.C.02. NZISM_v3.7_16.1.41.C.02. NZISM v3.7 16.1.41.C.02. 16.1.41.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring NZISM_v3.7 16.1.41.C.02. NZISM_v3.7_16.1.41.C.02. NZISM v3.7 16.1.41.C.02. 16.1.41.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL NZISM_v3.7 16.1.41.C.02. NZISM_v3.7_16.1.41.C.02. NZISM v3.7 16.1.41.C.02. 16.1.41.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes NZISM_v3.7 16.1.41.C.02. NZISM_v3.7_16.1.41.C.02. NZISM v3.7 16.1.41.C.02. 16.1.41.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL NZISM_v3.7 16.1.41.C.02. NZISM_v3.7_16.1.41.C.02. NZISM v3.7 16.1.41.C.02. 16.1.41.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring NZISM_v3.7 16.1.41.C.02. NZISM_v3.7_16.1.41.C.02. NZISM v3.7 16.1.41.C.02. 16.1.41.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL NZISM_v3.7 16.1.41.C.02. NZISM_v3.7_16.1.41.C.02. NZISM v3.7 16.1.41.C.02. 16.1.41.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NZISM_v3.7 16.1.41.C.03. NZISM_v3.7_16.1.41.C.03. NZISM v3.7 16.1.41.C.03. 16.1.41.C.03. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL NZISM_v3.7 16.1.41.C.03. NZISM_v3.7_16.1.41.C.03. NZISM v3.7 16.1.41.C.03. 16.1.41.C.03. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL NZISM_v3.7 16.1.41.C.04. NZISM_v3.7_16.1.41.C.04. NZISM v3.7 16.1.41.C.04. 16.1.41.C.04. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NZISM_v3.7 16.1.41.C.04. NZISM_v3.7_16.1.41.C.04. NZISM v3.7 16.1.41.C.04. 16.1.41.C.04. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL NZISM_v3.7 16.1.42.C.01. NZISM_v3.7_16.1.42.C.01. NZISM v3.7 16.1.42.C.01. 16.1.42.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NZISM_v3.7 16.1.42.C.01. NZISM_v3.7_16.1.42.C.01. NZISM v3.7 16.1.42.C.01. 16.1.42.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes NZISM_v3.7 16.1.43.C.01. NZISM_v3.7_16.1.43.C.01. NZISM v3.7 16.1.43.C.01. 16.1.43.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NZISM_v3.7 16.1.43.C.01. NZISM_v3.7_16.1.43.C.01. NZISM v3.7 16.1.43.C.01. 16.1.43.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes NZISM_v3.7 16.1.43.C.01. NZISM_v3.7_16.1.43.C.01. NZISM v3.7 16.1.43.C.01. 16.1.43.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL NZISM_v3.7 16.1.43.C.01. NZISM_v3.7_16.1.43.C.01. NZISM v3.7 16.1.43.C.01. 16.1.43.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL NZISM_v3.7 16.1.43.C.01. NZISM_v3.7_16.1.43.C.01. NZISM v3.7 16.1.43.C.01. 16.1.43.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NZISM_v3.7 16.1.43.C.01. NZISM_v3.7_16.1.43.C.01. NZISM v3.7 16.1.43.C.01. 16.1.43.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL NZISM_v3.7 16.1.43.C.01. NZISM_v3.7_16.1.43.C.01. NZISM v3.7 16.1.43.C.01. 16.1.43.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring NZISM_v3.7 16.1.43.C.01. NZISM_v3.7_16.1.43.C.01. NZISM v3.7 16.1.43.C.01. 16.1.43.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes NZISM_v3.7 16.1.43.C.01. NZISM_v3.7_16.1.43.C.01. NZISM v3.7 16.1.43.C.01. 16.1.43.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NZISM_v3.7 16.1.43.C.01. NZISM_v3.7_16.1.43.C.01. NZISM v3.7 16.1.43.C.01. 16.1.43.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network NZISM_v3.7 16.1.43.C.01. NZISM_v3.7_16.1.43.C.01. NZISM v3.7 16.1.43.C.01. 16.1.43.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NZISM_v3.7 16.1.43.C.01. NZISM_v3.7_16.1.43.C.01. NZISM v3.7 16.1.43.C.01. 16.1.43.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL NZISM_v3.7 16.1.43.C.01. NZISM_v3.7_16.1.43.C.01. NZISM v3.7 16.1.43.C.01. 16.1.43.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NZISM_v3.7 16.1.43.C.01. NZISM_v3.7_16.1.43.C.01. NZISM v3.7 16.1.43.C.01. 16.1.43.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring NZISM_v3.7 16.1.43.C.01. NZISM_v3.7_16.1.43.C.01. NZISM v3.7 16.1.43.C.01. 16.1.43.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NZISM_v3.7 16.1.43.C.01. NZISM_v3.7_16.1.43.C.01. NZISM v3.7 16.1.43.C.01. 16.1.43.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring NZISM_v3.7 16.1.43.C.01. NZISM_v3.7_16.1.43.C.01. NZISM v3.7 16.1.43.C.01. 16.1.43.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration NZISM_v3.7 16.1.44.C.01. NZISM_v3.7_16.1.44.C.01. NZISM v3.7 16.1.44.C.01. 16.1.44.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration NZISM_v3.7 16.1.45.C.01. NZISM_v3.7_16.1.45.C.01. NZISM v3.7 16.1.45.C.01. 16.1.45.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration NZISM_v3.7 16.1.45.C.02. NZISM_v3.7_16.1.45.C.02. NZISM v3.7 16.1.45.C.02. 16.1.45.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NZISM_v3.7 16.1.46.C.01. NZISM_v3.7_16.1.46.C.01. NZISM v3.7 16.1.46.C.01. 16.1.46.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL NZISM_v3.7 16.1.46.C.01. NZISM_v3.7_16.1.46.C.01. NZISM v3.7 16.1.46.C.01. 16.1.46.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NZISM_v3.7 16.1.46.C.02. NZISM_v3.7_16.1.46.C.02. NZISM v3.7 16.1.46.C.02. 16.1.46.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL NZISM_v3.7 16.1.46.C.02. NZISM_v3.7_16.1.46.C.02. NZISM v3.7 16.1.46.C.02. 16.1.46.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration NZISM_v3.7 16.1.47.C.01. NZISM_v3.7_16.1.47.C.01. NZISM v3.7 16.1.47.C.01. 16.1.47.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring NZISM_v3.7 16.1.48.C.02. NZISM_v3.7_16.1.48.C.02. NZISM v3.7 16.1.48.C.02. 16.1.48.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL NZISM_v3.7 16.1.48.C.02. NZISM_v3.7_16.1.48.C.02. NZISM v3.7 16.1.48.C.02. 16.1.48.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NZISM_v3.7 16.1.48.C.02. NZISM_v3.7_16.1.48.C.02. NZISM v3.7 16.1.48.C.02. 16.1.48.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes NZISM_v3.7 16.1.48.C.02. NZISM_v3.7_16.1.48.C.02. NZISM v3.7 16.1.48.C.02. 16.1.48.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring NZISM_v3.7 16.1.48.C.02. NZISM_v3.7_16.1.48.C.02. NZISM v3.7 16.1.48.C.02. 16.1.48.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NZISM_v3.7 16.1.48.C.02. NZISM_v3.7_16.1.48.C.02. NZISM v3.7 16.1.48.C.02. 16.1.48.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network NZISM_v3.7 16.1.48.C.02. NZISM_v3.7_16.1.48.C.02. NZISM v3.7 16.1.48.C.02. 16.1.48.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes NZISM_v3.7 16.1.48.C.02. NZISM_v3.7_16.1.48.C.02. NZISM v3.7 16.1.48.C.02. 16.1.48.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL NZISM_v3.7 16.1.48.C.02. NZISM_v3.7_16.1.48.C.02. NZISM v3.7 16.1.48.C.02. 16.1.48.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NZISM_v3.7 16.1.48.C.02. NZISM_v3.7_16.1.48.C.02. NZISM v3.7 16.1.48.C.02. 16.1.48.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes NZISM_v3.7 16.1.48.C.02. NZISM_v3.7_16.1.48.C.02. NZISM v3.7 16.1.48.C.02. 16.1.48.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL NZISM_v3.7 16.1.48.C.02. NZISM_v3.7_16.1.48.C.02. NZISM v3.7 16.1.48.C.02. 16.1.48.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring NZISM_v3.7 16.1.48.C.02. NZISM_v3.7_16.1.48.C.02. NZISM v3.7 16.1.48.C.02. 16.1.48.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL NZISM_v3.7 16.1.48.C.02. NZISM_v3.7_16.1.48.C.02. NZISM v3.7 16.1.48.C.02. 16.1.48.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NZISM_v3.7 16.1.48.C.02. NZISM_v3.7_16.1.48.C.02. NZISM v3.7 16.1.48.C.02. 16.1.48.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NZISM_v3.7 16.1.48.C.02. NZISM_v3.7_16.1.48.C.02. NZISM v3.7 16.1.48.C.02. 16.1.48.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL NZISM_v3.7 16.1.49.C.01. NZISM_v3.7_16.1.49.C.01. NZISM v3.7 16.1.49.C.01. 16.1.49.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NZISM_v3.7 16.1.49.C.01. NZISM_v3.7_16.1.49.C.01. NZISM v3.7 16.1.49.C.01. 16.1.49.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes NZISM_v3.7 16.1.49.C.01. NZISM_v3.7_16.1.49.C.01. NZISM v3.7 16.1.49.C.01. 16.1.49.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network NZISM_v3.7 16.1.49.C.01. NZISM_v3.7_16.1.49.C.01. NZISM v3.7 16.1.49.C.01. 16.1.49.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NZISM_v3.7 16.1.49.C.01. NZISM_v3.7_16.1.49.C.01. NZISM v3.7 16.1.49.C.01. 16.1.49.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes NZISM_v3.7 16.1.49.C.01. NZISM_v3.7_16.1.49.C.01. NZISM v3.7 16.1.49.C.01. 16.1.49.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NZISM_v3.7 16.1.49.C.01. NZISM_v3.7_16.1.49.C.01. NZISM v3.7 16.1.49.C.01. 16.1.49.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes NZISM_v3.7 16.1.49.C.01. NZISM_v3.7_16.1.49.C.01. NZISM v3.7 16.1.49.C.01. 16.1.49.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL NZISM_v3.7 16.1.49.C.01. NZISM_v3.7_16.1.49.C.01. NZISM v3.7 16.1.49.C.01. 16.1.49.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NZISM_v3.7 16.1.49.C.01. NZISM_v3.7_16.1.49.C.01. NZISM v3.7 16.1.49.C.01. 16.1.49.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NZISM_v3.7 16.1.49.C.01. NZISM_v3.7_16.1.49.C.01. NZISM v3.7 16.1.49.C.01. 16.1.49.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL NZISM_v3.7 16.1.49.C.01. NZISM_v3.7_16.1.49.C.01. NZISM v3.7 16.1.49.C.01. 16.1.49.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring NZISM_v3.7 16.1.49.C.01. NZISM_v3.7_16.1.49.C.01. NZISM v3.7 16.1.49.C.01. 16.1.49.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring NZISM_v3.7 16.1.49.C.01. NZISM_v3.7_16.1.49.C.01. NZISM v3.7 16.1.49.C.01. 16.1.49.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring NZISM_v3.7 16.1.49.C.01. NZISM_v3.7_16.1.49.C.01. NZISM v3.7 16.1.49.C.01. 16.1.49.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NZISM_v3.7 16.1.50.C.01. NZISM_v3.7_16.1.50.C.01. NZISM v3.7 16.1.50.C.01. 16.1.50.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes NZISM_v3.7 16.1.50.C.01. NZISM_v3.7_16.1.50.C.01. NZISM v3.7 16.1.50.C.01. 16.1.50.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring NZISM_v3.7 16.1.50.C.01. NZISM_v3.7_16.1.50.C.01. NZISM v3.7 16.1.50.C.01. 16.1.50.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring NZISM_v3.7 16.1.50.C.01. NZISM_v3.7_16.1.50.C.01. NZISM v3.7 16.1.50.C.01. 16.1.50.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes NZISM_v3.7 16.1.50.C.01. NZISM_v3.7_16.1.50.C.01. NZISM v3.7 16.1.50.C.01. 16.1.50.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes NZISM_v3.7 16.1.50.C.01. NZISM_v3.7_16.1.50.C.01. NZISM v3.7 16.1.50.C.01. 16.1.50.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL NZISM_v3.7 16.1.50.C.01. NZISM_v3.7_16.1.50.C.01. NZISM v3.7 16.1.50.C.01. 16.1.50.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NZISM_v3.7 16.1.50.C.01. NZISM_v3.7_16.1.50.C.01. NZISM v3.7 16.1.50.C.01. 16.1.50.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network NZISM_v3.7 16.1.50.C.01. NZISM_v3.7_16.1.50.C.01. NZISM v3.7 16.1.50.C.01. 16.1.50.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NZISM_v3.7 16.1.50.C.01. NZISM_v3.7_16.1.50.C.01. NZISM v3.7 16.1.50.C.01. 16.1.50.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring NZISM_v3.7 16.1.50.C.01. NZISM_v3.7_16.1.50.C.01. NZISM v3.7 16.1.50.C.01. 16.1.50.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NZISM_v3.7 16.1.50.C.01. NZISM_v3.7_16.1.50.C.01. NZISM v3.7 16.1.50.C.01. 16.1.50.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NZISM_v3.7 16.1.50.C.01. NZISM_v3.7_16.1.50.C.01. NZISM v3.7 16.1.50.C.01. 16.1.50.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL NZISM_v3.7 16.1.50.C.01. NZISM_v3.7_16.1.50.C.01. NZISM v3.7 16.1.50.C.01. 16.1.50.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL NZISM_v3.7 16.1.50.C.01. NZISM_v3.7_16.1.50.C.01. NZISM v3.7 16.1.50.C.01. 16.1.50.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL NZISM_v3.7 16.1.50.C.02. NZISM_v3.7_16.1.50.C.02. NZISM v3.7 16.1.50.C.02. 16.1.50.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL NZISM_v3.7 16.1.50.C.02. NZISM_v3.7_16.1.50.C.02. NZISM v3.7 16.1.50.C.02. 16.1.50.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NZISM_v3.7 16.1.50.C.02. NZISM_v3.7_16.1.50.C.02. NZISM v3.7 16.1.50.C.02. 16.1.50.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring NZISM_v3.7 16.1.50.C.02. NZISM_v3.7_16.1.50.C.02. NZISM v3.7 16.1.50.C.02. 16.1.50.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring NZISM_v3.7 16.1.50.C.02. NZISM_v3.7_16.1.50.C.02. NZISM v3.7 16.1.50.C.02. 16.1.50.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NZISM_v3.7 16.1.50.C.02. NZISM_v3.7_16.1.50.C.02. NZISM v3.7 16.1.50.C.02. 16.1.50.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NZISM_v3.7 16.1.50.C.02. NZISM_v3.7_16.1.50.C.02. NZISM v3.7 16.1.50.C.02. 16.1.50.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network NZISM_v3.7 16.1.50.C.02. NZISM_v3.7_16.1.50.C.02. NZISM v3.7 16.1.50.C.02. 16.1.50.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes NZISM_v3.7 16.1.50.C.02. NZISM_v3.7_16.1.50.C.02. NZISM v3.7 16.1.50.C.02. 16.1.50.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NZISM_v3.7 16.1.50.C.02. NZISM_v3.7_16.1.50.C.02. NZISM v3.7 16.1.50.C.02. 16.1.50.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes NZISM_v3.7 16.1.50.C.02. NZISM_v3.7_16.1.50.C.02. NZISM v3.7 16.1.50.C.02. 16.1.50.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes NZISM_v3.7 16.1.50.C.02. NZISM_v3.7_16.1.50.C.02. NZISM v3.7 16.1.50.C.02. 16.1.50.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL NZISM_v3.7 16.1.50.C.02. NZISM_v3.7_16.1.50.C.02. NZISM v3.7 16.1.50.C.02. 16.1.50.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring NZISM_v3.7 16.1.50.C.02. NZISM_v3.7_16.1.50.C.02. NZISM v3.7 16.1.50.C.02. 16.1.50.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NZISM_v3.7 16.1.50.C.02. NZISM_v3.7_16.1.50.C.02. NZISM v3.7 16.1.50.C.02. 16.1.50.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL NZISM_v3.7 16.2.3.C.01. NZISM_v3.7_16.2.3.C.01. NZISM v3.7 16.2.3.C.01. 16.2.3.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NZISM_v3.7 16.2.3.C.01. NZISM_v3.7_16.2.3.C.01. NZISM v3.7 16.2.3.C.01. 16.2.3.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NZISM_v3.7 16.2.3.C.01. NZISM_v3.7_16.2.3.C.01. NZISM v3.7 16.2.3.C.01. 16.2.3.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NZISM_v3.7 16.2.3.C.01. NZISM_v3.7_16.2.3.C.01. NZISM v3.7 16.2.3.C.01. 16.2.3.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL NZISM_v3.7 16.2.3.C.01. NZISM_v3.7_16.2.3.C.01. NZISM v3.7 16.2.3.C.01. 16.2.3.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes NZISM_v3.7 16.2.3.C.01. NZISM_v3.7_16.2.3.C.01. NZISM v3.7 16.2.3.C.01. 16.2.3.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NZISM_v3.7 16.2.3.C.01. NZISM_v3.7_16.2.3.C.01. NZISM v3.7 16.2.3.C.01. 16.2.3.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes NZISM_v3.7 16.2.3.C.01. NZISM_v3.7_16.2.3.C.01. NZISM v3.7 16.2.3.C.01. 16.2.3.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NZISM_v3.7 16.2.3.C.01. NZISM_v3.7_16.2.3.C.01. NZISM v3.7 16.2.3.C.01. 16.2.3.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes NZISM_v3.7 16.2.3.C.01. NZISM_v3.7_16.2.3.C.01. NZISM v3.7 16.2.3.C.01. 16.2.3.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring NZISM_v3.7 16.2.3.C.01. NZISM_v3.7_16.2.3.C.01. NZISM v3.7 16.2.3.C.01. 16.2.3.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring NZISM_v3.7 16.2.3.C.01. NZISM_v3.7_16.2.3.C.01. NZISM v3.7 16.2.3.C.01. 16.2.3.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring NZISM_v3.7 16.2.3.C.01. NZISM_v3.7_16.2.3.C.01. NZISM v3.7 16.2.3.C.01. 16.2.3.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network NZISM_v3.7 16.2.3.C.01. NZISM_v3.7_16.2.3.C.01. NZISM v3.7 16.2.3.C.01. 16.2.3.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes NZISM_v3.7 16.2.3.C.02. NZISM_v3.7_16.2.3.C.02. NZISM v3.7 16.2.3.C.02. 16.2.3.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes NZISM_v3.7 16.2.3.C.02. NZISM_v3.7_16.2.3.C.02. NZISM v3.7 16.2.3.C.02. 16.2.3.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NZISM_v3.7 16.2.3.C.02. NZISM_v3.7_16.2.3.C.02. NZISM v3.7 16.2.3.C.02. 16.2.3.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NZISM_v3.7 16.2.3.C.02. NZISM_v3.7_16.2.3.C.02. NZISM v3.7 16.2.3.C.02. 16.2.3.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NZISM_v3.7 16.2.3.C.02. NZISM_v3.7_16.2.3.C.02. NZISM v3.7 16.2.3.C.02. 16.2.3.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NZISM_v3.7 16.2.3.C.02. NZISM_v3.7_16.2.3.C.02. NZISM v3.7 16.2.3.C.02. 16.2.3.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring NZISM_v3.7 16.2.3.C.02. NZISM_v3.7_16.2.3.C.02. NZISM v3.7 16.2.3.C.02. 16.2.3.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring NZISM_v3.7 16.2.3.C.02. NZISM_v3.7_16.2.3.C.02. NZISM v3.7 16.2.3.C.02. 16.2.3.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring NZISM_v3.7 16.2.3.C.02. NZISM_v3.7_16.2.3.C.02. NZISM v3.7 16.2.3.C.02. 16.2.3.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NZISM_v3.7 16.2.3.C.02. NZISM_v3.7_16.2.3.C.02. NZISM v3.7 16.2.3.C.02. 16.2.3.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes NZISM_v3.7 16.2.3.C.02. NZISM_v3.7_16.2.3.C.02. NZISM v3.7 16.2.3.C.02. 16.2.3.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center NZISM_v3.7 16.3.5.C.01. NZISM_v3.7_16.3.5.C.01. NZISM v3.7 16.3.5.C.01. 16.3.5.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault NZISM_v3.7 16.3.5.C.01. NZISM_v3.7_16.3.5.C.01. NZISM v3.7 16.3.5.C.01. 16.3.5.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault NZISM_v3.7 16.3.5.C.01. NZISM_v3.7_16.3.5.C.01. NZISM v3.7 16.3.5.C.01. 16.3.5.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center NZISM_v3.7 16.3.5.C.01. NZISM_v3.7_16.3.5.C.01. NZISM v3.7 16.3.5.C.01. 16.3.5.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NZISM_v3.7 16.3.5.C.01. NZISM_v3.7_16.3.5.C.01. NZISM v3.7 16.3.5.C.01. 16.3.5.C.01. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault NZISM_v3.7 16.3.5.C.02. NZISM_v3.7_16.3.5.C.02. NZISM v3.7 16.3.5.C.02. 16.3.5.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NZISM_v3.7 16.3.5.C.02. NZISM_v3.7_16.3.5.C.02. NZISM v3.7 16.3.5.C.02. 16.3.5.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault NZISM_v3.7 16.3.5.C.02. NZISM_v3.7_16.3.5.C.02. NZISM v3.7 16.3.5.C.02. 16.3.5.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center NZISM_v3.7 16.3.5.C.02. NZISM_v3.7_16.3.5.C.02. NZISM v3.7 16.3.5.C.02. 16.3.5.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center NZISM_v3.7 16.3.5.C.02. NZISM_v3.7_16.3.5.C.02. NZISM v3.7 16.3.5.C.02. 16.3.5.C.02. - enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center NZISM_v3.7 16.3.6.C.01. NZISM_v3.7_16.3.6.C.01. NZISM v3.7 16.3.6.C.01. 16.3.6.C.01. - safeguard sensitive national data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault NZISM_v3.7 16.3.6.C.01. NZISM_v3.7_16.3.6.C.01. NZISM v3.7 16.3.6.C.01. 16.3.6.C.01. - safeguard sensitive national data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NZISM_v3.7 16.4.32.C.02. NZISM_v3.7_16.4.32.C.02. NZISM v3.7 16.4.32.C.02. 16.4.32.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault NZISM_v3.7 16.4.32.C.02. NZISM_v3.7_16.4.32.C.02. NZISM v3.7 16.4.32.C.02. 16.4.32.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center NZISM_v3.7 16.4.32.C.02. NZISM_v3.7_16.4.32.C.02. NZISM v3.7 16.4.32.C.02. 16.4.32.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration NZISM_v3.7 16.4.32.C.02. NZISM_v3.7_16.4.32.C.02. NZISM v3.7 16.4.32.C.02. 16.4.32.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center NZISM_v3.7 16.4.32.C.02. NZISM_v3.7_16.4.32.C.02. NZISM v3.7 16.4.32.C.02. 16.4.32.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration NZISM_v3.7 16.4.32.C.02. NZISM_v3.7_16.4.32.C.02. NZISM v3.7 16.4.32.C.02. 16.4.32.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration NZISM_v3.7 16.4.32.C.02. NZISM_v3.7_16.4.32.C.02. NZISM v3.7 16.4.32.C.02. 16.4.32.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning NZISM_v3.7 16.4.32.C.02. NZISM_v3.7_16.4.32.C.02. NZISM v3.7 16.4.32.C.02. 16.4.32.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL NZISM_v3.7 16.4.32.C.02. NZISM_v3.7_16.4.32.C.02. NZISM v3.7 16.4.32.C.02. 16.4.32.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage NZISM_v3.7 16.4.32.C.02. NZISM_v3.7_16.4.32.C.02. NZISM v3.7 16.4.32.C.02. 16.4.32.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration NZISM_v3.7 16.4.32.C.02. NZISM_v3.7_16.4.32.C.02. NZISM v3.7 16.4.32.C.02. 16.4.32.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault NZISM_v3.7 16.4.32.C.02. NZISM_v3.7_16.4.32.C.02. NZISM v3.7 16.4.32.C.02. 16.4.32.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub NZISM_v3.7 16.4.32.C.02. NZISM_v3.7_16.4.32.C.02. NZISM v3.7 16.4.32.C.02. 16.4.32.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration NZISM_v3.7 16.4.32.C.02. NZISM_v3.7_16.4.32.C.02. NZISM v3.7 16.4.32.C.02. 16.4.32.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration NZISM_v3.7 16.4.32.C.02. NZISM_v3.7_16.4.32.C.02. NZISM v3.7 16.4.32.C.02. 16.4.32.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration NZISM_v3.7 16.4.32.C.02. NZISM_v3.7_16.4.32.C.02. NZISM v3.7 16.4.32.C.02. 16.4.32.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration NZISM_v3.7 16.4.32.C.02. NZISM_v3.7_16.4.32.C.02. NZISM v3.7 16.4.32.C.02. 16.4.32.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NZISM_v3.7 16.4.32.C.02. NZISM_v3.7_16.4.32.C.02. NZISM v3.7 16.4.32.C.02. 16.4.32.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NZISM_v3.7 16.4.32.C.02. NZISM_v3.7_16.4.32.C.02. NZISM v3.7 16.4.32.C.02. 16.4.32.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NZISM_v3.7 16.4.32.C.02. NZISM_v3.7_16.4.32.C.02. NZISM v3.7 16.4.32.C.02. 16.4.32.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration NZISM_v3.7 16.4.37.C.01. NZISM_v3.7_16.4.37.C.01. NZISM v3.7 16.4.37.C.01. 16.4.37.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NZISM_v3.7 16.4.37.C.01. NZISM_v3.7_16.4.37.C.01. NZISM v3.7 16.4.37.C.01. 16.4.37.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration NZISM_v3.7 16.4.37.C.01. NZISM_v3.7_16.4.37.C.01. NZISM v3.7 16.4.37.C.01. 16.4.37.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration NZISM_v3.7 16.4.37.R.02. NZISM_v3.7_16.4.37.R.02. 404 not found NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration NZISM_v3.7 16.4.37.R.02. NZISM_v3.7_16.4.37.R.02. 404 not found NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NZISM_v3.7 16.4.37.R.02. NZISM_v3.7_16.4.37.R.02. 404 not found NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery NZISM_v3.7 16.5.10.C.01. NZISM_v3.7_16.5.10.C.01. NZISM v3.7 16.5.10.C.01. 16.5.10.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NZISM_v3.7 16.5.10.C.01. NZISM_v3.7_16.5.10.C.01. NZISM v3.7 16.5.10.C.01. 16.5.10.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration NZISM_v3.7 16.5.10.C.01. NZISM_v3.7_16.5.10.C.01. NZISM v3.7 16.5.10.C.01. 16.5.10.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network NZISM_v3.7 16.5.10.C.01. NZISM_v3.7_16.5.10.C.01. NZISM v3.7 16.5.10.C.01. 16.5.10.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup NZISM_v3.7 16.5.10.C.01. NZISM_v3.7_16.5.10.C.01. NZISM v3.7 16.5.10.C.01. 16.5.10.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NZISM_v3.7 16.5.10.C.01. NZISM_v3.7_16.5.10.C.01. NZISM v3.7 16.5.10.C.01. 16.5.10.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services NZISM_v3.7 16.5.10.C.01. NZISM_v3.7_16.5.10.C.01. NZISM v3.7 16.5.10.C.01. 16.5.10.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL NZISM_v3.7 16.5.10.C.01. NZISM_v3.7_16.5.10.C.01. NZISM v3.7 16.5.10.C.01. 16.5.10.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration NZISM_v3.7 16.5.10.C.01. NZISM_v3.7_16.5.10.C.01. NZISM v3.7 16.5.10.C.01. 16.5.10.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage NZISM_v3.7 16.5.10.C.01. NZISM_v3.7_16.5.10.C.01. NZISM v3.7 16.5.10.C.01. 16.5.10.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network NZISM_v3.7 16.5.10.C.01. NZISM_v3.7_16.5.10.C.01. NZISM v3.7 16.5.10.C.01. 16.5.10.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network NZISM_v3.7 16.5.10.C.02. NZISM_v3.7_16.5.10.C.02. NZISM v3.7 16.5.10.C.02. 16.5.10.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network NZISM_v3.7 16.5.10.C.02. NZISM_v3.7_16.5.10.C.02. NZISM v3.7 16.5.10.C.02. 16.5.10.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NZISM_v3.7 16.5.10.C.02. NZISM_v3.7_16.5.10.C.02. NZISM v3.7 16.5.10.C.02. 16.5.10.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault NZISM_v3.7 16.5.10.C.02. NZISM_v3.7_16.5.10.C.02. NZISM v3.7 16.5.10.C.02. 16.5.10.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NZISM_v3.7 16.5.10.C.02. NZISM_v3.7_16.5.10.C.02. NZISM v3.7 16.5.10.C.02. 16.5.10.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration NZISM_v3.7 16.5.10.C.02. NZISM_v3.7_16.5.10.C.02. NZISM v3.7 16.5.10.C.02. 16.5.10.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache NZISM_v3.7 16.5.10.C.02. NZISM_v3.7_16.5.10.C.02. NZISM v3.7 16.5.10.C.02. 16.5.10.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute NZISM_v3.7 16.5.10.C.02. NZISM_v3.7_16.5.10.C.02. NZISM v3.7 16.5.10.C.02. 16.5.10.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL NZISM_v3.7 16.5.10.C.02. NZISM_v3.7_16.5.10.C.02. NZISM v3.7 16.5.10.C.02. 16.5.10.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup NZISM_v3.7 16.5.10.C.02. NZISM_v3.7_16.5.10.C.02. NZISM v3.7 16.5.10.C.02. 16.5.10.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services NZISM_v3.7 16.5.10.C.02. NZISM_v3.7_16.5.10.C.02. NZISM v3.7 16.5.10.C.02. 16.5.10.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery NZISM_v3.7 16.5.10.C.02. NZISM_v3.7_16.5.10.C.02. NZISM v3.7 16.5.10.C.02. 16.5.10.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL NZISM_v3.7 16.5.10.C.02. NZISM_v3.7_16.5.10.C.02. NZISM v3.7 16.5.10.C.02. 16.5.10.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL NZISM_v3.7 16.5.10.C.02. NZISM_v3.7_16.5.10.C.02. NZISM v3.7 16.5.10.C.02. 16.5.10.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL NZISM_v3.7 16.5.10.C.02. NZISM_v3.7_16.5.10.C.02. NZISM v3.7 16.5.10.C.02. 16.5.10.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NZISM_v3.7 16.5.10.C.02. NZISM_v3.7_16.5.10.C.02. NZISM v3.7 16.5.10.C.02. 16.5.10.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL NZISM_v3.7 16.5.10.C.02. NZISM_v3.7_16.5.10.C.02. NZISM v3.7 16.5.10.C.02. 16.5.10.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration NZISM_v3.7 16.5.10.C.02. NZISM_v3.7_16.5.10.C.02. NZISM v3.7 16.5.10.C.02. 16.5.10.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage NZISM_v3.7 16.5.10.C.02. NZISM_v3.7_16.5.10.C.02. NZISM v3.7 16.5.10.C.02. 16.5.10.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse NZISM_v3.7 16.5.10.C.02. NZISM_v3.7_16.5.10.C.02. NZISM v3.7 16.5.10.C.02. 16.5.10.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration NZISM_v3.7 16.5.10.C.02. NZISM_v3.7_16.5.10.C.02. NZISM v3.7 16.5.10.C.02. 16.5.10.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup NZISM_v3.7 16.5.11.C.01. NZISM_v3.7_16.5.11.C.01. NZISM v3.7 16.5.11.C.01. 16.5.11.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network NZISM_v3.7 16.5.11.C.01. NZISM_v3.7_16.5.11.C.01. NZISM v3.7 16.5.11.C.01. 16.5.11.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration NZISM_v3.7 16.5.11.C.01. NZISM_v3.7_16.5.11.C.01. NZISM v3.7 16.5.11.C.01. 16.5.11.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration NZISM_v3.7 16.5.11.C.01. NZISM_v3.7_16.5.11.C.01. NZISM v3.7 16.5.11.C.01. 16.5.11.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL NZISM_v3.7 16.5.11.C.01. NZISM_v3.7_16.5.11.C.01. NZISM v3.7 16.5.11.C.01. 16.5.11.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services NZISM_v3.7 16.5.11.C.01. NZISM_v3.7_16.5.11.C.01. NZISM v3.7 16.5.11.C.01. 16.5.11.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage NZISM_v3.7 16.5.11.C.01. NZISM_v3.7_16.5.11.C.01. NZISM v3.7 16.5.11.C.01. 16.5.11.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network NZISM_v3.7 16.5.11.C.01. NZISM_v3.7_16.5.11.C.01. NZISM v3.7 16.5.11.C.01. 16.5.11.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery NZISM_v3.7 16.5.11.C.01. NZISM_v3.7_16.5.11.C.01. NZISM v3.7 16.5.11.C.01. 16.5.11.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NZISM_v3.7 16.5.11.C.01. NZISM_v3.7_16.5.11.C.01. NZISM v3.7 16.5.11.C.01. 16.5.11.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NZISM_v3.7 16.5.11.C.01. NZISM_v3.7_16.5.11.C.01. NZISM v3.7 16.5.11.C.01. 16.5.11.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NZISM_v3.7 16.5.11.C.02. NZISM_v3.7_16.5.11.C.02. NZISM v3.7 16.5.11.C.02. 16.5.11.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NZISM_v3.7 16.5.11.C.02. NZISM_v3.7_16.5.11.C.02. NZISM v3.7 16.5.11.C.02. 16.5.11.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage NZISM_v3.7 16.5.11.C.02. NZISM_v3.7_16.5.11.C.02. NZISM v3.7 16.5.11.C.02. 16.5.11.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services NZISM_v3.7 16.5.11.C.02. NZISM_v3.7_16.5.11.C.02. NZISM v3.7 16.5.11.C.02. 16.5.11.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network NZISM_v3.7 16.5.11.C.02. NZISM_v3.7_16.5.11.C.02. NZISM v3.7 16.5.11.C.02. 16.5.11.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery NZISM_v3.7 16.5.11.C.02. NZISM_v3.7_16.5.11.C.02. NZISM v3.7 16.5.11.C.02. 16.5.11.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup NZISM_v3.7 16.5.11.C.02. NZISM_v3.7_16.5.11.C.02. NZISM v3.7 16.5.11.C.02. 16.5.11.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL NZISM_v3.7 16.5.11.C.02. NZISM_v3.7_16.5.11.C.02. NZISM v3.7 16.5.11.C.02. 16.5.11.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network NZISM_v3.7 16.5.11.C.02. NZISM_v3.7_16.5.11.C.02. NZISM v3.7 16.5.11.C.02. 16.5.11.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration NZISM_v3.7 16.5.11.C.02. NZISM_v3.7_16.5.11.C.02. NZISM v3.7 16.5.11.C.02. 16.5.11.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration NZISM_v3.7 16.5.11.C.02. NZISM_v3.7_16.5.11.C.02. NZISM v3.7 16.5.11.C.02. 16.5.11.C.02. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup NZISM_v3.7 16.5.12.C.01. NZISM_v3.7_16.5.12.C.01. NZISM v3.7 16.5.12.C.01. 16.5.12.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network NZISM_v3.7 16.5.12.C.01. NZISM_v3.7_16.5.12.C.01. NZISM v3.7 16.5.12.C.01. 16.5.12.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration NZISM_v3.7 16.5.12.C.01. NZISM_v3.7_16.5.12.C.01. NZISM v3.7 16.5.12.C.01. 16.5.12.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NZISM_v3.7 16.5.12.C.01. NZISM_v3.7_16.5.12.C.01. NZISM v3.7 16.5.12.C.01. 16.5.12.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NZISM_v3.7 16.5.12.C.01. NZISM_v3.7_16.5.12.C.01. NZISM v3.7 16.5.12.C.01. 16.5.12.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network NZISM_v3.7 16.5.12.C.01. NZISM_v3.7_16.5.12.C.01. NZISM v3.7 16.5.12.C.01. 16.5.12.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage NZISM_v3.7 16.5.12.C.01. NZISM_v3.7_16.5.12.C.01. NZISM v3.7 16.5.12.C.01. 16.5.12.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services NZISM_v3.7 16.5.12.C.01. NZISM_v3.7_16.5.12.C.01. NZISM v3.7 16.5.12.C.01. 16.5.12.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL NZISM_v3.7 16.5.12.C.01. NZISM_v3.7_16.5.12.C.01. NZISM v3.7 16.5.12.C.01. 16.5.12.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration NZISM_v3.7 16.5.12.C.01. NZISM_v3.7_16.5.12.C.01. NZISM v3.7 16.5.12.C.01. 16.5.12.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery NZISM_v3.7 16.5.12.C.01. NZISM_v3.7_16.5.12.C.01. NZISM v3.7 16.5.12.C.01. 16.5.12.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. 16.6.10.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. 16.6.10.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. 16.6.11.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. 16.6.12.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NZISM_v3.7 16.6.12.C.02. NZISM_v3.7_16.6.12.C.02. NZISM v3.7 16.6.12.C.02. 16.6.12.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring NZISM_v3.7 16.6.12.C.02. NZISM_v3.7_16.6.12.C.02. NZISM v3.7 16.6.12.C.02. 16.6.12.C.02. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring NZISM_v3.7 16.6.12.C.03. NZISM_v3.7_16.6.12.C.03. NZISM v3.7 16.6.12.C.03. 16.6.12.C.03. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NZISM_v3.7 16.6.12.C.03. NZISM_v3.7_16.6.12.C.03. NZISM v3.7 16.6.12.C.03. 16.6.12.C.03. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NZISM_v3.7 16.6.13.C.01. NZISM_v3.7_16.6.13.C.01. NZISM v3.7 16.6.13.C.01. 16.6.13.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring NZISM_v3.7 16.6.13.C.01. NZISM_v3.7_16.6.13.C.01. NZISM v3.7 16.6.13.C.01. 16.6.13.C.01. - maintain integrity of the data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring NZISM_v3.7 16.6.13.C.02. NZISM_v3.7_16.6.13.C.02. NZISM v3.7 16.6.13.C.02. 16.6.13.C.02. - maintain transparency, integrity, and legality in handling sensitive information and mitigate potential risks associated with data breaches or unauthorized access. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NZISM_v3.7 16.6.13.C.02. NZISM_v3.7_16.6.13.C.02. NZISM v3.7 16.6.13.C.02. 16.6.13.C.02. - maintain transparency, integrity, and legality in handling sensitive information and mitigate potential risks associated with data breaches or unauthorized access. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. 16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. 16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. 16.6.9.C.01. - enhance system security and accountability. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration NZISM_v3.7 17.1.51.C.01. NZISM_v3.7_17.1.51.C.01. NZISM v3.7 17.1.51.C.01. 17.1.51.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL NZISM_v3.7 17.1.51.C.01. NZISM_v3.7_17.1.51.C.01. NZISM v3.7 17.1.51.C.01. 17.1.51.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.51.C.01. NZISM_v3.7_17.1.51.C.01. NZISM v3.7 17.1.51.C.01. 17.1.51.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault NZISM_v3.7 17.1.51.C.01. NZISM_v3.7_17.1.51.C.01. NZISM v3.7 17.1.51.C.01. 17.1.51.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer NZISM_v3.7 17.1.51.C.01. NZISM_v3.7_17.1.51.C.01. NZISM v3.7 17.1.51.C.01. 17.1.51.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration NZISM_v3.7 17.1.51.C.01. NZISM_v3.7_17.1.51.C.01. NZISM v3.7 17.1.51.C.01. 17.1.51.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center NZISM_v3.7 17.1.51.C.01. NZISM_v3.7_17.1.51.C.01. NZISM v3.7 17.1.51.C.01. 17.1.51.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation NZISM_v3.7 17.1.51.C.01. NZISM_v3.7_17.1.51.C.01. NZISM v3.7 17.1.51.C.01. 17.1.51.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute NZISM_v3.7 17.1.51.C.01. NZISM_v3.7_17.1.51.C.01. NZISM v3.7 17.1.51.C.01. 17.1.51.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration NZISM_v3.7 17.1.51.C.01. NZISM_v3.7_17.1.51.C.01. NZISM v3.7 17.1.51.C.01. 17.1.51.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute NZISM_v3.7 17.1.51.C.01. NZISM_v3.7_17.1.51.C.01. NZISM v3.7 17.1.51.C.01. 17.1.51.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault NZISM_v3.7 17.1.51.C.01. NZISM_v3.7_17.1.51.C.01. NZISM v3.7 17.1.51.C.01. 17.1.51.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault NZISM_v3.7 17.1.51.C.01. NZISM_v3.7_17.1.51.C.01. NZISM v3.7 17.1.51.C.01. 17.1.51.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics NZISM_v3.7 17.1.51.C.01. NZISM_v3.7_17.1.51.C.01. NZISM v3.7 17.1.51.C.01. 17.1.51.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer NZISM_v3.7 17.1.51.C.01. NZISM_v3.7_17.1.51.C.01. NZISM v3.7 17.1.51.C.01. 17.1.51.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.51.C.01. NZISM_v3.7_17.1.51.C.01. NZISM v3.7 17.1.51.C.01. 17.1.51.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance NZISM_v3.7 17.1.51.C.01. NZISM_v3.7_17.1.51.C.01. NZISM v3.7 17.1.51.C.01. 17.1.51.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL NZISM_v3.7 17.1.51.C.01. NZISM_v3.7_17.1.51.C.01. NZISM v3.7 17.1.51.C.01. 17.1.51.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.51.C.01. NZISM_v3.7_17.1.51.C.01. NZISM v3.7 17.1.51.C.01. 17.1.51.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NZISM_v3.7 17.1.51.C.01. NZISM_v3.7_17.1.51.C.01. NZISM v3.7 17.1.51.C.01. 17.1.51.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.52.C.01. NZISM_v3.7_17.1.52.C.01. NZISM v3.7 17.1.52.C.01. 17.1.52.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL NZISM_v3.7 17.1.52.C.01. NZISM_v3.7_17.1.52.C.01. NZISM v3.7 17.1.52.C.01. 17.1.52.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault NZISM_v3.7 17.1.52.C.01. NZISM_v3.7_17.1.52.C.01. NZISM v3.7 17.1.52.C.01. 17.1.52.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics NZISM_v3.7 17.1.52.C.01. NZISM_v3.7_17.1.52.C.01. NZISM v3.7 17.1.52.C.01. 17.1.52.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL NZISM_v3.7 17.1.52.C.01. NZISM_v3.7_17.1.52.C.01. NZISM v3.7 17.1.52.C.01. 17.1.52.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center NZISM_v3.7 17.1.52.C.01. NZISM_v3.7_17.1.52.C.01. NZISM v3.7 17.1.52.C.01. 17.1.52.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault NZISM_v3.7 17.1.52.C.01. NZISM_v3.7_17.1.52.C.01. NZISM v3.7 17.1.52.C.01. 17.1.52.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration NZISM_v3.7 17.1.52.C.01. NZISM_v3.7_17.1.52.C.01. NZISM v3.7 17.1.52.C.01. 17.1.52.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute NZISM_v3.7 17.1.52.C.01. NZISM_v3.7_17.1.52.C.01. NZISM v3.7 17.1.52.C.01. 17.1.52.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute NZISM_v3.7 17.1.52.C.01. NZISM_v3.7_17.1.52.C.01. NZISM v3.7 17.1.52.C.01. 17.1.52.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.52.C.01. NZISM_v3.7_17.1.52.C.01. NZISM v3.7 17.1.52.C.01. 17.1.52.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration NZISM_v3.7 17.1.52.C.01. NZISM_v3.7_17.1.52.C.01. NZISM v3.7 17.1.52.C.01. 17.1.52.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer NZISM_v3.7 17.1.52.C.01. NZISM_v3.7_17.1.52.C.01. NZISM v3.7 17.1.52.C.01. 17.1.52.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault NZISM_v3.7 17.1.52.C.01. NZISM_v3.7_17.1.52.C.01. NZISM v3.7 17.1.52.C.01. 17.1.52.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance NZISM_v3.7 17.1.52.C.01. NZISM_v3.7_17.1.52.C.01. NZISM v3.7 17.1.52.C.01. 17.1.52.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer NZISM_v3.7 17.1.52.C.01. NZISM_v3.7_17.1.52.C.01. NZISM v3.7 17.1.52.C.01. 17.1.52.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NZISM_v3.7 17.1.52.C.01. NZISM_v3.7_17.1.52.C.01. NZISM v3.7 17.1.52.C.01. 17.1.52.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration NZISM_v3.7 17.1.52.C.01. NZISM_v3.7_17.1.52.C.01. NZISM v3.7 17.1.52.C.01. 17.1.52.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.52.C.01. NZISM_v3.7_17.1.52.C.01. NZISM v3.7 17.1.52.C.01. 17.1.52.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation NZISM_v3.7 17.1.52.C.01. NZISM_v3.7_17.1.52.C.01. NZISM v3.7 17.1.52.C.01. 17.1.52.C.01. - enhace overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute NZISM_v3.7 17.1.52.C.02. NZISM_v3.7_17.1.52.C.02. NZISM v3.7 17.1.52.C.02. 17.1.52.C.02. - enhance data accessibility and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault NZISM_v3.7 17.1.52.C.02. NZISM_v3.7_17.1.52.C.02. NZISM v3.7 17.1.52.C.02. 17.1.52.C.02. - enhance data accessibility and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center NZISM_v3.7 17.1.52.C.02. NZISM_v3.7_17.1.52.C.02. NZISM v3.7 17.1.52.C.02. 17.1.52.C.02. - enhance data accessibility and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL NZISM_v3.7 17.1.52.C.02. NZISM_v3.7_17.1.52.C.02. NZISM v3.7 17.1.52.C.02. 17.1.52.C.02. - enhance data accessibility and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.52.C.02. NZISM_v3.7_17.1.52.C.02. NZISM v3.7 17.1.52.C.02. 17.1.52.C.02. - enhance data accessibility and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault NZISM_v3.7 17.1.52.C.02. NZISM_v3.7_17.1.52.C.02. NZISM v3.7 17.1.52.C.02. 17.1.52.C.02. - enhance data accessibility and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL NZISM_v3.7 17.1.52.C.02. NZISM_v3.7_17.1.52.C.02. NZISM v3.7 17.1.52.C.02. 17.1.52.C.02. - enhance data accessibility and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.52.C.02. NZISM_v3.7_17.1.52.C.02. NZISM v3.7 17.1.52.C.02. 17.1.52.C.02. - enhance data accessibility and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer NZISM_v3.7 17.1.52.C.02. NZISM_v3.7_17.1.52.C.02. NZISM v3.7 17.1.52.C.02. 17.1.52.C.02. - enhance data accessibility and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration NZISM_v3.7 17.1.52.C.02. NZISM_v3.7_17.1.52.C.02. NZISM v3.7 17.1.52.C.02. 17.1.52.C.02. - enhance data accessibility and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.52.C.02. NZISM_v3.7_17.1.52.C.02. NZISM v3.7 17.1.52.C.02. 17.1.52.C.02. - enhance data accessibility and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration NZISM_v3.7 17.1.52.C.02. NZISM_v3.7_17.1.52.C.02. NZISM v3.7 17.1.52.C.02. 17.1.52.C.02. - enhance data accessibility and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NZISM_v3.7 17.1.52.C.02. NZISM_v3.7_17.1.52.C.02. NZISM v3.7 17.1.52.C.02. 17.1.52.C.02. - enhance data accessibility and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer NZISM_v3.7 17.1.52.C.02. NZISM_v3.7_17.1.52.C.02. NZISM v3.7 17.1.52.C.02. 17.1.52.C.02. - enhance data accessibility and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance NZISM_v3.7 17.1.52.C.02. NZISM_v3.7_17.1.52.C.02. NZISM v3.7 17.1.52.C.02. 17.1.52.C.02. - enhance data accessibility and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration NZISM_v3.7 17.1.52.C.02. NZISM_v3.7_17.1.52.C.02. NZISM v3.7 17.1.52.C.02. 17.1.52.C.02. - enhance data accessibility and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics NZISM_v3.7 17.1.52.C.02. NZISM_v3.7_17.1.52.C.02. NZISM v3.7 17.1.52.C.02. 17.1.52.C.02. - enhance data accessibility and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault NZISM_v3.7 17.1.52.C.02. NZISM_v3.7_17.1.52.C.02. NZISM v3.7 17.1.52.C.02. 17.1.52.C.02. - enhance data accessibility and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation NZISM_v3.7 17.1.52.C.02. NZISM_v3.7_17.1.52.C.02. NZISM v3.7 17.1.52.C.02. 17.1.52.C.02. - enhance data accessibility and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute NZISM_v3.7 17.1.52.C.02. NZISM_v3.7_17.1.52.C.02. NZISM v3.7 17.1.52.C.02. 17.1.52.C.02. - enhance data accessibility and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer NZISM_v3.7 17.1.53.C.03. NZISM_v3.7_17.1.53.C.03. NZISM v3.7 17.1.53.C.03. 17.1.53.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration NZISM_v3.7 17.1.53.C.03. NZISM_v3.7_17.1.53.C.03. NZISM v3.7 17.1.53.C.03. 17.1.53.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.53.C.03. NZISM_v3.7_17.1.53.C.03. NZISM v3.7 17.1.53.C.03. 17.1.53.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration NZISM_v3.7 17.1.53.C.03. NZISM_v3.7_17.1.53.C.03. NZISM v3.7 17.1.53.C.03. 17.1.53.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.53.C.03. NZISM_v3.7_17.1.53.C.03. NZISM v3.7 17.1.53.C.03. 17.1.53.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics NZISM_v3.7 17.1.53.C.03. NZISM_v3.7_17.1.53.C.03. NZISM v3.7 17.1.53.C.03. 17.1.53.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NZISM_v3.7 17.1.53.C.03. NZISM_v3.7_17.1.53.C.03. NZISM v3.7 17.1.53.C.03. 17.1.53.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault NZISM_v3.7 17.1.53.C.03. NZISM_v3.7_17.1.53.C.03. NZISM v3.7 17.1.53.C.03. 17.1.53.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL NZISM_v3.7 17.1.53.C.03. NZISM_v3.7_17.1.53.C.03. NZISM v3.7 17.1.53.C.03. 17.1.53.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center NZISM_v3.7 17.1.53.C.03. NZISM_v3.7_17.1.53.C.03. NZISM v3.7 17.1.53.C.03. 17.1.53.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.53.C.03. NZISM_v3.7_17.1.53.C.03. NZISM v3.7 17.1.53.C.03. 17.1.53.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault NZISM_v3.7 17.1.53.C.03. NZISM_v3.7_17.1.53.C.03. NZISM v3.7 17.1.53.C.03. 17.1.53.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer NZISM_v3.7 17.1.53.C.03. NZISM_v3.7_17.1.53.C.03. NZISM v3.7 17.1.53.C.03. 17.1.53.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance NZISM_v3.7 17.1.53.C.03. NZISM_v3.7_17.1.53.C.03. NZISM v3.7 17.1.53.C.03. 17.1.53.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute NZISM_v3.7 17.1.53.C.03. NZISM_v3.7_17.1.53.C.03. NZISM v3.7 17.1.53.C.03. 17.1.53.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation NZISM_v3.7 17.1.53.C.03. NZISM_v3.7_17.1.53.C.03. NZISM v3.7 17.1.53.C.03. 17.1.53.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL NZISM_v3.7 17.1.53.C.03. NZISM_v3.7_17.1.53.C.03. NZISM v3.7 17.1.53.C.03. 17.1.53.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault NZISM_v3.7 17.1.53.C.03. NZISM_v3.7_17.1.53.C.03. NZISM v3.7 17.1.53.C.03. 17.1.53.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute NZISM_v3.7 17.1.53.C.03. NZISM_v3.7_17.1.53.C.03. NZISM v3.7 17.1.53.C.03. 17.1.53.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration NZISM_v3.7 17.1.53.C.03. NZISM_v3.7_17.1.53.C.03. NZISM v3.7 17.1.53.C.03. 17.1.53.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute NZISM_v3.7 17.1.53.C.04. NZISM_v3.7_17.1.53.C.04. NZISM v3.7 17.1.53.C.04. 17.1.53.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.53.C.04. NZISM_v3.7_17.1.53.C.04. NZISM v3.7 17.1.53.C.04. 17.1.53.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute NZISM_v3.7 17.1.53.C.04. NZISM_v3.7_17.1.53.C.04. NZISM v3.7 17.1.53.C.04. 17.1.53.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault NZISM_v3.7 17.1.53.C.04. NZISM_v3.7_17.1.53.C.04. NZISM v3.7 17.1.53.C.04. 17.1.53.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL NZISM_v3.7 17.1.53.C.04. NZISM_v3.7_17.1.53.C.04. NZISM v3.7 17.1.53.C.04. 17.1.53.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.53.C.04. NZISM_v3.7_17.1.53.C.04. NZISM v3.7 17.1.53.C.04. 17.1.53.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics NZISM_v3.7 17.1.53.C.04. NZISM_v3.7_17.1.53.C.04. NZISM v3.7 17.1.53.C.04. 17.1.53.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration NZISM_v3.7 17.1.53.C.04. NZISM_v3.7_17.1.53.C.04. NZISM v3.7 17.1.53.C.04. 17.1.53.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault NZISM_v3.7 17.1.53.C.04. NZISM_v3.7_17.1.53.C.04. NZISM v3.7 17.1.53.C.04. 17.1.53.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center NZISM_v3.7 17.1.53.C.04. NZISM_v3.7_17.1.53.C.04. NZISM v3.7 17.1.53.C.04. 17.1.53.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL NZISM_v3.7 17.1.53.C.04. NZISM_v3.7_17.1.53.C.04. NZISM v3.7 17.1.53.C.04. 17.1.53.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance NZISM_v3.7 17.1.53.C.04. NZISM_v3.7_17.1.53.C.04. NZISM v3.7 17.1.53.C.04. 17.1.53.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer NZISM_v3.7 17.1.53.C.04. NZISM_v3.7_17.1.53.C.04. NZISM v3.7 17.1.53.C.04. 17.1.53.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NZISM_v3.7 17.1.53.C.04. NZISM_v3.7_17.1.53.C.04. NZISM v3.7 17.1.53.C.04. 17.1.53.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration NZISM_v3.7 17.1.53.C.04. NZISM_v3.7_17.1.53.C.04. NZISM v3.7 17.1.53.C.04. 17.1.53.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation NZISM_v3.7 17.1.53.C.04. NZISM_v3.7_17.1.53.C.04. NZISM v3.7 17.1.53.C.04. 17.1.53.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.53.C.04. NZISM_v3.7_17.1.53.C.04. NZISM v3.7 17.1.53.C.04. 17.1.53.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration NZISM_v3.7 17.1.53.C.04. NZISM_v3.7_17.1.53.C.04. NZISM v3.7 17.1.53.C.04. 17.1.53.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer NZISM_v3.7 17.1.53.C.04. NZISM_v3.7_17.1.53.C.04. NZISM v3.7 17.1.53.C.04. 17.1.53.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault NZISM_v3.7 17.1.53.C.04. NZISM_v3.7_17.1.53.C.04. NZISM v3.7 17.1.53.C.04. 17.1.53.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault NZISM_v3.7 17.1.54.C.01. NZISM_v3.7_17.1.54.C.01. NZISM v3.7 17.1.54.C.01. 17.1.54.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center NZISM_v3.7 17.1.54.C.01. NZISM_v3.7_17.1.54.C.01. NZISM v3.7 17.1.54.C.01. 17.1.54.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL NZISM_v3.7 17.1.54.C.01. NZISM_v3.7_17.1.54.C.01. NZISM v3.7 17.1.54.C.01. 17.1.54.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.54.C.01. NZISM_v3.7_17.1.54.C.01. NZISM v3.7 17.1.54.C.01. 17.1.54.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NZISM_v3.7 17.1.54.C.01. NZISM_v3.7_17.1.54.C.01. NZISM v3.7 17.1.54.C.01. 17.1.54.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute NZISM_v3.7 17.1.54.C.01. NZISM_v3.7_17.1.54.C.01. NZISM v3.7 17.1.54.C.01. 17.1.54.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration NZISM_v3.7 17.1.54.C.01. NZISM_v3.7_17.1.54.C.01. NZISM v3.7 17.1.54.C.01. 17.1.54.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics NZISM_v3.7 17.1.54.C.01. NZISM_v3.7_17.1.54.C.01. NZISM v3.7 17.1.54.C.01. 17.1.54.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute NZISM_v3.7 17.1.54.C.01. NZISM_v3.7_17.1.54.C.01. NZISM v3.7 17.1.54.C.01. 17.1.54.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation NZISM_v3.7 17.1.54.C.01. NZISM_v3.7_17.1.54.C.01. NZISM v3.7 17.1.54.C.01. 17.1.54.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault NZISM_v3.7 17.1.54.C.01. NZISM_v3.7_17.1.54.C.01. NZISM v3.7 17.1.54.C.01. 17.1.54.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault NZISM_v3.7 17.1.54.C.01. NZISM_v3.7_17.1.54.C.01. NZISM v3.7 17.1.54.C.01. 17.1.54.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance NZISM_v3.7 17.1.54.C.01. NZISM_v3.7_17.1.54.C.01. NZISM v3.7 17.1.54.C.01. 17.1.54.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration NZISM_v3.7 17.1.54.C.01. NZISM_v3.7_17.1.54.C.01. NZISM v3.7 17.1.54.C.01. 17.1.54.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer NZISM_v3.7 17.1.54.C.01. NZISM_v3.7_17.1.54.C.01. NZISM v3.7 17.1.54.C.01. 17.1.54.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL NZISM_v3.7 17.1.54.C.01. NZISM_v3.7_17.1.54.C.01. NZISM v3.7 17.1.54.C.01. 17.1.54.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.54.C.01. NZISM_v3.7_17.1.54.C.01. NZISM v3.7 17.1.54.C.01. 17.1.54.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration NZISM_v3.7 17.1.54.C.01. NZISM_v3.7_17.1.54.C.01. NZISM v3.7 17.1.54.C.01. 17.1.54.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.54.C.01. NZISM_v3.7_17.1.54.C.01. NZISM v3.7 17.1.54.C.01. 17.1.54.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer NZISM_v3.7 17.1.54.C.01. NZISM_v3.7_17.1.54.C.01. NZISM v3.7 17.1.54.C.01. 17.1.54.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration NZISM_v3.7 17.1.55.C.01. NZISM_v3.7_17.1.55.C.01. NZISM v3.7 17.1.55.C.01. 17.1.55.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer NZISM_v3.7 17.1.55.C.01. NZISM_v3.7_17.1.55.C.01. NZISM v3.7 17.1.55.C.01. 17.1.55.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance NZISM_v3.7 17.1.55.C.01. NZISM_v3.7_17.1.55.C.01. NZISM v3.7 17.1.55.C.01. 17.1.55.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer NZISM_v3.7 17.1.55.C.01. NZISM_v3.7_17.1.55.C.01. NZISM v3.7 17.1.55.C.01. 17.1.55.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NZISM_v3.7 17.1.55.C.01. NZISM_v3.7_17.1.55.C.01. NZISM v3.7 17.1.55.C.01. 17.1.55.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL NZISM_v3.7 17.1.55.C.01. NZISM_v3.7_17.1.55.C.01. NZISM v3.7 17.1.55.C.01. 17.1.55.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL NZISM_v3.7 17.1.55.C.01. NZISM_v3.7_17.1.55.C.01. NZISM v3.7 17.1.55.C.01. 17.1.55.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault NZISM_v3.7 17.1.55.C.01. NZISM_v3.7_17.1.55.C.01. NZISM v3.7 17.1.55.C.01. 17.1.55.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation NZISM_v3.7 17.1.55.C.01. NZISM_v3.7_17.1.55.C.01. NZISM v3.7 17.1.55.C.01. 17.1.55.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.55.C.01. NZISM_v3.7_17.1.55.C.01. NZISM v3.7 17.1.55.C.01. 17.1.55.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration NZISM_v3.7 17.1.55.C.01. NZISM_v3.7_17.1.55.C.01. NZISM v3.7 17.1.55.C.01. 17.1.55.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault NZISM_v3.7 17.1.55.C.01. NZISM_v3.7_17.1.55.C.01. NZISM v3.7 17.1.55.C.01. 17.1.55.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center NZISM_v3.7 17.1.55.C.01. NZISM_v3.7_17.1.55.C.01. NZISM v3.7 17.1.55.C.01. 17.1.55.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault NZISM_v3.7 17.1.55.C.01. NZISM_v3.7_17.1.55.C.01. NZISM v3.7 17.1.55.C.01. 17.1.55.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute NZISM_v3.7 17.1.55.C.01. NZISM_v3.7_17.1.55.C.01. NZISM v3.7 17.1.55.C.01. 17.1.55.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute NZISM_v3.7 17.1.55.C.01. NZISM_v3.7_17.1.55.C.01. NZISM v3.7 17.1.55.C.01. 17.1.55.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.55.C.01. NZISM_v3.7_17.1.55.C.01. NZISM v3.7 17.1.55.C.01. 17.1.55.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics NZISM_v3.7 17.1.55.C.01. NZISM_v3.7_17.1.55.C.01. NZISM v3.7 17.1.55.C.01. 17.1.55.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration NZISM_v3.7 17.1.55.C.01. NZISM_v3.7_17.1.55.C.01. NZISM v3.7 17.1.55.C.01. 17.1.55.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.55.C.01. NZISM_v3.7_17.1.55.C.01. NZISM v3.7 17.1.55.C.01. 17.1.55.C.01. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault NZISM_v3.7 17.1.55.C.02. NZISM_v3.7_17.1.55.C.02. NZISM v3.7 17.1.55.C.02. 17.1.55.C.02. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration NZISM_v3.7 17.1.55.C.02. NZISM_v3.7_17.1.55.C.02. NZISM v3.7 17.1.55.C.02. 17.1.55.C.02. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics NZISM_v3.7 17.1.55.C.02. NZISM_v3.7_17.1.55.C.02. NZISM v3.7 17.1.55.C.02. 17.1.55.C.02. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.55.C.02. NZISM_v3.7_17.1.55.C.02. NZISM v3.7 17.1.55.C.02. 17.1.55.C.02. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center NZISM_v3.7 17.1.55.C.02. NZISM_v3.7_17.1.55.C.02. NZISM v3.7 17.1.55.C.02. 17.1.55.C.02. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL NZISM_v3.7 17.1.55.C.02. NZISM_v3.7_17.1.55.C.02. NZISM v3.7 17.1.55.C.02. 17.1.55.C.02. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.55.C.02. NZISM_v3.7_17.1.55.C.02. NZISM v3.7 17.1.55.C.02. 17.1.55.C.02. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation NZISM_v3.7 17.1.55.C.02. NZISM_v3.7_17.1.55.C.02. NZISM v3.7 17.1.55.C.02. 17.1.55.C.02. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault NZISM_v3.7 17.1.55.C.02. NZISM_v3.7_17.1.55.C.02. NZISM v3.7 17.1.55.C.02. 17.1.55.C.02. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance NZISM_v3.7 17.1.55.C.02. NZISM_v3.7_17.1.55.C.02. NZISM v3.7 17.1.55.C.02. 17.1.55.C.02. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer NZISM_v3.7 17.1.55.C.02. NZISM_v3.7_17.1.55.C.02. NZISM v3.7 17.1.55.C.02. 17.1.55.C.02. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault NZISM_v3.7 17.1.55.C.02. NZISM_v3.7_17.1.55.C.02. NZISM v3.7 17.1.55.C.02. 17.1.55.C.02. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NZISM_v3.7 17.1.55.C.02. NZISM_v3.7_17.1.55.C.02. NZISM v3.7 17.1.55.C.02. 17.1.55.C.02. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL NZISM_v3.7 17.1.55.C.02. NZISM_v3.7_17.1.55.C.02. NZISM v3.7 17.1.55.C.02. 17.1.55.C.02. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer NZISM_v3.7 17.1.55.C.02. NZISM_v3.7_17.1.55.C.02. NZISM v3.7 17.1.55.C.02. 17.1.55.C.02. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration NZISM_v3.7 17.1.55.C.02. NZISM_v3.7_17.1.55.C.02. NZISM v3.7 17.1.55.C.02. 17.1.55.C.02. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.55.C.02. NZISM_v3.7_17.1.55.C.02. NZISM v3.7 17.1.55.C.02. 17.1.55.C.02. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration NZISM_v3.7 17.1.55.C.02. NZISM_v3.7_17.1.55.C.02. NZISM v3.7 17.1.55.C.02. 17.1.55.C.02. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute NZISM_v3.7 17.1.55.C.02. NZISM_v3.7_17.1.55.C.02. NZISM v3.7 17.1.55.C.02. 17.1.55.C.02. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute NZISM_v3.7 17.1.55.C.02. NZISM_v3.7_17.1.55.C.02. NZISM v3.7 17.1.55.C.02. 17.1.55.C.02. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer NZISM_v3.7 17.1.55.C.03. NZISM_v3.7_17.1.55.C.03. NZISM v3.7 17.1.55.C.03. 17.1.55.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration NZISM_v3.7 17.1.55.C.03. NZISM_v3.7_17.1.55.C.03. NZISM v3.7 17.1.55.C.03. 17.1.55.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer NZISM_v3.7 17.1.55.C.03. NZISM_v3.7_17.1.55.C.03. NZISM v3.7 17.1.55.C.03. 17.1.55.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NZISM_v3.7 17.1.55.C.03. NZISM_v3.7_17.1.55.C.03. NZISM v3.7 17.1.55.C.03. 17.1.55.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance NZISM_v3.7 17.1.55.C.03. NZISM_v3.7_17.1.55.C.03. NZISM v3.7 17.1.55.C.03. 17.1.55.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration NZISM_v3.7 17.1.55.C.03. NZISM_v3.7_17.1.55.C.03. NZISM v3.7 17.1.55.C.03. 17.1.55.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation NZISM_v3.7 17.1.55.C.03. NZISM_v3.7_17.1.55.C.03. NZISM v3.7 17.1.55.C.03. 17.1.55.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute NZISM_v3.7 17.1.55.C.03. NZISM_v3.7_17.1.55.C.03. NZISM v3.7 17.1.55.C.03. 17.1.55.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute NZISM_v3.7 17.1.55.C.03. NZISM_v3.7_17.1.55.C.03. NZISM v3.7 17.1.55.C.03. 17.1.55.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics NZISM_v3.7 17.1.55.C.03. NZISM_v3.7_17.1.55.C.03. NZISM v3.7 17.1.55.C.03. 17.1.55.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault NZISM_v3.7 17.1.55.C.03. NZISM_v3.7_17.1.55.C.03. NZISM v3.7 17.1.55.C.03. 17.1.55.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL NZISM_v3.7 17.1.55.C.03. NZISM_v3.7_17.1.55.C.03. NZISM v3.7 17.1.55.C.03. 17.1.55.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault NZISM_v3.7 17.1.55.C.03. NZISM_v3.7_17.1.55.C.03. NZISM v3.7 17.1.55.C.03. 17.1.55.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.55.C.03. NZISM_v3.7_17.1.55.C.03. NZISM v3.7 17.1.55.C.03. 17.1.55.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration NZISM_v3.7 17.1.55.C.03. NZISM_v3.7_17.1.55.C.03. NZISM v3.7 17.1.55.C.03. 17.1.55.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.55.C.03. NZISM_v3.7_17.1.55.C.03. NZISM v3.7 17.1.55.C.03. 17.1.55.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL NZISM_v3.7 17.1.55.C.03. NZISM_v3.7_17.1.55.C.03. NZISM v3.7 17.1.55.C.03. 17.1.55.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.55.C.03. NZISM_v3.7_17.1.55.C.03. NZISM v3.7 17.1.55.C.03. 17.1.55.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault NZISM_v3.7 17.1.55.C.03. NZISM_v3.7_17.1.55.C.03. NZISM v3.7 17.1.55.C.03. 17.1.55.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center NZISM_v3.7 17.1.55.C.03. NZISM_v3.7_17.1.55.C.03. NZISM v3.7 17.1.55.C.03. 17.1.55.C.03. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer NZISM_v3.7 17.1.55.C.04. NZISM_v3.7_17.1.55.C.04. NZISM v3.7 17.1.55.C.04. 17.1.55.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration NZISM_v3.7 17.1.55.C.04. NZISM_v3.7_17.1.55.C.04. NZISM v3.7 17.1.55.C.04. 17.1.55.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL NZISM_v3.7 17.1.55.C.04. NZISM_v3.7_17.1.55.C.04. NZISM v3.7 17.1.55.C.04. 17.1.55.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault NZISM_v3.7 17.1.55.C.04. NZISM_v3.7_17.1.55.C.04. NZISM v3.7 17.1.55.C.04. 17.1.55.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.55.C.04. NZISM_v3.7_17.1.55.C.04. NZISM v3.7 17.1.55.C.04. 17.1.55.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL NZISM_v3.7 17.1.55.C.04. NZISM_v3.7_17.1.55.C.04. NZISM v3.7 17.1.55.C.04. 17.1.55.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center NZISM_v3.7 17.1.55.C.04. NZISM_v3.7_17.1.55.C.04. NZISM v3.7 17.1.55.C.04. 17.1.55.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault NZISM_v3.7 17.1.55.C.04. NZISM_v3.7_17.1.55.C.04. NZISM v3.7 17.1.55.C.04. 17.1.55.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.55.C.04. NZISM_v3.7_17.1.55.C.04. NZISM v3.7 17.1.55.C.04. 17.1.55.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration NZISM_v3.7 17.1.55.C.04. NZISM_v3.7_17.1.55.C.04. NZISM v3.7 17.1.55.C.04. 17.1.55.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NZISM_v3.7 17.1.55.C.04. NZISM_v3.7_17.1.55.C.04. NZISM v3.7 17.1.55.C.04. 17.1.55.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer NZISM_v3.7 17.1.55.C.04. NZISM_v3.7_17.1.55.C.04. NZISM v3.7 17.1.55.C.04. 17.1.55.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation NZISM_v3.7 17.1.55.C.04. NZISM_v3.7_17.1.55.C.04. NZISM v3.7 17.1.55.C.04. 17.1.55.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault NZISM_v3.7 17.1.55.C.04. NZISM_v3.7_17.1.55.C.04. NZISM v3.7 17.1.55.C.04. 17.1.55.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance NZISM_v3.7 17.1.55.C.04. NZISM_v3.7_17.1.55.C.04. NZISM v3.7 17.1.55.C.04. 17.1.55.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute NZISM_v3.7 17.1.55.C.04. NZISM_v3.7_17.1.55.C.04. NZISM v3.7 17.1.55.C.04. 17.1.55.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.55.C.04. NZISM_v3.7_17.1.55.C.04. NZISM v3.7 17.1.55.C.04. 17.1.55.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration NZISM_v3.7 17.1.55.C.04. NZISM_v3.7_17.1.55.C.04. NZISM v3.7 17.1.55.C.04. 17.1.55.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics NZISM_v3.7 17.1.55.C.04. NZISM_v3.7_17.1.55.C.04. NZISM v3.7 17.1.55.C.04. 17.1.55.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute NZISM_v3.7 17.1.55.C.04. NZISM_v3.7_17.1.55.C.04. NZISM v3.7 17.1.55.C.04. 17.1.55.C.04. - ensure compliance with established security standards and enhance the effectiveness of encryption in safeguarding sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration NZISM_v3.7 17.1.56.C.02. NZISM_v3.7_17.1.56.C.02. NZISM v3.7 17.1.56.C.02. 17.1.56.C.02. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault NZISM_v3.7 17.1.56.C.02. NZISM_v3.7_17.1.56.C.02. NZISM v3.7 17.1.56.C.02. 17.1.56.C.02. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center NZISM_v3.7 17.1.56.C.02. NZISM_v3.7_17.1.56.C.02. NZISM v3.7 17.1.56.C.02. 17.1.56.C.02. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL NZISM_v3.7 17.1.56.C.02. NZISM_v3.7_17.1.56.C.02. NZISM v3.7 17.1.56.C.02. 17.1.56.C.02. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.56.C.02. NZISM_v3.7_17.1.56.C.02. NZISM v3.7 17.1.56.C.02. 17.1.56.C.02. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL NZISM_v3.7 17.1.56.C.02. NZISM_v3.7_17.1.56.C.02. NZISM v3.7 17.1.56.C.02. 17.1.56.C.02. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer NZISM_v3.7 17.1.56.C.02. NZISM_v3.7_17.1.56.C.02. NZISM v3.7 17.1.56.C.02. 17.1.56.C.02. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics NZISM_v3.7 17.1.56.C.02. NZISM_v3.7_17.1.56.C.02. NZISM v3.7 17.1.56.C.02. 17.1.56.C.02. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute NZISM_v3.7 17.1.56.C.02. NZISM_v3.7_17.1.56.C.02. NZISM v3.7 17.1.56.C.02. 17.1.56.C.02. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NZISM_v3.7 17.1.56.C.02. NZISM_v3.7_17.1.56.C.02. NZISM v3.7 17.1.56.C.02. 17.1.56.C.02. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration NZISM_v3.7 17.1.56.C.02. NZISM_v3.7_17.1.56.C.02. NZISM v3.7 17.1.56.C.02. 17.1.56.C.02. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation NZISM_v3.7 17.1.56.C.02. NZISM_v3.7_17.1.56.C.02. NZISM v3.7 17.1.56.C.02. 17.1.56.C.02. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault NZISM_v3.7 17.1.56.C.02. NZISM_v3.7_17.1.56.C.02. NZISM v3.7 17.1.56.C.02. 17.1.56.C.02. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance NZISM_v3.7 17.1.56.C.02. NZISM_v3.7_17.1.56.C.02. NZISM v3.7 17.1.56.C.02. 17.1.56.C.02. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer NZISM_v3.7 17.1.56.C.02. NZISM_v3.7_17.1.56.C.02. NZISM v3.7 17.1.56.C.02. 17.1.56.C.02. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration NZISM_v3.7 17.1.56.C.02. NZISM_v3.7_17.1.56.C.02. NZISM v3.7 17.1.56.C.02. 17.1.56.C.02. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.56.C.02. NZISM_v3.7_17.1.56.C.02. NZISM v3.7 17.1.56.C.02. 17.1.56.C.02. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.56.C.02. NZISM_v3.7_17.1.56.C.02. NZISM v3.7 17.1.56.C.02. 17.1.56.C.02. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute NZISM_v3.7 17.1.56.C.02. NZISM_v3.7_17.1.56.C.02. NZISM v3.7 17.1.56.C.02. 17.1.56.C.02. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault NZISM_v3.7 17.1.56.C.02. NZISM_v3.7_17.1.56.C.02. NZISM v3.7 17.1.56.C.02. 17.1.56.C.02. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.57.C.01. NZISM_v3.7_17.1.57.C.01. NZISM v3.7 17.1.57.C.01. 17.1.57.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL NZISM_v3.7 17.1.57.C.01. NZISM_v3.7_17.1.57.C.01. NZISM v3.7 17.1.57.C.01. 17.1.57.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer NZISM_v3.7 17.1.57.C.01. NZISM_v3.7_17.1.57.C.01. NZISM v3.7 17.1.57.C.01. 17.1.57.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration NZISM_v3.7 17.1.57.C.01. NZISM_v3.7_17.1.57.C.01. NZISM v3.7 17.1.57.C.01. 17.1.57.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration NZISM_v3.7 17.1.57.C.01. NZISM_v3.7_17.1.57.C.01. NZISM v3.7 17.1.57.C.01. 17.1.57.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault NZISM_v3.7 17.1.57.C.01. NZISM_v3.7_17.1.57.C.01. NZISM v3.7 17.1.57.C.01. 17.1.57.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault NZISM_v3.7 17.1.57.C.01. NZISM_v3.7_17.1.57.C.01. NZISM v3.7 17.1.57.C.01. 17.1.57.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.57.C.01. NZISM_v3.7_17.1.57.C.01. NZISM v3.7 17.1.57.C.01. 17.1.57.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center NZISM_v3.7 17.1.57.C.01. NZISM_v3.7_17.1.57.C.01. NZISM v3.7 17.1.57.C.01. 17.1.57.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics NZISM_v3.7 17.1.57.C.01. NZISM_v3.7_17.1.57.C.01. NZISM v3.7 17.1.57.C.01. 17.1.57.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute NZISM_v3.7 17.1.57.C.01. NZISM_v3.7_17.1.57.C.01. NZISM v3.7 17.1.57.C.01. 17.1.57.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL NZISM_v3.7 17.1.57.C.01. NZISM_v3.7_17.1.57.C.01. NZISM v3.7 17.1.57.C.01. 17.1.57.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation NZISM_v3.7 17.1.57.C.01. NZISM_v3.7_17.1.57.C.01. NZISM v3.7 17.1.57.C.01. 17.1.57.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault NZISM_v3.7 17.1.57.C.01. NZISM_v3.7_17.1.57.C.01. NZISM v3.7 17.1.57.C.01. 17.1.57.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance NZISM_v3.7 17.1.57.C.01. NZISM_v3.7_17.1.57.C.01. NZISM v3.7 17.1.57.C.01. 17.1.57.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer NZISM_v3.7 17.1.57.C.01. NZISM_v3.7_17.1.57.C.01. NZISM v3.7 17.1.57.C.01. 17.1.57.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NZISM_v3.7 17.1.57.C.01. NZISM_v3.7_17.1.57.C.01. NZISM v3.7 17.1.57.C.01. 17.1.57.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.57.C.01. NZISM_v3.7_17.1.57.C.01. NZISM v3.7 17.1.57.C.01. 17.1.57.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute NZISM_v3.7 17.1.57.C.01. NZISM_v3.7_17.1.57.C.01. NZISM v3.7 17.1.57.C.01. 17.1.57.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer NZISM_v3.7 17.1.58.C.01. NZISM_v3.7_17.1.58.C.01. NZISM v3.7 17.1.58.C.01. 17.1.58.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL NZISM_v3.7 17.1.58.C.01. NZISM_v3.7_17.1.58.C.01. NZISM v3.7 17.1.58.C.01. 17.1.58.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault NZISM_v3.7 17.1.58.C.01. NZISM_v3.7_17.1.58.C.01. NZISM v3.7 17.1.58.C.01. 17.1.58.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.58.C.01. NZISM_v3.7_17.1.58.C.01. NZISM v3.7 17.1.58.C.01. 17.1.58.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL NZISM_v3.7 17.1.58.C.01. NZISM_v3.7_17.1.58.C.01. NZISM v3.7 17.1.58.C.01. 17.1.58.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center NZISM_v3.7 17.1.58.C.01. NZISM_v3.7_17.1.58.C.01. NZISM v3.7 17.1.58.C.01. 17.1.58.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault NZISM_v3.7 17.1.58.C.01. NZISM_v3.7_17.1.58.C.01. NZISM v3.7 17.1.58.C.01. 17.1.58.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.58.C.01. NZISM_v3.7_17.1.58.C.01. NZISM v3.7 17.1.58.C.01. 17.1.58.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics NZISM_v3.7 17.1.58.C.01. NZISM_v3.7_17.1.58.C.01. NZISM v3.7 17.1.58.C.01. 17.1.58.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration NZISM_v3.7 17.1.58.C.01. NZISM_v3.7_17.1.58.C.01. NZISM v3.7 17.1.58.C.01. 17.1.58.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration NZISM_v3.7 17.1.58.C.01. NZISM_v3.7_17.1.58.C.01. NZISM v3.7 17.1.58.C.01. 17.1.58.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.58.C.01. NZISM_v3.7_17.1.58.C.01. NZISM v3.7 17.1.58.C.01. 17.1.58.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute NZISM_v3.7 17.1.58.C.01. NZISM_v3.7_17.1.58.C.01. NZISM v3.7 17.1.58.C.01. 17.1.58.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute NZISM_v3.7 17.1.58.C.01. NZISM_v3.7_17.1.58.C.01. NZISM v3.7 17.1.58.C.01. 17.1.58.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation NZISM_v3.7 17.1.58.C.01. NZISM_v3.7_17.1.58.C.01. NZISM v3.7 17.1.58.C.01. 17.1.58.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault NZISM_v3.7 17.1.58.C.01. NZISM_v3.7_17.1.58.C.01. NZISM v3.7 17.1.58.C.01. 17.1.58.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance NZISM_v3.7 17.1.58.C.01. NZISM_v3.7_17.1.58.C.01. NZISM v3.7 17.1.58.C.01. 17.1.58.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer NZISM_v3.7 17.1.58.C.01. NZISM_v3.7_17.1.58.C.01. NZISM v3.7 17.1.58.C.01. 17.1.58.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NZISM_v3.7 17.1.58.C.01. NZISM_v3.7_17.1.58.C.01. NZISM v3.7 17.1.58.C.01. 17.1.58.C.01. - ensure compliance with security protocols and best practices. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL NZISM_v3.7 17.1.58.C.02. NZISM_v3.7_17.1.58.C.02. NZISM v3.7 17.1.58.C.02. 17.1.58.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute NZISM_v3.7 17.1.58.C.02. NZISM_v3.7_17.1.58.C.02. NZISM v3.7 17.1.58.C.02. 17.1.58.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer NZISM_v3.7 17.1.58.C.02. NZISM_v3.7_17.1.58.C.02. NZISM v3.7 17.1.58.C.02. 17.1.58.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration NZISM_v3.7 17.1.58.C.02. NZISM_v3.7_17.1.58.C.02. NZISM v3.7 17.1.58.C.02. 17.1.58.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.58.C.02. NZISM_v3.7_17.1.58.C.02. NZISM v3.7 17.1.58.C.02. 17.1.58.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NZISM_v3.7 17.1.58.C.02. NZISM_v3.7_17.1.58.C.02. NZISM v3.7 17.1.58.C.02. 17.1.58.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer NZISM_v3.7 17.1.58.C.02. NZISM_v3.7_17.1.58.C.02. NZISM v3.7 17.1.58.C.02. 17.1.58.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance NZISM_v3.7 17.1.58.C.02. NZISM_v3.7_17.1.58.C.02. NZISM v3.7 17.1.58.C.02. 17.1.58.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault NZISM_v3.7 17.1.58.C.02. NZISM_v3.7_17.1.58.C.02. NZISM v3.7 17.1.58.C.02. 17.1.58.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation NZISM_v3.7 17.1.58.C.02. NZISM_v3.7_17.1.58.C.02. NZISM v3.7 17.1.58.C.02. 17.1.58.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute NZISM_v3.7 17.1.58.C.02. NZISM_v3.7_17.1.58.C.02. NZISM v3.7 17.1.58.C.02. 17.1.58.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring NZISM_v3.7 17.1.58.C.02. NZISM_v3.7_17.1.58.C.02. NZISM v3.7 17.1.58.C.02. 17.1.58.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute NZISM_v3.7 17.1.58.C.02. NZISM_v3.7_17.1.58.C.02. NZISM v3.7 17.1.58.C.02. 17.1.58.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration NZISM_v3.7 17.1.58.C.02. NZISM_v3.7_17.1.58.C.02. NZISM v3.7 17.1.58.C.02. 17.1.58.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring NZISM_v3.7 17.1.58.C.02. NZISM_v3.7_17.1.58.C.02. NZISM v3.7 17.1.58.C.02. 17.1.58.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault NZISM_v3.7 17.1.58.C.02. NZISM_v3.7_17.1.58.C.02. NZISM v3.7 17.1.58.C.02. 17.1.58.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center NZISM_v3.7 17.1.58.C.02. NZISM_v3.7_17.1.58.C.02. NZISM v3.7 17.1.58.C.02. 17.1.58.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL NZISM_v3.7 17.1.58.C.02. NZISM_v3.7_17.1.58.C.02. NZISM v3.7 17.1.58.C.02. 17.1.58.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.58.C.02. NZISM_v3.7_17.1.58.C.02. NZISM v3.7 17.1.58.C.02. 17.1.58.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault NZISM_v3.7 17.1.58.C.02. NZISM_v3.7_17.1.58.C.02. NZISM v3.7 17.1.58.C.02. 17.1.58.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring NZISM_v3.7 17.1.58.C.02. NZISM_v3.7_17.1.58.C.02. NZISM v3.7 17.1.58.C.02. 17.1.58.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.58.C.02. NZISM_v3.7_17.1.58.C.02. NZISM v3.7 17.1.58.C.02. 17.1.58.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics NZISM_v3.7 17.1.58.C.02. NZISM_v3.7_17.1.58.C.02. NZISM v3.7 17.1.58.C.02. 17.1.58.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring NZISM_v3.7 17.1.58.C.02. NZISM_v3.7_17.1.58.C.02. NZISM v3.7 17.1.58.C.02. 17.1.58.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer NZISM_v3.7 17.1.58.C.03. NZISM_v3.7_17.1.58.C.03. NZISM v3.7 17.1.58.C.03. 17.1.58.C.03. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration NZISM_v3.7 17.1.58.C.03. NZISM_v3.7_17.1.58.C.03. NZISM v3.7 17.1.58.C.03. 17.1.58.C.03. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NZISM_v3.7 17.1.58.C.03. NZISM_v3.7_17.1.58.C.03. NZISM v3.7 17.1.58.C.03. 17.1.58.C.03. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault NZISM_v3.7 17.1.58.C.03. NZISM_v3.7_17.1.58.C.03. NZISM v3.7 17.1.58.C.03. 17.1.58.C.03. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.58.C.03. NZISM_v3.7_17.1.58.C.03. NZISM v3.7 17.1.58.C.03. 17.1.58.C.03. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance NZISM_v3.7 17.1.58.C.03. NZISM_v3.7_17.1.58.C.03. NZISM v3.7 17.1.58.C.03. 17.1.58.C.03. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer NZISM_v3.7 17.1.58.C.03. NZISM_v3.7_17.1.58.C.03. NZISM v3.7 17.1.58.C.03. 17.1.58.C.03. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute NZISM_v3.7 17.1.58.C.03. NZISM_v3.7_17.1.58.C.03. NZISM v3.7 17.1.58.C.03. 17.1.58.C.03. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics NZISM_v3.7 17.1.58.C.03. NZISM_v3.7_17.1.58.C.03. NZISM v3.7 17.1.58.C.03. 17.1.58.C.03. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration NZISM_v3.7 17.1.58.C.03. NZISM_v3.7_17.1.58.C.03. NZISM v3.7 17.1.58.C.03. 17.1.58.C.03. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation NZISM_v3.7 17.1.58.C.03. NZISM_v3.7_17.1.58.C.03. NZISM v3.7 17.1.58.C.03. 17.1.58.C.03. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.58.C.03. NZISM_v3.7_17.1.58.C.03. NZISM v3.7 17.1.58.C.03. 17.1.58.C.03. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault NZISM_v3.7 17.1.58.C.03. NZISM_v3.7_17.1.58.C.03. NZISM v3.7 17.1.58.C.03. 17.1.58.C.03. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL NZISM_v3.7 17.1.58.C.03. NZISM_v3.7_17.1.58.C.03. NZISM v3.7 17.1.58.C.03. 17.1.58.C.03. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.1.58.C.03. NZISM_v3.7_17.1.58.C.03. NZISM v3.7 17.1.58.C.03. 17.1.58.C.03. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault NZISM_v3.7 17.1.58.C.03. NZISM_v3.7_17.1.58.C.03. NZISM v3.7 17.1.58.C.03. 17.1.58.C.03. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL NZISM_v3.7 17.1.58.C.03. NZISM_v3.7_17.1.58.C.03. NZISM v3.7 17.1.58.C.03. 17.1.58.C.03. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault NZISM_v3.7 17.10.12.C.01. NZISM_v3.7_17.10.12.C.01. NZISM v3.7 17.10.12.C.01. 17.10.12.C.01. - enhance the overall security posture of the systems and the sensitive information they protect. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration NZISM_v3.7 17.10.12.C.01. NZISM_v3.7_17.10.12.C.01. NZISM v3.7 17.10.12.C.01. 17.10.12.C.01. - enhance the overall security posture of the systems and the sensitive information they protect. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault NZISM_v3.7 17.10.12.C.01. NZISM_v3.7_17.10.12.C.01. NZISM v3.7 17.10.12.C.01. 17.10.12.C.01. - enhance the overall security posture of the systems and the sensitive information they protect. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance NZISM_v3.7 17.10.12.C.01. NZISM_v3.7_17.10.12.C.01. NZISM v3.7 17.10.12.C.01. 17.10.12.C.01. - enhance the overall security posture of the systems and the sensitive information they protect. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute NZISM_v3.7 17.10.12.C.01. NZISM_v3.7_17.10.12.C.01. NZISM v3.7 17.10.12.C.01. 17.10.12.C.01. - enhance the overall security posture of the systems and the sensitive information they protect. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation NZISM_v3.7 17.10.12.C.01. NZISM_v3.7_17.10.12.C.01. NZISM v3.7 17.10.12.C.01. 17.10.12.C.01. - enhance the overall security posture of the systems and the sensitive information they protect. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.10.12.C.01. NZISM_v3.7_17.10.12.C.01. NZISM v3.7 17.10.12.C.01. 17.10.12.C.01. - enhance the overall security posture of the systems and the sensitive information they protect. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer NZISM_v3.7 17.10.12.C.01. NZISM_v3.7_17.10.12.C.01. NZISM v3.7 17.10.12.C.01. 17.10.12.C.01. - enhance the overall security posture of the systems and the sensitive information they protect. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer NZISM_v3.7 17.10.12.C.01. NZISM_v3.7_17.10.12.C.01. NZISM v3.7 17.10.12.C.01. 17.10.12.C.01. - enhance the overall security posture of the systems and the sensitive information they protect. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration NZISM_v3.7 17.10.12.C.01. NZISM_v3.7_17.10.12.C.01. NZISM v3.7 17.10.12.C.01. 17.10.12.C.01. - enhance the overall security posture of the systems and the sensitive information they protect. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.10.12.C.01. NZISM_v3.7_17.10.12.C.01. NZISM v3.7 17.10.12.C.01. 17.10.12.C.01. - enhance the overall security posture of the systems and the sensitive information they protect. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics NZISM_v3.7 17.10.12.C.01. NZISM_v3.7_17.10.12.C.01. NZISM v3.7 17.10.12.C.01. 17.10.12.C.01. - enhance the overall security posture of the systems and the sensitive information they protect. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault NZISM_v3.7 17.10.12.C.01. NZISM_v3.7_17.10.12.C.01. NZISM v3.7 17.10.12.C.01. 17.10.12.C.01. - enhance the overall security posture of the systems and the sensitive information they protect. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NZISM_v3.7 17.10.12.C.01. NZISM_v3.7_17.10.12.C.01. NZISM v3.7 17.10.12.C.01. 17.10.12.C.01. - enhance the overall security posture of the systems and the sensitive information they protect. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_v3.7 17.10.12.C.01. NZISM_v3.7_17.10.12.C.01. NZISM v3.7 17.10.12.C.01. 17.10.12.C.01. - enhance the overall security posture of the systems and the sensitive information they protect. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center NZISM_v3.7 17.5.7.C.01. NZISM_v3.7_17.5.7.C.01. NZISM v3.7 17.5.7.C.01. 17.5.7.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage NZISM_v3.7 17.5.7.C.02. NZISM_v3.7_17.5.7.C.02. NZISM v3.7 17.5.7.C.02. 17.5.7.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NZISM_v3.7 17.8.10.C.01. NZISM_v3.7_17.8.10.C.01. NZISM v3.7 17.8.10.C.01. 17.8.10.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage NZISM_v3.7 17.8.10.C.01. NZISM_v3.7_17.8.10.C.01. NZISM v3.7 17.8.10.C.01. 17.8.10.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ca88aadc-6e2b-416c-9de2-5a0f01d1693f Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration NZISM_v3.7 17.8.10.C.01. NZISM_v3.7_17.8.10.C.01. NZISM v3.7 17.8.10.C.01. 17.8.10.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NZISM_v3.7 17.8.10.C.01. NZISM_v3.7_17.8.10.C.01. NZISM v3.7 17.8.10.C.01. 17.8.10.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NZISM_v3.7 17.8.10.C.01. NZISM_v3.7_17.8.10.C.01. NZISM v3.7 17.8.10.C.01. 17.8.10.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center NZISM_v3.7 17.8.10.C.01. NZISM_v3.7_17.8.10.C.01. NZISM v3.7 17.8.10.C.01. 17.8.10.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network NZISM_v3.7 17.8.10.C.01. NZISM_v3.7_17.8.10.C.01. NZISM v3.7 17.8.10.C.01. 17.8.10.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network NZISM_v3.7 17.8.10.C.01. NZISM_v3.7_17.8.10.C.01. NZISM v3.7 17.8.10.C.01. 17.8.10.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NZISM_v3.7 17.8.10.C.01. NZISM_v3.7_17.8.10.C.01. NZISM v3.7 17.8.10.C.01. 17.8.10.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration NZISM_v3.7 17.8.10.C.01. NZISM_v3.7_17.8.10.C.01. NZISM v3.7 17.8.10.C.01. 17.8.10.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration NZISM_v3.7 17.8.10.C.01. NZISM_v3.7_17.8.10.C.01. NZISM v3.7 17.8.10.C.01. 17.8.10.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
35f9c03a-cc27-418e-9c0c-539ff999d010 Gateway subnets should not be configured with a network security group Network NZISM_v3.7 17.8.10.C.01. NZISM_v3.7_17.8.10.C.01. NZISM v3.7 17.8.10.C.01. 17.8.10.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration NZISM_v3.7 17.8.10.C.01. NZISM_v3.7_17.8.10.C.01. NZISM v3.7 17.8.10.C.01. 17.8.10.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f1776c76-f58c-4245-a8d0-2b207198dc8b Virtual networks should use specified virtual network gateway Network NZISM_v3.7 17.8.10.C.01. NZISM_v3.7_17.8.10.C.01. NZISM v3.7 17.8.10.C.01. 17.8.10.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center NZISM_v3.7 17.8.10.C.01. NZISM_v3.7_17.8.10.C.01. NZISM v3.7 17.8.10.C.01. 17.8.10.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NZISM_v3.7 17.8.10.C.01. NZISM_v3.7_17.8.10.C.01. NZISM v3.7 17.8.10.C.01. 17.8.10.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NZISM_v3.7 17.8.10.C.01. NZISM_v3.7_17.8.10.C.01. NZISM v3.7 17.8.10.C.01. 17.8.10.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes NZISM_v3.7 17.8.10.C.01. NZISM_v3.7_17.8.10.C.01. NZISM v3.7 17.8.10.C.01. 17.8.10.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes NZISM_v3.7 17.8.10.C.01. NZISM_v3.7_17.8.10.C.01. NZISM v3.7 17.8.10.C.01. 17.8.10.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center NZISM_v3.7 17.8.10.C.01. NZISM_v3.7_17.8.10.C.01. NZISM v3.7 17.8.10.C.01. 17.8.10.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes NZISM_v3.7 17.8.10.C.01. NZISM_v3.7_17.8.10.C.01. NZISM v3.7 17.8.10.C.01. 17.8.10.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NZISM_v3.7 17.8.10.C.01. NZISM_v3.7_17.8.10.C.01. NZISM v3.7 17.8.10.C.01. 17.8.10.C.01. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f1776c76-f58c-4245-a8d0-2b207198dc8b Virtual networks should use specified virtual network gateway Network NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ca88aadc-6e2b-416c-9de2-5a0f01d1693f Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
35f9c03a-cc27-418e-9c0c-539ff999d010 Gateway subnets should not be configured with a network security group Network NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry NZISM_v3.7 17.8.10.C.02. NZISM_v3.7_17.8.10.C.02. NZISM v3.7 17.8.10.C.02. 17.8.10.C.02. - enhance overall cybersecurity posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center NZISM_v3.7 17.9.37.C.01. NZISM_v3.7_17.9.37.C.01. NZISM v3.7 17.9.37.C.01. 17.9.37.C.01. - enhance the overall security posture of the systems and the sensitive information they protect. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute NZISM_v3.7 17.9.37.C.01. NZISM_v3.7_17.9.37.C.01. NZISM v3.7 17.9.37.C.01. 17.9.37.C.01. - enhance the overall security posture of the systems and the sensitive information they protect. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ab6a902f-9493-453b-928d-62c30b11b5a6 Function apps should have Client Certificates (Incoming client certificates) enabled App Service NZISM_v3.7 17.9.37.C.01. NZISM_v3.7_17.9.37.C.01. NZISM v3.7 17.9.37.C.01. 17.9.37.C.01. - enhance the overall security posture of the systems and the sensitive information they protect. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault NZISM_v3.7 17.9.37.C.01. NZISM_v3.7_17.9.37.C.01. NZISM v3.7 17.9.37.C.01. 17.9.37.C.01. - enhance the overall security posture of the systems and the sensitive information they protect. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things NZISM_v3.7 17.9.37.C.01. NZISM_v3.7_17.9.37.C.01. NZISM v3.7 17.9.37.C.01. 17.9.37.C.01. - enhance the overall security posture of the systems and the sensitive information they protect. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NZISM_v3.7 18.4.10.C.01. NZISM_v3.7_18.4.10.C.01. NZISM v3.7 18.4.10.C.01. 18.4.10.C.01. - ensure user awareness of the policies, and handling outbreaks according to established procedures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NZISM_v3.7 18.4.10.C.01. NZISM_v3.7_18.4.10.C.01. NZISM v3.7 18.4.10.C.01. 18.4.10.C.01. - ensure user awareness of the policies, and handling outbreaks according to established procedures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center NZISM_v3.7 18.4.10.C.01. NZISM_v3.7_18.4.10.C.01. NZISM v3.7 18.4.10.C.01. 18.4.10.C.01. - ensure user awareness of the policies, and handling outbreaks according to established procedures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NZISM_v3.7 18.4.10.C.01. NZISM_v3.7_18.4.10.C.01. NZISM v3.7 18.4.10.C.01. 18.4.10.C.01. - ensure user awareness of the policies, and handling outbreaks according to established procedures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NZISM_v3.7 18.4.10.C.01. NZISM_v3.7_18.4.10.C.01. NZISM v3.7 18.4.10.C.01. 18.4.10.C.01. - ensure user awareness of the policies, and handling outbreaks according to established procedures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center NZISM_v3.7 18.4.10.C.01. NZISM_v3.7_18.4.10.C.01. NZISM v3.7 18.4.10.C.01. 18.4.10.C.01. - ensure user awareness of the policies, and handling outbreaks according to established procedures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NZISM_v3.7 18.4.10.C.01. NZISM_v3.7_18.4.10.C.01. NZISM v3.7 18.4.10.C.01. 18.4.10.C.01. - ensure user awareness of the policies, and handling outbreaks according to established procedures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NZISM_v3.7 18.4.10.C.01. NZISM_v3.7_18.4.10.C.01. NZISM v3.7 18.4.10.C.01. 18.4.10.C.01. - ensure user awareness of the policies, and handling outbreaks according to established procedures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NZISM_v3.7 18.4.10.C.01. NZISM_v3.7_18.4.10.C.01. NZISM v3.7 18.4.10.C.01. 18.4.10.C.01. - ensure user awareness of the policies, and handling outbreaks according to established procedures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center NZISM_v3.7 18.4.10.C.01. NZISM_v3.7_18.4.10.C.01. NZISM v3.7 18.4.10.C.01. 18.4.10.C.01. - ensure user awareness of the policies, and handling outbreaks according to established procedures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center NZISM_v3.7 18.4.10.C.01. NZISM_v3.7_18.4.10.C.01. NZISM v3.7 18.4.10.C.01. 18.4.10.C.01. - ensure user awareness of the policies, and handling outbreaks according to established procedures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NZISM_v3.7 18.4.10.C.01. NZISM_v3.7_18.4.10.C.01. NZISM v3.7 18.4.10.C.01. 18.4.10.C.01. - ensure user awareness of the policies, and handling outbreaks according to established procedures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center NZISM_v3.7 18.4.10.C.01. NZISM_v3.7_18.4.10.C.01. NZISM v3.7 18.4.10.C.01. 18.4.10.C.01. - ensure user awareness of the policies, and handling outbreaks according to established procedures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center NZISM_v3.7 18.4.10.C.01. NZISM_v3.7_18.4.10.C.01. NZISM v3.7 18.4.10.C.01. 18.4.10.C.01. - ensure user awareness of the policies, and handling outbreaks according to established procedures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center NZISM_v3.7 18.4.10.C.01. NZISM_v3.7_18.4.10.C.01. NZISM v3.7 18.4.10.C.01. 18.4.10.C.01. - ensure user awareness of the policies, and handling outbreaks according to established procedures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center NZISM_v3.7 18.4.10.C.01. NZISM_v3.7_18.4.10.C.01. NZISM v3.7 18.4.10.C.01. 18.4.10.C.01. - ensure user awareness of the policies, and handling outbreaks according to established procedures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network NZISM_v3.7 19.1.10.C.01. NZISM_v3.7_19.1.10.C.01. NZISM v3.7 19.1.10.C.01. 19.1.10.C.01. - ensure that the security requirements are consistently upheld throughout the network hierarchy, from the lowest to the highest networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center NZISM_v3.7 19.1.11.C.01. NZISM_v3.7_19.1.11.C.01. NZISM v3.7 19.1.11.C.01. 19.1.11.C.01. - ensure network protection through gateway mechanisms. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning NZISM_v3.7 19.1.11.C.02. NZISM_v3.7_19.1.11.C.02. NZISM v3.7 19.1.11.C.02. 19.1.11.C.02. - maintain security and integrity across domains. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring NZISM_v3.7 19.1.12.C.01. NZISM_v3.7_19.1.12.C.01. NZISM v3.7 19.1.12.C.01. 19.1.12.C.01. - minimize security risks and ensure effective control over network communications NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring NZISM_v3.7 19.1.14.C.01. NZISM_v3.7_19.1.14.C.01. NZISM v3.7 19.1.14.C.01. 19.1.14.C.01. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NZISM_v3.7 19.1.14.C.02. NZISM_v3.7_19.1.14.C.02. NZISM v3.7 19.1.14.C.02. 19.1.14.C.02. - enhance security by segregating resources from the internal network. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NZISM_v3.7 19.1.19.C.01. NZISM_v3.7_19.1.19.C.01. NZISM v3.7 19.1.19.C.01. 19.1.19.C.01. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration NZISM_v3.7 19.1.20.C.01. NZISM_v3.7_19.1.20.C.01. NZISM v3.7 19.1.20.C.01. 19.1.20.C.01. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration NZISM_v3.7 19.1.20.C.01. NZISM_v3.7_19.1.20.C.01. NZISM v3.7 19.1.20.C.01. 19.1.20.C.01. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning NZISM_v3.7 19.1.20.C.01. NZISM_v3.7_19.1.20.C.01. NZISM v3.7 19.1.20.C.01. 19.1.20.C.01. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration NZISM_v3.7 19.1.20.C.01. NZISM_v3.7_19.1.20.C.01. NZISM v3.7 19.1.20.C.01. 19.1.20.C.01. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL NZISM_v3.7 19.1.20.C.01. NZISM_v3.7_19.1.20.C.01. NZISM v3.7 19.1.20.C.01. 19.1.20.C.01. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL NZISM_v3.7 19.1.20.C.01. NZISM_v3.7_19.1.20.C.01. NZISM v3.7 19.1.20.C.01. 19.1.20.C.01. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration NZISM_v3.7 19.1.20.C.01. NZISM_v3.7_19.1.20.C.01. NZISM v3.7 19.1.20.C.01. 19.1.20.C.01. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance NZISM_v3.7 19.1.20.C.01. NZISM_v3.7_19.1.20.C.01. NZISM v3.7 19.1.20.C.01. 19.1.20.C.01. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute NZISM_v3.7 19.1.20.C.01. NZISM_v3.7_19.1.20.C.01. NZISM v3.7 19.1.20.C.01. 19.1.20.C.01. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL NZISM_v3.7 19.1.20.C.01. NZISM_v3.7_19.1.20.C.01. NZISM v3.7 19.1.20.C.01. 19.1.20.C.01. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network NZISM_v3.7 19.1.20.C.01. NZISM_v3.7_19.1.20.C.01. NZISM v3.7 19.1.20.C.01. 19.1.20.C.01. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub NZISM_v3.7 19.1.20.C.01. NZISM_v3.7_19.1.20.C.01. NZISM v3.7 19.1.20.C.01. 19.1.20.C.01. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration NZISM_v3.7 19.1.20.C.01. NZISM_v3.7_19.1.20.C.01. NZISM v3.7 19.1.20.C.01. 19.1.20.C.01. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring NZISM_v3.7 19.1.20.C.01. NZISM_v3.7_19.1.20.C.01. NZISM v3.7 19.1.20.C.01. 19.1.20.C.01. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center NZISM_v3.7 19.1.20.C.01. NZISM_v3.7_19.1.20.C.01. NZISM v3.7 19.1.20.C.01. 19.1.20.C.01. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL NZISM_v3.7 19.1.20.C.01. NZISM_v3.7_19.1.20.C.01. NZISM v3.7 19.1.20.C.01. 19.1.20.C.01. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault NZISM_v3.7 19.1.20.C.01. NZISM_v3.7_19.1.20.C.01. NZISM v3.7 19.1.20.C.01. 19.1.20.C.01. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage NZISM_v3.7 19.1.20.C.01. NZISM_v3.7_19.1.20.C.01. NZISM v3.7 19.1.20.C.01. 19.1.20.C.01. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration NZISM_v3.7 19.1.20.C.01. NZISM_v3.7_19.1.20.C.01. NZISM v3.7 19.1.20.C.01. 19.1.20.C.01. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NZISM_v3.7 19.1.20.C.01. NZISM_v3.7_19.1.20.C.01. NZISM v3.7 19.1.20.C.01. 19.1.20.C.01. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NZISM_v3.7 19.1.20.C.01. NZISM_v3.7_19.1.20.C.01. NZISM v3.7 19.1.20.C.01. 19.1.20.C.01. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NZISM_v3.7 19.1.20.C.01. NZISM_v3.7_19.1.20.C.01. NZISM v3.7 19.1.20.C.01. 19.1.20.C.01. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration NZISM_v3.7 19.1.20.C.01. NZISM_v3.7_19.1.20.C.01. NZISM v3.7 19.1.20.C.01. 19.1.20.C.01. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration NZISM_v3.7 19.1.20.C.01. NZISM_v3.7_19.1.20.C.01. NZISM v3.7 19.1.20.C.01. 19.1.20.C.01. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub NZISM_v3.7 19.1.20.C.02. NZISM_v3.7_19.1.20.C.02. NZISM v3.7 19.1.20.C.02. 19.1.20.C.02. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NZISM_v3.7 19.1.20.C.02. NZISM_v3.7_19.1.20.C.02. NZISM v3.7 19.1.20.C.02. 19.1.20.C.02. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration NZISM_v3.7 19.1.20.C.02. NZISM_v3.7_19.1.20.C.02. NZISM v3.7 19.1.20.C.02. 19.1.20.C.02. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NZISM_v3.7 19.1.20.C.02. NZISM_v3.7_19.1.20.C.02. NZISM v3.7 19.1.20.C.02. 19.1.20.C.02. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage NZISM_v3.7 19.1.20.C.02. NZISM_v3.7_19.1.20.C.02. NZISM v3.7 19.1.20.C.02. 19.1.20.C.02. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning NZISM_v3.7 19.1.20.C.02. NZISM_v3.7_19.1.20.C.02. NZISM v3.7 19.1.20.C.02. 19.1.20.C.02. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL NZISM_v3.7 19.1.20.C.02. NZISM_v3.7_19.1.20.C.02. NZISM v3.7 19.1.20.C.02. 19.1.20.C.02. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance NZISM_v3.7 19.1.20.C.02. NZISM_v3.7_19.1.20.C.02. NZISM v3.7 19.1.20.C.02. 19.1.20.C.02. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network NZISM_v3.7 19.1.20.C.02. NZISM_v3.7_19.1.20.C.02. NZISM v3.7 19.1.20.C.02. 19.1.20.C.02. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL NZISM_v3.7 19.1.20.C.02. NZISM_v3.7_19.1.20.C.02. NZISM v3.7 19.1.20.C.02. 19.1.20.C.02. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center NZISM_v3.7 19.1.20.C.02. NZISM_v3.7_19.1.20.C.02. NZISM v3.7 19.1.20.C.02. 19.1.20.C.02. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL NZISM_v3.7 19.1.20.C.02. NZISM_v3.7_19.1.20.C.02. NZISM v3.7 19.1.20.C.02. 19.1.20.C.02. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute NZISM_v3.7 19.1.20.C.02. NZISM_v3.7_19.1.20.C.02. NZISM v3.7 19.1.20.C.02. 19.1.20.C.02. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL NZISM_v3.7 19.1.20.C.02. NZISM_v3.7_19.1.20.C.02. NZISM v3.7 19.1.20.C.02. 19.1.20.C.02. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring NZISM_v3.7 19.1.20.C.02. NZISM_v3.7_19.1.20.C.02. NZISM v3.7 19.1.20.C.02. 19.1.20.C.02. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network NZISM_v3.7 19.1.20.C.03. NZISM_v3.7_19.1.20.C.03. NZISM v3.7 19.1.20.C.03. 19.1.20.C.03. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance NZISM_v3.7 19.1.20.C.03. NZISM_v3.7_19.1.20.C.03. NZISM v3.7 19.1.20.C.03. 19.1.20.C.03. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL NZISM_v3.7 19.1.20.C.03. NZISM_v3.7_19.1.20.C.03. NZISM v3.7 19.1.20.C.03. 19.1.20.C.03. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL NZISM_v3.7 19.1.20.C.03. NZISM_v3.7_19.1.20.C.03. NZISM v3.7 19.1.20.C.03. 19.1.20.C.03. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration NZISM_v3.7 19.1.20.C.03. NZISM_v3.7_19.1.20.C.03. NZISM v3.7 19.1.20.C.03. 19.1.20.C.03. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL NZISM_v3.7 19.1.20.C.03. NZISM_v3.7_19.1.20.C.03. NZISM v3.7 19.1.20.C.03. 19.1.20.C.03. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring NZISM_v3.7 19.1.20.C.03. NZISM_v3.7_19.1.20.C.03. NZISM v3.7 19.1.20.C.03. 19.1.20.C.03. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NZISM_v3.7 19.1.20.C.03. NZISM_v3.7_19.1.20.C.03. NZISM v3.7 19.1.20.C.03. 19.1.20.C.03. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute NZISM_v3.7 19.1.20.C.03. NZISM_v3.7_19.1.20.C.03. NZISM v3.7 19.1.20.C.03. 19.1.20.C.03. - reduce the risk of unauthorized access or misuse. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NZISM_v3.7 19.1.22.C.02. NZISM_v3.7_19.1.22.C.02. NZISM v3.7 19.1.22.C.02. 19.1.22.C.02. - ensure transparency, accountability, and adherence to established procedures for maintaining network security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center NZISM_v3.7 19.1.22.C.02. NZISM_v3.7_19.1.22.C.02. NZISM v3.7 19.1.22.C.02. 19.1.22.C.02. - ensure transparency, accountability, and adherence to established procedures for maintaining network security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center NZISM_v3.7 19.1.22.C.02. NZISM_v3.7_19.1.22.C.02. NZISM v3.7 19.1.22.C.02. 19.1.22.C.02. - ensure transparency, accountability, and adherence to established procedures for maintaining network security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault NZISM_v3.7 19.1.22.C.02. NZISM_v3.7_19.1.22.C.02. NZISM v3.7 19.1.22.C.02. 19.1.22.C.02. - ensure transparency, accountability, and adherence to established procedures for maintaining network security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault NZISM_v3.7 19.1.22.C.02. NZISM_v3.7_19.1.22.C.02. NZISM v3.7 19.1.22.C.02. 19.1.22.C.02. - ensure transparency, accountability, and adherence to established procedures for maintaining network security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance NZISM_v3.7 19.2.16.C.02. NZISM_v3.7_19.2.16.C.02. NZISM v3.7 19.2.16.C.02. 19.2.16.C.02. - maintain security and prevent unauthorized access or disclosure of sensitive information. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network NZISM_v3.7 19.2.18.C.01. NZISM_v3.7_19.2.18.C.01. NZISM v3.7 19.2.18.C.01. 19.2.18.C.01. - enhance data security and prevent unauthorized access or leakage between classified networks and less classified networks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services NZISM_v3.7 19.2.19.C.01. NZISM_v3.7_19.2.19.C.01. NZISM v3.7 19.2.19.C.01. 19.2.19.C.01. - ensure the integrity and reliability of information accessed or received. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things NZISM_v3.7 19.2.19.C.02. NZISM_v3.7_19.2.19.C.02. NZISM v3.7 19.2.19.C.02. 19.2.19.C.02. - reduce the risk of unauthorized data transfers and potential breaches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring NZISM_v3.7 19.2.19.C.02. NZISM_v3.7_19.2.19.C.02. NZISM v3.7 19.2.19.C.02. 19.2.19.C.02. - reduce the risk of unauthorized data transfers and potential breaches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NZISM_v3.7 19.2.19.C.02. NZISM_v3.7_19.2.19.C.02. NZISM v3.7 19.2.19.C.02. 19.2.19.C.02. - reduce the risk of unauthorized data transfers and potential breaches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NZISM_v3.7 19.2.19.C.02. NZISM_v3.7_19.2.19.C.02. NZISM v3.7 19.2.19.C.02. 19.2.19.C.02. - reduce the risk of unauthorized data transfers and potential breaches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring NZISM_v3.7 19.2.19.C.02. NZISM_v3.7_19.2.19.C.02. NZISM v3.7 19.2.19.C.02. 19.2.19.C.02. - reduce the risk of unauthorized data transfers and potential breaches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network NZISM_v3.7 19.2.19.C.02. NZISM_v3.7_19.2.19.C.02. NZISM v3.7 19.2.19.C.02. 19.2.19.C.02. - reduce the risk of unauthorized data transfers and potential breaches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center NZISM_v3.7 19.2.19.C.02. NZISM_v3.7_19.2.19.C.02. NZISM v3.7 19.2.19.C.02. 19.2.19.C.02. - reduce the risk of unauthorized data transfers and potential breaches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL NZISM_v3.7 19.2.19.C.02. NZISM_v3.7_19.2.19.C.02. NZISM v3.7 19.2.19.C.02. 19.2.19.C.02. - reduce the risk of unauthorized data transfers and potential breaches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL NZISM_v3.7 19.2.19.C.02. NZISM_v3.7_19.2.19.C.02. NZISM v3.7 19.2.19.C.02. 19.2.19.C.02. - reduce the risk of unauthorized data transfers and potential breaches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network NZISM_v3.7 19.2.19.C.02. NZISM_v3.7_19.2.19.C.02. NZISM v3.7 19.2.19.C.02. 19.2.19.C.02. - reduce the risk of unauthorized data transfers and potential breaches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration NZISM_v3.7 19.2.19.C.02. NZISM_v3.7_19.2.19.C.02. NZISM v3.7 19.2.19.C.02. 19.2.19.C.02. - reduce the risk of unauthorized data transfers and potential breaches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring NZISM_v3.7 19.2.19.C.02. NZISM_v3.7_19.2.19.C.02. NZISM v3.7 19.2.19.C.02. 19.2.19.C.02. - reduce the risk of unauthorized data transfers and potential breaches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network NZISM_v3.7 19.2.19.C.02. NZISM_v3.7_19.2.19.C.02. NZISM v3.7 19.2.19.C.02. 19.2.19.C.02. - reduce the risk of unauthorized data transfers and potential breaches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network NZISM_v3.7 19.2.19.C.02. NZISM_v3.7_19.2.19.C.02. NZISM v3.7 19.2.19.C.02. 19.2.19.C.02. - reduce the risk of unauthorized data transfers and potential breaches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network NZISM_v3.7 19.2.19.C.02. NZISM_v3.7_19.2.19.C.02. NZISM v3.7 19.2.19.C.02. 19.2.19.C.02. - reduce the risk of unauthorized data transfers and potential breaches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault NZISM_v3.7 19.2.19.C.02. NZISM_v3.7_19.2.19.C.02. NZISM v3.7 19.2.19.C.02. 19.2.19.C.02. - reduce the risk of unauthorized data transfers and potential breaches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NZISM_v3.7 19.2.19.C.02. NZISM_v3.7_19.2.19.C.02. NZISM v3.7 19.2.19.C.02. 19.2.19.C.02. - reduce the risk of unauthorized data transfers and potential breaches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NZISM_v3.7 19.2.19.C.02. NZISM_v3.7_19.2.19.C.02. NZISM v3.7 19.2.19.C.02. 19.2.19.C.02. - reduce the risk of unauthorized data transfers and potential breaches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning NZISM_v3.7 19.2.19.C.02. NZISM_v3.7_19.2.19.C.02. NZISM v3.7 19.2.19.C.02. 19.2.19.C.02. - reduce the risk of unauthorized data transfers and potential breaches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NZISM_v3.7 19.2.19.C.02. NZISM_v3.7_19.2.19.C.02. NZISM v3.7 19.2.19.C.02. 19.2.19.C.02. - reduce the risk of unauthorized data transfers and potential breaches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NZISM_v3.7 19.2.19.C.02. NZISM_v3.7_19.2.19.C.02. NZISM v3.7 19.2.19.C.02. 19.2.19.C.02. - reduce the risk of unauthorized data transfers and potential breaches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NZISM_v3.7 19.2.19.C.02. NZISM_v3.7_19.2.19.C.02. NZISM v3.7 19.2.19.C.02. 19.2.19.C.02. - reduce the risk of unauthorized data transfers and potential breaches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance NZISM_v3.7 19.2.19.C.02. NZISM_v3.7_19.2.19.C.02. NZISM v3.7 19.2.19.C.02. 19.2.19.C.02. - reduce the risk of unauthorized data transfers and potential breaches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network NZISM_v3.7 19.2.19.C.02. NZISM_v3.7_19.2.19.C.02. NZISM v3.7 19.2.19.C.02. 19.2.19.C.02. - reduce the risk of unauthorized data transfers and potential breaches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services NZISM_v3.7 19.2.19.C.02. NZISM_v3.7_19.2.19.C.02. NZISM v3.7 19.2.19.C.02. 19.2.19.C.02. - reduce the risk of unauthorized data transfers and potential breaches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network NZISM_v3.7 19.2.19.C.02. NZISM_v3.7_19.2.19.C.02. NZISM v3.7 19.2.19.C.02. 19.2.19.C.02. - reduce the risk of unauthorized data transfers and potential breaches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration NZISM_v3.7 19.2.19.C.02. NZISM_v3.7_19.2.19.C.02. NZISM v3.7 19.2.19.C.02. 19.2.19.C.02. - reduce the risk of unauthorized data transfers and potential breaches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance NZISM_v3.7 19.2.19.C.02. NZISM_v3.7_19.2.19.C.02. NZISM v3.7 19.2.19.C.02. 19.2.19.C.02. - reduce the risk of unauthorized data transfers and potential breaches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NZISM_v3.7 19.2.19.C.02. NZISM_v3.7_19.2.19.C.02. NZISM v3.7 19.2.19.C.02. 19.2.19.C.02. - reduce the risk of unauthorized data transfers and potential breaches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NZISM_v3.7 19.2.20.C.01. NZISM_v3.7_19.2.20.C.01. NZISM v3.7 19.2.20.C.01. 19.2.20.C.01. - enhance security measures and enable timely detection and response to potential security incidents or breaches. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NZISM_v3.7 19.3.8.C.01. NZISM_v3.7_19.3.8.C.01. NZISM v3.7 19.3.8.C.01. 19.3.8.C.01. - enhance network security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NZISM_v3.7 19.3.8.C.01. NZISM_v3.7_19.3.8.C.01. NZISM v3.7 19.3.8.C.01. 19.3.8.C.01. - enhance network security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network NZISM_v3.7 19.3.8.C.01. NZISM_v3.7_19.3.8.C.01. NZISM v3.7 19.3.8.C.01. 19.3.8.C.01. - enhance network security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services NZISM_v3.7 19.3.8.C.01. NZISM_v3.7_19.3.8.C.01. NZISM v3.7 19.3.8.C.01. 19.3.8.C.01. - enhance network security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NZISM_v3.7 19.3.8.C.01. NZISM_v3.7_19.3.8.C.01. NZISM v3.7 19.3.8.C.01. 19.3.8.C.01. - enhance network security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning NZISM_v3.7 19.3.8.C.01. NZISM_v3.7_19.3.8.C.01. NZISM v3.7 19.3.8.C.01. 19.3.8.C.01. - enhance network security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network NZISM_v3.7 19.3.8.C.01. NZISM_v3.7_19.3.8.C.01. NZISM v3.7 19.3.8.C.01. 19.3.8.C.01. - enhance network security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network NZISM_v3.7 19.3.8.C.01. NZISM_v3.7_19.3.8.C.01. NZISM v3.7 19.3.8.C.01. 19.3.8.C.01. - enhance network security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL NZISM_v3.7 19.3.8.C.01. NZISM_v3.7_19.3.8.C.01. NZISM v3.7 19.3.8.C.01. 19.3.8.C.01. - enhance network security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network NZISM_v3.7 19.3.8.C.01. NZISM_v3.7_19.3.8.C.01. NZISM v3.7 19.3.8.C.01. 19.3.8.C.01. - enhance network security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network NZISM_v3.7 19.3.8.C.01. NZISM_v3.7_19.3.8.C.01. NZISM v3.7 19.3.8.C.01. 19.3.8.C.01. - enhance network security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network NZISM_v3.7 19.3.8.C.01. NZISM_v3.7_19.3.8.C.01. NZISM v3.7 19.3.8.C.01. 19.3.8.C.01. - enhance network security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NZISM_v3.7 19.3.8.C.03. NZISM_v3.7_19.3.8.C.03. NZISM v3.7 19.3.8.C.03. 19.3.8.C.03. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network NZISM_v3.7 19.3.8.C.03. NZISM_v3.7_19.3.8.C.03. NZISM v3.7 19.3.8.C.03. 19.3.8.C.03. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NZISM_v3.7 19.3.8.C.03. NZISM_v3.7_19.3.8.C.03. NZISM v3.7 19.3.8.C.03. 19.3.8.C.03. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring NZISM_v3.7 19.3.8.C.03. NZISM_v3.7_19.3.8.C.03. NZISM v3.7 19.3.8.C.03. 19.3.8.C.03. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things NZISM_v3.7 19.3.8.C.03. NZISM_v3.7_19.3.8.C.03. NZISM v3.7 19.3.8.C.03. 19.3.8.C.03. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NZISM_v3.7 19.3.8.C.03. NZISM_v3.7_19.3.8.C.03. NZISM v3.7 19.3.8.C.03. 19.3.8.C.03. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning NZISM_v3.7 19.3.8.C.03. NZISM_v3.7_19.3.8.C.03. NZISM v3.7 19.3.8.C.03. 19.3.8.C.03. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration NZISM_v3.7 19.3.8.C.03. NZISM_v3.7_19.3.8.C.03. NZISM v3.7 19.3.8.C.03. 19.3.8.C.03. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NZISM_v3.7 19.3.8.C.03. NZISM_v3.7_19.3.8.C.03. NZISM v3.7 19.3.8.C.03. 19.3.8.C.03. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL NZISM_v3.7 19.3.8.C.03. NZISM_v3.7_19.3.8.C.03. NZISM v3.7 19.3.8.C.03. 19.3.8.C.03. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network NZISM_v3.7 19.3.8.C.03. NZISM_v3.7_19.3.8.C.03. NZISM v3.7 19.3.8.C.03. 19.3.8.C.03. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NZISM_v3.7 19.3.8.C.03. NZISM_v3.7_19.3.8.C.03. NZISM v3.7 19.3.8.C.03. 19.3.8.C.03. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network NZISM_v3.7 19.3.8.C.03. NZISM_v3.7_19.3.8.C.03. NZISM v3.7 19.3.8.C.03. 19.3.8.C.03. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network NZISM_v3.7 19.3.8.C.03. NZISM_v3.7_19.3.8.C.03. NZISM v3.7 19.3.8.C.03. 19.3.8.C.03. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration NZISM_v3.7 19.3.8.C.03. NZISM_v3.7_19.3.8.C.03. NZISM v3.7 19.3.8.C.03. 19.3.8.C.03. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring NZISM_v3.7 19.3.8.C.03. NZISM_v3.7_19.3.8.C.03. NZISM v3.7 19.3.8.C.03. 19.3.8.C.03. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network NZISM_v3.7 19.3.8.C.03. NZISM_v3.7_19.3.8.C.03. NZISM v3.7 19.3.8.C.03. 19.3.8.C.03. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring NZISM_v3.7 19.3.8.C.03. NZISM_v3.7_19.3.8.C.03. NZISM v3.7 19.3.8.C.03. 19.3.8.C.03. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network NZISM_v3.7 19.3.8.C.03. NZISM_v3.7_19.3.8.C.03. NZISM v3.7 19.3.8.C.03. 19.3.8.C.03. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NZISM_v3.7 19.3.8.C.04. NZISM_v3.7_19.3.8.C.04. NZISM v3.7 19.3.8.C.04. 19.3.8.C.04. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration NZISM_v3.7 19.3.8.C.04. NZISM_v3.7_19.3.8.C.04. NZISM v3.7 19.3.8.C.04. 19.3.8.C.04. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring NZISM_v3.7 19.3.8.C.04. NZISM_v3.7_19.3.8.C.04. NZISM v3.7 19.3.8.C.04. 19.3.8.C.04. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NZISM_v3.7 19.3.8.C.04. NZISM_v3.7_19.3.8.C.04. NZISM v3.7 19.3.8.C.04. 19.3.8.C.04. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network NZISM_v3.7 19.3.8.C.04. NZISM_v3.7_19.3.8.C.04. NZISM v3.7 19.3.8.C.04. 19.3.8.C.04. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network NZISM_v3.7 19.3.8.C.04. NZISM_v3.7_19.3.8.C.04. NZISM v3.7 19.3.8.C.04. 19.3.8.C.04. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning NZISM_v3.7 19.3.8.C.04. NZISM_v3.7_19.3.8.C.04. NZISM v3.7 19.3.8.C.04. 19.3.8.C.04. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NZISM_v3.7 19.3.8.C.04. NZISM_v3.7_19.3.8.C.04. NZISM v3.7 19.3.8.C.04. 19.3.8.C.04. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network NZISM_v3.7 19.3.8.C.04. NZISM_v3.7_19.3.8.C.04. NZISM v3.7 19.3.8.C.04. 19.3.8.C.04. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL NZISM_v3.7 19.3.8.C.04. NZISM_v3.7_19.3.8.C.04. NZISM v3.7 19.3.8.C.04. 19.3.8.C.04. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring NZISM_v3.7 19.3.8.C.04. NZISM_v3.7_19.3.8.C.04. NZISM v3.7 19.3.8.C.04. 19.3.8.C.04. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network NZISM_v3.7 19.3.8.C.04. NZISM_v3.7_19.3.8.C.04. NZISM v3.7 19.3.8.C.04. 19.3.8.C.04. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network NZISM_v3.7 19.3.8.C.04. NZISM_v3.7_19.3.8.C.04. NZISM v3.7 19.3.8.C.04. 19.3.8.C.04. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network NZISM_v3.7 19.3.8.C.04. NZISM_v3.7_19.3.8.C.04. NZISM v3.7 19.3.8.C.04. 19.3.8.C.04. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring NZISM_v3.7 19.3.8.C.04. NZISM_v3.7_19.3.8.C.04. NZISM v3.7 19.3.8.C.04. 19.3.8.C.04. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring NZISM_v3.7 19.3.9.C.01. NZISM_v3.7_19.3.9.C.01. NZISM v3.7 19.3.9.C.01. 19.3.9.C.01. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network NZISM_v3.7 19.3.9.C.01. NZISM_v3.7_19.3.9.C.01. NZISM v3.7 19.3.9.C.01. 19.3.9.C.01. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning NZISM_v3.7 19.3.9.C.01. NZISM_v3.7_19.3.9.C.01. NZISM v3.7 19.3.9.C.01. 19.3.9.C.01. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL NZISM_v3.7 19.3.9.C.01. NZISM_v3.7_19.3.9.C.01. NZISM v3.7 19.3.9.C.01. 19.3.9.C.01. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration NZISM_v3.7 19.3.9.C.01. NZISM_v3.7_19.3.9.C.01. NZISM v3.7 19.3.9.C.01. 19.3.9.C.01. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network NZISM_v3.7 19.3.9.C.01. NZISM_v3.7_19.3.9.C.01. NZISM v3.7 19.3.9.C.01. 19.3.9.C.01. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network NZISM_v3.7 19.3.9.C.01. NZISM_v3.7_19.3.9.C.01. NZISM v3.7 19.3.9.C.01. 19.3.9.C.01. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NZISM_v3.7 19.3.9.C.01. NZISM_v3.7_19.3.9.C.01. NZISM v3.7 19.3.9.C.01. 19.3.9.C.01. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network NZISM_v3.7 19.3.9.C.01. NZISM_v3.7_19.3.9.C.01. NZISM v3.7 19.3.9.C.01. 19.3.9.C.01. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network NZISM_v3.7 19.3.9.C.01. NZISM_v3.7_19.3.9.C.01. NZISM v3.7 19.3.9.C.01. 19.3.9.C.01. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network NZISM_v3.7 19.3.9.C.01. NZISM_v3.7_19.3.9.C.01. NZISM v3.7 19.3.9.C.01. 19.3.9.C.01. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NZISM_v3.7 19.3.9.C.01. NZISM_v3.7_19.3.9.C.01. NZISM v3.7 19.3.9.C.01. 19.3.9.C.01. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NZISM_v3.7 19.3.9.C.01. NZISM_v3.7_19.3.9.C.01. NZISM v3.7 19.3.9.C.01. 19.3.9.C.01. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring NZISM_v3.7 19.3.9.C.01. NZISM_v3.7_19.3.9.C.01. NZISM v3.7 19.3.9.C.01. 19.3.9.C.01. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring NZISM_v3.7 19.3.9.C.01. NZISM_v3.7_19.3.9.C.01. NZISM v3.7 19.3.9.C.01. 19.3.9.C.01. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring NZISM_v3.7 19.3.9.C.02. NZISM_v3.7_19.3.9.C.02. NZISM v3.7 19.3.9.C.02. 19.3.9.C.02. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NZISM_v3.7 19.3.9.C.02. NZISM_v3.7_19.3.9.C.02. NZISM v3.7 19.3.9.C.02. 19.3.9.C.02. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring NZISM_v3.7 19.3.9.C.02. NZISM_v3.7_19.3.9.C.02. NZISM v3.7 19.3.9.C.02. 19.3.9.C.02. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring NZISM_v3.7 19.3.9.C.02. NZISM_v3.7_19.3.9.C.02. NZISM v3.7 19.3.9.C.02. 19.3.9.C.02. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration NZISM_v3.7 19.3.9.C.02. NZISM_v3.7_19.3.9.C.02. NZISM v3.7 19.3.9.C.02. 19.3.9.C.02. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring NZISM_v3.7 19.3.9.C.03. NZISM_v3.7_19.3.9.C.03. NZISM v3.7 19.3.9.C.03. 19.3.9.C.03. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration NZISM_v3.7 19.3.9.C.03. NZISM_v3.7_19.3.9.C.03. NZISM v3.7 19.3.9.C.03. 19.3.9.C.03. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring NZISM_v3.7 19.3.9.C.03. NZISM_v3.7_19.3.9.C.03. NZISM v3.7 19.3.9.C.03. 19.3.9.C.03. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring NZISM_v3.7 19.3.9.C.03. NZISM_v3.7_19.3.9.C.03. NZISM v3.7 19.3.9.C.03. 19.3.9.C.03. - minimise the risk of unauthorized access or data leakage between networks NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NZISM_v3.7 19.5.29.C.01. NZISM_v3.7_19.5.29.C.01. NZISM v3.7 19.5.29.C.01. 19.5.29.C.01. - enhance security measures and protect agency assets. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration NZISM_v3.7 19.5.29.C.01. NZISM_v3.7_19.5.29.C.01. NZISM v3.7 19.5.29.C.01. 19.5.29.C.01. - enhance security measures and protect agency assets. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration NZISM_v3.7 19.5.29.C.01. NZISM_v3.7_19.5.29.C.01. NZISM v3.7 19.5.29.C.01. 19.5.29.C.01. - enhance security measures and protect agency assets. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration NZISM_v3.7 2.1.49.C.01. NZISM_v3.7_2.1.49.C.01. NZISM v3.7 2.1.49.C.01. 2.1.49.C.01. - facilitate collaboration and access to resources for effective security management and response. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration NZISM_v3.7 2.1.49.C.01. NZISM_v3.7_2.1.49.C.01. NZISM v3.7 2.1.49.C.01. 2.1.49.C.01. - facilitate collaboration and access to resources for effective security management and response. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NZISM_v3.7 2.1.49.C.01. NZISM_v3.7_2.1.49.C.01. NZISM v3.7 2.1.49.C.01. 2.1.49.C.01. - facilitate collaboration and access to resources for effective security management and response. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NZISM_v3.7 2.1.49.C.01. NZISM_v3.7_2.1.49.C.01. NZISM v3.7 2.1.49.C.01. 2.1.49.C.01. - facilitate collaboration and access to resources for effective security management and response. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center NZISM_v3.7 2.3.26.C.01. NZISM_v3.7_2.3.26.C.01. NZISM v3.7 2.3.26.C.01. 2.3.26.C.01. - enhance security measures and minimise trust assumptions in cloud environments. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NZISM_v3.7 2.3.26.C.01. NZISM_v3.7_2.3.26.C.01. NZISM v3.7 2.3.26.C.01. 2.3.26.C.01. - enhance security measures and minimise trust assumptions in cloud environments. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration NZISM_v3.7 2.3.26.C.01. NZISM_v3.7_2.3.26.C.01. NZISM v3.7 2.3.26.C.01. 2.3.26.C.01. - enhance security measures and minimise trust assumptions in cloud environments. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault NZISM_v3.7 2.3.26.C.01. NZISM_v3.7_2.3.26.C.01. NZISM v3.7 2.3.26.C.01. 2.3.26.C.01. - enhance security measures and minimise trust assumptions in cloud environments. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration NZISM_v3.7 20.4.4.C.01. NZISM_v3.7_20.4.4.C.01. NZISM v3.7 20.4.4.C.01. 20.4.4.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NZISM_v3.7 20.4.4.C.01. NZISM_v3.7_20.4.4.C.01. NZISM v3.7 20.4.4.C.01. 20.4.4.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub NZISM_v3.7 20.4.4.C.01. NZISM_v3.7_20.4.4.C.01. NZISM v3.7 20.4.4.C.01. 20.4.4.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NZISM_v3.7 20.4.4.C.01. NZISM_v3.7_20.4.4.C.01. NZISM v3.7 20.4.4.C.01. 20.4.4.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NZISM_v3.7 20.4.4.C.01. NZISM_v3.7_20.4.4.C.01. NZISM v3.7 20.4.4.C.01. 20.4.4.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration NZISM_v3.7 20.4.4.C.01. NZISM_v3.7_20.4.4.C.01. NZISM v3.7 20.4.4.C.01. 20.4.4.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus NZISM_v3.7 20.4.4.C.01. NZISM_v3.7_20.4.4.C.01. NZISM v3.7 20.4.4.C.01. 20.4.4.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB NZISM_v3.7 20.4.4.C.01. NZISM_v3.7_20.4.4.C.01. NZISM v3.7 20.4.4.C.01. 20.4.4.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NZISM_v3.7 20.4.4.C.01. NZISM_v3.7_20.4.4.C.01. NZISM v3.7 20.4.4.C.01. 20.4.4.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NZISM_v3.7 20.4.4.C.01. NZISM_v3.7_20.4.4.C.01. NZISM v3.7 20.4.4.C.01. 20.4.4.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NZISM_v3.7 20.4.4.C.01. NZISM_v3.7_20.4.4.C.01. NZISM v3.7 20.4.4.C.01. 20.4.4.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NZISM_v3.7 20.4.4.C.01. NZISM_v3.7_20.4.4.C.01. NZISM v3.7 20.4.4.C.01. 20.4.4.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute NZISM_v3.7 20.4.4.C.01. NZISM_v3.7_20.4.4.C.01. NZISM v3.7 20.4.4.C.01. 20.4.4.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NZISM_v3.7 20.4.4.C.01. NZISM_v3.7_20.4.4.C.01. NZISM v3.7 20.4.4.C.01. 20.4.4.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NZISM_v3.7 20.4.4.C.01. NZISM_v3.7_20.4.4.C.01. NZISM v3.7 20.4.4.C.01. 20.4.4.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR NZISM_v3.7 20.4.4.C.01. NZISM_v3.7_20.4.4.C.01. NZISM v3.7 20.4.4.C.01. 20.4.4.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes NZISM_v3.7 20.4.4.C.01. NZISM_v3.7_20.4.4.C.01. NZISM v3.7 20.4.4.C.01. 20.4.4.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NZISM_v3.7 20.4.4.C.01. NZISM_v3.7_20.4.4.C.01. NZISM v3.7 20.4.4.C.01. 20.4.4.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NZISM_v3.7 20.4.4.C.01. NZISM_v3.7_20.4.4.C.01. NZISM v3.7 20.4.4.C.01. 20.4.4.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning NZISM_v3.7 20.4.4.C.01. NZISM_v3.7_20.4.4.C.01. NZISM v3.7 20.4.4.C.01. 20.4.4.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NZISM_v3.7 20.4.4.C.01. NZISM_v3.7_20.4.4.C.01. NZISM v3.7 20.4.4.C.01. 20.4.4.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NZISM_v3.7 20.4.4.C.01. NZISM_v3.7_20.4.4.C.01. NZISM v3.7 20.4.4.C.01. 20.4.4.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration NZISM_v3.7 20.4.4.C.01. NZISM_v3.7_20.4.4.C.01. NZISM v3.7 20.4.4.C.01. 20.4.4.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus NZISM_v3.7 20.4.4.C.02. NZISM_v3.7_20.4.4.C.02. NZISM v3.7 20.4.4.C.02. 20.4.4.C.02. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NZISM_v3.7 20.4.4.C.02. NZISM_v3.7_20.4.4.C.02. NZISM v3.7 20.4.4.C.02. 20.4.4.C.02. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NZISM_v3.7 20.4.4.C.02. NZISM_v3.7_20.4.4.C.02. NZISM v3.7 20.4.4.C.02. 20.4.4.C.02. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub NZISM_v3.7 20.4.4.C.02. NZISM_v3.7_20.4.4.C.02. NZISM v3.7 20.4.4.C.02. 20.4.4.C.02. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB NZISM_v3.7 20.4.4.C.02. NZISM_v3.7_20.4.4.C.02. NZISM v3.7 20.4.4.C.02. 20.4.4.C.02. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NZISM_v3.7 20.4.4.C.02. NZISM_v3.7_20.4.4.C.02. NZISM v3.7 20.4.4.C.02. 20.4.4.C.02. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NZISM_v3.7 20.4.4.C.02. NZISM_v3.7_20.4.4.C.02. NZISM v3.7 20.4.4.C.02. 20.4.4.C.02. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR NZISM_v3.7 20.4.4.C.02. NZISM_v3.7_20.4.4.C.02. NZISM v3.7 20.4.4.C.02. 20.4.4.C.02. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NZISM_v3.7 20.4.4.C.02. NZISM_v3.7_20.4.4.C.02. NZISM v3.7 20.4.4.C.02. 20.4.4.C.02. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute NZISM_v3.7 20.4.4.C.02. NZISM_v3.7_20.4.4.C.02. NZISM v3.7 20.4.4.C.02. 20.4.4.C.02. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NZISM_v3.7 20.4.4.C.02. NZISM_v3.7_20.4.4.C.02. NZISM v3.7 20.4.4.C.02. 20.4.4.C.02. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes NZISM_v3.7 20.4.4.C.02. NZISM_v3.7_20.4.4.C.02. NZISM v3.7 20.4.4.C.02. 20.4.4.C.02. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration NZISM_v3.7 20.4.4.C.02. NZISM_v3.7_20.4.4.C.02. NZISM v3.7 20.4.4.C.02. 20.4.4.C.02. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NZISM_v3.7 20.4.4.C.02. NZISM_v3.7_20.4.4.C.02. NZISM v3.7 20.4.4.C.02. 20.4.4.C.02. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration NZISM_v3.7 20.4.4.C.02. NZISM_v3.7_20.4.4.C.02. NZISM v3.7 20.4.4.C.02. 20.4.4.C.02. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NZISM_v3.7 20.4.4.C.02. NZISM_v3.7_20.4.4.C.02. NZISM v3.7 20.4.4.C.02. 20.4.4.C.02. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NZISM_v3.7 20.4.4.C.02. NZISM_v3.7_20.4.4.C.02. NZISM v3.7 20.4.4.C.02. 20.4.4.C.02. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration NZISM_v3.7 20.4.4.C.02. NZISM_v3.7_20.4.4.C.02. NZISM v3.7 20.4.4.C.02. 20.4.4.C.02. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NZISM_v3.7 20.4.4.C.02. NZISM_v3.7_20.4.4.C.02. NZISM v3.7 20.4.4.C.02. 20.4.4.C.02. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning NZISM_v3.7 20.4.4.C.02. NZISM_v3.7_20.4.4.C.02. NZISM v3.7 20.4.4.C.02. 20.4.4.C.02. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NZISM_v3.7 20.4.4.C.02. NZISM_v3.7_20.4.4.C.02. NZISM v3.7 20.4.4.C.02. 20.4.4.C.02. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NZISM_v3.7 20.4.4.C.02. NZISM_v3.7_20.4.4.C.02. NZISM v3.7 20.4.4.C.02. 20.4.4.C.02. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NZISM_v3.7 20.4.4.C.02. NZISM_v3.7_20.4.4.C.02. NZISM v3.7 20.4.4.C.02. 20.4.4.C.02. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NZISM_v3.7 20.4.5.C.01. NZISM_v3.7_20.4.5.C.01. NZISM v3.7 20.4.5.C.01. 20.4.5.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR NZISM_v3.7 20.4.5.C.01. NZISM_v3.7_20.4.5.C.01. NZISM v3.7 20.4.5.C.01. 20.4.5.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus NZISM_v3.7 20.4.5.C.01. NZISM_v3.7_20.4.5.C.01. NZISM v3.7 20.4.5.C.01. 20.4.5.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration NZISM_v3.7 20.4.5.C.01. NZISM_v3.7_20.4.5.C.01. NZISM v3.7 20.4.5.C.01. 20.4.5.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NZISM_v3.7 20.4.5.C.01. NZISM_v3.7_20.4.5.C.01. NZISM v3.7 20.4.5.C.01. 20.4.5.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB NZISM_v3.7 20.4.5.C.01. NZISM_v3.7_20.4.5.C.01. NZISM v3.7 20.4.5.C.01. 20.4.5.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub NZISM_v3.7 20.4.5.C.01. NZISM_v3.7_20.4.5.C.01. NZISM v3.7 20.4.5.C.01. 20.4.5.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NZISM_v3.7 20.4.5.C.01. NZISM_v3.7_20.4.5.C.01. NZISM v3.7 20.4.5.C.01. 20.4.5.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NZISM_v3.7 20.4.5.C.01. NZISM_v3.7_20.4.5.C.01. NZISM v3.7 20.4.5.C.01. 20.4.5.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration NZISM_v3.7 20.4.5.C.01. NZISM_v3.7_20.4.5.C.01. NZISM v3.7 20.4.5.C.01. 20.4.5.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NZISM_v3.7 20.4.5.C.01. NZISM_v3.7_20.4.5.C.01. NZISM v3.7 20.4.5.C.01. 20.4.5.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NZISM_v3.7 20.4.5.C.01. NZISM_v3.7_20.4.5.C.01. NZISM v3.7 20.4.5.C.01. 20.4.5.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute NZISM_v3.7 20.4.5.C.01. NZISM_v3.7_20.4.5.C.01. NZISM v3.7 20.4.5.C.01. 20.4.5.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes NZISM_v3.7 20.4.5.C.01. NZISM_v3.7_20.4.5.C.01. NZISM v3.7 20.4.5.C.01. 20.4.5.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NZISM_v3.7 20.4.5.C.01. NZISM_v3.7_20.4.5.C.01. NZISM v3.7 20.4.5.C.01. 20.4.5.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning NZISM_v3.7 20.4.5.C.01. NZISM_v3.7_20.4.5.C.01. NZISM v3.7 20.4.5.C.01. 20.4.5.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NZISM_v3.7 20.4.5.C.01. NZISM_v3.7_20.4.5.C.01. NZISM v3.7 20.4.5.C.01. 20.4.5.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NZISM_v3.7 20.4.5.C.01. NZISM_v3.7_20.4.5.C.01. NZISM v3.7 20.4.5.C.01. 20.4.5.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NZISM_v3.7 20.4.5.C.01. NZISM_v3.7_20.4.5.C.01. NZISM v3.7 20.4.5.C.01. 20.4.5.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NZISM_v3.7 20.4.5.C.01. NZISM_v3.7_20.4.5.C.01. NZISM v3.7 20.4.5.C.01. 20.4.5.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NZISM_v3.7 20.4.5.C.01. NZISM_v3.7_20.4.5.C.01. NZISM v3.7 20.4.5.C.01. 20.4.5.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NZISM_v3.7 20.4.5.C.01. NZISM_v3.7_20.4.5.C.01. NZISM v3.7 20.4.5.C.01. 20.4.5.C.01. - enhance data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus NZISM_v3.7 20.4.5.C.02. NZISM_v3.7_20.4.5.C.02. NZISM v3.7 20.4.5.C.02. 20.4.5.C.02. - bolster data security and compliance measures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NZISM_v3.7 20.4.5.C.02. NZISM_v3.7_20.4.5.C.02. NZISM v3.7 20.4.5.C.02. 20.4.5.C.02. - bolster data security and compliance measures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB NZISM_v3.7 20.4.5.C.02. NZISM_v3.7_20.4.5.C.02. NZISM v3.7 20.4.5.C.02. 20.4.5.C.02. - bolster data security and compliance measures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub NZISM_v3.7 20.4.5.C.02. NZISM_v3.7_20.4.5.C.02. NZISM v3.7 20.4.5.C.02. 20.4.5.C.02. - bolster data security and compliance measures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NZISM_v3.7 20.4.5.C.02. NZISM_v3.7_20.4.5.C.02. NZISM v3.7 20.4.5.C.02. 20.4.5.C.02. - bolster data security and compliance measures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration NZISM_v3.7 20.4.5.C.02. NZISM_v3.7_20.4.5.C.02. NZISM v3.7 20.4.5.C.02. 20.4.5.C.02. - bolster data security and compliance measures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NZISM_v3.7 20.4.5.C.02. NZISM_v3.7_20.4.5.C.02. NZISM v3.7 20.4.5.C.02. 20.4.5.C.02. - bolster data security and compliance measures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NZISM_v3.7 20.4.5.C.02. NZISM_v3.7_20.4.5.C.02. NZISM v3.7 20.4.5.C.02. 20.4.5.C.02. - bolster data security and compliance measures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NZISM_v3.7 20.4.5.C.02. NZISM_v3.7_20.4.5.C.02. NZISM v3.7 20.4.5.C.02. 20.4.5.C.02. - bolster data security and compliance measures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NZISM_v3.7 20.4.5.C.02. NZISM_v3.7_20.4.5.C.02. NZISM v3.7 20.4.5.C.02. 20.4.5.C.02. - bolster data security and compliance measures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NZISM_v3.7 20.4.5.C.02. NZISM_v3.7_20.4.5.C.02. NZISM v3.7 20.4.5.C.02. 20.4.5.C.02. - bolster data security and compliance measures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NZISM_v3.7 20.4.5.C.02. NZISM_v3.7_20.4.5.C.02. NZISM v3.7 20.4.5.C.02. 20.4.5.C.02. - bolster data security and compliance measures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NZISM_v3.7 20.4.5.C.02. NZISM_v3.7_20.4.5.C.02. NZISM v3.7 20.4.5.C.02. 20.4.5.C.02. - bolster data security and compliance measures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning NZISM_v3.7 20.4.5.C.02. NZISM_v3.7_20.4.5.C.02. NZISM v3.7 20.4.5.C.02. 20.4.5.C.02. - bolster data security and compliance measures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration NZISM_v3.7 20.4.5.C.02. NZISM_v3.7_20.4.5.C.02. NZISM v3.7 20.4.5.C.02. 20.4.5.C.02. - bolster data security and compliance measures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR NZISM_v3.7 20.4.5.C.02. NZISM_v3.7_20.4.5.C.02. NZISM v3.7 20.4.5.C.02. 20.4.5.C.02. - bolster data security and compliance measures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute NZISM_v3.7 20.4.5.C.02. NZISM_v3.7_20.4.5.C.02. NZISM v3.7 20.4.5.C.02. 20.4.5.C.02. - bolster data security and compliance measures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes NZISM_v3.7 20.4.5.C.02. NZISM_v3.7_20.4.5.C.02. NZISM v3.7 20.4.5.C.02. 20.4.5.C.02. - bolster data security and compliance measures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NZISM_v3.7 20.4.5.C.02. NZISM_v3.7_20.4.5.C.02. NZISM v3.7 20.4.5.C.02. 20.4.5.C.02. - bolster data security and compliance measures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NZISM_v3.7 20.4.5.C.02. NZISM_v3.7_20.4.5.C.02. NZISM v3.7 20.4.5.C.02. 20.4.5.C.02. - bolster data security and compliance measures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NZISM_v3.7 20.4.5.C.02. NZISM_v3.7_20.4.5.C.02. NZISM v3.7 20.4.5.C.02. 20.4.5.C.02. - bolster data security and compliance measures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NZISM_v3.7 20.4.5.C.02. NZISM_v3.7_20.4.5.C.02. NZISM v3.7 20.4.5.C.02. 20.4.5.C.02. - bolster data security and compliance measures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NZISM_v3.7 20.4.6.C.01. NZISM_v3.7_20.4.6.C.01. NZISM v3.7 20.4.6.C.01. 20.4.6.C.01. - mitigate the risk of unauthorized access to sensitive information and ensuring compliance with security clearance requirements. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NZISM_v3.7 20.4.6.C.01. NZISM_v3.7_20.4.6.C.01. NZISM v3.7 20.4.6.C.01. 20.4.6.C.01. - mitigate the risk of unauthorized access to sensitive information and ensuring compliance with security clearance requirements. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NZISM_v3.7 20.4.6.C.01. NZISM_v3.7_20.4.6.C.01. NZISM v3.7 20.4.6.C.01. 20.4.6.C.01. - mitigate the risk of unauthorized access to sensitive information and ensuring compliance with security clearance requirements. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR NZISM_v3.7 20.4.6.C.01. NZISM_v3.7_20.4.6.C.01. NZISM v3.7 20.4.6.C.01. 20.4.6.C.01. - mitigate the risk of unauthorized access to sensitive information and ensuring compliance with security clearance requirements. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning NZISM_v3.7 20.4.6.C.01. NZISM_v3.7_20.4.6.C.01. NZISM v3.7 20.4.6.C.01. 20.4.6.C.01. - mitigate the risk of unauthorized access to sensitive information and ensuring compliance with security clearance requirements. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration NZISM_v3.7 20.4.6.C.01. NZISM_v3.7_20.4.6.C.01. NZISM v3.7 20.4.6.C.01. 20.4.6.C.01. - mitigate the risk of unauthorized access to sensitive information and ensuring compliance with security clearance requirements. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NZISM_v3.7 20.4.6.C.01. NZISM_v3.7_20.4.6.C.01. NZISM v3.7 20.4.6.C.01. 20.4.6.C.01. - mitigate the risk of unauthorized access to sensitive information and ensuring compliance with security clearance requirements. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus NZISM_v3.7 20.4.6.C.01. NZISM_v3.7_20.4.6.C.01. NZISM v3.7 20.4.6.C.01. 20.4.6.C.01. - mitigate the risk of unauthorized access to sensitive information and ensuring compliance with security clearance requirements. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB NZISM_v3.7 20.4.6.C.01. NZISM_v3.7_20.4.6.C.01. NZISM v3.7 20.4.6.C.01. 20.4.6.C.01. - mitigate the risk of unauthorized access to sensitive information and ensuring compliance with security clearance requirements. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NZISM_v3.7 20.4.6.C.01. NZISM_v3.7_20.4.6.C.01. NZISM v3.7 20.4.6.C.01. 20.4.6.C.01. - mitigate the risk of unauthorized access to sensitive information and ensuring compliance with security clearance requirements. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub NZISM_v3.7 20.4.6.C.01. NZISM_v3.7_20.4.6.C.01. NZISM v3.7 20.4.6.C.01. 20.4.6.C.01. - mitigate the risk of unauthorized access to sensitive information and ensuring compliance with security clearance requirements. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NZISM_v3.7 20.4.6.C.01. NZISM_v3.7_20.4.6.C.01. NZISM v3.7 20.4.6.C.01. 20.4.6.C.01. - mitigate the risk of unauthorized access to sensitive information and ensuring compliance with security clearance requirements. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NZISM_v3.7 20.4.6.C.01. NZISM_v3.7_20.4.6.C.01. NZISM v3.7 20.4.6.C.01. 20.4.6.C.01. - mitigate the risk of unauthorized access to sensitive information and ensuring compliance with security clearance requirements. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NZISM_v3.7 20.4.6.C.01. NZISM_v3.7_20.4.6.C.01. NZISM v3.7 20.4.6.C.01. 20.4.6.C.01. - mitigate the risk of unauthorized access to sensitive information and ensuring compliance with security clearance requirements. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes NZISM_v3.7 20.4.6.C.01. NZISM_v3.7_20.4.6.C.01. NZISM v3.7 20.4.6.C.01. 20.4.6.C.01. - mitigate the risk of unauthorized access to sensitive information and ensuring compliance with security clearance requirements. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration NZISM_v3.7 20.4.6.C.01. NZISM_v3.7_20.4.6.C.01. NZISM v3.7 20.4.6.C.01. 20.4.6.C.01. - mitigate the risk of unauthorized access to sensitive information and ensuring compliance with security clearance requirements. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NZISM_v3.7 20.4.6.C.01. NZISM_v3.7_20.4.6.C.01. NZISM v3.7 20.4.6.C.01. 20.4.6.C.01. - mitigate the risk of unauthorized access to sensitive information and ensuring compliance with security clearance requirements. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NZISM_v3.7 20.4.6.C.01. NZISM_v3.7_20.4.6.C.01. NZISM v3.7 20.4.6.C.01. 20.4.6.C.01. - mitigate the risk of unauthorized access to sensitive information and ensuring compliance with security clearance requirements. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NZISM_v3.7 20.4.6.C.01. NZISM_v3.7_20.4.6.C.01. NZISM v3.7 20.4.6.C.01. 20.4.6.C.01. - mitigate the risk of unauthorized access to sensitive information and ensuring compliance with security clearance requirements. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NZISM_v3.7 20.4.6.C.01. NZISM_v3.7_20.4.6.C.01. NZISM v3.7 20.4.6.C.01. 20.4.6.C.01. - mitigate the risk of unauthorized access to sensitive information and ensuring compliance with security clearance requirements. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute NZISM_v3.7 20.4.6.C.01. NZISM_v3.7_20.4.6.C.01. NZISM v3.7 20.4.6.C.01. 20.4.6.C.01. - mitigate the risk of unauthorized access to sensitive information and ensuring compliance with security clearance requirements. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NZISM_v3.7 20.4.6.C.01. NZISM_v3.7_20.4.6.C.01. NZISM v3.7 20.4.6.C.01. 20.4.6.C.01. - mitigate the risk of unauthorized access to sensitive information and ensuring compliance with security clearance requirements. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration NZISM_v3.7 20.4.6.C.02. NZISM_v3.7_20.4.6.C.02. NZISM v3.7 20.4.6.C.02. 20.4.6.C.02. - enhance data security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus NZISM_v3.7 20.4.6.C.02. NZISM_v3.7_20.4.6.C.02. NZISM v3.7 20.4.6.C.02. 20.4.6.C.02. - enhance data security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NZISM_v3.7 20.4.6.C.02. NZISM_v3.7_20.4.6.C.02. NZISM v3.7 20.4.6.C.02. 20.4.6.C.02. - enhance data security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB NZISM_v3.7 20.4.6.C.02. NZISM_v3.7_20.4.6.C.02. NZISM v3.7 20.4.6.C.02. 20.4.6.C.02. - enhance data security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NZISM_v3.7 20.4.6.C.02. NZISM_v3.7_20.4.6.C.02. NZISM v3.7 20.4.6.C.02. 20.4.6.C.02. - enhance data security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NZISM_v3.7 20.4.6.C.02. NZISM_v3.7_20.4.6.C.02. NZISM v3.7 20.4.6.C.02. 20.4.6.C.02. - enhance data security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes NZISM_v3.7 20.4.6.C.02. NZISM_v3.7_20.4.6.C.02. NZISM v3.7 20.4.6.C.02. 20.4.6.C.02. - enhance data security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute NZISM_v3.7 20.4.6.C.02. NZISM_v3.7_20.4.6.C.02. NZISM v3.7 20.4.6.C.02. 20.4.6.C.02. - enhance data security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NZISM_v3.7 20.4.6.C.02. NZISM_v3.7_20.4.6.C.02. NZISM v3.7 20.4.6.C.02. 20.4.6.C.02. - enhance data security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management NZISM_v3.7 20.4.6.C.02. NZISM_v3.7_20.4.6.C.02. NZISM v3.7 20.4.6.C.02. 20.4.6.C.02. - enhance data security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR NZISM_v3.7 20.4.6.C.02. NZISM_v3.7_20.4.6.C.02. NZISM v3.7 20.4.6.C.02. 20.4.6.C.02. - enhance data security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration NZISM_v3.7 20.4.6.C.02. NZISM_v3.7_20.4.6.C.02. NZISM v3.7 20.4.6.C.02. 20.4.6.C.02. - enhance data security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NZISM_v3.7 20.4.6.C.02. NZISM_v3.7_20.4.6.C.02. NZISM v3.7 20.4.6.C.02. 20.4.6.C.02. - enhance data security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NZISM_v3.7 20.4.6.C.02. NZISM_v3.7_20.4.6.C.02. NZISM v3.7 20.4.6.C.02. 20.4.6.C.02. - enhance data security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub NZISM_v3.7 20.4.6.C.02. NZISM_v3.7_20.4.6.C.02. NZISM v3.7 20.4.6.C.02. 20.4.6.C.02. - enhance data security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NZISM_v3.7 20.4.6.C.02. NZISM_v3.7_20.4.6.C.02. NZISM v3.7 20.4.6.C.02. 20.4.6.C.02. - enhance data security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NZISM_v3.7 20.4.6.C.02. NZISM_v3.7_20.4.6.C.02. NZISM v3.7 20.4.6.C.02. 20.4.6.C.02. - enhance data security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage NZISM_v3.7 20.4.6.C.02. NZISM_v3.7_20.4.6.C.02. NZISM v3.7 20.4.6.C.02. 20.4.6.C.02. - enhance data security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NZISM_v3.7 20.4.6.C.02. NZISM_v3.7_20.4.6.C.02. NZISM v3.7 20.4.6.C.02. 20.4.6.C.02. - enhance data security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning NZISM_v3.7 20.4.6.C.02. NZISM_v3.7_20.4.6.C.02. NZISM v3.7 20.4.6.C.02. 20.4.6.C.02. - enhance data security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NZISM_v3.7 20.4.6.C.02. NZISM_v3.7_20.4.6.C.02. NZISM v3.7 20.4.6.C.02. 20.4.6.C.02. - enhance data security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NZISM_v3.7 20.4.6.C.02. NZISM_v3.7_20.4.6.C.02. NZISM v3.7 20.4.6.C.02. 20.4.6.C.02. - enhance data security. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration NZISM_v3.7 21.4.7.C.01. NZISM_v3.7_21.4.7.C.01. NZISM v3.7 21.4.7.C.01. 21.4.7.C.01. - ensure proactive identification and mitigation of potential security risks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration NZISM_v3.7 21.4.7.C.02. NZISM_v3.7_21.4.7.C.02. NZISM v3.7 21.4.7.C.02. 21.4.7.C.02. - ensure comprehensive protection of agency assets and sensitive information in the context of BYOD usage. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration NZISM_v3.7 21.4.8.C.01. NZISM_v3.7_21.4.8.C.01. NZISM v3.7 21.4.8.C.01. 21.4.8.C.01. - maintain security and compliance standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration NZISM_v3.7 21.4.8.C.02. NZISM_v3.7_21.4.8.C.02. NZISM v3.7 21.4.8.C.02. 21.4.8.C.02. - maintain security and compliance standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration NZISM_v3.7 21.4.9.C.01. NZISM_v3.7_21.4.9.C.01. NZISM v3.7 21.4.9.C.01. 21.4.9.C.01. - mitigate security risks and ensure compliance with security standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring NZISM_v3.7 22.1.24.C.02. NZISM_v3.7_22.1.24.C.02. NZISM v3.7 22.1.24.C.02. 22.1.24.C.02. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute NZISM_v3.7 22.1.24.C.02. NZISM_v3.7_22.1.24.C.02. NZISM v3.7 22.1.24.C.02. 22.1.24.C.02. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring NZISM_v3.7 22.1.24.C.02. NZISM_v3.7_22.1.24.C.02. NZISM v3.7 22.1.24.C.02. 22.1.24.C.02. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring NZISM_v3.7 22.1.24.C.02. NZISM_v3.7_22.1.24.C.02. NZISM v3.7 22.1.24.C.02. 22.1.24.C.02. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring NZISM_v3.7 22.1.24.C.02. NZISM_v3.7_22.1.24.C.02. NZISM v3.7 22.1.24.C.02. 22.1.24.C.02. - enhance security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL NZISM_v3.7 22.1.26.C.01. NZISM_v3.7_22.1.26.C.01. NZISM v3.7 22.1.26.C.01. 22.1.26.C.01. - ensure safety of data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes NZISM_v3.7 22.1.26.C.01. NZISM_v3.7_22.1.26.C.01. NZISM v3.7 22.1.26.C.01. 22.1.26.C.01. - ensure safety of data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring NZISM_v3.7 22.1.26.C.01. NZISM_v3.7_22.1.26.C.01. NZISM v3.7 22.1.26.C.01. 22.1.26.C.01. - ensure safety of data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center NZISM_v3.7 22.1.26.C.01. NZISM_v3.7_22.1.26.C.01. NZISM v3.7 22.1.26.C.01. 22.1.26.C.01. - ensure safety of data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring NZISM_v3.7 22.1.26.C.01. NZISM_v3.7_22.1.26.C.01. NZISM v3.7 22.1.26.C.01. 22.1.26.C.01. - ensure safety of data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL NZISM_v3.7 22.1.26.C.01. NZISM_v3.7_22.1.26.C.01. NZISM v3.7 22.1.26.C.01. 22.1.26.C.01. - ensure safety of data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup NZISM_v3.7 22.1.26.C.01. NZISM_v3.7_22.1.26.C.01. NZISM v3.7 22.1.26.C.01. 22.1.26.C.01. - ensure safety of data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute NZISM_v3.7 22.1.26.C.01. NZISM_v3.7_22.1.26.C.01. NZISM v3.7 22.1.26.C.01. 22.1.26.C.01. - ensure safety of data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL NZISM_v3.7 22.1.26.C.01. NZISM_v3.7_22.1.26.C.01. NZISM v3.7 22.1.26.C.01. 22.1.26.C.01. - ensure safety of data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault NZISM_v3.7 22.1.26.C.01. NZISM_v3.7_22.1.26.C.01. NZISM v3.7 22.1.26.C.01. 22.1.26.C.01. - ensure safety of data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring NZISM_v3.7 22.1.26.C.01. NZISM_v3.7_22.1.26.C.01. NZISM v3.7 22.1.26.C.01. 22.1.26.C.01. - ensure safety of data. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration NZISM_v3.7 22.3.11.C.01. NZISM_v3.7_22.3.11.C.01. NZISM v3.7 22.3.11.C.01. 22.3.11.C.01. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration NZISM_v3.7 22.3.11.C.01. NZISM_v3.7_22.3.11.C.01. NZISM v3.7 22.3.11.C.01. 22.3.11.C.01. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center NZISM_v3.7 22.3.11.C.01. NZISM_v3.7_22.3.11.C.01. NZISM v3.7 22.3.11.C.01. 22.3.11.C.01. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration NZISM_v3.7 22.3.11.C.01. NZISM_v3.7_22.3.11.C.01. NZISM v3.7 22.3.11.C.01. 22.3.11.C.01. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration NZISM_v3.7 22.3.11.C.01. NZISM_v3.7_22.3.11.C.01. NZISM v3.7 22.3.11.C.01. 22.3.11.C.01. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network NZISM_v3.7 22.3.11.C.01. NZISM_v3.7_22.3.11.C.01. NZISM v3.7 22.3.11.C.01. 22.3.11.C.01. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NZISM_v3.7 22.3.11.C.01. NZISM_v3.7_22.3.11.C.01. NZISM v3.7 22.3.11.C.01. 22.3.11.C.01. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network NZISM_v3.7 22.3.11.C.01. NZISM_v3.7_22.3.11.C.01. NZISM v3.7 22.3.11.C.01. 22.3.11.C.01. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes NZISM_v3.7 22.3.11.C.01. NZISM_v3.7_22.3.11.C.01. NZISM v3.7 22.3.11.C.01. 22.3.11.C.01. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes NZISM_v3.7 22.3.11.C.01. NZISM_v3.7_22.3.11.C.01. NZISM v3.7 22.3.11.C.01. 22.3.11.C.01. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes NZISM_v3.7 22.3.11.C.01. NZISM_v3.7_22.3.11.C.01. NZISM v3.7 22.3.11.C.01. 22.3.11.C.01. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NZISM_v3.7 22.3.11.C.01. NZISM_v3.7_22.3.11.C.01. NZISM v3.7 22.3.11.C.01. 22.3.11.C.01. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NZISM_v3.7 22.3.11.C.01. NZISM_v3.7_22.3.11.C.01. NZISM v3.7 22.3.11.C.01. 22.3.11.C.01. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes NZISM_v3.7 22.3.11.C.01. NZISM_v3.7_22.3.11.C.01. NZISM v3.7 22.3.11.C.01. 22.3.11.C.01. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NZISM_v3.7 22.3.11.C.01. NZISM_v3.7_22.3.11.C.01. NZISM v3.7 22.3.11.C.01. 22.3.11.C.01. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration NZISM_v3.7 22.3.11.C.01. NZISM_v3.7_22.3.11.C.01. NZISM v3.7 22.3.11.C.01. 22.3.11.C.01. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NZISM_v3.7 22.3.11.C.01. NZISM_v3.7_22.3.11.C.01. NZISM v3.7 22.3.11.C.01. 22.3.11.C.01. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NZISM_v3.7 22.3.11.C.01. NZISM_v3.7_22.3.11.C.01. NZISM v3.7 22.3.11.C.01. 22.3.11.C.01. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NZISM_v3.7 22.3.11.C.02. NZISM_v3.7_22.3.11.C.02. NZISM v3.7 22.3.11.C.02. 22.3.11.C.02. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NZISM_v3.7 22.3.11.C.02. NZISM_v3.7_22.3.11.C.02. NZISM v3.7 22.3.11.C.02. 22.3.11.C.02. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NZISM_v3.7 22.3.11.C.02. NZISM_v3.7_22.3.11.C.02. NZISM v3.7 22.3.11.C.02. 22.3.11.C.02. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NZISM_v3.7 22.3.11.C.02. NZISM_v3.7_22.3.11.C.02. NZISM v3.7 22.3.11.C.02. 22.3.11.C.02. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes NZISM_v3.7 22.3.11.C.02. NZISM_v3.7_22.3.11.C.02. NZISM v3.7 22.3.11.C.02. 22.3.11.C.02. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration NZISM_v3.7 22.3.11.C.02. NZISM_v3.7_22.3.11.C.02. NZISM v3.7 22.3.11.C.02. 22.3.11.C.02. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network NZISM_v3.7 22.3.11.C.02. NZISM_v3.7_22.3.11.C.02. NZISM v3.7 22.3.11.C.02. 22.3.11.C.02. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes NZISM_v3.7 22.3.11.C.02. NZISM_v3.7_22.3.11.C.02. NZISM v3.7 22.3.11.C.02. 22.3.11.C.02. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center NZISM_v3.7 22.3.11.C.02. NZISM_v3.7_22.3.11.C.02. NZISM v3.7 22.3.11.C.02. 22.3.11.C.02. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NZISM_v3.7 22.3.11.C.02. NZISM_v3.7_22.3.11.C.02. NZISM v3.7 22.3.11.C.02. 22.3.11.C.02. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration NZISM_v3.7 22.3.11.C.02. NZISM_v3.7_22.3.11.C.02. NZISM v3.7 22.3.11.C.02. 22.3.11.C.02. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration NZISM_v3.7 22.3.11.C.02. NZISM_v3.7_22.3.11.C.02. NZISM v3.7 22.3.11.C.02. 22.3.11.C.02. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NZISM_v3.7 22.3.11.C.02. NZISM_v3.7_22.3.11.C.02. NZISM v3.7 22.3.11.C.02. 22.3.11.C.02. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes NZISM_v3.7 22.3.11.C.02. NZISM_v3.7_22.3.11.C.02. NZISM v3.7 22.3.11.C.02. 22.3.11.C.02. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network NZISM_v3.7 22.3.11.C.02. NZISM_v3.7_22.3.11.C.02. NZISM v3.7 22.3.11.C.02. 22.3.11.C.02. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes NZISM_v3.7 22.3.11.C.02. NZISM_v3.7_22.3.11.C.02. NZISM v3.7 22.3.11.C.02. 22.3.11.C.02. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration NZISM_v3.7 22.3.11.C.02. NZISM_v3.7_22.3.11.C.02. NZISM v3.7 22.3.11.C.02. 22.3.11.C.02. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration NZISM_v3.7 22.3.11.C.02. NZISM_v3.7_22.3.11.C.02. NZISM v3.7 22.3.11.C.02. 22.3.11.C.02. - ensure data security and integrity. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring NZISM_v3.7 23.1.56.C.01. NZISM_v3.7_23.1.56.C.01. NZISM v3.7 23.1.56.C.01. 23.1.56.C.01. - reduce manual errors and ensure adherence to security standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute NZISM_v3.7 23.1.56.C.01. NZISM_v3.7_23.1.56.C.01. NZISM v3.7 23.1.56.C.01. 23.1.56.C.01. - reduce manual errors and ensure adherence to security standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring NZISM_v3.7 23.1.56.C.01. NZISM_v3.7_23.1.56.C.01. NZISM v3.7 23.1.56.C.01. 23.1.56.C.01. - reduce manual errors and ensure adherence to security standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring NZISM_v3.7 23.1.56.C.01. NZISM_v3.7_23.1.56.C.01. NZISM v3.7 23.1.56.C.01. 23.1.56.C.01. - reduce manual errors and ensure adherence to security standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring NZISM_v3.7 23.1.56.C.01. NZISM_v3.7_23.1.56.C.01. NZISM v3.7 23.1.56.C.01. 23.1.56.C.01. - reduce manual errors and ensure adherence to security standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring NZISM_v3.7 23.2.20.C.01. NZISM_v3.7_23.2.20.C.01. NZISM v3.7 23.2.20.C.01. 23.2.20.C.01. - enhance confidence in the security and reliability of cloud services and mitigate risks associated with potential vulnerabilities or non-compliance with security standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring NZISM_v3.7 23.2.20.C.01. NZISM_v3.7_23.2.20.C.01. NZISM v3.7 23.2.20.C.01. 23.2.20.C.01. - enhance confidence in the security and reliability of cloud services and mitigate risks associated with potential vulnerabilities or non-compliance with security standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring NZISM_v3.7 23.2.20.C.01. NZISM_v3.7_23.2.20.C.01. NZISM v3.7 23.2.20.C.01. 23.2.20.C.01. - enhance confidence in the security and reliability of cloud services and mitigate risks associated with potential vulnerabilities or non-compliance with security standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring NZISM_v3.7 23.2.20.C.01. NZISM_v3.7_23.2.20.C.01. NZISM v3.7 23.2.20.C.01. 23.2.20.C.01. - enhance confidence in the security and reliability of cloud services and mitigate risks associated with potential vulnerabilities or non-compliance with security standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute NZISM_v3.7 23.2.20.C.01. NZISM_v3.7_23.2.20.C.01. NZISM v3.7 23.2.20.C.01. 23.2.20.C.01. - enhance confidence in the security and reliability of cloud services and mitigate risks associated with potential vulnerabilities or non-compliance with security standards. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration NZISM_v3.7 3.3.13.C.01. NZISM_v3.7_3.3.13.C.01. NZISM v3.7 3.3.13.C.01. 3.3.13.C.01. - foster a culture of security awareness and equipping personnel with the knowledge and skills to effectively mitigate security risks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NZISM_v3.7 3.3.13.C.01. NZISM_v3.7_3.3.13.C.01. NZISM v3.7 3.3.13.C.01. 3.3.13.C.01. - foster a culture of security awareness and equipping personnel with the knowledge and skills to effectively mitigate security risks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NZISM_v3.7 3.3.13.C.01. NZISM_v3.7_3.3.13.C.01. NZISM v3.7 3.3.13.C.01. 3.3.13.C.01. - foster a culture of security awareness and equipping personnel with the knowledge and skills to effectively mitigate security risks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration NZISM_v3.7 3.3.13.C.01. NZISM_v3.7_3.3.13.C.01. NZISM v3.7 3.3.13.C.01. 3.3.13.C.01. - foster a culture of security awareness and equipping personnel with the knowledge and skills to effectively mitigate security risks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NZISM_v3.7 3.3.6.C.05. NZISM_v3.7_3.3.6.C.05. NZISM v3.7 3.3.6.C.05. 3.3.6.C.05. - enhance the integrity and security of agency IT operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault NZISM_v3.7 3.3.6.C.05. NZISM_v3.7_3.3.6.C.05. NZISM v3.7 3.3.6.C.05. 3.3.6.C.05. - enhance the integrity and security of agency IT operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault NZISM_v3.7 3.3.6.C.05. NZISM_v3.7_3.3.6.C.05. NZISM v3.7 3.3.6.C.05. 3.3.6.C.05. - enhance the integrity and security of agency IT operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center NZISM_v3.7 3.3.6.C.05. NZISM_v3.7_3.3.6.C.05. NZISM v3.7 3.3.6.C.05. 3.3.6.C.05. - enhance the integrity and security of agency IT operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center NZISM_v3.7 3.3.6.C.05. NZISM_v3.7_3.3.6.C.05. NZISM v3.7 3.3.6.C.05. 3.3.6.C.05. - enhance the integrity and security of agency IT operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration NZISM_v3.7 5.1.12.C.02. NZISM_v3.7_5.1.12.C.02. NZISM v3.7 5.1.12.C.02. 5.1.12.C.02. - enhance the agency's ability to mitigate risks and minimize disruptions to operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NZISM_v3.7 5.1.12.C.02. NZISM_v3.7_5.1.12.C.02. NZISM v3.7 5.1.12.C.02. 5.1.12.C.02. - enhance the agency's ability to mitigate risks and minimize disruptions to operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NZISM_v3.7 5.1.12.C.02. NZISM_v3.7_5.1.12.C.02. NZISM v3.7 5.1.12.C.02. 5.1.12.C.02. - enhance the agency's ability to mitigate risks and minimize disruptions to operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration NZISM_v3.7 5.1.12.C.02. NZISM_v3.7_5.1.12.C.02. NZISM v3.7 5.1.12.C.02. 5.1.12.C.02. - enhance the agency's ability to mitigate risks and minimize disruptions to operations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NZISM_v3.7 5.1.21.C.02. NZISM_v3.7_5.1.21.C.02. NZISM v3.7 5.1.21.C.02. 5.1.21.C.02. - establish a systematic approach to reviewing information security documentation, NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ebb67efd-3c46-49b0-adfe-5599eb944998 Audit Windows machines that don't have the specified applications installed Guest Configuration NZISM_v3.7 5.1.21.C.02. NZISM_v3.7_5.1.21.C.02. NZISM v3.7 5.1.21.C.02. 5.1.21.C.02. - establish a systematic approach to reviewing information security documentation, NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL NZISM_v3.7 5.1.21.C.02. NZISM_v3.7_5.1.21.C.02. NZISM v3.7 5.1.21.C.02. 5.1.21.C.02. - establish a systematic approach to reviewing information security documentation, NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault NZISM_v3.7 5.1.21.C.02. NZISM_v3.7_5.1.21.C.02. NZISM v3.7 5.1.21.C.02. 5.1.21.C.02. - establish a systematic approach to reviewing information security documentation, NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL NZISM_v3.7 5.1.21.C.02. NZISM_v3.7_5.1.21.C.02. NZISM v3.7 5.1.21.C.02. 5.1.21.C.02. - establish a systematic approach to reviewing information security documentation, NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup NZISM_v3.7 5.1.21.C.02. NZISM_v3.7_5.1.21.C.02. NZISM v3.7 5.1.21.C.02. 5.1.21.C.02. - establish a systematic approach to reviewing information security documentation, NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NZISM_v3.7 5.7.4.C.01. NZISM_v3.7_5.7.4.C.01. NZISM v3.7 5.7.4.C.01. 5.7.4.C.01. - ensure the protection of classified information and systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration NZISM_v3.7 5.7.4.C.01. NZISM_v3.7_5.7.4.C.01. NZISM v3.7 5.7.4.C.01. 5.7.4.C.01. - ensure the protection of classified information and systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NZISM_v3.7 5.7.4.C.01. NZISM_v3.7_5.7.4.C.01. NZISM v3.7 5.7.4.C.01. 5.7.4.C.01. - ensure the protection of classified information and systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration NZISM_v3.7 5.7.4.C.01. NZISM_v3.7_5.7.4.C.01. NZISM v3.7 5.7.4.C.01. 5.7.4.C.01. - ensure the protection of classified information and systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center NZISM_v3.7 6.1.9.C.01. NZISM_v3.7_6.1.9.C.01. NZISM v3.7 6.1.9.C.01. 6.1.9.C.01. - ensure alignment with the vulnerability disclosure policy, and implement adjustments and changes consistent with the findings of vulnerability analysis NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center NZISM_v3.7 6.1.9.C.01. NZISM_v3.7_6.1.9.C.01. NZISM v3.7 6.1.9.C.01. 6.1.9.C.01. - ensure alignment with the vulnerability disclosure policy, and implement adjustments and changes consistent with the findings of vulnerability analysis NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NZISM_v3.7 6.1.9.C.01. NZISM_v3.7_6.1.9.C.01. NZISM v3.7 6.1.9.C.01. 6.1.9.C.01. - ensure alignment with the vulnerability disclosure policy, and implement adjustments and changes consistent with the findings of vulnerability analysis NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NZISM_v3.7 6.1.9.C.01. NZISM_v3.7_6.1.9.C.01. NZISM v3.7 6.1.9.C.01. 6.1.9.C.01. - ensure alignment with the vulnerability disclosure policy, and implement adjustments and changes consistent with the findings of vulnerability analysis NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center NZISM_v3.7 6.1.9.C.01. NZISM_v3.7_6.1.9.C.01. NZISM v3.7 6.1.9.C.01. 6.1.9.C.01. - ensure alignment with the vulnerability disclosure policy, and implement adjustments and changes consistent with the findings of vulnerability analysis NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center NZISM_v3.7 6.1.9.C.01. NZISM_v3.7_6.1.9.C.01. NZISM v3.7 6.1.9.C.01. 6.1.9.C.01. - ensure alignment with the vulnerability disclosure policy, and implement adjustments and changes consistent with the findings of vulnerability analysis NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NZISM_v3.7 6.1.9.C.01. NZISM_v3.7_6.1.9.C.01. NZISM v3.7 6.1.9.C.01. 6.1.9.C.01. - ensure alignment with the vulnerability disclosure policy, and implement adjustments and changes consistent with the findings of vulnerability analysis NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NZISM_v3.7 6.1.9.C.01. NZISM_v3.7_6.1.9.C.01. NZISM v3.7 6.1.9.C.01. 6.1.9.C.01. - ensure alignment with the vulnerability disclosure policy, and implement adjustments and changes consistent with the findings of vulnerability analysis NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NZISM_v3.7 6.1.9.C.01. NZISM_v3.7_6.1.9.C.01. NZISM v3.7 6.1.9.C.01. 6.1.9.C.01. - ensure alignment with the vulnerability disclosure policy, and implement adjustments and changes consistent with the findings of vulnerability analysis NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center NZISM_v3.7 6.1.9.C.01. NZISM_v3.7_6.1.9.C.01. NZISM v3.7 6.1.9.C.01. 6.1.9.C.01. - ensure alignment with the vulnerability disclosure policy, and implement adjustments and changes consistent with the findings of vulnerability analysis NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NZISM_v3.7 6.1.9.C.01. NZISM_v3.7_6.1.9.C.01. NZISM v3.7 6.1.9.C.01. 6.1.9.C.01. - ensure alignment with the vulnerability disclosure policy, and implement adjustments and changes consistent with the findings of vulnerability analysis NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center NZISM_v3.7 6.1.9.C.01. NZISM_v3.7_6.1.9.C.01. NZISM v3.7 6.1.9.C.01. 6.1.9.C.01. - ensure alignment with the vulnerability disclosure policy, and implement adjustments and changes consistent with the findings of vulnerability analysis NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center NZISM_v3.7 6.1.9.C.01. NZISM_v3.7_6.1.9.C.01. NZISM v3.7 6.1.9.C.01. 6.1.9.C.01. - ensure alignment with the vulnerability disclosure policy, and implement adjustments and changes consistent with the findings of vulnerability analysis NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NZISM_v3.7 6.1.9.C.01. NZISM_v3.7_6.1.9.C.01. NZISM v3.7 6.1.9.C.01. 6.1.9.C.01. - ensure alignment with the vulnerability disclosure policy, and implement adjustments and changes consistent with the findings of vulnerability analysis NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center NZISM_v3.7 6.1.9.C.01. NZISM_v3.7_6.1.9.C.01. NZISM v3.7 6.1.9.C.01. 6.1.9.C.01. - ensure alignment with the vulnerability disclosure policy, and implement adjustments and changes consistent with the findings of vulnerability analysis NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NZISM_v3.7 6.1.9.C.01. NZISM_v3.7_6.1.9.C.01. NZISM v3.7 6.1.9.C.01. 6.1.9.C.01. - ensure alignment with the vulnerability disclosure policy, and implement adjustments and changes consistent with the findings of vulnerability analysis NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center NZISM_v3.7 6.3.6.C.01. NZISM_v3.7_6.3.6.C.01. NZISM v3.7 6.3.6.C.01. 6.3.6.C.01. - maintain the integrity and security of systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault NZISM_v3.7 6.3.6.C.01. NZISM_v3.7_6.3.6.C.01. NZISM v3.7 6.3.6.C.01. 6.3.6.C.01. - maintain the integrity and security of systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NZISM_v3.7 6.3.6.C.01. NZISM_v3.7_6.3.6.C.01. NZISM v3.7 6.3.6.C.01. 6.3.6.C.01. - maintain the integrity and security of systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault NZISM_v3.7 6.3.6.C.01. NZISM_v3.7_6.3.6.C.01. NZISM v3.7 6.3.6.C.01. 6.3.6.C.01. - maintain the integrity and security of systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center NZISM_v3.7 6.3.6.C.01. NZISM_v3.7_6.3.6.C.01. NZISM v3.7 6.3.6.C.01. 6.3.6.C.01. - maintain the integrity and security of systems. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault NZISM_v3.7 6.3.6.C.02. NZISM_v3.7_6.3.6.C.02. NZISM v3.7 6.3.6.C.02. 6.3.6.C.02. - maintain operational integrity and security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NZISM_v3.7 6.3.6.C.02. NZISM_v3.7_6.3.6.C.02. NZISM v3.7 6.3.6.C.02. 6.3.6.C.02. - maintain operational integrity and security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault NZISM_v3.7 6.3.6.C.02. NZISM_v3.7_6.3.6.C.02. NZISM v3.7 6.3.6.C.02. 6.3.6.C.02. - maintain operational integrity and security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center NZISM_v3.7 6.3.6.C.02. NZISM_v3.7_6.3.6.C.02. NZISM v3.7 6.3.6.C.02. 6.3.6.C.02. - maintain operational integrity and security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center NZISM_v3.7 6.3.6.C.02. NZISM_v3.7_6.3.6.C.02. NZISM v3.7 6.3.6.C.02. 6.3.6.C.02. - maintain operational integrity and security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NZISM_v3.7 6.3.7.C.01. NZISM_v3.7_6.3.7.C.01. NZISM v3.7 6.3.7.C.01. 6.3.7.C.01. - foster systematic and responsive management of critical alterations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center NZISM_v3.7 6.3.7.C.01. NZISM_v3.7_6.3.7.C.01. NZISM v3.7 6.3.7.C.01. 6.3.7.C.01. - foster systematic and responsive management of critical alterations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault NZISM_v3.7 6.3.7.C.01. NZISM_v3.7_6.3.7.C.01. NZISM v3.7 6.3.7.C.01. 6.3.7.C.01. - foster systematic and responsive management of critical alterations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault NZISM_v3.7 6.3.7.C.01. NZISM_v3.7_6.3.7.C.01. NZISM v3.7 6.3.7.C.01. 6.3.7.C.01. - foster systematic and responsive management of critical alterations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault NZISM_v3.7 6.3.7.C.02. NZISM_v3.7_6.3.7.C.02. NZISM v3.7 6.3.7.C.02. 6.3.7.C.02. - facilitate structured management of critical alterations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault NZISM_v3.7 6.3.7.C.02. NZISM_v3.7_6.3.7.C.02. NZISM v3.7 6.3.7.C.02. 6.3.7.C.02. - facilitate structured management of critical alterations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NZISM_v3.7 6.3.7.C.02. NZISM_v3.7_6.3.7.C.02. NZISM v3.7 6.3.7.C.02. 6.3.7.C.02. - facilitate structured management of critical alterations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center NZISM_v3.7 6.3.7.C.02. NZISM_v3.7_6.3.7.C.02. NZISM v3.7 6.3.7.C.02. 6.3.7.C.02. - facilitate structured management of critical alterations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault NZISM_v3.7 6.3.7.C.03. NZISM_v3.7_6.3.7.C.03. NZISM v3.7 6.3.7.C.03. 6.3.7.C.03. - ensure systematic and effective management of changes. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault NZISM_v3.7 6.3.7.C.03. NZISM_v3.7_6.3.7.C.03. NZISM v3.7 6.3.7.C.03. 6.3.7.C.03. - ensure systematic and effective management of changes. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NZISM_v3.7 6.3.7.C.03. NZISM_v3.7_6.3.7.C.03. NZISM v3.7 6.3.7.C.03. 6.3.7.C.03. - ensure systematic and effective management of changes. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center NZISM_v3.7 6.3.7.C.03. NZISM_v3.7_6.3.7.C.03. NZISM v3.7 6.3.7.C.03. 6.3.7.C.03. - ensure systematic and effective management of changes. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup NZISM_v3.7 6.4.6.C.01. NZISM_v3.7_6.4.6.C.01. NZISM v3.7 6.4.6.C.01. 6.4.6.C.01. - enhance operational resilience. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL NZISM_v3.7 6.4.6.C.01. NZISM_v3.7_6.4.6.C.01. NZISM v3.7 6.4.6.C.01. 6.4.6.C.01. - enhance operational resilience. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ebb67efd-3c46-49b0-adfe-5599eb944998 Audit Windows machines that don't have the specified applications installed Guest Configuration NZISM_v3.7 6.4.6.C.01. NZISM_v3.7_6.4.6.C.01. NZISM v3.7 6.4.6.C.01. 6.4.6.C.01. - enhance operational resilience. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring NZISM_v3.7 6.4.6.C.01. NZISM_v3.7_6.4.6.C.01. NZISM v3.7 6.4.6.C.01. 6.4.6.C.01. - enhance operational resilience. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute NZISM_v3.7 6.4.6.C.01. NZISM_v3.7_6.4.6.C.01. NZISM v3.7 6.4.6.C.01. 6.4.6.C.01. - enhance operational resilience. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL NZISM_v3.7 6.4.6.C.01. NZISM_v3.7_6.4.6.C.01. NZISM v3.7 6.4.6.C.01. 6.4.6.C.01. - enhance operational resilience. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring NZISM_v3.7 6.4.6.C.01. NZISM_v3.7_6.4.6.C.01. NZISM v3.7 6.4.6.C.01. 6.4.6.C.01. - enhance operational resilience. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center NZISM_v3.7 6.4.6.C.01. NZISM_v3.7_6.4.6.C.01. NZISM v3.7 6.4.6.C.01. 6.4.6.C.01. - enhance operational resilience. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault NZISM_v3.7 6.4.6.C.01. NZISM_v3.7_6.4.6.C.01. NZISM v3.7 6.4.6.C.01. 6.4.6.C.01. - enhance operational resilience. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL NZISM_v3.7 6.4.6.C.01. NZISM_v3.7_6.4.6.C.01. NZISM v3.7 6.4.6.C.01. 6.4.6.C.01. - enhance operational resilience. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring NZISM_v3.7 6.4.6.C.01. NZISM_v3.7_6.4.6.C.01. NZISM v3.7 6.4.6.C.01. 6.4.6.C.01. - enhance operational resilience. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NZISM_v3.7 6.4.6.C.01. NZISM_v3.7_6.4.6.C.01. NZISM v3.7 6.4.6.C.01. 6.4.6.C.01. - enhance operational resilience. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes NZISM_v3.7 6.4.6.C.01. NZISM_v3.7_6.4.6.C.01. NZISM v3.7 6.4.6.C.01. 6.4.6.C.01. - enhance operational resilience. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NZISM_v3.7 7.1.7.C.01. NZISM_v3.7_7.1.7.C.01. NZISM v3.7 7.1.7.C.01. 7.1.7.C.01. - fortify information security measures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NZISM_v3.7 7.1.7.C.01. NZISM_v3.7_7.1.7.C.01. NZISM v3.7 7.1.7.C.01. 7.1.7.C.01. - fortify information security measures. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NZISM_v3.7 7.1.7.C.02. NZISM_v3.7_7.1.7.C.02. NZISM v3.7 7.1.7.C.02. 7.1.7.C.02. - detecting potential security incidents. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NZISM_v3.7 7.1.7.C.02. NZISM_v3.7_7.1.7.C.02. NZISM v3.7 7.1.7.C.02. 7.1.7.C.02. - detecting potential security incidents. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NZISM_v3.7 7.1.7.C.03. NZISM_v3.7_7.1.7.C.03. NZISM v3.7 7.1.7.C.03. 7.1.7.C.03. - optimize resource allocation and enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NZISM_v3.7 7.1.7.C.03. NZISM_v3.7_7.1.7.C.03. NZISM v3.7 7.1.7.C.03. 7.1.7.C.03. - optimize resource allocation and enhance overall security posture. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NZISM_v3.7 7.3.10.C.01. NZISM_v3.7_7.3.10.C.01. NZISM v3.7 7.3.10.C.01. 7.3.10.C.01. - ensure compliance with legal and regulatory requirements and mitigate potential risks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NZISM_v3.7 7.3.10.C.01. NZISM_v3.7_7.3.10.C.01. NZISM v3.7 7.3.10.C.01. 7.3.10.C.01. - ensure compliance with legal and regulatory requirements and mitigate potential risks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL NZISM_v3.7 7.3.11.C.01. NZISM_v3.7_7.3.11.C.01. NZISM v3.7 7.3.11.C.01. 7.3.11.C.01. - support comprehensive investigations and ensure accountability NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NZISM_v3.7 7.3.11.C.01. NZISM_v3.7_7.3.11.C.01. NZISM v3.7 7.3.11.C.01. 7.3.11.C.01. - support comprehensive investigations and ensure accountability NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault NZISM_v3.7 7.3.11.C.01. NZISM_v3.7_7.3.11.C.01. NZISM v3.7 7.3.11.C.01. 7.3.11.C.01. - support comprehensive investigations and ensure accountability NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL NZISM_v3.7 7.3.11.C.01. NZISM_v3.7_7.3.11.C.01. NZISM v3.7 7.3.11.C.01. 7.3.11.C.01. - support comprehensive investigations and ensure accountability NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NZISM_v3.7 7.3.11.C.01. NZISM_v3.7_7.3.11.C.01. NZISM v3.7 7.3.11.C.01. 7.3.11.C.01. - support comprehensive investigations and ensure accountability NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NZISM_v3.7 7.3.11.C.01. NZISM_v3.7_7.3.11.C.01. NZISM v3.7 7.3.11.C.01. 7.3.11.C.01. - support comprehensive investigations and ensure accountability NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup NZISM_v3.7 7.3.11.C.01. NZISM_v3.7_7.3.11.C.01. NZISM v3.7 7.3.11.C.01. 7.3.11.C.01. - support comprehensive investigations and ensure accountability NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ebb67efd-3c46-49b0-adfe-5599eb944998 Audit Windows machines that don't have the specified applications installed Guest Configuration NZISM_v3.7 7.3.11.C.01. NZISM_v3.7_7.3.11.C.01. NZISM v3.7 7.3.11.C.01. 7.3.11.C.01. - support comprehensive investigations and ensure accountability NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NZISM_v3.7 7.3.12.C.01. NZISM_v3.7_7.3.12.C.01. NZISM v3.7 7.3.12.C.01. 7.3.12.C.01. - ensure that agencies promptly request assistance from the NCSC upon detecting an information security incident. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NZISM_v3.7 7.3.12.C.01. NZISM_v3.7_7.3.12.C.01. NZISM v3.7 7.3.12.C.01. 7.3.12.C.01. - ensure that agencies promptly request assistance from the NCSC upon detecting an information security incident. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NZISM_v3.7 7.3.5.C.01. NZISM_v3.7_7.3.5.C.01. NZISM v3.7 7.3.5.C.01. 7.3.5.C.01. - establish clear accountability and effective incident response protocols. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NZISM_v3.7 7.3.5.C.01. NZISM_v3.7_7.3.5.C.01. NZISM v3.7 7.3.5.C.01. 7.3.5.C.01. - establish clear accountability and effective incident response protocols. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup NZISM_v3.7 7.3.6.C.01. NZISM_v3.7_7.3.6.C.01. NZISM v3.7 7.3.6.C.01. 7.3.6.C.01. - enhance incident management and oversight. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NZISM_v3.7 7.3.6.C.01. NZISM_v3.7_7.3.6.C.01. NZISM v3.7 7.3.6.C.01. 7.3.6.C.01. - enhance incident management and oversight. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL NZISM_v3.7 7.3.6.C.01. NZISM_v3.7_7.3.6.C.01. NZISM v3.7 7.3.6.C.01. 7.3.6.C.01. - enhance incident management and oversight. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NZISM_v3.7 7.3.6.C.01. NZISM_v3.7_7.3.6.C.01. NZISM v3.7 7.3.6.C.01. 7.3.6.C.01. - enhance incident management and oversight. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
ebb67efd-3c46-49b0-adfe-5599eb944998 Audit Windows machines that don't have the specified applications installed Guest Configuration NZISM_v3.7 7.3.6.C.01. NZISM_v3.7_7.3.6.C.01. NZISM v3.7 7.3.6.C.01. 7.3.6.C.01. - enhance incident management and oversight. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL NZISM_v3.7 7.3.6.C.01. NZISM_v3.7_7.3.6.C.01. NZISM v3.7 7.3.6.C.01. 7.3.6.C.01. - enhance incident management and oversight. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NZISM_v3.7 7.3.6.C.01. NZISM_v3.7_7.3.6.C.01. NZISM v3.7 7.3.6.C.01. 7.3.6.C.01. - enhance incident management and oversight. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault NZISM_v3.7 7.3.6.C.01. NZISM_v3.7_7.3.6.C.01. NZISM v3.7 7.3.6.C.01. 7.3.6.C.01. - enhance incident management and oversight. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NZISM_v3.7 7.3.6.C.02. NZISM_v3.7_7.3.6.C.02. NZISM v3.7 7.3.6.C.02. 7.3.6.C.02. - promote continuous improvement and informed decision-making. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NZISM_v3.7 7.3.6.C.02. NZISM_v3.7_7.3.6.C.02. NZISM v3.7 7.3.6.C.02. 7.3.6.C.02. - promote continuous improvement and informed decision-making. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NZISM_v3.7 7.3.7.C.01. NZISM_v3.7_7.3.7.C.01. NZISM v3.7 7.3.7.C.01. 7.3.7.C.01. - mitigate the risk of data breaches and ensure data protection. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NZISM_v3.7 7.3.7.C.02. NZISM_v3.7_7.3.7.C.02. NZISM v3.7 7.3.7.C.02. 7.3.7.C.02. - ensure a proactive and robust response to data spills. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NZISM_v3.7 7.3.7.C.03. NZISM_v3.7_7.3.7.C.03. NZISM v3.7 7.3.7.C.03. 7.3.7.C.03. - establish clear and standardized procedures for incident response. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NZISM_v3.7 7.3.7.C.04. NZISM_v3.7_7.3.7.C.04. NZISM v3.7 7.3.7.C.04. 7.3.7.C.04. - ensure comprehensive incident response planning. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NZISM_v3.7 7.3.7.C.05. NZISM_v3.7_7.3.7.C.05. NZISM v3.7 7.3.7.C.05. 7.3.7.C.05. - ensure consistent and effective response to data spills. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NZISM_v3.7 7.3.7.C.06. NZISM_v3.7_7.3.7.C.06. NZISM v3.7 7.3.7.C.06. 7.3.7.C.06. - uphold accountability and transparency. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NZISM_v3.7 7.3.8.C.01. NZISM_v3.7_7.3.8.C.01. NZISM v3.7 7.3.8.C.01. 7.3.8.C.01. - ensure compliance with security protocols and minimise potential breaches." NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration NZISM_v3.7 9.1.4.C.01. NZISM_v3.7_9.1.4.C.01. NZISM v3.7 9.1.4.C.01. 9.1.4.C.01. - enhance the capability to safeguard sensitive information and mitigate security risks effectively. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NZISM_v3.7 9.1.4.C.01. NZISM_v3.7_9.1.4.C.01. NZISM v3.7 9.1.4.C.01. 9.1.4.C.01. - enhance the capability to safeguard sensitive information and mitigate security risks effectively. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center NZISM_v3.7 9.1.4.C.01. NZISM_v3.7_9.1.4.C.01. NZISM v3.7 9.1.4.C.01. 9.1.4.C.01. - enhance the capability to safeguard sensitive information and mitigate security risks effectively. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration NZISM_v3.7 9.1.4.C.01. NZISM_v3.7_9.1.4.C.01. NZISM v3.7 9.1.4.C.01. 9.1.4.C.01. - enhance the capability to safeguard sensitive information and mitigate security risks effectively. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration NZISM_v3.7 9.1.5.C.01. NZISM_v3.7_9.1.5.C.01. NZISM v3.7 9.1.5.C.01. 9.1.5.C.01. - enhance the understanding and adherence to information security policies and procedures, thereby mitigating risks and ensuring compliance with regulations. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration NZISM_v3.7 9.1.5.C.02. NZISM_v3.7_9.1.5.C.02. NZISM v3.7 9.1.5.C.02. 9.1.5.C.02. - foster a culture of security awareness and compliance. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration NZISM_v3.7 9.1.6.C.01. NZISM_v3.7_9.1.6.C.01. NZISM v3.7 9.1.6.C.01. 9.1.6.C.01. - enhance the ability to effectively safeguard information assets and mitigate security risks. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration NZISM_v3.7 9.1.6.C.02. NZISM_v3.7_9.1.6.C.02. NZISM v3.7 9.1.6.C.02. 9.1.6.C.02. - ensure that information security awareness and training programs encompass comprehensive coverage of key topics. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration NZISM_v3.7 9.1.6.C.03. NZISM_v3.7_9.1.6.C.03. NZISM v3.7 9.1.6.C.03. 9.1.6.C.03. - promote adherence to security protocols and minimise the risk of security breaches or compromises. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration NZISM_v3.7 9.1.7.C.01. NZISM_v3.7_9.1.7.C.01. NZISM v3.7 9.1.7.C.01. 9.1.7.C.01. - maintain a secure operating environment. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration NZISM_v3.7 9.1.8.C.01. NZISM_v3.7_9.1.8.C.01. NZISM v3.7 9.1.8.C.01. 9.1.8.C.01. - maintain confidentiality and integrity of agency assets. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration NZISM_v3.7 9.3.4.C.01. NZISM_v3.7_9.3.4.C.01. NZISM v3.7 9.3.4.C.01. 9.3.4.C.01. - safeguard agency systems and data from unauthorized access or compromise. NZISM v3.7 (4476df0a-18ab-4bfe-b6ad-cccae1cf320f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4781e5fd-76b8-7d34-6df3-a0a7fca47665 Prevent identifier reuse for the defined time period Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f29b17a4-0df2-8a50-058a-8570f9979d28 Assign system identifiers Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
76d66b5c-85e4-93f5-96a5-ebb2fad61dc6 Terminate customer controlled account credentials Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1ff03f2a-974b-3272-34f2-f6cd51420b30 Obscure feedback information during authentication process Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
20762f1e-85fb-31b0-a600-e833633f10fe Reveal error messages Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b4409bff-2287-8407-05fd-c73175a68302 Enforce a limit of consecutive failed login attempts Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c2cb4658-44dc-9d11-3dad-7c6802dd5ba3 Generate error messages Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
237b38db-ca4d-4259-9e47-7882441ca2c0 Audit Windows machines that do not have the minimum password age set to specified number of days Guest Configuration op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
76d66b5c-85e4-93f5-96a5-ebb2fad61dc6 Terminate customer controlled account credentials Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b4409bff-2287-8407-05fd-c73175a68302 Enforce a limit of consecutive failed login attempts Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c2cb4658-44dc-9d11-3dad-7c6802dd5ba3 Generate error messages Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1ff03f2a-974b-3272-34f2-f6cd51420b30 Obscure feedback information during authentication process Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
20762f1e-85fb-31b0-a600-e833633f10fe Reveal error messages Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
20762f1e-85fb-31b0-a600-e833633f10fe Reveal error messages Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ee67c031-57fc-53d0-0cca-96c4c04345e8 Document and distribute a privacy policy Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b4409bff-2287-8407-05fd-c73175a68302 Enforce a limit of consecutive failed login attempts Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c2cb4658-44dc-9d11-3dad-7c6802dd5ba3 Generate error messages Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0961003e-5a0a-4549-abde-af6a37f2724d [Deprecated]: Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources Security Center op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1ff03f2a-974b-3272-34f2-f6cd51420b30 Obscure feedback information during authentication process Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8bfdbaa6-6824-3fec-9b06-7961bf7389a6 Initiate contingency plan testing corrective actions Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
704e136a-4fe0-427c-b829-cd69957f5d2b Microsoft Managed Control 1254 - Contingency Plan | Resume All Missions / Business Functions Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0 Microsoft Managed Control 1279 - Telecommunications Services Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7814506c-382c-4d33-a142-249dd4a0dbff Microsoft Managed Control 1258 - Contingency Training Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6a13a8f8-c163-4b1b-8554-d63569dab937 Microsoft Managed Control 1244 - Contingency Plan Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
65aeceb5-a59c-4cb1-8d82-9c474be5d431 Microsoft Managed Control 1261 - Contingency Plan Testing Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5e2b3730-8c14-4081-8893-19dbb5de7348 Microsoft Managed Control 1251 - Contingency Plan | Coordinate With Related Plans Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5d3abfea-a130-1208-29c0-e57de80aa6b0 Review the results of contingency plan testing Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
53c76a39-2097-408a-b237-b279f7b4614d Microsoft Managed Control 1270 - Alternate Storage Site | Recovery Time / Point Objectives Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50fc602d-d8e0-444b-a039-ad138ee5deb0 Microsoft Managed Control 1248 - Contingency Plan Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e97ba1d-be5d-4953-8da4-0cccf28f4805 Microsoft Managed Control 1267 - Alternate Storage Site Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
831e510e-db41-4c72-888e-a0621ab62265 Microsoft Managed Control 1262 - Contingency Plan Testing Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e666db5-b2ef-4b06-aac6-09bfce49151b Microsoft Managed Control 1247 - Contingency Plan Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a18adb5b-1db6-4a5b-901a-7d3797d12972 Microsoft Managed Control 1265 - Contingency Plan Testing | Alternate Processing Site Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8de614d8-a8b7-4f70-a62a-6d37089a002c Microsoft Managed Control 1250 - Contingency Plan Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a0e45314-57b8-4623-80cd-bbb561f59516 Microsoft Managed Control 1245 - Contingency Plan Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42254fc4-2738-4128-9613-72aaa4f0d9c3 Microsoft Managed Control 1260 - Contingency Training | Simulated Events Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a23d9d53-ad2e-45ef-afd5-e6d10900a737 Microsoft Managed Control 1275 - Alternate Processing Site | Separation From Primary Site Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a895fbdb-204d-4302-9689-0a59dc42b3d9 Microsoft Managed Control 1295 - Information System Recovery And Reconstitution Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a9172e76-7f56-46e9-93bf-75d69bdb5491 Microsoft Managed Control 1283 - Telecommunications Services | Separation Of Primary / Alternate Providers Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8 Microsoft Managed Control 1272 - Alternate Processing Site Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b4f9b47a-2116-4e6f-88db-4edbf22753f1 Microsoft Managed Control 1286 - Telecommunications Services | Provider Contingency Plan Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b958b241-4245-4bd6-bd2d-b8f0779fb543 Microsoft Managed Control 1257 - Contingency Training Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ba99d512-3baa-1c38-8b0b-ae16bbd34274 Test contingency plan at an alternate processing location Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ca9a4469-d6df-4ab2-a42f-1213c396f0ec Microsoft Managed Control 1243 - Contingency Planning Policy And Procedures Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cf3b3293-667a-445e-a722-fa0b0afc0958 Microsoft Managed Control 1242 - Contingency Planning Policy And Procedures Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8dc459b3-0e77-45af-8d71-cfd8c9654fe2 Microsoft Managed Control 1281 - Telecommunications Services | Priority Of Service Provisions Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d3bf4251-0818-42db-950b-afd5b25a51c2 Microsoft Managed Control 1249 - Contingency Plan Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc43e829-3d50-4a0a-aa0f-428d551862aa Microsoft Managed Control 1277 - Alternate Processing Site | Priority Of Service Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dd280d4b-50a1-42fb-a479-ece5878acf19 Microsoft Managed Control 1264 - Contingency Plan Testing | Coordinate With Related Plans Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e214e563-1206-4a43-a56b-ac5880c9c571 Microsoft Managed Control 1276 - Alternate Processing Site | Accessibility Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e57b98a0-a011-4956-a79d-5d17ed8b8e48 Microsoft Managed Control 1296 - Information System Recovery And Reconstitution | Transaction Recovery Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e77fcbf2-a1e8-44f1-860e-ed6583761e65 Microsoft Managed Control 1273 - Alternate Processing Site Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f3793f5e-937f-44f7-bfba-40647ef3efa0 Microsoft Managed Control 1255 - Contingency Plan | Continue Essential Missions / Business Functions Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fa108498-b3a8-4ffb-9e79-1107e76afad3 Microsoft Managed Control 1280 - Telecommunications Services | Priority Of Service Provisions Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
942b3e97-6ae3-410e-a794-c9c999b97c0b Microsoft Managed Control 1284 - Telecommunications Services | Provider Contingency Plan Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
93fd8af1-c161-4bae-9ba9-f62731f76439 Microsoft Managed Control 1297 - Information System Recovery And Reconstitution | Restore Within Time Period Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8e5ef485-9e16-4c53-a475-fbb8107eac59 Microsoft Managed Control 1278 - Alternate Processing Site | Preparation For Use Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
da3bfb53-9c46-4010-b3db-a7ba1296dada Microsoft Managed Control 1271 - Alternate Storage Site | Accessibility Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
41472613-3b05-49f6-8fe8-525af113ce17 Microsoft Managed Control 1263 - Contingency Plan Testing Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9c954fcf-6dd8-81f1-41b5-832ae5c62caf Incorporate simulated contingency training Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
87f7cd82-2e45-4d0f-9e2f-586b0962d142 Microsoft Managed Control 1293 - Information System Backup | Separate Storage For Critical Information Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
23f6e984-3053-4dfc-ab48-543b764781f5 Microsoft Managed Control 1268 - Alternate Storage Site Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0afce0b3-dd9f-42bb-af28-1e4284ba8311 Microsoft Managed Control 1253 - Contingency Plan | Resume Essential Missions / Business Functions Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01f7726b-db54-45c2-bcb5-9bd7a43796ee Microsoft Managed Control 1285 - Telecommunications Services | Provider Contingency Plan Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d03516cf-0293-489f-9b32-a18f2a79f836 Microsoft Managed Control 1292 - Information System Backup | Test Restoration Using Sampling Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92f85ce9-17b7-49ea-85ee-ea7271ea6b82 Microsoft Managed Control 1290 - Information System Backup Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f Microsoft Managed Control 1288 - Information System Backup Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
819dc6da-289d-476e-8500-7e341ef8677d Microsoft Managed Control 1287 - Information System Backup Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7a724864-956a-496c-b778-637cb1d762cf Microsoft Managed Control 1289 - Information System Backup Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912 Microsoft Managed Control 1291 - Information System Backup | Testing For Reliability / Integrity Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
232ab24b-810b-4640-9019-74a7d0d6a980 Microsoft Managed Control 1256 - Contingency Plan | Identify Critical Assets Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a328fd72-8ff5-4f96-8c9c-b30ed95db4ab Microsoft Managed Control 1252 - Contingency Plan | Capacity Planning Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
49dbe627-2c1e-438c-979e-dd7a39bbf81d Microsoft Managed Control 1294 - Information System Backup | Transfer To Alternate Storage Site Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2aee175f-cd16-4825-939a-a85349d96210 Microsoft Managed Control 1274 - Alternate Processing Site Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34042a97-ec6d-4263-93d2-8c1c46823b2a Microsoft Managed Control 1282 - Telecommunications Services | Single Points Of Failure Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398eb61e-8111-40d5-a0c9-003df28f1753 Microsoft Managed Control 1246 - Contingency Plan Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3b4a3eb2-c25d-40bf-ad41-5094b6f59cee Microsoft Managed Control 1266 - Contingency Plan Testing | Alternate Processing Site Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9d9e18f7-bad9-4d30-8806-a0c9d5e26208 Microsoft Managed Control 1259 - Contingency Training Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
19b9439d-865d-4474-b17d-97d2702fdb66 Microsoft Managed Control 1269 - Alternate Storage Site | Separation From Primary Site Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f3793f5e-937f-44f7-bfba-40647ef3efa0 Microsoft Managed Control 1255 - Contingency Plan | Continue Essential Missions / Business Functions Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fa108498-b3a8-4ffb-9e79-1107e76afad3 Microsoft Managed Control 1280 - Telecommunications Services | Priority Of Service Provisions Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01f7726b-db54-45c2-bcb5-9bd7a43796ee Microsoft Managed Control 1285 - Telecommunications Services | Provider Contingency Plan Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8 Microsoft Managed Control 1272 - Alternate Processing Site Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a9172e76-7f56-46e9-93bf-75d69bdb5491 Microsoft Managed Control 1283 - Telecommunications Services | Separation Of Primary / Alternate Providers Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a895fbdb-204d-4302-9689-0a59dc42b3d9 Microsoft Managed Control 1295 - Information System Recovery And Reconstitution Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a23d9d53-ad2e-45ef-afd5-e6d10900a737 Microsoft Managed Control 1275 - Alternate Processing Site | Separation From Primary Site Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e77fcbf2-a1e8-44f1-860e-ed6583761e65 Microsoft Managed Control 1273 - Alternate Processing Site Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e57b98a0-a011-4956-a79d-5d17ed8b8e48 Microsoft Managed Control 1296 - Information System Recovery And Reconstitution | Transaction Recovery Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b958b241-4245-4bd6-bd2d-b8f0779fb543 Microsoft Managed Control 1257 - Contingency Training Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dd280d4b-50a1-42fb-a479-ece5878acf19 Microsoft Managed Control 1264 - Contingency Plan Testing | Coordinate With Related Plans Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc43e829-3d50-4a0a-aa0f-428d551862aa Microsoft Managed Control 1277 - Alternate Processing Site | Priority Of Service Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
da3bfb53-9c46-4010-b3db-a7ba1296dada Microsoft Managed Control 1271 - Alternate Storage Site | Accessibility Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d3bf4251-0818-42db-950b-afd5b25a51c2 Microsoft Managed Control 1249 - Contingency Plan Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cf3b3293-667a-445e-a722-fa0b0afc0958 Microsoft Managed Control 1242 - Contingency Planning Policy And Procedures Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ca9a4469-d6df-4ab2-a42f-1213c396f0ec Microsoft Managed Control 1243 - Contingency Planning Policy And Procedures Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ba99d512-3baa-1c38-8b0b-ae16bbd34274 Test contingency plan at an alternate processing location Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0afce0b3-dd9f-42bb-af28-1e4284ba8311 Microsoft Managed Control 1253 - Contingency Plan | Resume Essential Missions / Business Functions Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b4f9b47a-2116-4e6f-88db-4edbf22753f1 Microsoft Managed Control 1286 - Telecommunications Services | Provider Contingency Plan Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e214e563-1206-4a43-a56b-ac5880c9c571 Microsoft Managed Control 1276 - Alternate Processing Site | Accessibility Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a0e45314-57b8-4623-80cd-bbb561f59516 Microsoft Managed Control 1245 - Contingency Plan Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a18adb5b-1db6-4a5b-901a-7d3797d12972 Microsoft Managed Control 1265 - Contingency Plan Testing | Alternate Processing Site Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9c954fcf-6dd8-81f1-41b5-832ae5c62caf Incorporate simulated contingency training Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42254fc4-2738-4128-9613-72aaa4f0d9c3 Microsoft Managed Control 1260 - Contingency Training | Simulated Events Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
41472613-3b05-49f6-8fe8-525af113ce17 Microsoft Managed Control 1263 - Contingency Plan Testing Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3b4a3eb2-c25d-40bf-ad41-5094b6f59cee Microsoft Managed Control 1266 - Contingency Plan Testing | Alternate Processing Site Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398eb61e-8111-40d5-a0c9-003df28f1753 Microsoft Managed Control 1246 - Contingency Plan Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9d9e18f7-bad9-4d30-8806-a0c9d5e26208 Microsoft Managed Control 1259 - Contingency Training Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a328fd72-8ff5-4f96-8c9c-b30ed95db4ab Microsoft Managed Control 1252 - Contingency Plan | Capacity Planning Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34042a97-ec6d-4263-93d2-8c1c46823b2a Microsoft Managed Control 1282 - Telecommunications Services | Single Points Of Failure Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2aee175f-cd16-4825-939a-a85349d96210 Microsoft Managed Control 1274 - Alternate Processing Site Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
23f6e984-3053-4dfc-ab48-543b764781f5 Microsoft Managed Control 1268 - Alternate Storage Site Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
19b9439d-865d-4474-b17d-97d2702fdb66 Microsoft Managed Control 1269 - Alternate Storage Site | Separation From Primary Site Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
49dbe627-2c1e-438c-979e-dd7a39bbf81d Microsoft Managed Control 1294 - Information System Backup | Transfer To Alternate Storage Site Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912 Microsoft Managed Control 1291 - Information System Backup | Testing For Reliability / Integrity Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7a724864-956a-496c-b778-637cb1d762cf Microsoft Managed Control 1289 - Information System Backup Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
819dc6da-289d-476e-8500-7e341ef8677d Microsoft Managed Control 1287 - Information System Backup Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
87f7cd82-2e45-4d0f-9e2f-586b0962d142 Microsoft Managed Control 1293 - Information System Backup | Separate Storage For Critical Information Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f Microsoft Managed Control 1288 - Information System Backup Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d03516cf-0293-489f-9b32-a18f2a79f836 Microsoft Managed Control 1292 - Information System Backup | Test Restoration Using Sampling Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
232ab24b-810b-4640-9019-74a7d0d6a980 Microsoft Managed Control 1256 - Contingency Plan | Identify Critical Assets Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92f85ce9-17b7-49ea-85ee-ea7271ea6b82 Microsoft Managed Control 1290 - Information System Backup Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e97ba1d-be5d-4953-8da4-0cccf28f4805 Microsoft Managed Control 1267 - Alternate Storage Site Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
93fd8af1-c161-4bae-9ba9-f62731f76439 Microsoft Managed Control 1297 - Information System Recovery And Reconstitution | Restore Within Time Period Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8e5ef485-9e16-4c53-a475-fbb8107eac59 Microsoft Managed Control 1278 - Alternate Processing Site | Preparation For Use Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8de614d8-a8b7-4f70-a62a-6d37089a002c Microsoft Managed Control 1250 - Contingency Plan Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8dc459b3-0e77-45af-8d71-cfd8c9654fe2 Microsoft Managed Control 1281 - Telecommunications Services | Priority Of Service Provisions Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8bfdbaa6-6824-3fec-9b06-7961bf7389a6 Initiate contingency plan testing corrective actions Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
831e510e-db41-4c72-888e-a0621ab62265 Microsoft Managed Control 1262 - Contingency Plan Testing Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e666db5-b2ef-4b06-aac6-09bfce49151b Microsoft Managed Control 1247 - Contingency Plan Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0 Microsoft Managed Control 1279 - Telecommunications Services Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7814506c-382c-4d33-a142-249dd4a0dbff Microsoft Managed Control 1258 - Contingency Training Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
704e136a-4fe0-427c-b829-cd69957f5d2b Microsoft Managed Control 1254 - Contingency Plan | Resume All Missions / Business Functions Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
942b3e97-6ae3-410e-a794-c9c999b97c0b Microsoft Managed Control 1284 - Telecommunications Services | Provider Contingency Plan Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6a13a8f8-c163-4b1b-8554-d63569dab937 Microsoft Managed Control 1244 - Contingency Plan Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
65aeceb5-a59c-4cb1-8d82-9c474be5d431 Microsoft Managed Control 1261 - Contingency Plan Testing Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5e2b3730-8c14-4081-8893-19dbb5de7348 Microsoft Managed Control 1251 - Contingency Plan | Coordinate With Related Plans Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5d3abfea-a130-1208-29c0-e57de80aa6b0 Review the results of contingency plan testing Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
53c76a39-2097-408a-b237-b279f7b4614d Microsoft Managed Control 1270 - Alternate Storage Site | Recovery Time / Point Objectives Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50fc602d-d8e0-444b-a039-ad138ee5deb0 Microsoft Managed Control 1248 - Contingency Plan Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
87f7cd82-2e45-4d0f-9e2f-586b0962d142 Microsoft Managed Control 1293 - Information System Backup | Separate Storage For Critical Information Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
49dbe627-2c1e-438c-979e-dd7a39bbf81d Microsoft Managed Control 1294 - Information System Backup | Transfer To Alternate Storage Site Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912 Microsoft Managed Control 1291 - Information System Backup | Testing For Reliability / Integrity Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7a724864-956a-496c-b778-637cb1d762cf Microsoft Managed Control 1289 - Information System Backup Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
819dc6da-289d-476e-8500-7e341ef8677d Microsoft Managed Control 1287 - Information System Backup Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
345fa903-145c-4fe1-8bcd-93ec2adccde8 Configure backup on virtual machines with a given tag to an existing recovery services vault in the same location Backup op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50fc602d-d8e0-444b-a039-ad138ee5deb0 Microsoft Managed Control 1248 - Contingency Plan Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e97ba1d-be5d-4953-8da4-0cccf28f4805 Microsoft Managed Control 1267 - Alternate Storage Site Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e666db5-b2ef-4b06-aac6-09bfce49151b Microsoft Managed Control 1247 - Contingency Plan Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42254fc4-2738-4128-9613-72aaa4f0d9c3 Microsoft Managed Control 1260 - Contingency Training | Simulated Events Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
41472613-3b05-49f6-8fe8-525af113ce17 Microsoft Managed Control 1263 - Contingency Plan Testing Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3b4a3eb2-c25d-40bf-ad41-5094b6f59cee Microsoft Managed Control 1266 - Contingency Plan Testing | Alternate Processing Site Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398eb61e-8111-40d5-a0c9-003df28f1753 Microsoft Managed Control 1246 - Contingency Plan Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34042a97-ec6d-4263-93d2-8c1c46823b2a Microsoft Managed Control 1282 - Telecommunications Services | Single Points Of Failure Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8 Microsoft Managed Control 1272 - Alternate Processing Site Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2aee175f-cd16-4825-939a-a85349d96210 Microsoft Managed Control 1274 - Alternate Processing Site Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
23f6e984-3053-4dfc-ab48-543b764781f5 Microsoft Managed Control 1268 - Alternate Storage Site Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
232ab24b-810b-4640-9019-74a7d0d6a980 Microsoft Managed Control 1256 - Contingency Plan | Identify Critical Assets Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
19b9439d-865d-4474-b17d-97d2702fdb66 Microsoft Managed Control 1269 - Alternate Storage Site | Separation From Primary Site Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0afce0b3-dd9f-42bb-af28-1e4284ba8311 Microsoft Managed Control 1253 - Contingency Plan | Resume Essential Missions / Business Functions Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01f7726b-db54-45c2-bcb5-9bd7a43796ee Microsoft Managed Control 1285 - Telecommunications Services | Provider Contingency Plan Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b4f9b47a-2116-4e6f-88db-4edbf22753f1 Microsoft Managed Control 1286 - Telecommunications Services | Provider Contingency Plan Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a9172e76-7f56-46e9-93bf-75d69bdb5491 Microsoft Managed Control 1283 - Telecommunications Services | Separation Of Primary / Alternate Providers Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a895fbdb-204d-4302-9689-0a59dc42b3d9 Microsoft Managed Control 1295 - Information System Recovery And Reconstitution Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a23d9d53-ad2e-45ef-afd5-e6d10900a737 Microsoft Managed Control 1275 - Alternate Processing Site | Separation From Primary Site Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
53c76a39-2097-408a-b237-b279f7b4614d Microsoft Managed Control 1270 - Alternate Storage Site | Recovery Time / Point Objectives Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5d3abfea-a130-1208-29c0-e57de80aa6b0 Review the results of contingency plan testing Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5e2b3730-8c14-4081-8893-19dbb5de7348 Microsoft Managed Control 1251 - Contingency Plan | Coordinate With Related Plans Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
65aeceb5-a59c-4cb1-8d82-9c474be5d431 Microsoft Managed Control 1261 - Contingency Plan Testing Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6a13a8f8-c163-4b1b-8554-d63569dab937 Microsoft Managed Control 1244 - Contingency Plan Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
704e136a-4fe0-427c-b829-cd69957f5d2b Microsoft Managed Control 1254 - Contingency Plan | Resume All Missions / Business Functions Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7814506c-382c-4d33-a142-249dd4a0dbff Microsoft Managed Control 1258 - Contingency Training Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0 Microsoft Managed Control 1279 - Telecommunications Services Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
831e510e-db41-4c72-888e-a0621ab62265 Microsoft Managed Control 1262 - Contingency Plan Testing Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8bfdbaa6-6824-3fec-9b06-7961bf7389a6 Initiate contingency plan testing corrective actions Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8dc459b3-0e77-45af-8d71-cfd8c9654fe2 Microsoft Managed Control 1281 - Telecommunications Services | Priority Of Service Provisions Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8de614d8-a8b7-4f70-a62a-6d37089a002c Microsoft Managed Control 1250 - Contingency Plan Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8e5ef485-9e16-4c53-a475-fbb8107eac59 Microsoft Managed Control 1278 - Alternate Processing Site | Preparation For Use Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
93fd8af1-c161-4bae-9ba9-f62731f76439 Microsoft Managed Control 1297 - Information System Recovery And Reconstitution | Restore Within Time Period Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
942b3e97-6ae3-410e-a794-c9c999b97c0b Microsoft Managed Control 1284 - Telecommunications Services | Provider Contingency Plan Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9c954fcf-6dd8-81f1-41b5-832ae5c62caf Incorporate simulated contingency training Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9d9e18f7-bad9-4d30-8806-a0c9d5e26208 Microsoft Managed Control 1259 - Contingency Training Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a0e45314-57b8-4623-80cd-bbb561f59516 Microsoft Managed Control 1245 - Contingency Plan Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a18adb5b-1db6-4a5b-901a-7d3797d12972 Microsoft Managed Control 1265 - Contingency Plan Testing | Alternate Processing Site Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b958b241-4245-4bd6-bd2d-b8f0779fb543 Microsoft Managed Control 1257 - Contingency Training Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ba99d512-3baa-1c38-8b0b-ae16bbd34274 Test contingency plan at an alternate processing location Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
da3bfb53-9c46-4010-b3db-a7ba1296dada Microsoft Managed Control 1271 - Alternate Storage Site | Accessibility Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f Microsoft Managed Control 1288 - Information System Backup Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e57b98a0-a011-4956-a79d-5d17ed8b8e48 Microsoft Managed Control 1296 - Information System Recovery And Reconstitution | Transaction Recovery Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e214e563-1206-4a43-a56b-ac5880c9c571 Microsoft Managed Control 1276 - Alternate Processing Site | Accessibility Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dd280d4b-50a1-42fb-a479-ece5878acf19 Microsoft Managed Control 1264 - Contingency Plan Testing | Coordinate With Related Plans Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ca9a4469-d6df-4ab2-a42f-1213c396f0ec Microsoft Managed Control 1243 - Contingency Planning Policy And Procedures Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc43e829-3d50-4a0a-aa0f-428d551862aa Microsoft Managed Control 1277 - Alternate Processing Site | Priority Of Service Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e77fcbf2-a1e8-44f1-860e-ed6583761e65 Microsoft Managed Control 1273 - Alternate Processing Site Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f3793f5e-937f-44f7-bfba-40647ef3efa0 Microsoft Managed Control 1255 - Contingency Plan | Continue Essential Missions / Business Functions Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fa108498-b3a8-4ffb-9e79-1107e76afad3 Microsoft Managed Control 1280 - Telecommunications Services | Priority Of Service Provisions Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2514263b-bc0d-4b06-ac3e-f262c0979018 [Preview]: Immutability must be enabled for backup vaults Backup op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a9934fd7-29f2-4e6d-ab3d-607ea38e9079 SQL Managed Instances should avoid using GRS backup redundancy SQL op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8015d6ed-3641-4534-8d0b-5c67b67ff7de [Preview]: Configure Recovery Services vaults to use private endpoints for backup Backup op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4d479a11-f2b5-4f0a-bb1e-d2332aa95cda [Preview]: Disable Cross Subscription Restore for Backup Vaults Backup op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86 Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy Backup op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cf3b3293-667a-445e-a722-fa0b0afc0958 Microsoft Managed Control 1242 - Contingency Planning Policy And Procedures Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05938e10-cdbd-4a54-9b2b-1cbcfc141ad0 Microsoft Managed Control 1132 - Protection Of Audit Information | Audit Backup On Separate Physical Systems / Components Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9798d31d-6028-4dee-8643-46102185c016 [Preview]: Soft delete should be enabled for Backup Vaults Backup op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a328fd72-8ff5-4f96-8c9c-b30ed95db4ab Microsoft Managed Control 1252 - Contingency Plan | Capacity Planning Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d3bf4251-0818-42db-950b-afd5b25a51c2 Microsoft Managed Control 1249 - Contingency Plan Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6f6f560-14b7-49a4-9fc8-d2c3a9807868 [Preview]: Immutability must be enabled for Recovery Services vaults Backup op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d03516cf-0293-489f-9b32-a18f2a79f836 Microsoft Managed Control 1292 - Information System Backup | Test Restoration Using Sampling Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b219b9cf-f672-4f96-9ab0-f5a3ac5e1c13 SQL Database should avoid using GRS backup redundancy SQL op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af783da1-4ad1-42be-800d-d19c70038820 [Preview]: Configure Recovery Services vaults to use private DNS zones for backup Backup op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92f85ce9-17b7-49ea-85ee-ea7271ea6b82 Microsoft Managed Control 1290 - Information System Backup Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912 Microsoft Managed Control 1291 - Information System Backup | Testing For Reliability / Integrity Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7a724864-956a-496c-b778-637cb1d762cf Microsoft Managed Control 1289 - Information System Backup Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a9172e76-7f56-46e9-93bf-75d69bdb5491 Microsoft Managed Control 1283 - Telecommunications Services | Separation Of Primary / Alternate Providers Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc43e829-3d50-4a0a-aa0f-428d551862aa Microsoft Managed Control 1277 - Alternate Processing Site | Priority Of Service Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
da3bfb53-9c46-4010-b3db-a7ba1296dada Microsoft Managed Control 1271 - Alternate Storage Site | Accessibility Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d3bf4251-0818-42db-950b-afd5b25a51c2 Microsoft Managed Control 1249 - Contingency Plan Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cf3b3293-667a-445e-a722-fa0b0afc0958 Microsoft Managed Control 1242 - Contingency Planning Policy And Procedures Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ca9a4469-d6df-4ab2-a42f-1213c396f0ec Microsoft Managed Control 1243 - Contingency Planning Policy And Procedures Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ba99d512-3baa-1c38-8b0b-ae16bbd34274 Test contingency plan at an alternate processing location Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b958b241-4245-4bd6-bd2d-b8f0779fb543 Microsoft Managed Control 1257 - Contingency Training Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b4f9b47a-2116-4e6f-88db-4edbf22753f1 Microsoft Managed Control 1286 - Telecommunications Services | Provider Contingency Plan Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8 Microsoft Managed Control 1272 - Alternate Processing Site Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
819dc6da-289d-476e-8500-7e341ef8677d Microsoft Managed Control 1287 - Information System Backup Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2514263b-bc0d-4b06-ac3e-f262c0979018 [Preview]: Immutability must be enabled for backup vaults Backup op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
958dbd4e-0e20-4385-a082-d3f20c2a6ad8 [Preview]: Configure blob backup for all storage accounts that do not contain a given tag to a backup vault in the same region Backup op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
615b01c4-d565-4f6f-8c6e-d130268e3a1a [Preview]: Configure backup for blobs on storage accounts with a given tag to an existing backup vault in the same region Backup op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6f6f560-14b7-49a4-9fc8-d2c3a9807868 [Preview]: Immutability must be enabled for Recovery Services vaults Backup op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af783da1-4ad1-42be-800d-d19c70038820 [Preview]: Configure Recovery Services vaults to use private DNS zones for backup Backup op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86 Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy Backup op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9798d31d-6028-4dee-8643-46102185c016 [Preview]: Soft delete should be enabled for Backup Vaults Backup op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dd280d4b-50a1-42fb-a479-ece5878acf19 Microsoft Managed Control 1264 - Contingency Plan Testing | Coordinate With Related Plans Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8015d6ed-3641-4534-8d0b-5c67b67ff7de [Preview]: Configure Recovery Services vaults to use private endpoints for backup Backup op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a895fbdb-204d-4302-9689-0a59dc42b3d9 Microsoft Managed Control 1295 - Information System Recovery And Reconstitution Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fa108498-b3a8-4ffb-9e79-1107e76afad3 Microsoft Managed Control 1280 - Telecommunications Services | Priority Of Service Provisions Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f3793f5e-937f-44f7-bfba-40647ef3efa0 Microsoft Managed Control 1255 - Contingency Plan | Continue Essential Missions / Business Functions Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e77fcbf2-a1e8-44f1-860e-ed6583761e65 Microsoft Managed Control 1273 - Alternate Processing Site Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e57b98a0-a011-4956-a79d-5d17ed8b8e48 Microsoft Managed Control 1296 - Information System Recovery And Reconstitution | Transaction Recovery Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e214e563-1206-4a43-a56b-ac5880c9c571 Microsoft Managed Control 1276 - Alternate Processing Site | Accessibility Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4d479a11-f2b5-4f0a-bb1e-d2332aa95cda [Preview]: Disable Cross Subscription Restore for Backup Vaults Backup op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a23d9d53-ad2e-45ef-afd5-e6d10900a737 Microsoft Managed Control 1275 - Alternate Processing Site | Separation From Primary Site Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9c954fcf-6dd8-81f1-41b5-832ae5c62caf Incorporate simulated contingency training Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a0e45314-57b8-4623-80cd-bbb561f59516 Microsoft Managed Control 1245 - Contingency Plan Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6a13a8f8-c163-4b1b-8554-d63569dab937 Microsoft Managed Control 1244 - Contingency Plan Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
49dbe627-2c1e-438c-979e-dd7a39bbf81d Microsoft Managed Control 1294 - Information System Backup | Transfer To Alternate Storage Site Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f Microsoft Managed Control 1288 - Information System Backup Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
65aeceb5-a59c-4cb1-8d82-9c474be5d431 Microsoft Managed Control 1261 - Contingency Plan Testing Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5e2b3730-8c14-4081-8893-19dbb5de7348 Microsoft Managed Control 1251 - Contingency Plan | Coordinate With Related Plans Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5d3abfea-a130-1208-29c0-e57de80aa6b0 Review the results of contingency plan testing Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
53c76a39-2097-408a-b237-b279f7b4614d Microsoft Managed Control 1270 - Alternate Storage Site | Recovery Time / Point Objectives Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50fc602d-d8e0-444b-a039-ad138ee5deb0 Microsoft Managed Control 1248 - Contingency Plan Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e97ba1d-be5d-4953-8da4-0cccf28f4805 Microsoft Managed Control 1267 - Alternate Storage Site Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92f85ce9-17b7-49ea-85ee-ea7271ea6b82 Microsoft Managed Control 1290 - Information System Backup Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e666db5-b2ef-4b06-aac6-09bfce49151b Microsoft Managed Control 1247 - Contingency Plan Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42254fc4-2738-4128-9613-72aaa4f0d9c3 Microsoft Managed Control 1260 - Contingency Training | Simulated Events Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
41472613-3b05-49f6-8fe8-525af113ce17 Microsoft Managed Control 1263 - Contingency Plan Testing Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398eb61e-8111-40d5-a0c9-003df28f1753 Microsoft Managed Control 1246 - Contingency Plan Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34042a97-ec6d-4263-93d2-8c1c46823b2a Microsoft Managed Control 1282 - Telecommunications Services | Single Points Of Failure Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a9934fd7-29f2-4e6d-ab3d-607ea38e9079 SQL Managed Instances should avoid using GRS backup redundancy SQL op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b219b9cf-f672-4f96-9ab0-f5a3ac5e1c13 SQL Database should avoid using GRS backup redundancy SQL op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d03516cf-0293-489f-9b32-a18f2a79f836 Microsoft Managed Control 1292 - Information System Backup | Test Restoration Using Sampling Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2aee175f-cd16-4825-939a-a85349d96210 Microsoft Managed Control 1274 - Alternate Processing Site Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
23f6e984-3053-4dfc-ab48-543b764781f5 Microsoft Managed Control 1268 - Alternate Storage Site Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
232ab24b-810b-4640-9019-74a7d0d6a980 Microsoft Managed Control 1256 - Contingency Plan | Identify Critical Assets Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
19b9439d-865d-4474-b17d-97d2702fdb66 Microsoft Managed Control 1269 - Alternate Storage Site | Separation From Primary Site Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0afce0b3-dd9f-42bb-af28-1e4284ba8311 Microsoft Managed Control 1253 - Contingency Plan | Resume Essential Missions / Business Functions Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01f7726b-db54-45c2-bcb5-9bd7a43796ee Microsoft Managed Control 1285 - Telecommunications Services | Provider Contingency Plan Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3b4a3eb2-c25d-40bf-ad41-5094b6f59cee Microsoft Managed Control 1266 - Contingency Plan Testing | Alternate Processing Site Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a18adb5b-1db6-4a5b-901a-7d3797d12972 Microsoft Managed Control 1265 - Contingency Plan Testing | Alternate Processing Site Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
345fa903-145c-4fe1-8bcd-93ec2adccde8 Configure backup on virtual machines with a given tag to an existing recovery services vault in the same location Backup op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9d9e18f7-bad9-4d30-8806-a0c9d5e26208 Microsoft Managed Control 1259 - Contingency Training Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
942b3e97-6ae3-410e-a794-c9c999b97c0b Microsoft Managed Control 1284 - Telecommunications Services | Provider Contingency Plan Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
93fd8af1-c161-4bae-9ba9-f62731f76439 Microsoft Managed Control 1297 - Information System Recovery And Reconstitution | Restore Within Time Period Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8e5ef485-9e16-4c53-a475-fbb8107eac59 Microsoft Managed Control 1278 - Alternate Processing Site | Preparation For Use Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8de614d8-a8b7-4f70-a62a-6d37089a002c Microsoft Managed Control 1250 - Contingency Plan Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8dc459b3-0e77-45af-8d71-cfd8c9654fe2 Microsoft Managed Control 1281 - Telecommunications Services | Priority Of Service Provisions Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8bfdbaa6-6824-3fec-9b06-7961bf7389a6 Initiate contingency plan testing corrective actions Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
831e510e-db41-4c72-888e-a0621ab62265 Microsoft Managed Control 1262 - Contingency Plan Testing Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0 Microsoft Managed Control 1279 - Telecommunications Services Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7814506c-382c-4d33-a142-249dd4a0dbff Microsoft Managed Control 1258 - Contingency Training Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
704e136a-4fe0-427c-b829-cd69957f5d2b Microsoft Managed Control 1254 - Contingency Plan | Resume All Missions / Business Functions Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83644c87-93dd-49fe-bf9f-6aff8fd0834e Configure backup on virtual machines with a given tag to a new recovery services vault with a default policy Backup op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
87f7cd82-2e45-4d0f-9e2f-586b0962d142 Microsoft Managed Control 1293 - Information System Backup | Separate Storage For Critical Information Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a328fd72-8ff5-4f96-8c9c-b30ed95db4ab Microsoft Managed Control 1252 - Contingency Plan | Capacity Planning Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05938e10-cdbd-4a54-9b2b-1cbcfc141ad0 Microsoft Managed Control 1132 - Protection Of Audit Information | Audit Backup On Separate Physical Systems / Components Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
09ce66bc-1220-4153-8104-e3f51c936913 Configure backup on virtual machines without a given tag to an existing recovery services vault in the same location Backup op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
09a1f130-7697-42bc-8d84-8a9ea17e5192 Configure Linux Arc-enabled machines to be associated with a Data Collection Rule for ChangeTracking and Inventory ChangeTrackingAndInventory op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03752212-103c-4ab8-a306-7e813022ca9d Microsoft Managed Control 1229 - Information System Component Inventory | No Duplicate Accounting Of Components Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03b78f5e-4877-4303-b0f4-eb6583f25768 Microsoft Managed Control 1227 - Information System Component Inventory | Automated Unauthorized Component Detection Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a Microsoft Managed Control 1223 - Information System Component Inventory Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1142b015-2bd7-41e0-8645-a531afe09a1e [Preview]: Configure Linux VMSS to be associated with a Data Collection Rule for ChangeTracking and Inventory ChangeTrackingAndInventory op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fb39e62f-6bda-4558-8088-ec03d5670914 Microsoft Managed Control 1222 - Information System Component Inventory Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ef9fe2ce-a588-4edd-829c-6247069dcfdb Configure Windows Arc-enabled machines to be associated with a Data Collection Rule for ChangeTracking and Inventory ChangeTrackingAndInventory op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0a2119c1-f068-4bfe-9f03-db94317e8db9 Microsoft Managed Control 1855 - Inventory of Personally Identifiable Information Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bef2d677-e829-492d-9a3d-f5a20fda818f Configure Linux Virtual Machines to be associated with a Data Collection Rule for ChangeTracking and Inventory ChangeTrackingAndInventory op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b73e81f3-6303-48ad-9822-b69fc00c15ef [Preview]: Configure Linux VMSS to install AMA for ChangeTracking and Inventory with user-assigned managed identity ChangeTrackingAndInventory op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b6faa975-0add-4f35-8d1c-70bba45c4424 Configure Windows Virtual Machines to be associated with a Data Collection Rule for ChangeTracking and Inventory ChangeTrackingAndInventory op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ad1eeff9-20d7-4c82-a04e-903acab0bfc1 Configure Windows VMs to install AMA for ChangeTracking and Inventory with user-assigned managed identity ChangeTrackingAndInventory op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a7acfae7-9497-4a3f-a3b5-a16a50abbe2f Configure Windows Arc-enabled machines to install AMA for ChangeTracking and Inventory ChangeTrackingAndInventory op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
09a1f130-7697-42bc-8d84-8a9ea17e5187 Configure Linux Arc-enabled machines to to install AMA for ChangeTracking and Inventory ChangeTrackingAndInventory op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c158eb1c-ae7e-4081-8057-d527140c4e0c Microsoft Managed Control 1226 - Information System Component Inventory | Automated Unauthorized Component Detection Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8fd85785-1547-4a4a-bf90-d5483c9571c5 [Preview]: Configure Windows VMSS to be associated with a Data Collection Rule for ChangeTracking and Inventory ChangeTrackingAndInventory op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8d096fe0-f510-4486-8b4d-d17dc230980b Microsoft Managed Control 1225 - Information System Component Inventory | Automated Maintenance Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
74520428-3aa8-449c-938d-93f51940759e Microsoft Managed Control 1739 - Information System Inventory Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
56d0ed2b-60fc-44bf-af81-a78c851b5fe1 Configure Linux VMs to install AMA for ChangeTracking and Inventory with user-assigned managed identity ChangeTrackingAndInventory op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4485d24b-a9d3-4206-b691-1fad83bc5007 [Preview]: Configure Windows VMSS to install AMA for ChangeTracking and Inventory with user-assigned managed identity ChangeTrackingAndInventory op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
39c54140-5902-4079-8bb5-ad31936fe764 Microsoft Managed Control 1228 - Information System Component Inventory | Accountability Information Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
28cfa30b-7f72-47ce-ba3b-eed26c8d2c82 Microsoft Managed Control 1224 - Information System Component Inventory | Updates During Installations / Removals Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
952a545c-6dc5-4999-aeb6-51ed27dc7ea5 Microsoft Managed Control 1854 - Inventory of Personally Identifiable Information Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
16c54e01-9e65-7524-7c33-beda48a75779 Produce, control and distribute symmetric cryptographic keys Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6d8d492c-dd7a-46f7-a723-fa66a425b87c Microsoft Managed Control 1643 - Cryptographic Key Establishment And Management Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7c322315-e26d-4174-a99e-f49d351b4688 Table Storage should use customer-managed key for encryption Storage op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
90b60a09-133d-45bc-86ef-b206a6134bbe Microsoft Managed Control 1133 - Protection Of Audit Information | Cryptographic Protection Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a2cdf6b8-9505-4619-b579-309ba72037ac Microsoft Managed Control 1664 - Protection Of Information At Rest | Cryptographic Protection Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a7211477-c970-446b-b4af-062f37461147 Microsoft Managed Control 1644 - Cryptographic Key Establishment And Management | Availability Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
afbd0baf-ff1a-4447-a86f-088a97347c0c Microsoft Managed Control 1645 - Cryptographic Key Establishment And Management | Symmetric Keys Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
587c79fe-dd04-4a5e-9d0b-f89598c7261b Keys should be backed by a hardware security module (HSM) Key Vault op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1d478a74-21ba-4b9f-9d8f-8e6fced0eec5 [Preview]: Azure Key Vault Managed HSM keys should have an expiration date Key Vault op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b6747bf9-2b97-45b8-b162-3c8becb9937d Microsoft Managed Control 1419 - Remote Maintenance | Cryptographic Protection Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d39d4f68-7346-4133-8841-15318a714a24 Microsoft Managed Control 1641 - Transmission Confidentiality And Integrity | Cryptographic Or Alternate Physical Protection Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f0e5abd0-2554-4736-b7c0-4ffef23475ef Queue Storage should use customer-managed key for encryption Storage op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c3a1b1-29b0-a2d5-8f4c-a284b0f07830 Implement cryptographic mechanisms Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f86aa129-7c07-4aa4-bbf5-792d93ffd9ea Microsoft Managed Control 1345 - Cryptographic Module Authentication Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
76d66b5c-85e4-93f5-96a5-ebb2fad61dc6 Terminate customer controlled account credentials Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8dad106-6444-5f55-307e-1e1cc9723e39 Ensure cryptographic mechanisms are under configuration management Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
08c11b48-8745-034d-1c1b-a144feec73b9 Restrict use of open source software Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d7d66d05-bf34-4555-b5f2-8b749def4098 Microsoft Managed Control 1837 - Data Retention And Disposal | System Configuration Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
12a4a4dd-6c65-4900-9d7e-63fed5da791e Microsoft Managed Control 1834 - Data Retention And Disposal Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
56a838e0-0a5d-49a8-ab74-bf6be81b32f5 Microsoft Managed Control 1835 - Data Retention And Disposal Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5bef3414-50bc-4fc0-b3db-372bb8fe0796 Microsoft Managed Control 1836 - Data Retention And Disposal Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
22589a07-0007-486a-86ca-95355081ae2a Microsoft Managed Control 1221 - Least Functionality | Authorized Software / Whitelisting Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0d87c70b-5012-48e9-994b-e70dd4b8def0 Microsoft Managed Control 1713 - Software & Information Integrity | Integrity Checks Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0dced7ab-9ce5-4137-93aa-14c13e06ab17 Microsoft Managed Control 1718 - Software & Information Integrity | Binary Or Machine Executable Code Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
129eb39f-d79a-4503-84cd-92f036b5e429 Microsoft Managed Control 1240 - User-Installed Software Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2a39ac75-622b-4c88-9a3f-45b7373f7ef7 Microsoft Managed Control 1219 - Least Functionality | Authorized Software / Whitelisting Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
44e543aa-41db-42aa-98eb-8a5eb1db53f0 Microsoft Managed Control 1712 - Software & Information Integrity Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ee5975d-2507-5530-a20a-83a725889c6f Restrict unauthorized software and firmware installation Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
68d2e478-3b19-23eb-1357-31b296547457 Enforce software execution privileges Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef Microsoft Managed Control 1717 - Software & Information Integrity | Binary Or Machine Executable Code Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0be51298-f643-4556-88af-d7db90794879 Microsoft Managed Control 1239 - User-Installed Software Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5bbda922-0172-4095-89e6-5b4a0bf03af7 Microsoft Managed Control 1551 - Vulnerability Scanning | Update Tool Capability Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
766e621d-ba95-4e43-a6f2-e945db3d7888 Setup subscriptions to transition to an alternative vulnerability assessment solution Security Center op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
36fbe499-f2f2-41b6-880e-52d7ea1d94a5 Microsoft Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
43684572-e4f1-4642-af35-6b933bc506da Microsoft Managed Control 1552 - Vulnerability Scanning | Update By Frequency / Prior To New Scan / When Identified Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52 Microsoft Managed Control 1547 - Vulnerability Scanning Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5afa8cab-1ed7-4e40-884c-64e0ac2059cc Microsoft Managed Control 1555 - Vulnerability Scanning | Privileged Access Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ba3ed84-c768-4e18-b87c-34ef1aff1b57 Microsoft Managed Control 1236 - Software Usage Restrictions Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
65592b16-4367-42c5-a26e-d371be450e17 Microsoft Managed Control 1558 - Vulnerability Scanning | Correlate Scanning Information Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
902908fb-25a8-4225-a3a5-5603c80066c9 Microsoft Managed Control 1550 - Vulnerability Scanning Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9e5225fe-cdfb-4fce-9aec-0fe20dd53b62 Microsoft Managed Control 1553 - Vulnerability Scanning | Breadth / Depth Of Coverage Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6976a08-d969-4df2-bb38-29556c2eb48a Microsoft Managed Control 1549 - Vulnerability Scanning Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0004bbf0-5099-4179-869e-e9ffe5fb0945 Microsoft Managed Control 1599 - Developer Configuration Management | Software / Firmware Integrity Verification Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
042ba2a1-8bb8-45f4-b080-c78cf62b90e9 Microsoft Managed Control 1594 - Developer Configuration Management Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
11158848-f679-4e9b-aa7b-9fb07d945071 Microsoft Managed Control 1230 - Configuration Management Plan Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1e0414e7-6ef5-4182-8076-aa82fbb53341 Microsoft Managed Control 1595 - Developer Configuration Management Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
21e25e01-0ae0-41be-919e-04ce92b8e8b8 Microsoft Managed Control 1596 - Developer Configuration Management Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca Microsoft Managed Control 1606 - Developer Security Testing And Evaluation | Threat And Vulnerability Analyses Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
244e0c05-cc45-4fe7-bf36-42dcf01f457d Microsoft Managed Control 1231 - Configuration Management Plan Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42a9a714-8fbb-43ac-b115-ea12d2bd652f Microsoft Managed Control 1174 - Configuration Management Policy And Procedures Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
68b250ec-2e4f-4eee-898a-117a9fda7016 Microsoft Managed Control 1597 - Developer Configuration Management Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6dab4254-c30d-4bb7-ae99-1d21586c063c Microsoft Managed Control 1175 - Configuration Management Policy And Procedures Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9d79001f-95fe-45d0-8736-f217e78c1f57 Microsoft Managed Control 1233 - Configuration Management Plan Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae7e1f5e-2d63-4b38-91ef-bce14151cce3 Microsoft Managed Control 1598 - Developer Configuration Management Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8dad106-6444-5f55-307e-1e1cc9723e39 Ensure cryptographic mechanisms are under configuration management Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ce0167-8ca6-4048-8e6b-f996402e3c1b Configure machines to receive a vulnerability assessment provider Security Center op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5b802722-71dd-a13d-2e7e-231e09589efb Implement privileged access for executing vulnerability scanning activities Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
396ba986-eac1-4d6d-85c4-d3fda6b78272 Microsoft Managed Control 1232 - Configuration Management Plan Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1 Microsoft Managed Control 1238 - User-Installed Software Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3afe6c78-6124-4d95-b85c-eb8c0c9539cb Microsoft Managed Control 1548 - Vulnerability Scanning Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c40f31a7-81e1-4130-99e5-a02ceea2a1d6 Microsoft Managed Control 1220 - Least Functionality | Authorized Software / Whitelisting Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b293f881-361c-47ed-b997-bc4e2296bc0b Microsoft Managed Control 1234 - Software Usage Restrictions Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c49c610b-ece4-44b3-988c-2172b70d6e46 Microsoft Managed Control 1235 - Software Usage Restrictions Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dd469ae0-71a8-4adc-aafc-de6949ca3339 Microsoft Managed Control 1715 - Software & Information Integrity | Automated Response To Integrity Violations Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2ce1ea7e-4038-4e53-82f4-63e8859333c1 Microsoft Managed Control 1546 - Vulnerability Scanning Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10984b4e-c93e-48d7-bf20-9c03b04e9eca Microsoft Managed Control 1554 - Vulnerability Scanning | Discoverable Information Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e12494fa-b81e-4080-af71-7dbacc2da0ec Microsoft Managed Control 1714 - Software & Information Integrity | Automated Notifications Of Integrity Violations Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e54c325e-42a0-4dcf-b105-046e0f6f590f Microsoft Managed Control 1716 - Software & Information Integrity | Integration Of Detection And Response Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77cc89bb-774f-48d7-8a84-fb8c322c3000 Track software license usage Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eca4d7b2-65e2-4e04-95d4-c68606b063c3 Microsoft Managed Control 1241 - User-Installed Software | Alerts For Unauthorized Installations Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e80b6812-0bfa-4383-8223-cdd86a46a890 Microsoft Managed Control 1237 - Software Usage Restrictions | Open Source Software Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
391ff8b3-afed-405e-9f7d-ef2f8168d5da Microsoft Managed Control 1556 - Vulnerability Scanning | Automated Trend Analyses Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83644c87-93dd-49fe-bf9f-6aff8fd0834e Configure backup on virtual machines with a given tag to a new recovery services vault with a default policy Backup op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f Microsoft Managed Control 1288 - Information System Backup Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
49dbe627-2c1e-438c-979e-dd7a39bbf81d Microsoft Managed Control 1294 - Information System Backup | Transfer To Alternate Storage Site Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912 Microsoft Managed Control 1291 - Information System Backup | Testing For Reliability / Integrity Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7a724864-956a-496c-b778-637cb1d762cf Microsoft Managed Control 1289 - Information System Backup Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
819dc6da-289d-476e-8500-7e341ef8677d Microsoft Managed Control 1287 - Information System Backup Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92f85ce9-17b7-49ea-85ee-ea7271ea6b82 Microsoft Managed Control 1290 - Information System Backup Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d03516cf-0293-489f-9b32-a18f2a79f836 Microsoft Managed Control 1292 - Information System Backup | Test Restoration Using Sampling Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b219b9cf-f672-4f96-9ab0-f5a3ac5e1c13 SQL Database should avoid using GRS backup redundancy SQL op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a9934fd7-29f2-4e6d-ab3d-607ea38e9079 SQL Managed Instances should avoid using GRS backup redundancy SQL op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
87f7cd82-2e45-4d0f-9e2f-586b0962d142 Microsoft Managed Control 1293 - Information System Backup | Separate Storage For Critical Information Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8dad106-6444-5f55-307e-1e1cc9723e39 Ensure cryptographic mechanisms are under configuration management Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae7e1f5e-2d63-4b38-91ef-bce14151cce3 Microsoft Managed Control 1598 - Developer Configuration Management Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9d79001f-95fe-45d0-8736-f217e78c1f57 Microsoft Managed Control 1233 - Configuration Management Plan Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6dab4254-c30d-4bb7-ae99-1d21586c063c Microsoft Managed Control 1175 - Configuration Management Policy And Procedures Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
68b250ec-2e4f-4eee-898a-117a9fda7016 Microsoft Managed Control 1597 - Developer Configuration Management Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42a9a714-8fbb-43ac-b115-ea12d2bd652f Microsoft Managed Control 1174 - Configuration Management Policy And Procedures Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
396ba986-eac1-4d6d-85c4-d3fda6b78272 Microsoft Managed Control 1232 - Configuration Management Plan Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
244e0c05-cc45-4fe7-bf36-42dcf01f457d Microsoft Managed Control 1231 - Configuration Management Plan Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
21e25e01-0ae0-41be-919e-04ce92b8e8b8 Microsoft Managed Control 1596 - Developer Configuration Management Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1e0414e7-6ef5-4182-8076-aa82fbb53341 Microsoft Managed Control 1595 - Developer Configuration Management Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c40f31a7-81e1-4130-99e5-a02ceea2a1d6 Microsoft Managed Control 1220 - Least Functionality | Authorized Software / Whitelisting Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c49c610b-ece4-44b3-988c-2172b70d6e46 Microsoft Managed Control 1235 - Software Usage Restrictions Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
11158848-f679-4e9b-aa7b-9fb07d945071 Microsoft Managed Control 1230 - Configuration Management Plan Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
042ba2a1-8bb8-45f4-b080-c78cf62b90e9 Microsoft Managed Control 1594 - Developer Configuration Management Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dd469ae0-71a8-4adc-aafc-de6949ca3339 Microsoft Managed Control 1715 - Software & Information Integrity | Automated Response To Integrity Violations Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0004bbf0-5099-4179-869e-e9ffe5fb0945 Microsoft Managed Control 1599 - Developer Configuration Management | Software / Firmware Integrity Verification Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6976a08-d969-4df2-bb38-29556c2eb48a Microsoft Managed Control 1549 - Vulnerability Scanning Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9e5225fe-cdfb-4fce-9aec-0fe20dd53b62 Microsoft Managed Control 1553 - Vulnerability Scanning | Breadth / Depth Of Coverage Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
902908fb-25a8-4225-a3a5-5603c80066c9 Microsoft Managed Control 1550 - Vulnerability Scanning Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b293f881-361c-47ed-b997-bc4e2296bc0b Microsoft Managed Control 1234 - Software Usage Restrictions Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ce0167-8ca6-4048-8e6b-f996402e3c1b Configure machines to receive a vulnerability assessment provider Security Center op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
12a4a4dd-6c65-4900-9d7e-63fed5da791e Microsoft Managed Control 1834 - Data Retention And Disposal Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
56a838e0-0a5d-49a8-ab74-bf6be81b32f5 Microsoft Managed Control 1835 - Data Retention And Disposal Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5bef3414-50bc-4fc0-b3db-372bb8fe0796 Microsoft Managed Control 1836 - Data Retention And Disposal Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d7d66d05-bf34-4555-b5f2-8b749def4098 Microsoft Managed Control 1837 - Data Retention And Disposal | System Configuration Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
08c11b48-8745-034d-1c1b-a144feec73b9 Restrict use of open source software Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0be51298-f643-4556-88af-d7db90794879 Microsoft Managed Control 1239 - User-Installed Software Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0d87c70b-5012-48e9-994b-e70dd4b8def0 Microsoft Managed Control 1713 - Software & Information Integrity | Integrity Checks Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0dced7ab-9ce5-4137-93aa-14c13e06ab17 Microsoft Managed Control 1718 - Software & Information Integrity | Binary Or Machine Executable Code Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
129eb39f-d79a-4503-84cd-92f036b5e429 Microsoft Managed Control 1240 - User-Installed Software Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
22589a07-0007-486a-86ca-95355081ae2a Microsoft Managed Control 1221 - Least Functionality | Authorized Software / Whitelisting Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2a39ac75-622b-4c88-9a3f-45b7373f7ef7 Microsoft Managed Control 1219 - Least Functionality | Authorized Software / Whitelisting Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
44e543aa-41db-42aa-98eb-8a5eb1db53f0 Microsoft Managed Control 1712 - Software & Information Integrity Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ee5975d-2507-5530-a20a-83a725889c6f Restrict unauthorized software and firmware installation Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
68d2e478-3b19-23eb-1357-31b296547457 Enforce software execution privileges Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef Microsoft Managed Control 1717 - Software & Information Integrity | Binary Or Machine Executable Code Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ba3ed84-c768-4e18-b87c-34ef1aff1b57 Microsoft Managed Control 1236 - Software Usage Restrictions Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1 Microsoft Managed Control 1238 - User-Installed Software Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca Microsoft Managed Control 1606 - Developer Security Testing And Evaluation | Threat And Vulnerability Analyses Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
766e621d-ba95-4e43-a6f2-e945db3d7888 Setup subscriptions to transition to an alternative vulnerability assessment solution Security Center op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5b802722-71dd-a13d-2e7e-231e09589efb Implement privileged access for executing vulnerability scanning activities Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
65592b16-4367-42c5-a26e-d371be450e17 Microsoft Managed Control 1558 - Vulnerability Scanning | Correlate Scanning Information Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5afa8cab-1ed7-4e40-884c-64e0ac2059cc Microsoft Managed Control 1555 - Vulnerability Scanning | Privileged Access Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
43684572-e4f1-4642-af35-6b933bc506da Microsoft Managed Control 1552 - Vulnerability Scanning | Update By Frequency / Prior To New Scan / When Identified Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e80b6812-0bfa-4383-8223-cdd86a46a890 Microsoft Managed Control 1237 - Software Usage Restrictions | Open Source Software Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eca4d7b2-65e2-4e04-95d4-c68606b063c3 Microsoft Managed Control 1241 - User-Installed Software | Alerts For Unauthorized Installations Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05938e10-cdbd-4a54-9b2b-1cbcfc141ad0 Microsoft Managed Control 1132 - Protection Of Audit Information | Audit Backup On Separate Physical Systems / Components Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
09ce66bc-1220-4153-8104-e3f51c936913 Configure backup on virtual machines without a given tag to an existing recovery services vault in the same location Backup op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e54c325e-42a0-4dcf-b105-046e0f6f590f Microsoft Managed Control 1716 - Software & Information Integrity | Integration Of Detection And Response Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
345fa903-145c-4fe1-8bcd-93ec2adccde8 Configure backup on virtual machines with a given tag to an existing recovery services vault in the same location Backup op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77cc89bb-774f-48d7-8a84-fb8c322c3000 Track software license usage Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e12494fa-b81e-4080-af71-7dbacc2da0ec Microsoft Managed Control 1714 - Software & Information Integrity | Automated Notifications Of Integrity Violations Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3afe6c78-6124-4d95-b85c-eb8c0c9539cb Microsoft Managed Control 1548 - Vulnerability Scanning Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
391ff8b3-afed-405e-9f7d-ef2f8168d5da Microsoft Managed Control 1556 - Vulnerability Scanning | Automated Trend Analyses Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
36fbe499-f2f2-41b6-880e-52d7ea1d94a5 Microsoft Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2ce1ea7e-4038-4e53-82f4-63e8859333c1 Microsoft Managed Control 1546 - Vulnerability Scanning Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10984b4e-c93e-48d7-bf20-9c03b04e9eca Microsoft Managed Control 1554 - Vulnerability Scanning | Discoverable Information Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52 Microsoft Managed Control 1547 - Vulnerability Scanning Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5bbda922-0172-4095-89e6-5b4a0bf03af7 Microsoft Managed Control 1551 - Vulnerability Scanning | Update Tool Capability Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10984b4e-c93e-48d7-bf20-9c03b04e9eca Microsoft Managed Control 1554 - Vulnerability Scanning | Discoverable Information Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9d79001f-95fe-45d0-8736-f217e78c1f57 Microsoft Managed Control 1233 - Configuration Management Plan Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae7e1f5e-2d63-4b38-91ef-bce14151cce3 Microsoft Managed Control 1598 - Developer Configuration Management Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8dad106-6444-5f55-307e-1e1cc9723e39 Ensure cryptographic mechanisms are under configuration management Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ce0167-8ca6-4048-8e6b-f996402e3c1b Configure machines to receive a vulnerability assessment provider Security Center op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5b802722-71dd-a13d-2e7e-231e09589efb Implement privileged access for executing vulnerability scanning activities Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
766e621d-ba95-4e43-a6f2-e945db3d7888 Setup subscriptions to transition to an alternative vulnerability assessment solution Security Center op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca Microsoft Managed Control 1606 - Developer Security Testing And Evaluation | Threat And Vulnerability Analyses Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
74041cfe-3f87-1d17-79ec-34ca5f895542 Produce complete records of remote maintenance activities Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8587fce-138f-86e8-33a3-c60768bf1da6 Automate remote maintenance activities Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb598832-4bcc-658d-4381-3ecbe17b9866 Provide timely maintenance support Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6dab4254-c30d-4bb7-ae99-1d21586c063c Microsoft Managed Control 1175 - Configuration Management Policy And Procedures Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
68b250ec-2e4f-4eee-898a-117a9fda7016 Microsoft Managed Control 1597 - Developer Configuration Management Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42a9a714-8fbb-43ac-b115-ea12d2bd652f Microsoft Managed Control 1174 - Configuration Management Policy And Procedures Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
396ba986-eac1-4d6d-85c4-d3fda6b78272 Microsoft Managed Control 1232 - Configuration Management Plan Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3afe6c78-6124-4d95-b85c-eb8c0c9539cb Microsoft Managed Control 1548 - Vulnerability Scanning Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
43684572-e4f1-4642-af35-6b933bc506da Microsoft Managed Control 1552 - Vulnerability Scanning | Update By Frequency / Prior To New Scan / When Identified Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52 Microsoft Managed Control 1547 - Vulnerability Scanning Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5afa8cab-1ed7-4e40-884c-64e0ac2059cc Microsoft Managed Control 1555 - Vulnerability Scanning | Privileged Access Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5bbda922-0172-4095-89e6-5b4a0bf03af7 Microsoft Managed Control 1551 - Vulnerability Scanning | Update Tool Capability Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
65592b16-4367-42c5-a26e-d371be450e17 Microsoft Managed Control 1558 - Vulnerability Scanning | Correlate Scanning Information Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
902908fb-25a8-4225-a3a5-5603c80066c9 Microsoft Managed Control 1550 - Vulnerability Scanning Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9e5225fe-cdfb-4fce-9aec-0fe20dd53b62 Microsoft Managed Control 1553 - Vulnerability Scanning | Breadth / Depth Of Coverage Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6976a08-d969-4df2-bb38-29556c2eb48a Microsoft Managed Control 1549 - Vulnerability Scanning Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2ce1ea7e-4038-4e53-82f4-63e8859333c1 Microsoft Managed Control 1546 - Vulnerability Scanning Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
391ff8b3-afed-405e-9f7d-ef2f8168d5da Microsoft Managed Control 1556 - Vulnerability Scanning | Automated Trend Analyses Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0004bbf0-5099-4179-869e-e9ffe5fb0945 Microsoft Managed Control 1599 - Developer Configuration Management | Software / Firmware Integrity Verification Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
042ba2a1-8bb8-45f4-b080-c78cf62b90e9 Microsoft Managed Control 1594 - Developer Configuration Management Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
11158848-f679-4e9b-aa7b-9fb07d945071 Microsoft Managed Control 1230 - Configuration Management Plan Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1e0414e7-6ef5-4182-8076-aa82fbb53341 Microsoft Managed Control 1595 - Developer Configuration Management Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
21e25e01-0ae0-41be-919e-04ce92b8e8b8 Microsoft Managed Control 1596 - Developer Configuration Management Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
244e0c05-cc45-4fe7-bf36-42dcf01f457d Microsoft Managed Control 1231 - Configuration Management Plan Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
36fbe499-f2f2-41b6-880e-52d7ea1d94a5 Microsoft Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7008174a-fd10-4ef0-817e-fc820a951d73 App Service apps that use Python should use a specified 'Python version' App Service op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10984b4e-c93e-48d7-bf20-9c03b04e9eca Microsoft Managed Control 1554 - Vulnerability Scanning | Discoverable Information Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42a9a714-8fbb-43ac-b115-ea12d2bd652f Microsoft Managed Control 1174 - Configuration Management Policy And Procedures Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
68b250ec-2e4f-4eee-898a-117a9fda7016 Microsoft Managed Control 1597 - Developer Configuration Management Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6dab4254-c30d-4bb7-ae99-1d21586c063c Microsoft Managed Control 1175 - Configuration Management Policy And Procedures Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9d79001f-95fe-45d0-8736-f217e78c1f57 Microsoft Managed Control 1233 - Configuration Management Plan Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae7e1f5e-2d63-4b38-91ef-bce14151cce3 Microsoft Managed Control 1598 - Developer Configuration Management Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8dad106-6444-5f55-307e-1e1cc9723e39 Ensure cryptographic mechanisms are under configuration management Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
396ba986-eac1-4d6d-85c4-d3fda6b78272 Microsoft Managed Control 1232 - Configuration Management Plan Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5b802722-71dd-a13d-2e7e-231e09589efb Implement privileged access for executing vulnerability scanning activities Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
766e621d-ba95-4e43-a6f2-e945db3d7888 Setup subscriptions to transition to an alternative vulnerability assessment solution Security Center op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca Microsoft Managed Control 1606 - Developer Security Testing And Evaluation | Threat And Vulnerability Analyses Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ce0167-8ca6-4048-8e6b-f996402e3c1b Configure machines to receive a vulnerability assessment provider Security Center op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
244e0c05-cc45-4fe7-bf36-42dcf01f457d Microsoft Managed Control 1231 - Configuration Management Plan Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2ce1ea7e-4038-4e53-82f4-63e8859333c1 Microsoft Managed Control 1546 - Vulnerability Scanning Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
36fbe499-f2f2-41b6-880e-52d7ea1d94a5 Microsoft Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
391ff8b3-afed-405e-9f7d-ef2f8168d5da Microsoft Managed Control 1556 - Vulnerability Scanning | Automated Trend Analyses Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3afe6c78-6124-4d95-b85c-eb8c0c9539cb Microsoft Managed Control 1548 - Vulnerability Scanning Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
43684572-e4f1-4642-af35-6b933bc506da Microsoft Managed Control 1552 - Vulnerability Scanning | Update By Frequency / Prior To New Scan / When Identified Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5afa8cab-1ed7-4e40-884c-64e0ac2059cc Microsoft Managed Control 1555 - Vulnerability Scanning | Privileged Access Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
21e25e01-0ae0-41be-919e-04ce92b8e8b8 Microsoft Managed Control 1596 - Developer Configuration Management Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5bbda922-0172-4095-89e6-5b4a0bf03af7 Microsoft Managed Control 1551 - Vulnerability Scanning | Update Tool Capability Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
902908fb-25a8-4225-a3a5-5603c80066c9 Microsoft Managed Control 1550 - Vulnerability Scanning Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9e5225fe-cdfb-4fce-9aec-0fe20dd53b62 Microsoft Managed Control 1553 - Vulnerability Scanning | Breadth / Depth Of Coverage Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6976a08-d969-4df2-bb38-29556c2eb48a Microsoft Managed Control 1549 - Vulnerability Scanning Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0004bbf0-5099-4179-869e-e9ffe5fb0945 Microsoft Managed Control 1599 - Developer Configuration Management | Software / Firmware Integrity Verification Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
042ba2a1-8bb8-45f4-b080-c78cf62b90e9 Microsoft Managed Control 1594 - Developer Configuration Management Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
11158848-f679-4e9b-aa7b-9fb07d945071 Microsoft Managed Control 1230 - Configuration Management Plan Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1e0414e7-6ef5-4182-8076-aa82fbb53341 Microsoft Managed Control 1595 - Developer Configuration Management Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
65592b16-4367-42c5-a26e-d371be450e17 Microsoft Managed Control 1558 - Vulnerability Scanning | Correlate Scanning Information Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52 Microsoft Managed Control 1547 - Vulnerability Scanning Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d Configure Azure Defender for App Service to be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
65503269-6a54-4553-8a28-0065a8e6d929 Configure Arc-enabled SQL Servers to automatically install Microsoft Defender for SQL Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
64def556-fbad-4622-930e-72d1d5589bf5 Configure Azure Kubernetes Service clusters to enable Defender profile Kubernetes op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
63d03cbd-47fd-4ee1-8a1c-9ddf07303de0 Configure Arc-enabled SQL Servers to automatically install Microsoft Defender for SQL and DCR with a user-defined LA workspace Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50ea7265-7d8c-429e-9a7d-ca1f410191c3 Configure Azure Defender for SQL servers on machines to be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
44433aa3-7ec2-4002-93ea-65c65ff0310a Configure Azure Defender for open-source relational databases to be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
242300d6-1bfc-4d64-8d01-cee583709ebd Configure the Microsoft Defender for SQL Log Analytics workspace Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2227e1f1-23dd-4c3a-85a9-7024a401d8b2 Configure Arc-enabled SQL Servers with Data Collection Rule Association to Microsoft Defender for SQL user-defined DCR Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1f725891-01c0-420a-9059-4fa46cb770b7 Configure Microsoft Defender for Key Vault plan Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
17bc14a7-92e1-4551-8b8c-80f36953e166 Configure basic Microsoft Defender for Storage to be enabled (Activity Monitoring only) Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04754ef9-9ae3-4477-bf17-86ef50026304 Configure SQL Virtual Machines to automatically install Microsoft Defender for SQL and DCR with a user-defined LA workspace Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ddca0ddc-4e9d-4bbb-92a1-f7c4dd7ef7ce Configure SQL Virtual Machines to automatically install Microsoft Defender for SQL Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d96163de-dbe0-45ac-b803-0e9ca0f5764e Windows machines should configure Windows Defender to update protection signatures within one day Guest Configuration op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8e86a5b6-b9bd-49d1-8e21-4bb8a0862222 Configure Azure Defender for servers to be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ac076320-ddcf-4066-b451-6154267e8ad2 Enable Microsoft Defender for Cloud on your subscription Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af9f6c70-eb74-4189-8d15-e4f11a7ebfd4 Deploy export to Event Hub as a trusted service for Microsoft Defender for Cloud data Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b3248a42-b1c1-41a4-87bc-8bad3d845589 Windows machines should enable Windows Defender Real-time protection Guest Configuration op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
82bf5b87-728b-4a74-ba4d-6123845cf542 Configure Microsoft Defender for Azure Cosmos DB to be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b7021b2b-08fd-4dc0-9de7-3c6ece09faf9 Configure Azure Defender for Resource Manager to be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b99b73e7-074b-4089-9395-b7236f094491 Configure Azure Defender for Azure SQL database to be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5a62eb0-c65a-4220-8a4d-f70dd4ca95dd Configure Azure Defender to be enabled on SQL managed instances SQL op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c859b78a-a128-4376-a838-e97ce6625d16 Configure SQL Virtual Machines to automatically install Microsoft Defender for SQL and DCR with a Log Analytics workspace Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c9ddb292-b203-4738-aead-18e2716e858f Configure Microsoft Defender for Containers to be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cbdd12e1-193a-445c-9926-560118c6daaa Configure Arc-enabled SQL Servers with Data Collection Rule Association to Microsoft Defender for SQL DCR Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cfdc5972-75b3-4418-8ae1-7f5c36839390 Configure Microsoft Defender for Storage to be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
da0fd392-9669-4ad4-b32c-ca46aaa6c21f Configure Arc-enabled SQL Servers to automatically install Microsoft Defender for SQL and DCR with a Log Analytics workspace Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
951c1558-50a5-4ca3-abb6-a93e3e2367a6 Configure Microsoft Defender for SQL to be enabled on Synapse workspaces Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
689f7782-ef2c-4270-a6d0-7664869076bd Configure Microsoft Defender CSPM to be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
938c4981-c2c9-4168-9cd6-972b8675f906 Microsoft Defender for SQL status should be protected for Arc-enabled SQL Servers Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ce0167-8ca6-4048-8e6b-f996402e3c1b Configure machines to receive a vulnerability assessment provider Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
766e621d-ba95-4e43-a6f2-e945db3d7888 Setup subscriptions to transition to an alternative vulnerability assessment solution Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e4213689-05e8-4241-9d4e-8dd1cdafd105 Microsoft Managed Control 1357 - Incident Response Training | Automated Training Environments Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e5368258-9684-4567-8126-269f34e65eab Microsoft Managed Control 1381 - Incident Response Plan Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
effbaeef-5bf4-400d-895e-ef8cbc0e64c7 Microsoft Managed Control 1358 - Incident Response Testing Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fb845c34-808d-4c17-a0ce-85a530e9164b Microsoft Managed Control 1857 - Privacy Incident Response Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b0e3035d-6366-2e37-796e-8bcab9c649e6 Establish a threat intelligence program Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5269d7e4-3768-501d-7e46-66c56c15622c Manage contacts for authorities and special interest groups Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26d178a4-9261-6f04-a100-47ed85314c6e Implement security directives Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
171e377b-5224-4a97-1eaa-62a3b5231dac Generate internal security alerts Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Disseminate security alerts to personnel Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dd6ac1a1-660e-4810-baa8-74e868e2ed47 Microsoft Managed Control 1391 - Information Spillage Response | Training Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dd6d00a8-701a-5935-a22b-c7b9c0c698b2 Isolate SecurID systems, Security Incident Management systems Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d4558451-e16a-4d2d-a066-fe12a6282bb9 Microsoft Managed Control 1383 - Incident Response Plan Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e3007185-3857-43a9-8237-06ca94f1084c Microsoft Managed Control 1387 - Information Spillage Response Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e4054c0e-1184-09e6-4c5e-701e0bc90f81 Report atypical behavior of user accounts Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c3b65b63-09ec-4cb5-8028-7dd324d10eb0 Microsoft Managed Control 1390 - Information Spillage Response | Responsible Personnel Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c39e6fda-ae70-4891-a739-be7bba6d1062 Microsoft Managed Control 1389 - Information Spillage Response Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8829f8f5-e8be-441e-85c9-85b72a5d0ef3 Microsoft Managed Control 1356 - Incident Response Training | Simulated Events Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
90e01f69-3074-4de8-ade7-0fef3e7d83e0 Microsoft Managed Control 1355 - Incident Response Training Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
924e1b2d-c502-478f-bfdb-a7e09a0d5c01 Microsoft Managed Control 1370 - Incident Monitoring | Automated Tracking / Data Collection / Analysis Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9442dd2c-a07f-46cd-b55a-553b66ba47ca Microsoft Managed Control 1379 - Incident Response Plan Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9447f354-2c85-4700-93b3-ecdc6cb6a417 Microsoft Managed Control 1371 - Incident Reporting Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
97fceb70-6983-42d0-9331-18ad8253184d Microsoft Managed Control 1378 - Incident Response Plan Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
98e33927-8d7f-6d5f-44f5-2469b40b7215 Implement Incident handling capability Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9fd92c17-163a-4511-bb96-bbb476449796 Microsoft Managed Control 1354 - Incident Response Training Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b4319b7e-ea8d-42ff-8a67-ccd462972827 Microsoft Managed Control 1380 - Incident Response Plan Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c785ad59-f78f-44ad-9a7f-d1202318c748 Microsoft Managed Control 1353 - Incident Response Training Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cc5c8616-52ef-4e5e-8000-491634ed9249 Microsoft Managed Control 1374 - Incident Response Assistance Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
be5b05e7-0b82-4ebc-9eda-25e447b1a41e Microsoft Managed Control 1360 - Incident Handling Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bcfb6683-05e5-4ce6-9723-c3fbe9896bdd Microsoft Managed Control 1351 - Incident Response Policy And Procedures Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
86dc819f-15e1-43f9-a271-41ae58d4cecc Microsoft Managed Control 1392 - Information Spillage Response | Post-Spill Operations Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b470a37a-7a47-3792-34dd-7a793140702e Establish relationship between incident response capability and external providers Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
841392b3-40da-4473-b328-4cde49db67b3 Microsoft Managed Control 1382 - Incident Response Plan Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79fbc228-461c-4a45-9004-a865ca0728a7 Microsoft Managed Control 1384 - Information Spillage Response Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
06c45c30-ae44-4f0f-82be-41331da911cc Microsoft Managed Control 1366 - Incident Handling | Information Correlation Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05a32666-d134-4842-a8cb-5c299f4bc099 Microsoft Managed Control 1728 - Incident Handling Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
037c0089-6606-2dab-49ad-437005b5035f Identify incident response personnel Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
00379355-8932-4b52-b63a-3bc6daf3451a Microsoft Managed Control 1375 - Incident Response Assistance | Automation Support For Availability Of Information / Support Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
18cc35ed-a429-486d-8d59-cb47e87304ed Microsoft Managed Control 1369 - Incident Monitoring Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Kubernetes op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
07b42fb5-027e-5a3c-4915-9d9ef3020ec7 Discover any indicators of compromise Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
56fb5173-3865-5a5d-5fad-ae33e53e1577 Address information security issues Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
25b96717-c912-4c00-9143-4e487f411726 Microsoft Managed Control 1372 - Incident Reporting Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2d5600ed-575a-4723-9ff4-52d694be0a59 Microsoft Managed Control 1856 - Privacy Incident Response Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
731856d8-1598-4b75-92de-7d46235747c0 Microsoft Managed Control 1393 - Information Spillage Response | Exposure To Unauthorized Personnel Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
68434bd1-e14b-4031-9edb-a4adf5f84a67 Microsoft Managed Control 1377 - Incident Response Assistance | Coordination With External Providers Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5d169442-d6ef-439b-8dca-46c2c3248214 Microsoft Managed Control 1362 - Incident Handling Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518cb545-bfa8-43f8-a108-3b7d5037469a Microsoft Managed Control 1352 - Incident Response Policy And Procedures Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5120193e-91fd-4f9d-bc6d-194f94734065 Microsoft Managed Control 1386 - Information Spillage Response Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4cca950f-c3b7-492a-8e8f-ea39663c14f9 Microsoft Managed Control 1373 - Incident Reporting | Automated Reporting Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2c7c575a-d4c5-4f6f-bd49-dee97a8cba55 Microsoft Managed Control 1388 - Information Spillage Response Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4c615c2a-dc83-4dda-8220-abce7b50c9bc Microsoft Managed Control 1364 - Incident Handling | Dynamic Reconfiguration Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
47bc7ea0-7d13-4f7c-a154-b903f7194253 Microsoft Managed Control 1359 - Incident Response Testing | Coordination With Related Plans Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
465f32da-0ace-4603-8d1b-7be5a3a702de Microsoft Managed Control 1368 - Incident Handling | Correlation With External Organizations Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
435b2547-6374-4f87-b42d-6e8dbe6ae62a Microsoft Managed Control 1367 - Incident Handling | Insider Threats - Specific Capabilities Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4116891d-72f7-46ee-911c-8056cc8dcbd5 Microsoft Managed Control 1365 - Incident Handling | Continuity Of Operations Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3e495e65-8663-49ca-9b38-9f45e800bc58 Microsoft Managed Control 1385 - Information Spillage Response Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
493a95f3-f2e3-47d0-af02-65e6d6decc2f Microsoft Managed Control 1376 - Incident Response Assistance | Coordination With External Providers Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03ed3be1-7276-4452-9a5d-e4168565ac67 Microsoft Managed Control 1361 - Incident Handling Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ea3e8156-89a1-45b1-8bd6-938abc79fdfd Microsoft Managed Control 1363 - Incident Handling | Automated Incident Handling Processes Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8ec9ebb-5b7f-8426-17c1-2bc3fcd54c6e Implement methods for consumer requests Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c246d146-82b0-301f-32e7-1065dcd248b7 Review changes for any unauthorized changes Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9af7f88-686a-5a8b-704b-eafdab278977 Obtain legal opinion for monitoring system activities Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
07b42fb5-027e-5a3c-4915-9d9ef3020ec7 Discover any indicators of compromise Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1ee4c7eb-480a-0007-77ff-4ba370776266 Use system clocks for audit records Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
214ea241-010d-8926-44cc-b90a96d52adc Compile Audit records into system wide audit Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
529ea018-6afc-4ed4-95bd-7c9ee47b00bc Synapse workspaces with SQL auditing to storage account destination should be configured with 90 days retention or higher Synapse op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2c723e8-a1a0-8e38-5cf1-f5a20ffe4f51 Publish access procedures in SORNs Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d639b3af-a535-4bef-8dcf-15078cddf5e2 App Service app slots should have resource logs enabled App Service op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9f1f9a9-8795-49f9-9e7b-e11db14caeb2 Azure SignalR Service should enable diagnostic logs SignalR op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ee8a7be2-e9b5-47b9-9d37-d9b141ea78a4 Azure Web PubSub Service should enable diagnostic logs Web PubSub op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ad1d562b-a04b-15d3-6770-ed310b601cb5 Publish rules and regulations accessing Privacy Act records Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a930f477-9dcb-2113-8aa7-45bb6fc90861 Review and update the events defined in AU-02 Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8cd815bf-97e1-5144-0735-11f6ddb50a59 Enforce and audit access restrictions Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79c75b38-334b-1a69-65e0-a9d929a42f75 Document the legal basis for processing personal information Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7fc1f0da-0050-19bb-3d75-81ae15940df6 Provide monitoring information as needed Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
07b42fb5-027e-5a3c-4915-9d9ef3020ec7 Discover any indicators of compromise Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e4054c0e-1184-09e6-4c5e-701e0bc90f81 Report atypical behavior of user accounts Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance op.ext.2 Daily management op.ext.2 Daily management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance op.ext.2 Daily management op.ext.2 Daily management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance op.ext.2 Daily management op.ext.2 Daily management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance op.ext.2 Daily management op.ext.2 Daily management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance op.ext.2 Daily management op.ext.2 Daily management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance op.ext.2 Daily management op.ext.2 Daily management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance op.ext.2 Daily management op.ext.2 Daily management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance op.ext.2 Daily management op.ext.2 Daily management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance op.ext.2 Daily management op.ext.2 Daily management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance op.ext.2 Daily management op.ext.2 Daily management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance op.ext.2 Daily management op.ext.2 Daily management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance op.ext.2 Daily management op.ext.2 Daily management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance op.ext.2 Daily management op.ext.2 Daily management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance op.ext.2 Daily management op.ext.2 Daily management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance op.ext.2 Daily management op.ext.2 Daily management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance op.ext.3 Protection of supply chain op.ext.3 Protection of supply chain 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b73b7b3b-677c-4a2a-b949-ad4dc4acd89f Microsoft Managed Control 1608 - Supply Chain Protection Regulatory Compliance op.ext.3 Protection of supply chain op.ext.3 Protection of supply chain 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c3e4fa5d-c0c4-46c4-9a13-bb9b9f0b003f Microsoft Managed Control 1865 - System of Records Notices And Privacy Act Statements | Public Website Publication Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cdcb825f-a0fb-31f9-29c1-ab566718499a Publish Computer Matching Agreements on public website Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66632c7c-d0b3-4945-a8ae-e5c62cbea386 Microsoft Managed Control 1829 - Data Integrity And Data Integrity Board | Publish Agreements on Website Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
41256567-1795-4684-b00b-a1308ce43cac Microsoft Managed Control 1464 - Monitoring Physical Access | Intrusion Alarms / Surveillance Equipment Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a2567a23-d1c3-4783-99f3-d471302a4d6b Microsoft Managed Control 1690 - Information System Monitoring | System-Wide Intrusion Detection System Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
27960feb-a23c-4577-8d36-ef8b5f35e0be All flow log resources should be in enabled state Network op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
678ca228-042d-6d8e-a598-c58d5670437d Prohibit remote activation of collaborative computing devices Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
62fa14f0-4cbe-762d-5469-0899a99b98aa Explicitly notify use of collaborative computing devices Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13fcf812-ec82-4eda-9b89-498de9efd620 Microsoft Managed Control 1695 - Information System Monitoring | Wireless Intrusion Detection Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance op.mon.2 Metrics system op.mon.2 Metrics system 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance op.mon.2 Metrics system op.mon.2 Metrics system 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance op.mon.2 Metrics system op.mon.2 Metrics system 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
21e25e01-0ae0-41be-919e-04ce92b8e8b8 Microsoft Managed Control 1596 - Developer Configuration Management Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca Microsoft Managed Control 1606 - Developer Security Testing And Evaluation | Threat And Vulnerability Analyses Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
391ff8b3-afed-405e-9f7d-ef2f8168d5da Microsoft Managed Control 1556 - Vulnerability Scanning | Automated Trend Analyses Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
766e621d-ba95-4e43-a6f2-e945db3d7888 Setup subscriptions to transition to an alternative vulnerability assessment solution Security Center op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5b802722-71dd-a13d-2e7e-231e09589efb Implement privileged access for executing vulnerability scanning activities Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
82bf5b87-728b-4a74-ba4d-6123845cf542 Configure Microsoft Defender for Azure Cosmos DB to be enabled Security Center op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1e0414e7-6ef5-4182-8076-aa82fbb53341 Microsoft Managed Control 1595 - Developer Configuration Management Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
244e0c05-cc45-4fe7-bf36-42dcf01f457d Microsoft Managed Control 1231 - Configuration Management Plan Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
042ba2a1-8bb8-45f4-b080-c78cf62b90e9 Microsoft Managed Control 1594 - Developer Configuration Management Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9d79001f-95fe-45d0-8736-f217e78c1f57 Microsoft Managed Control 1233 - Configuration Management Plan Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae7e1f5e-2d63-4b38-91ef-bce14151cce3 Microsoft Managed Control 1598 - Developer Configuration Management Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
902908fb-25a8-4225-a3a5-5603c80066c9 Microsoft Managed Control 1550 - Vulnerability Scanning Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8dad106-6444-5f55-307e-1e1cc9723e39 Ensure cryptographic mechanisms are under configuration management Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ce0167-8ca6-4048-8e6b-f996402e3c1b Configure machines to receive a vulnerability assessment provider Security Center op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9e5225fe-cdfb-4fce-9aec-0fe20dd53b62 Microsoft Managed Control 1553 - Vulnerability Scanning | Breadth / Depth Of Coverage Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b0e3035d-6366-2e37-796e-8bcab9c649e6 Establish a threat intelligence program Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
43684572-e4f1-4642-af35-6b933bc506da Microsoft Managed Control 1552 - Vulnerability Scanning | Update By Frequency / Prior To New Scan / When Identified Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6976a08-d969-4df2-bb38-29556c2eb48a Microsoft Managed Control 1549 - Vulnerability Scanning Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0004bbf0-5099-4179-869e-e9ffe5fb0945 Microsoft Managed Control 1599 - Developer Configuration Management | Software / Firmware Integrity Verification Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
11158848-f679-4e9b-aa7b-9fb07d945071 Microsoft Managed Control 1230 - Configuration Management Plan Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52 Microsoft Managed Control 1547 - Vulnerability Scanning Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
65592b16-4367-42c5-a26e-d371be450e17 Microsoft Managed Control 1558 - Vulnerability Scanning | Correlate Scanning Information Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
396ba986-eac1-4d6d-85c4-d3fda6b78272 Microsoft Managed Control 1232 - Configuration Management Plan Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5afa8cab-1ed7-4e40-884c-64e0ac2059cc Microsoft Managed Control 1555 - Vulnerability Scanning | Privileged Access Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
68b250ec-2e4f-4eee-898a-117a9fda7016 Microsoft Managed Control 1597 - Developer Configuration Management Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42a9a714-8fbb-43ac-b115-ea12d2bd652f Microsoft Managed Control 1174 - Configuration Management Policy And Procedures Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5bbda922-0172-4095-89e6-5b4a0bf03af7 Microsoft Managed Control 1551 - Vulnerability Scanning | Update Tool Capability Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3afe6c78-6124-4d95-b85c-eb8c0c9539cb Microsoft Managed Control 1548 - Vulnerability Scanning Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6dab4254-c30d-4bb7-ae99-1d21586c063c Microsoft Managed Control 1175 - Configuration Management Policy And Procedures Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10984b4e-c93e-48d7-bf20-9c03b04e9eca Microsoft Managed Control 1554 - Vulnerability Scanning | Discoverable Information Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2ce1ea7e-4038-4e53-82f4-63e8859333c1 Microsoft Managed Control 1546 - Vulnerability Scanning Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
36fbe499-f2f2-41b6-880e-52d7ea1d94a5 Microsoft Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a0c11ca4-5828-4384-a2f2-fd7444dd5b4d Cloud Services (extended support) role instances should be configured securely Security Center op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
15fdbc87-8a47-4ee9-a2aa-9a2ea1f37554 Log Analytics agent should be installed on your Cloud Services (extended support) role instances Security Center op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4df26ba8-026d-45b0-9521-bffa44d741d2 Cloud Services (extended support) role instances should have system updates installed Security Center op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9e5225fe-cdfb-4fce-9aec-0fe20dd53b62 Microsoft Managed Control 1553 - Vulnerability Scanning | Breadth / Depth Of Coverage Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6e40d9de-2ad4-4cb5-8945-23143326a502 Microsoft Managed Control 1536 - Risk Assessment Policy And Procedures Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6bfe6405-805c-4c9b-a9d3-f209237bb95d Microsoft Managed Control 1802 - Governance And Privacy Program Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6b04f815-52d7-4ff6-94bf-a4f22c07d5ae Microsoft Managed Control 1809 - Privacy Impact And Risk Assessment Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
689f7782-ef2c-4270-a6d0-7664869076bd Configure Microsoft Defender CSPM to be enabled Security Center op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66a56404-7b65-4e33-b371-28d069172dd4 Microsoft Managed Control 1743 - Risk Management Strategy Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
65592b16-4367-42c5-a26e-d371be450e17 Microsoft Managed Control 1558 - Vulnerability Scanning | Correlate Scanning Information Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5bbda922-0172-4095-89e6-5b4a0bf03af7 Microsoft Managed Control 1551 - Vulnerability Scanning | Update Tool Capability Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5b61f773-2042-46a8-b489-106d850d6d4e Microsoft Managed Control 1814 - Privacy Awareness And Training Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5afa8cab-1ed7-4e40-884c-64e0ac2059cc Microsoft Managed Control 1555 - Vulnerability Scanning | Privileged Access Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
391ff8b3-afed-405e-9f7d-ef2f8168d5da Microsoft Managed Control 1556 - Vulnerability Scanning | Automated Trend Analyses Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
58f477bf-287b-43ef-ab49-dffde92130a0 Microsoft Managed Control 1816 - Privacy Reporting Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
55419419-c597-4cd4-b51e-009fd2266783 Microsoft Managed Control 1026 - Account Management | Disable Accounts For High-Risk Individuals Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5352e3e0-e63a-452e-9e5f-9c1d181cff9c Microsoft Managed Control 1183 - Baseline Configuration | Configure Systems, Components, Or Devices For High-Risk Areas Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4f34f554-da4b-4786-8d66-7915c90893da Microsoft Managed Control 1182 - Baseline Configuration | Configure Systems, Components, Or Devices For High-Risk Areas Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4d1d4ce2-71ea-4578-bbb4-fe76215d45ac Microsoft Managed Control 1811 - Privacy Requirements for Contractors And Service Providers Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4b0d8d1d-7800-4b62-b4bf-6eecde12b2af Microsoft Managed Control 1813 - Privacy Awareness And Training Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
43ced7c9-cd53-456b-b0da-2522649a4271 Microsoft Managed Control 1544 - Risk Assessment Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
43684572-e4f1-4642-af35-6b933bc506da Microsoft Managed Control 1552 - Vulnerability Scanning | Update By Frequency / Prior To New Scan / When Identified Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3f4b171a-a56b-4328-8112-32cf7f947ee1 Microsoft Managed Control 1545 - Risk Assessment Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3afe6c78-6124-4d95-b85c-eb8c0c9539cb Microsoft Managed Control 1548 - Vulnerability Scanning Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3a02bf7a-8fb7-4c97-bd55-4a8592764cc8 Microsoft Managed Control 1840 - Minimization of PII Used in Testing, Training, And Research | Risk Minimization Techniques Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52 Microsoft Managed Control 1547 - Vulnerability Scanning Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
36fbe499-f2f2-41b6-880e-52d7ea1d94a5 Microsoft Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2ce1ea7e-4038-4e53-82f4-63e8859333c1 Microsoft Managed Control 1546 - Vulnerability Scanning Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0afb38a3-5e1c-4339-9ab4-df6a3dfc7da2 Microsoft Managed Control 1804 - Governance And Privacy Program Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
106618ad-fe3e-49b4-bfef-01009f6770d8 Microsoft Managed Control 1820 - Accounting of Disclosures Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10984b4e-c93e-48d7-bf20-9c03b04e9eca Microsoft Managed Control 1554 - Vulnerability Scanning | Discoverable Information Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9834600a-668a-482c-9310-a89861b29e06 Microsoft Managed Control 1805 - Governance And Privacy Program Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
956b00aa-7977-4214-a0f5-e0428c1f9bff Microsoft Managed Control 1806 - Governance And Privacy Program Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
902908fb-25a8-4225-a3a5-5603c80066c9 Microsoft Managed Control 1550 - Vulnerability Scanning Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
86ec7f9b-9478-40ff-8cfd-6a0d510081a8 Microsoft Managed Control 1589 - External Information System Services | Risk Assessments / Organizational Approvals Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1d7658b2-e827-49c3-a2ae-6d2bd0b45874 Microsoft Managed Control 1538 - Security Categorization Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
31b752c1-05a9-432a-8fce-c39b56550119 Microsoft Managed Control 1698 - Information System Monitoring | Individuals Posing Greater Risk Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7cb8a3d2-a208-4b6f-95e8-e8f0bb85a7a6 Microsoft Managed Control 1807 - Governance And Privacy Program Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
70f6af82-7be6-44aa-9b15-8b9231b2e434 Microsoft Managed Control 1541 - Risk Assessment Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
20ea0798-d19e-4925-afd0-53d583815818 Microsoft Managed Control 1815 - Privacy Awareness And Training Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
395736bb-aa8b-45f0-b9cc-06af26b2b1d4 Microsoft Managed Control 1810 - Privacy Requirements for Contractors And Service Providers Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6976a08-d969-4df2-bb38-29556c2eb48a Microsoft Managed Control 1549 - Vulnerability Scanning Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
07458826-9325-4481-abaf-bc9ed043459d Microsoft Managed Control 1744 - Risk Management Strategy Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd6120c1-d069-416d-9753-fbe84bca4b01 Microsoft Managed Control 1808 - Privacy Impact And Risk Assessment Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c6c43097-8552-4279-8b38-7dcabff781d3 Microsoft Managed Control 1819 - Accounting of Disclosures Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bf296b8c-f391-4ea4-9198-be3c9d39dd1f Microsoft Managed Control 1590 - External Information System Services | Risk Assessments / Organizational Approvals Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b7897ddc-9716-2460-96f7-7757ad038cc4 Assign risk designations Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b19454ca-0d70-42c0-acf5-ea1c1e5726d1 Microsoft Managed Control 1537 - Risk Assessment Policy And Procedures Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aabb155f-e7a5-4896-a767-e918bfae2ee0 Microsoft Managed Control 1539 - Security Categorization Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d39620a4-95c6-4d4f-8aa4-83c0c6a2c640 Microsoft Managed Control 1818 - Accounting of Disclosures Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a36eb487-cbd1-4fe7-a3df-2efc6aa2c2b6 Microsoft Managed Control 1745 - Risk Management Strategy Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eab340d0-3d55-4826-a0e5-feebfeb0131d Microsoft Managed Control 1542 - Risk Assessment Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d2fc426a-4b67-464b-87c9-2134b8762ddf Microsoft Managed Control 1817 - Privacy-Enhanced System Design And Development Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f7161f06-5260-4f0f-aeae-4bbfb8612a10 Microsoft Managed Control 1812 - Privacy Monitoring And Auditing Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f771f8cb-6642-45cc-9a15-8a41cd5c6977 Microsoft Managed Control 1540 - Security Categorization Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fd00b778-b5b5-49c0-a994-734ea7bd3624 Microsoft Managed Control 1543 - Risk Assessment Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f3739612-c86c-4b2e-bbe6-0d0869aec19c Microsoft Managed Control 1803 - Governance And Privacy Program Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
813a10a7-3943-4fe3-8678-00dc52db5490 Microsoft Managed Control 1505 - Information Security Architecture Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8154e3b3-cc52-40be-9407-7756581d71f6 Microsoft Managed Control 1614 - Developer Security Architecture And Design Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fe2ad78b-8748-4bff-a924-f74dfca93f30 Microsoft Managed Control 1613 - Developer Security Architecture And Design Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
57adc919-9dca-817c-8197-64d812070316 Develop an enterprise architecture Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
35a4102f-a778-4a2e-98c2-971056288df8 Microsoft Managed Control 1659 - Architecture And Provisioning For Name / Address Resolution Service Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8b1f29eb-1b22-4217-5337-9207cb55231e Perform information input validation Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7a114735-a420-057d-a651-9a73cd0416ef Require developers to provide unified security protection approach Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3e37c891-840c-3eb4-78d2-e2e0bb5063e0 Require developers to describe accurate security functionality Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 Review development process, standards and tools Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9870806c-153f-4fa5-aafa-c5f5eeb72292 Microsoft Managed Control 1741 - Enterprise Architecture Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9e7c35d0-12d4-4e0c-80a2-8a352537aefd Microsoft Managed Control 1504 - Information Security Architecture Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a2037b3d-8b04-4171-8610-e6d4f1d08db5 Microsoft Managed Control 1612 - Developer Security Architecture And Design Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c1fa9c2f-d439-4ab9-8b83-81fb1934f81d Microsoft Managed Control 1503 - Information Security Architecture Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced291b8-1d3d-7e27-40cf-829e9dd523c8 Review and update the information security architecture Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f131c8c5-a54a-4888-1efc-158928924bc1 Require developers to build security architecture Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e7422f08-65b4-50e4-3779-d793156e0079 Develop a concept of operations (CONOPS) Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced291b8-1d3d-7e27-40cf-829e9dd523c8 Review and update the information security architecture Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 Review development process, standards and tools Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance op.pl.4 Sizing and capacity management op.pl.4 Sizing and capacity management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
562afd61-56be-4313-8fe4-b9564aa4ba7d Microsoft Managed Control 1113 - Response To Audit Processing Failures | Audit Storage Capacity Regulatory Compliance op.pl.4 Sizing and capacity management op.pl.4 Sizing and capacity management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6182bfa7-0f2a-43f5-834a-a2ddf31c13c7 Microsoft Managed Control 1110 - Audit Storage Capacity Regulatory Compliance op.pl.4 Sizing and capacity management op.pl.4 Sizing and capacity management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
33602e78-35e3-4f06-17fb-13dd887448e4 Conduct capacity planning Regulatory Compliance op.pl.4 Sizing and capacity management op.pl.4 Sizing and capacity management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a328fd72-8ff5-4f96-8c9c-b30ed95db4ab Microsoft Managed Control 1252 - Contingency Plan | Capacity Planning Regulatory Compliance op.pl.4 Sizing and capacity management op.pl.4 Sizing and capacity management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance op.pl.4 Sizing and capacity management op.pl.4 Sizing and capacity management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance op.pl.4 Sizing and capacity management op.pl.4 Sizing and capacity management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance op.pl.4 Sizing and capacity management op.pl.4 Sizing and capacity management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance op.pl.4 Sizing and capacity management op.pl.4 Sizing and capacity management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance op.pl.4 Sizing and capacity management op.pl.4 Sizing and capacity management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance op.pl.4 Sizing and capacity management op.pl.4 Sizing and capacity management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
edcc36f1-511b-81e0-7125-abee29752fe7 Manage availability and capacity Regulatory Compliance op.pl.4 Sizing and capacity management op.pl.4 Sizing and capacity management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ba02d0a0-566a-25dc-73f1-101c726a19c5 Implement transaction based recovery Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2e7a98c9-219f-0d58-38dc-d69038224442 Protect the information security program plan Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e400494-53a5-5147-6f4d-718b539c7394 Manage compliance activities Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91a54089-2d69-0f56-62dc-b6371a1671c0 Resume all mission and business functions Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8b077bff-516f-3983-6c42-c86e9a11868b Designate individuals to fulfill specific roles and responsibilities Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
874a6f2e-2098-53bc-3a16-20dcdc425a7e Create configuration plan protection Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
836f8406-3b8a-11bb-12cb-6c7fa0765668 Develop configuration item identification plan Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6baae474-434f-2e91-7163-a72df30c4847 Manage security state of information systems Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1beb1269-62ee-32cd-21ad-43d6c9750eb6 Ensure privacy program information is publicly available Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f8d141b7-4e21-62a6-6608-c79336e36bc9 Establish privacy requirements for contractors and service providers Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77cc89bb-774f-48d7-8a84-fb8c322c3000 Track software license usage Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
afd5d60a-48d2-8073-1ec2-6687e22f2ddd Require notification of third-party personnel transfer or termination Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
725164e5-3b21-1ec2-7e42-14f077862841 Require compliance with intellectual property rights Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eab4450d-9e5c-4f38-0656-2ff8c78c83f3 Document and implement privacy complaint procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
07b42fb5-027e-5a3c-4915-9d9ef3020ec7 Discover any indicators of compromise Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e4054c0e-1184-09e6-4c5e-701e0bc90f81 Report atypical behavior of user accounts Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2e7a98c9-219f-0d58-38dc-d69038224442 Protect the information security program plan Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b0e3035d-6366-2e37-796e-8bcab9c649e6 Establish a threat intelligence program Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Disseminate security alerts to personnel Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5269d7e4-3768-501d-7e46-66c56c15622c Manage contacts for authorities and special interest groups Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26d178a4-9261-6f04-a100-47ed85314c6e Implement security directives Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
171e377b-5224-4a97-1eaa-62a3b5231dac Generate internal security alerts Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
62fa14f0-4cbe-762d-5469-0899a99b98aa Explicitly notify use of collaborative computing devices Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
09960521-759e-5d12-086f-4192a72a5e92 Protect administrator and user documentation Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8c44a0ea-9b09-4d9c-0e91-f9bee3d05bfb Document customer-defined actions Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
84a01872-5318-049e-061e-d56734183e84 Distribute information system documentation Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3f1216b0-30ee-1ac9-3899-63eb744e85f5 Obtain Admin documentation Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
678ca228-042d-6d8e-a598-c58d5670437d Prohibit remote activation of collaborative computing devices Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
be1c34ab-295a-07a6-785c-36f63c1d223e Obtain user security function documentation Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e21f91d1-2803-0282-5f2d-26ebc4b170ef Update organizational access agreements Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c981fa70-2e58-8141-1457-e7f62ebc2ade Document organizational access agreements Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3af53f59-979f-24a8-540f-d7cdbc366607 Require users to sign access agreement Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e7589f4e-1e8b-72c2-3692-1e14d7f3699f Ensure access agreements are signed or resigned timely Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5269d7e4-3768-501d-7e46-66c56c15622c Manage contacts for authorities and special interest groups Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
611ebc63-8600-50b6-a0e3-fef272457132 Employ independent team for penetration testing Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
afd5d60a-48d2-8073-1ec2-6687e22f2ddd Require notification of third-party personnel transfer or termination Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eab4450d-9e5c-4f38-0656-2ff8c78c83f3 Document and implement privacy complaint procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91a54089-2d69-0f56-62dc-b6371a1671c0 Resume all mission and business functions Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1beb1269-62ee-32cd-21ad-43d6c9750eb6 Ensure privacy program information is publicly available Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8b077bff-516f-3983-6c42-c86e9a11868b Designate individuals to fulfill specific roles and responsibilities Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
874a6f2e-2098-53bc-3a16-20dcdc425a7e Create configuration plan protection Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
836f8406-3b8a-11bb-12cb-6c7fa0765668 Develop configuration item identification plan Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6baae474-434f-2e91-7163-a72df30c4847 Manage security state of information systems Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2e7a98c9-219f-0d58-38dc-d69038224442 Protect the information security program plan Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage PCI_DSS_V3.2.1 1.3.2 PCI_DSS_v3.2.1_1.3.2 PCI DSS v3.2.1 1.3.2 PCI DSS requirement 1.3.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center PCI_DSS_V3.2.1 1.3.2 PCI_DSS_v3.2.1_1.3.2 PCI DSS v3.2.1 1.3.2 PCI DSS requirement 1.3.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage PCI_DSS_V3.2.1 1.3.4 PCI_DSS_v3.2.1_1.3.4 PCI DSS v3.2.1 1.3.4 PCI DSS requirement 1.3.4 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center PCI_DSS_V3.2.1 1.3.4 PCI_DSS_v3.2.1_1.3.4 PCI DSS v3.2.1 1.3.4 PCI DSS requirement 1.3.4 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL PCI_DSS_V3.2.1 10.3 PCI_DSS_V3.2.1_10.3 404 not found PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute PCI_DSS_V3.2.1 10.3 PCI_DSS_V3.2.1_10.3 404 not found PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring PCI_DSS_V3.2.1 10.3 PCI_DSS_V3.2.1_10.3 404 not found PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage PCI_DSS_V3.2.1 10.3 PCI_DSS_V3.2.1_10.3 404 not found PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring PCI_DSS_V3.2.1 10.5.4 PCI_DSS_v3.2.1_10.5.4 PCI DSS v3.2.1 10.5.4 PCI DSS requirement 10.5.4 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute PCI_DSS_V3.2.1 10.5.4 PCI_DSS_v3.2.1_10.5.4 PCI DSS v3.2.1 10.5.4 PCI DSS requirement 10.5.4 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL PCI_DSS_V3.2.1 10.5.4 PCI_DSS_v3.2.1_10.5.4 PCI DSS v3.2.1 10.5.4 PCI DSS requirement 10.5.4 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage PCI_DSS_V3.2.1 10.5.4 PCI_DSS_v3.2.1_10.5.4 PCI DSS v3.2.1 10.5.4 PCI DSS requirement 10.5.4 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center PCI_DSS_V3.2.1 11.2.1 PCI_DSS_v3.2.1_11.2.1 PCI DSS v3.2.1 11.2.1 PCI DSS requirement 11.2.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center PCI_DSS_V3.2.1 11.2.1 PCI_DSS_v3.2.1_11.2.1 PCI DSS v3.2.1 11.2.1 PCI DSS requirement 11.2.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 3.2 PCI_DSS_v3.2.1_3.2 PCI DSS v3.2.1 3.2 PCI DSS requirement 3.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 3.2 PCI_DSS_v3.2.1_3.2 PCI DSS v3.2.1 3.2 PCI DSS requirement 3.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 3.2 PCI_DSS_v3.2.1_3.2 PCI DSS v3.2.1 3.2 PCI DSS requirement 3.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General PCI_DSS_V3.2.1 3.2 PCI_DSS_v3.2.1_3.2 PCI DSS v3.2.1 3.2 PCI DSS requirement 3.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL PCI_DSS_V3.2.1 3.2 PCI_DSS_v3.2.1_3.2 PCI DSS v3.2.1 3.2 PCI DSS requirement 3.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric PCI_DSS_V3.2.1 3.4 PCI_DSS_v3.2.1_3.4 PCI DSS v3.2.1 3.4 PCI DSS requirement 3.4 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache PCI_DSS_V3.2.1 3.4 PCI_DSS_v3.2.1_3.4 PCI DSS v3.2.1 3.4 PCI DSS requirement 3.4 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation PCI_DSS_V3.2.1 3.4 PCI_DSS_v3.2.1_3.4 PCI DSS v3.2.1 3.4 PCI DSS requirement 3.4 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL PCI_DSS_V3.2.1 3.4 PCI_DSS_v3.2.1_3.4 PCI DSS v3.2.1 3.4 PCI DSS requirement 3.4 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service PCI_DSS_V3.2.1 3.4 PCI_DSS_v3.2.1_3.4 PCI DSS v3.2.1 3.4 PCI DSS requirement 3.4 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service PCI_DSS_V3.2.1 3.4 PCI_DSS_v3.2.1_3.4 PCI DSS v3.2.1 3.4 PCI DSS requirement 3.4 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage PCI_DSS_V3.2.1 3.4 PCI_DSS_v3.2.1_3.4 PCI DSS v3.2.1 3.4 PCI DSS requirement 3.4 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage PCI_DSS_V3.2.1 4.1 PCI_DSS_v3.2.1_4.1 PCI DSS v3.2.1 4.1 PCI DSS requirement 4.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service PCI_DSS_V3.2.1 4.1 PCI_DSS_v3.2.1_4.1 PCI DSS v3.2.1 4.1 PCI DSS requirement 4.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service PCI_DSS_V3.2.1 4.1 PCI_DSS_v3.2.1_4.1 PCI DSS v3.2.1 4.1 PCI DSS requirement 4.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL PCI_DSS_V3.2.1 4.1 PCI_DSS_v3.2.1_4.1 PCI DSS v3.2.1 4.1 PCI DSS requirement 4.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation PCI_DSS_V3.2.1 4.1 PCI_DSS_v3.2.1_4.1 PCI DSS v3.2.1 4.1 PCI DSS requirement 4.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache PCI_DSS_V3.2.1 4.1 PCI_DSS_v3.2.1_4.1 PCI DSS v3.2.1 4.1 PCI DSS requirement 4.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric PCI_DSS_V3.2.1 4.1 PCI_DSS_v3.2.1_4.1 PCI DSS v3.2.1 4.1 PCI DSS requirement 4.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center PCI_DSS_V3.2.1 5.1 PCI_DSS_v3.2.1_5.1 PCI DSS v3.2.1 5.1 PCI DSS requirement 5.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center PCI_DSS_V3.2.1 5.1 PCI_DSS_v3.2.1_5.1 PCI DSS v3.2.1 5.1 PCI DSS requirement 5.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center PCI_DSS_V3.2.1 6.2 PCI_DSS_v3.2.1_6.2 PCI DSS v3.2.1 6.2 PCI DSS requirement 6.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center PCI_DSS_V3.2.1 6.2 PCI_DSS_v3.2.1_6.2 PCI DSS v3.2.1 6.2 PCI DSS requirement 6.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service PCI_DSS_V3.2.1 6.5.3 PCI_DSS_v3.2.1_6.5.3 PCI DSS v3.2.1 6.5.3 PCI DSS requirement 6.5.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL PCI_DSS_V3.2.1 6.5.3 PCI_DSS_v3.2.1_6.5.3 PCI DSS v3.2.1 6.5.3 PCI DSS requirement 6.5.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service PCI_DSS_V3.2.1 6.5.3 PCI_DSS_v3.2.1_6.5.3 PCI DSS v3.2.1 6.5.3 PCI DSS requirement 6.5.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation PCI_DSS_V3.2.1 6.5.3 PCI_DSS_v3.2.1_6.5.3 PCI DSS v3.2.1 6.5.3 PCI DSS requirement 6.5.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache PCI_DSS_V3.2.1 6.5.3 PCI_DSS_v3.2.1_6.5.3 PCI DSS v3.2.1 6.5.3 PCI DSS requirement 6.5.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage PCI_DSS_V3.2.1 6.5.3 PCI_DSS_v3.2.1_6.5.3 PCI DSS v3.2.1 6.5.3 PCI DSS requirement 6.5.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric PCI_DSS_V3.2.1 6.5.3 PCI_DSS_v3.2.1_6.5.3 PCI DSS v3.2.1 6.5.3 PCI DSS requirement 6.5.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center PCI_DSS_V3.2.1 6.6 PCI_DSS_v3.2.1_6.6 PCI DSS v3.2.1 6.6 PCI DSS requirement 6.6 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center PCI_DSS_V3.2.1 6.6 PCI_DSS_v3.2.1_6.6 PCI DSS v3.2.1 6.6 PCI DSS requirement 6.6 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center PCI_DSS_V3.2.1 7.1.1 PCI_DSS_v3.2.1_7.1.1 PCI DSS v3.2.1 7.1.1 PCI DSS requirement 7.1.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center PCI_DSS_V3.2.1 7.1.1 PCI_DSS_v3.2.1_7.1.1 PCI DSS v3.2.1 7.1.1 PCI DSS requirement 7.1.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center PCI_DSS_V3.2.1 7.1.2 PCI_DSS_v3.2.1_7.1.2 PCI DSS v3.2.1 7.1.2 PCI DSS requirement 7.1.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center PCI_DSS_V3.2.1 7.1.2 PCI_DSS_v3.2.1_7.1.2 PCI DSS v3.2.1 7.1.2 PCI DSS requirement 7.1.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center PCI_DSS_V3.2.1 7.1.3 PCI_DSS_v3.2.1_7.1.3 PCI DSS v3.2.1 7.1.3 PCI DSS requirement 7.1.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center PCI_DSS_V3.2.1 7.1.3 PCI_DSS_v3.2.1_7.1.3 PCI DSS v3.2.1 7.1.3 PCI DSS requirement 7.1.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General PCI_DSS_V3.2.1 7.2.1 PCI_DSS_v3.2.1_7.2.1 PCI DSS v3.2.1 7.2.1 PCI DSS requirement 7.2.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL PCI_DSS_V3.2.1 7.2.1 PCI_DSS_v3.2.1_7.2.1 PCI DSS v3.2.1 7.2.1 PCI DSS requirement 7.2.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 7.2.1 PCI_DSS_v3.2.1_7.2.1 PCI DSS v3.2.1 7.2.1 PCI DSS requirement 7.2.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 7.2.1 PCI_DSS_v3.2.1_7.2.1 PCI DSS v3.2.1 7.2.1 PCI DSS requirement 7.2.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 7.2.1 PCI_DSS_v3.2.1_7.2.1 PCI DSS v3.2.1 7.2.1 PCI DSS requirement 7.2.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 8.1.2 PCI_DSS_v3.2.1_8.1.2 PCI DSS v3.2.1 8.1.2 PCI DSS requirement 8.1.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 8.1.2 PCI_DSS_v3.2.1_8.1.2 PCI DSS v3.2.1 8.1.2 PCI DSS requirement 8.1.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 8.1.2 PCI_DSS_v3.2.1_8.1.2 PCI DSS v3.2.1 8.1.2 PCI DSS requirement 8.1.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 8.1.2 PCI_DSS_v3.2.1_8.1.2 PCI DSS v3.2.1 8.1.2 PCI DSS requirement 8.1.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 8.1.2 PCI_DSS_v3.2.1_8.1.2 PCI DSS v3.2.1 8.1.2 PCI DSS requirement 8.1.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 8.1.3 PCI_DSS_v3.2.1_8.1.3 PCI DSS v3.2.1 8.1.3 PCI DSS requirement 8.1.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 8.1.3 PCI_DSS_v3.2.1_8.1.3 PCI DSS v3.2.1 8.1.3 PCI DSS requirement 8.1.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 8.1.5 PCI_DSS_v3.2.1_8.1.5 PCI DSS v3.2.1 8.1.5 PCI DSS requirement 8.1.5 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 8.1.5 PCI_DSS_v3.2.1_8.1.5 PCI DSS v3.2.1 8.1.5 PCI DSS requirement 8.1.5 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 8.1.5 PCI_DSS_v3.2.1_8.1.5 PCI DSS v3.2.1 8.1.5 PCI DSS requirement 8.1.5 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 8.1.5 PCI_DSS_v3.2.1_8.1.5 PCI DSS v3.2.1 8.1.5 PCI DSS requirement 8.1.5 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 8.1.5 PCI_DSS_v3.2.1_8.1.5 PCI DSS v3.2.1 8.1.5 PCI DSS requirement 8.1.5 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration PCI_DSS_V3.2.1 8.2.3 PCI_DSS_v3.2.1_8.2.3 PCI DSS v3.2.1 8.2.3 PCI DSS requirement 8.2.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration PCI_DSS_V3.2.1 8.2.3 PCI_DSS_v3.2.1_8.2.3 PCI DSS v3.2.1 8.2.3 PCI DSS requirement 8.2.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration PCI_DSS_V3.2.1 8.2.3 PCI_DSS_v3.2.1_8.2.3 PCI DSS v3.2.1 8.2.3 PCI DSS requirement 8.2.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration PCI_DSS_V3.2.1 8.2.3 PCI_DSS_v3.2.1_8.2.3 PCI DSS v3.2.1 8.2.3 PCI DSS requirement 8.2.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration PCI_DSS_V3.2.1 8.2.3 PCI_DSS_v3.2.1_8.2.3 PCI DSS v3.2.1 8.2.3 PCI DSS requirement 8.2.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration PCI_DSS_V3.2.1 8.2.3 PCI_DSS_v3.2.1_8.2.3 PCI DSS v3.2.1 8.2.3 PCI DSS requirement 8.2.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration PCI_DSS_V3.2.1 8.2.5 PCI_DSS_v3.2.1_8.2.5 PCI DSS v3.2.1 8.2.5 PCI DSS requirement 8.2.5 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration PCI_DSS_V3.2.1 8.2.5 PCI_DSS_v3.2.1_8.2.5 PCI DSS v3.2.1 8.2.5 PCI DSS requirement 8.2.5 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration PCI_DSS_V3.2.1 8.2.5 PCI_DSS_v3.2.1_8.2.5 PCI DSS v3.2.1 8.2.5 PCI DSS requirement 8.2.5 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration PCI_DSS_V3.2.1 8.2.5 PCI_DSS_v3.2.1_8.2.5 PCI DSS v3.2.1 8.2.5 PCI DSS requirement 8.2.5 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration PCI_DSS_V3.2.1 8.2.5 PCI_DSS_v3.2.1_8.2.5 PCI DSS v3.2.1 8.2.5 PCI DSS requirement 8.2.5 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration PCI_DSS_V3.2.1 8.2.5 PCI_DSS_v3.2.1_8.2.5 PCI DSS v3.2.1 8.2.5 PCI DSS requirement 8.2.5 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General PCI_DSS_V3.2.1 8.3.1 PCI_DSS_v3.2.1_8.3.1 PCI DSS v3.2.1 8.3.1 PCI DSS requirement 8.3.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 8.3.1 PCI_DSS_v3.2.1_8.3.1 PCI DSS v3.2.1 8.3.1 PCI DSS requirement 8.3.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 8.3.1 PCI_DSS_v3.2.1_8.3.1 PCI DSS v3.2.1 8.3.1 PCI DSS requirement 8.3.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL PCI_DSS_V3.2.1 8.3.1 PCI_DSS_v3.2.1_8.3.1 PCI DSS v3.2.1 8.3.1 PCI DSS requirement 8.3.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 8.3.1 PCI_DSS_v3.2.1_8.3.1 PCI DSS v3.2.1 8.3.1 PCI DSS requirement 8.3.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration PCI_DSS_v4.0.1 1.2.1 PCI_DSS_v4.0.1_1.2.1 PCI DSS v4.0.1 1.2.1 Configuration standards for NSC rulesets are defined, implemented, and maintained PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL PCI_DSS_v4.0.1 1.2.1 PCI_DSS_v4.0.1_1.2.1 PCI DSS v4.0.1 1.2.1 Configuration standards for NSC rulesets are defined, implemented, and maintained PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration PCI_DSS_v4.0.1 1.2.1 PCI_DSS_v4.0.1_1.2.1 PCI DSS v4.0.1 1.2.1 Configuration standards for NSC rulesets are defined, implemented, and maintained PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network PCI_DSS_v4.0.1 1.2.1 PCI_DSS_v4.0.1_1.2.1 PCI DSS v4.0.1 1.2.1 Configuration standards for NSC rulesets are defined, implemented, and maintained PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup PCI_DSS_v4.0.1 1.2.1 PCI_DSS_v4.0.1_1.2.1 PCI DSS v4.0.1 1.2.1 Configuration standards for NSC rulesets are defined, implemented, and maintained PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage PCI_DSS_v4.0.1 1.2.1 PCI_DSS_v4.0.1_1.2.1 PCI DSS v4.0.1 1.2.1 Configuration standards for NSC rulesets are defined, implemented, and maintained PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service PCI_DSS_v4.0.1 1.2.1 PCI_DSS_v4.0.1_1.2.1 PCI DSS v4.0.1 1.2.1 Configuration standards for NSC rulesets are defined, implemented, and maintained PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery PCI_DSS_v4.0.1 1.2.1 PCI_DSS_v4.0.1_1.2.1 PCI DSS v4.0.1 1.2.1 Configuration standards for NSC rulesets are defined, implemented, and maintained PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services PCI_DSS_v4.0.1 1.2.1 PCI_DSS_v4.0.1_1.2.1 PCI DSS v4.0.1 1.2.1 Configuration standards for NSC rulesets are defined, implemented, and maintained PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network PCI_DSS_v4.0.1 1.2.1 PCI_DSS_v4.0.1_1.2.1 PCI DSS v4.0.1 1.2.1 Configuration standards for NSC rulesets are defined, implemented, and maintained PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB PCI_DSS_v4.0.1 1.2.1 PCI_DSS_v4.0.1_1.2.1 PCI DSS v4.0.1 1.2.1 Configuration standards for NSC rulesets are defined, implemented, and maintained PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL PCI_DSS_v4.0.1 1.2.5 PCI_DSS_v4.0.1_1.2.5 PCI DSS v4.0.1 1.2.5 All services, protocols, and ports allowed are identified, approved, and have a defined business need PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration PCI_DSS_v4.0.1 1.2.5 PCI_DSS_v4.0.1_1.2.5 PCI DSS v4.0.1 1.2.5 All services, protocols, and ports allowed are identified, approved, and have a defined business need PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center PCI_DSS_v4.0.1 1.2.5 PCI_DSS_v4.0.1_1.2.5 PCI DSS v4.0.1 1.2.5 All services, protocols, and ports allowed are identified, approved, and have a defined business need PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes PCI_DSS_v4.0.1 1.2.5 PCI_DSS_v4.0.1_1.2.5 PCI DSS v4.0.1 1.2.5 All services, protocols, and ports allowed are identified, approved, and have a defined business need PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network PCI_DSS_v4.0.1 1.2.5 PCI_DSS_v4.0.1_1.2.5 PCI DSS v4.0.1 1.2.5 All services, protocols, and ports allowed are identified, approved, and have a defined business need PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes PCI_DSS_v4.0.1 1.2.5 PCI_DSS_v4.0.1_1.2.5 PCI DSS v4.0.1 1.2.5 All services, protocols, and ports allowed are identified, approved, and have a defined business need PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes PCI_DSS_v4.0.1 1.2.5 PCI_DSS_v4.0.1_1.2.5 PCI DSS v4.0.1 1.2.5 All services, protocols, and ports allowed are identified, approved, and have a defined business need PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center PCI_DSS_v4.0.1 1.2.5 PCI_DSS_v4.0.1_1.2.5 PCI DSS v4.0.1 1.2.5 All services, protocols, and ports allowed are identified, approved, and have a defined business need PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network PCI_DSS_v4.0.1 1.2.5 PCI_DSS_v4.0.1_1.2.5 PCI DSS v4.0.1 1.2.5 All services, protocols, and ports allowed are identified, approved, and have a defined business need PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration PCI_DSS_v4.0.1 1.2.5 PCI_DSS_v4.0.1_1.2.5 PCI DSS v4.0.1 1.2.5 All services, protocols, and ports allowed are identified, approved, and have a defined business need PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration PCI_DSS_v4.0.1 1.2.5 PCI_DSS_v4.0.1_1.2.5 PCI DSS v4.0.1 1.2.5 All services, protocols, and ports allowed are identified, approved, and have a defined business need PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes PCI_DSS_v4.0.1 1.2.5 PCI_DSS_v4.0.1_1.2.5 PCI DSS v4.0.1 1.2.5 All services, protocols, and ports allowed are identified, approved, and have a defined business need PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration PCI_DSS_v4.0.1 1.2.5 PCI_DSS_v4.0.1_1.2.5 PCI DSS v4.0.1 1.2.5 All services, protocols, and ports allowed are identified, approved, and have a defined business need PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL PCI_DSS_v4.0.1 1.2.5 PCI_DSS_v4.0.1_1.2.5 PCI DSS v4.0.1 1.2.5 All services, protocols, and ports allowed are identified, approved, and have a defined business need PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network PCI_DSS_v4.0.1 1.2.5 PCI_DSS_v4.0.1_1.2.5 PCI DSS v4.0.1 1.2.5 All services, protocols, and ports allowed are identified, approved, and have a defined business need PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration PCI_DSS_v4.0.1 1.2.5 PCI_DSS_v4.0.1_1.2.5 PCI DSS v4.0.1 1.2.5 All services, protocols, and ports allowed are identified, approved, and have a defined business need PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes PCI_DSS_v4.0.1 1.2.5 PCI_DSS_v4.0.1_1.2.5 PCI DSS v4.0.1 1.2.5 All services, protocols, and ports allowed are identified, approved, and have a defined business need PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration PCI_DSS_v4.0.1 1.2.5 PCI_DSS_v4.0.1_1.2.5 PCI DSS v4.0.1 1.2.5 All services, protocols, and ports allowed are identified, approved, and have a defined business need PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service PCI_DSS_v4.0.1 1.2.5 PCI_DSS_v4.0.1_1.2.5 PCI DSS v4.0.1 1.2.5 All services, protocols, and ports allowed are identified, approved, and have a defined business need PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage PCI_DSS_v4.0.1 1.2.7 PCI_DSS_v4.0.1_1.2.7 PCI DSS v4.0.1 1.2.7 Configurations of NSCs are reviewed at least once every six months to confirm they are relevant and effective PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL PCI_DSS_v4.0.1 1.2.7 PCI_DSS_v4.0.1_1.2.7 PCI DSS v4.0.1 1.2.7 Configurations of NSCs are reviewed at least once every six months to confirm they are relevant and effective PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network PCI_DSS_v4.0.1 1.2.7 PCI_DSS_v4.0.1_1.2.7 PCI DSS v4.0.1 1.2.7 Configurations of NSCs are reviewed at least once every six months to confirm they are relevant and effective PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup PCI_DSS_v4.0.1 1.2.7 PCI_DSS_v4.0.1_1.2.7 PCI DSS v4.0.1 1.2.7 Configurations of NSCs are reviewed at least once every six months to confirm they are relevant and effective PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB PCI_DSS_v4.0.1 1.2.7 PCI_DSS_v4.0.1_1.2.7 PCI DSS v4.0.1 1.2.7 Configurations of NSCs are reviewed at least once every six months to confirm they are relevant and effective PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery PCI_DSS_v4.0.1 1.2.7 PCI_DSS_v4.0.1_1.2.7 PCI DSS v4.0.1 1.2.7 Configurations of NSCs are reviewed at least once every six months to confirm they are relevant and effective PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network PCI_DSS_v4.0.1 1.2.7 PCI_DSS_v4.0.1_1.2.7 PCI DSS v4.0.1 1.2.7 Configurations of NSCs are reviewed at least once every six months to confirm they are relevant and effective PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration PCI_DSS_v4.0.1 1.2.7 PCI_DSS_v4.0.1_1.2.7 PCI DSS v4.0.1 1.2.7 Configurations of NSCs are reviewed at least once every six months to confirm they are relevant and effective PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration PCI_DSS_v4.0.1 1.2.7 PCI_DSS_v4.0.1_1.2.7 PCI DSS v4.0.1 1.2.7 Configurations of NSCs are reviewed at least once every six months to confirm they are relevant and effective PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services PCI_DSS_v4.0.1 1.2.7 PCI_DSS_v4.0.1_1.2.7 PCI DSS v4.0.1 1.2.7 Configurations of NSCs are reviewed at least once every six months to confirm they are relevant and effective PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service PCI_DSS_v4.0.1 1.2.7 PCI_DSS_v4.0.1_1.2.7 PCI DSS v4.0.1 1.2.7 Configurations of NSCs are reviewed at least once every six months to confirm they are relevant and effective PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB PCI_DSS_v4.0.1 1.3.1 PCI_DSS_v4.0.1_1.3.1 PCI DSS v4.0.1 1.3.1 Inbound traffic to the CDE is restricted to only traffic that is necessary and all other traffic is specifically denied PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL PCI_DSS_v4.0.1 1.3.1 PCI_DSS_v4.0.1_1.3.1 PCI DSS v4.0.1 1.3.1 Inbound traffic to the CDE is restricted to only traffic that is necessary and all other traffic is specifically denied PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center PCI_DSS_v4.0.1 1.3.1 PCI_DSS_v4.0.1_1.3.1 PCI DSS v4.0.1 1.3.1 Inbound traffic to the CDE is restricted to only traffic that is necessary and all other traffic is specifically denied PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration PCI_DSS_v4.0.1 1.3.1 PCI_DSS_v4.0.1_1.3.1 PCI DSS v4.0.1 1.3.1 Inbound traffic to the CDE is restricted to only traffic that is necessary and all other traffic is specifically denied PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center PCI_DSS_v4.0.1 1.3.2 PCI_DSS_v4.0.1_1.3.2 PCI DSS v4.0.1 1.3.2 Outbound traffic from the CDE is restricted to only traffic that is necessary and all other traffic is specifically denied PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB PCI_DSS_v4.0.1 1.3.2 PCI_DSS_v4.0.1_1.3.2 PCI DSS v4.0.1 1.3.2 Outbound traffic from the CDE is restricted to only traffic that is necessary and all other traffic is specifically denied PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL PCI_DSS_v4.0.1 1.3.2 PCI_DSS_v4.0.1_1.3.2 PCI DSS v4.0.1 1.3.2 Outbound traffic from the CDE is restricted to only traffic that is necessary and all other traffic is specifically denied PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration PCI_DSS_v4.0.1 1.3.2 PCI_DSS_v4.0.1_1.3.2 PCI DSS v4.0.1 1.3.2 Outbound traffic from the CDE is restricted to only traffic that is necessary and all other traffic is specifically denied PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration PCI_DSS_v4.0.1 1.4.1 PCI_DSS_v4.0.1_1.4.1 PCI DSS v4.0.1 1.4.1 NSCs are implemented between trusted and untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes PCI_DSS_v4.0.1 1.4.1 PCI_DSS_v4.0.1_1.4.1 PCI DSS v4.0.1 1.4.1 NSCs are implemented between trusted and untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL PCI_DSS_v4.0.1 1.4.2 PCI_DSS_v4.0.1_1.4.2 PCI DSS v4.0.1 1.4.2 Inbound traffic from untrusted networks to trusted networks is restricted to communications with system components that are authorized to provide publicly accessible services, protocols, and ports, stateful responses to communications initiated by system components in a trusted network, and all other traffic is denied PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center PCI_DSS_v4.0.1 1.4.2 PCI_DSS_v4.0.1_1.4.2 PCI DSS v4.0.1 1.4.2 Inbound traffic from untrusted networks to trusted networks is restricted to communications with system components that are authorized to provide publicly accessible services, protocols, and ports, stateful responses to communications initiated by system components in a trusted network, and all other traffic is denied PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration PCI_DSS_v4.0.1 1.4.2 PCI_DSS_v4.0.1_1.4.2 PCI DSS v4.0.1 1.4.2 Inbound traffic from untrusted networks to trusted networks is restricted to communications with system components that are authorized to provide publicly accessible services, protocols, and ports, stateful responses to communications initiated by system components in a trusted network, and all other traffic is denied PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB PCI_DSS_v4.0.1 1.4.2 PCI_DSS_v4.0.1_1.4.2 PCI DSS v4.0.1 1.4.2 Inbound traffic from untrusted networks to trusted networks is restricted to communications with system components that are authorized to provide publicly accessible services, protocols, and ports, stateful responses to communications initiated by system components in a trusted network, and all other traffic is denied PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute PCI_DSS_v4.0.1 1.4.4 PCI_DSS_v4.0.1_1.4.4 PCI DSS v4.0.1 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration PCI_DSS_v4.0.1 10.2.1 PCI_DSS_v4.0.1_10.2.1 PCI DSS v4.0.1 10.2.1 Activation of Audit Logs PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning PCI_DSS_v4.0.1 10.2.1.2 PCI_DSS_v4.0.1_10.2.1.2 PCI DSS v4.0.1 10.2.1.2 Administrative Actions Logging PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault PCI_DSS_v4.0.1 10.2.1.2 PCI_DSS_v4.0.1_10.2.1.2 PCI DSS v4.0.1 10.2.1.2 Administrative Actions Logging PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network PCI_DSS_v4.0.1 10.2.1.2 PCI_DSS_v4.0.1_10.2.1.2 PCI DSS v4.0.1 10.2.1.2 Administrative Actions Logging PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring PCI_DSS_v4.0.1 10.2.1.2 PCI_DSS_v4.0.1_10.2.1.2 PCI DSS v4.0.1 10.2.1.2 Administrative Actions Logging PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration PCI_DSS_v4.0.1 10.2.1.2 PCI_DSS_v4.0.1_10.2.1.2 PCI DSS v4.0.1 10.2.1.2 Administrative Actions Logging PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration PCI_DSS_v4.0.1 10.2.1.2 PCI_DSS_v4.0.1_10.2.1.2 PCI DSS v4.0.1 10.2.1.2 Administrative Actions Logging PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL PCI_DSS_v4.0.1 10.2.1.2 PCI_DSS_v4.0.1_10.2.1.2 PCI DSS v4.0.1 10.2.1.2 Administrative Actions Logging PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration PCI_DSS_v4.0.1 10.2.1.2 PCI_DSS_v4.0.1_10.2.1.2 PCI DSS v4.0.1 10.2.1.2 Administrative Actions Logging PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring PCI_DSS_v4.0.1 10.2.1.2 PCI_DSS_v4.0.1_10.2.1.2 PCI DSS v4.0.1 10.2.1.2 Administrative Actions Logging PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration PCI_DSS_v4.0.1 10.2.1.2 PCI_DSS_v4.0.1_10.2.1.2 PCI DSS v4.0.1 10.2.1.2 Administrative Actions Logging PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus PCI_DSS_v4.0.1 10.2.1.2 PCI_DSS_v4.0.1_10.2.1.2 PCI DSS v4.0.1 10.2.1.2 Administrative Actions Logging PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics PCI_DSS_v4.0.1 10.2.1.2 PCI_DSS_v4.0.1_10.2.1.2 PCI DSS v4.0.1 10.2.1.2 Administrative Actions Logging PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center PCI_DSS_v4.0.1 10.2.1.2 PCI_DSS_v4.0.1_10.2.1.2 PCI DSS v4.0.1 10.2.1.2 Administrative Actions Logging PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes PCI_DSS_v4.0.1 10.2.1.2 PCI_DSS_v4.0.1_10.2.1.2 PCI DSS v4.0.1 10.2.1.2 Administrative Actions Logging PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center PCI_DSS_v4.0.1 10.2.1.2 PCI_DSS_v4.0.1_10.2.1.2 PCI DSS v4.0.1 10.2.1.2 Administrative Actions Logging PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring PCI_DSS_v4.0.1 10.2.1.2 PCI_DSS_v4.0.1_10.2.1.2 PCI DSS v4.0.1 10.2.1.2 Administrative Actions Logging PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring PCI_DSS_v4.0.1 10.2.1.2 PCI_DSS_v4.0.1_10.2.1.2 PCI DSS v4.0.1 10.2.1.2 Administrative Actions Logging PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring PCI_DSS_v4.0.1 10.2.1.2 PCI_DSS_v4.0.1_10.2.1.2 PCI DSS v4.0.1 10.2.1.2 Administrative Actions Logging PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network PCI_DSS_v4.0.1 10.2.1.2 PCI_DSS_v4.0.1_10.2.1.2 PCI DSS v4.0.1 10.2.1.2 Administrative Actions Logging PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring PCI_DSS_v4.0.1 10.2.1.2 PCI_DSS_v4.0.1_10.2.1.2 PCI DSS v4.0.1 10.2.1.2 Administrative Actions Logging PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service PCI_DSS_v4.0.1 10.2.1.2 PCI_DSS_v4.0.1_10.2.1.2 PCI DSS v4.0.1 10.2.1.2 Administrative Actions Logging PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service PCI_DSS_v4.0.1 10.2.1.2 PCI_DSS_v4.0.1_10.2.1.2 PCI DSS v4.0.1 10.2.1.2 Administrative Actions Logging PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration PCI_DSS_v4.0.1 10.2.1.2 PCI_DSS_v4.0.1_10.2.1.2 PCI DSS v4.0.1 10.2.1.2 Administrative Actions Logging PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring PCI_DSS_v4.0.1 10.2.1.2 PCI_DSS_v4.0.1_10.2.1.2 PCI DSS v4.0.1 10.2.1.2 Administrative Actions Logging PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring PCI_DSS_v4.0.1 10.2.1.2 PCI_DSS_v4.0.1_10.2.1.2 PCI DSS v4.0.1 10.2.1.2 Administrative Actions Logging PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring PCI_DSS_v4.0.1 10.2.1.5 PCI_DSS_v4.0.1_10.2.1.5 PCI DSS v4.0.1 10.2.1.5 Credential Changes Audit Logging PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring PCI_DSS_v4.0.1 10.2.1.5 PCI_DSS_v4.0.1_10.2.1.5 PCI DSS v4.0.1 10.2.1.5 Credential Changes Audit Logging PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration PCI_DSS_v4.0.1 10.2.1.5 PCI_DSS_v4.0.1_10.2.1.5 PCI DSS v4.0.1 10.2.1.5 Credential Changes Audit Logging PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration PCI_DSS_v4.0.1 10.2.1.5 PCI_DSS_v4.0.1_10.2.1.5 PCI DSS v4.0.1 10.2.1.5 Credential Changes Audit Logging PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring PCI_DSS_v4.0.1 10.2.1.5 PCI_DSS_v4.0.1_10.2.1.5 PCI DSS v4.0.1 10.2.1.5 Credential Changes Audit Logging PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub PCI_DSS_v4.0.1 10.2.2 PCI_DSS_v4.0.1_10.2.2 PCI DSS v4.0.1 10.2.2 Details for Auditable Events PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General PCI_DSS_v4.0.1 10.2.2 PCI_DSS_v4.0.1_10.2.2 PCI DSS v4.0.1 10.2.2 Details for Auditable Events PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL PCI_DSS_v4.0.1 10.2.2 PCI_DSS_v4.0.1_10.2.2 PCI DSS v4.0.1 10.2.2 Details for Auditable Events PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring PCI_DSS_v4.0.1 10.2.2 PCI_DSS_v4.0.1_10.2.2 PCI DSS v4.0.1 10.2.2 Details for Auditable Events PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring PCI_DSS_v4.0.1 10.2.2 PCI_DSS_v4.0.1_10.2.2 PCI DSS v4.0.1 10.2.2 Details for Auditable Events PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration PCI_DSS_v4.0.1 10.2.2 PCI_DSS_v4.0.1_10.2.2 PCI DSS v4.0.1 10.2.2 Details for Auditable Events PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration PCI_DSS_v4.0.1 10.2.2 PCI_DSS_v4.0.1_10.2.2 PCI DSS v4.0.1 10.2.2 Details for Auditable Events PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch PCI_DSS_v4.0.1 10.2.2 PCI_DSS_v4.0.1_10.2.2 PCI DSS v4.0.1 10.2.2 Details for Auditable Events PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network PCI_DSS_v4.0.1 10.2.2 PCI_DSS_v4.0.1_10.2.2 PCI DSS v4.0.1 10.2.2 Details for Auditable Events PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring PCI_DSS_v4.0.1 10.3.1 PCI_DSS_v4.0.1_10.3.1 PCI DSS v4.0.1 10.3.1 Restricted Access to Audit Logs PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring PCI_DSS_v4.0.1 10.3.1 PCI_DSS_v4.0.1_10.3.1 PCI DSS v4.0.1 10.3.1 Restricted Access to Audit Logs PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center PCI_DSS_v4.0.1 10.3.2 PCI_DSS_v4.0.1_10.3.2 PCI DSS v4.0.1 10.3.2 Protection of Audit Logs PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring PCI_DSS_v4.0.1 10.3.2 PCI_DSS_v4.0.1_10.3.2 PCI DSS v4.0.1 10.3.2 Protection of Audit Logs PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring PCI_DSS_v4.0.1 10.3.2 PCI_DSS_v4.0.1_10.3.2 PCI DSS v4.0.1 10.3.2 Protection of Audit Logs PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring PCI_DSS_v4.0.1 10.3.2 PCI_DSS_v4.0.1_10.3.2 PCI DSS v4.0.1 10.3.2 Protection of Audit Logs PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center PCI_DSS_v4.0.1 10.3.4 PCI_DSS_v4.0.1_10.3.4 PCI DSS v4.0.1 10.3.4 Log Integrity Monitoring PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center PCI_DSS_v4.0.1 10.3.4 PCI_DSS_v4.0.1_10.3.4 PCI DSS v4.0.1 10.3.4 Log Integrity Monitoring PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center PCI_DSS_v4.0.1 10.3.4 PCI_DSS_v4.0.1_10.3.4 PCI DSS v4.0.1 10.3.4 Log Integrity Monitoring PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes PCI_DSS_v4.0.1 10.3.4 PCI_DSS_v4.0.1_10.3.4 PCI DSS v4.0.1 10.3.4 Log Integrity Monitoring PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center PCI_DSS_v4.0.1 10.3.4 PCI_DSS_v4.0.1_10.3.4 PCI DSS v4.0.1 10.3.4 Log Integrity Monitoring PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring PCI_DSS_v4.0.1 10.3.4 PCI_DSS_v4.0.1_10.3.4 PCI DSS v4.0.1 10.3.4 Log Integrity Monitoring PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring PCI_DSS_v4.0.1 10.3.4 PCI_DSS_v4.0.1_10.3.4 PCI DSS v4.0.1 10.3.4 Log Integrity Monitoring PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network PCI_DSS_v4.0.1 10.3.4 PCI_DSS_v4.0.1_10.3.4 PCI DSS v4.0.1 10.3.4 Log Integrity Monitoring PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring PCI_DSS_v4.0.1 10.3.4 PCI_DSS_v4.0.1_10.3.4 PCI DSS v4.0.1 10.3.4 Log Integrity Monitoring PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center PCI_DSS_v4.0.1 10.3.4 PCI_DSS_v4.0.1_10.3.4 PCI DSS v4.0.1 10.3.4 Log Integrity Monitoring PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration PCI_DSS_v4.0.1 10.3.4 PCI_DSS_v4.0.1_10.3.4 PCI DSS v4.0.1 10.3.4 Log Integrity Monitoring PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center PCI_DSS_v4.0.1 10.3.4 PCI_DSS_v4.0.1_10.3.4 PCI DSS v4.0.1 10.3.4 Log Integrity Monitoring PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring PCI_DSS_v4.0.1 10.3.4 PCI_DSS_v4.0.1_10.3.4 PCI DSS v4.0.1 10.3.4 Log Integrity Monitoring PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center PCI_DSS_v4.0.1 10.3.4 PCI_DSS_v4.0.1_10.3.4 PCI DSS v4.0.1 10.3.4 Log Integrity Monitoring PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center PCI_DSS_v4.0.1 10.3.4 PCI_DSS_v4.0.1_10.3.4 PCI DSS v4.0.1 10.3.4 Log Integrity Monitoring PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes PCI_DSS_v4.0.1 10.3.4 PCI_DSS_v4.0.1_10.3.4 PCI DSS v4.0.1 10.3.4 Log Integrity Monitoring PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring PCI_DSS_v4.0.1 10.3.4 PCI_DSS_v4.0.1_10.3.4 PCI DSS v4.0.1 10.3.4 Log Integrity Monitoring PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center PCI_DSS_v4.0.1 10.3.4 PCI_DSS_v4.0.1_10.3.4 PCI DSS v4.0.1 10.3.4 Log Integrity Monitoring PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring PCI_DSS_v4.0.1 10.3.4 PCI_DSS_v4.0.1_10.3.4 PCI DSS v4.0.1 10.3.4 Log Integrity Monitoring PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center PCI_DSS_v4.0.1 10.3.4 PCI_DSS_v4.0.1_10.3.4 PCI DSS v4.0.1 10.3.4 Log Integrity Monitoring PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL PCI_DSS_v4.0.1 10.3.4 PCI_DSS_v4.0.1_10.3.4 PCI DSS v4.0.1 10.3.4 Log Integrity Monitoring PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network PCI_DSS_v4.0.1 10.3.4 PCI_DSS_v4.0.1_10.3.4 PCI DSS v4.0.1 10.3.4 Log Integrity Monitoring PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes PCI_DSS_v4.0.1 10.3.4 PCI_DSS_v4.0.1_10.3.4 PCI DSS v4.0.1 10.3.4 Log Integrity Monitoring PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes PCI_DSS_v4.0.1 10.3.4 PCI_DSS_v4.0.1_10.3.4 PCI DSS v4.0.1 10.3.4 Log Integrity Monitoring PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring PCI_DSS_v4.0.1 10.3.4 PCI_DSS_v4.0.1_10.3.4 PCI DSS v4.0.1 10.3.4 Log Integrity Monitoring PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center PCI_DSS_v4.0.1 10.3.4 PCI_DSS_v4.0.1_10.3.4 PCI DSS v4.0.1 10.3.4 Log Integrity Monitoring PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center PCI_DSS_v4.0.1 10.3.4 PCI_DSS_v4.0.1_10.3.4 PCI DSS v4.0.1 10.3.4 Log Integrity Monitoring PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring PCI_DSS_v4.0.1 10.3.4 PCI_DSS_v4.0.1_10.3.4 PCI DSS v4.0.1 10.3.4 Log Integrity Monitoring PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring PCI_DSS_v4.0.1 10.4.1 PCI_DSS_v4.0.1_10.4.1 PCI DSS v4.0.1 10.4.1 Daily Audit Log Review PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring PCI_DSS_v4.0.1 10.4.1 PCI_DSS_v4.0.1_10.4.1 PCI DSS v4.0.1 10.4.1 Daily Audit Log Review PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring PCI_DSS_v4.0.1 10.4.1 PCI_DSS_v4.0.1_10.4.1 PCI DSS v4.0.1 10.4.1 Daily Audit Log Review PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration PCI_DSS_v4.0.1 10.4.1 PCI_DSS_v4.0.1_10.4.1 PCI DSS v4.0.1 10.4.1 Daily Audit Log Review PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring PCI_DSS_v4.0.1 10.4.1 PCI_DSS_v4.0.1_10.4.1 PCI DSS v4.0.1 10.4.1 Daily Audit Log Review PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring PCI_DSS_v4.0.1 10.4.1 PCI_DSS_v4.0.1_10.4.1 PCI DSS v4.0.1 10.4.1 Daily Audit Log Review PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration PCI_DSS_v4.0.1 10.4.1 PCI_DSS_v4.0.1_10.4.1 PCI DSS v4.0.1 10.4.1 Daily Audit Log Review PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring PCI_DSS_v4.0.1 10.4.1 PCI_DSS_v4.0.1_10.4.1 PCI DSS v4.0.1 10.4.1 Daily Audit Log Review PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault PCI_DSS_v4.0.1 10.4.1 PCI_DSS_v4.0.1_10.4.1 PCI DSS v4.0.1 10.4.1 Daily Audit Log Review PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB PCI_DSS_v4.0.1 10.4.1 PCI_DSS_v4.0.1_10.4.1 PCI DSS v4.0.1 10.4.1 Daily Audit Log Review PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring PCI_DSS_v4.0.1 10.4.1.1 PCI_DSS_v4.0.1_10.4.1.1 PCI DSS v4.0.1 10.4.1.1 Automated Log Review Mechanisms PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB PCI_DSS_v4.0.1 10.4.1.1 PCI_DSS_v4.0.1_10.4.1.1 PCI DSS v4.0.1 10.4.1.1 Automated Log Review Mechanisms PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring PCI_DSS_v4.0.1 10.4.1.1 PCI_DSS_v4.0.1_10.4.1.1 PCI DSS v4.0.1 10.4.1.1 Automated Log Review Mechanisms PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring PCI_DSS_v4.0.1 10.4.1.1 PCI_DSS_v4.0.1_10.4.1.1 PCI DSS v4.0.1 10.4.1.1 Automated Log Review Mechanisms PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration PCI_DSS_v4.0.1 10.4.1.1 PCI_DSS_v4.0.1_10.4.1.1 PCI DSS v4.0.1 10.4.1.1 Automated Log Review Mechanisms PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring PCI_DSS_v4.0.1 10.4.1.1 PCI_DSS_v4.0.1_10.4.1.1 PCI DSS v4.0.1 10.4.1.1 Automated Log Review Mechanisms PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring PCI_DSS_v4.0.1 10.4.1.1 PCI_DSS_v4.0.1_10.4.1.1 PCI DSS v4.0.1 10.4.1.1 Automated Log Review Mechanisms PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring PCI_DSS_v4.0.1 10.4.1.1 PCI_DSS_v4.0.1_10.4.1.1 PCI DSS v4.0.1 10.4.1.1 Automated Log Review Mechanisms PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration PCI_DSS_v4.0.1 10.4.1.1 PCI_DSS_v4.0.1_10.4.1.1 PCI DSS v4.0.1 10.4.1.1 Automated Log Review Mechanisms PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault PCI_DSS_v4.0.1 10.4.1.1 PCI_DSS_v4.0.1_10.4.1.1 PCI DSS v4.0.1 10.4.1.1 Automated Log Review Mechanisms PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring PCI_DSS_v4.0.1 10.4.2 PCI_DSS_v4.0.1_10.4.2 PCI DSS v4.0.1 10.4.2 Periodic Review of Other Logs PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB PCI_DSS_v4.0.1 10.4.2 PCI_DSS_v4.0.1_10.4.2 PCI DSS v4.0.1 10.4.2 Periodic Review of Other Logs PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault PCI_DSS_v4.0.1 10.4.2 PCI_DSS_v4.0.1_10.4.2 PCI DSS v4.0.1 10.4.2 Periodic Review of Other Logs PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring PCI_DSS_v4.0.1 10.4.2 PCI_DSS_v4.0.1_10.4.2 PCI DSS v4.0.1 10.4.2 Periodic Review of Other Logs PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration PCI_DSS_v4.0.1 10.4.2 PCI_DSS_v4.0.1_10.4.2 PCI DSS v4.0.1 10.4.2 Periodic Review of Other Logs PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring PCI_DSS_v4.0.1 10.4.2 PCI_DSS_v4.0.1_10.4.2 PCI DSS v4.0.1 10.4.2 Periodic Review of Other Logs PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring PCI_DSS_v4.0.1 10.4.2 PCI_DSS_v4.0.1_10.4.2 PCI DSS v4.0.1 10.4.2 Periodic Review of Other Logs PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring PCI_DSS_v4.0.1 10.4.2 PCI_DSS_v4.0.1_10.4.2 PCI DSS v4.0.1 10.4.2 Periodic Review of Other Logs PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration PCI_DSS_v4.0.1 10.4.2 PCI_DSS_v4.0.1_10.4.2 PCI DSS v4.0.1 10.4.2 Periodic Review of Other Logs PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring PCI_DSS_v4.0.1 10.4.2 PCI_DSS_v4.0.1_10.4.2 PCI DSS v4.0.1 10.4.2 Periodic Review of Other Logs PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring PCI_DSS_v4.0.1 10.4.2.1 PCI_DSS_v4.0.1_10.4.2.1 PCI DSS v4.0.1 10.4.2.1 Frequency of Log Reviews PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault PCI_DSS_v4.0.1 10.4.2.1 PCI_DSS_v4.0.1_10.4.2.1 PCI DSS v4.0.1 10.4.2.1 Frequency of Log Reviews PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring PCI_DSS_v4.0.1 10.4.2.1 PCI_DSS_v4.0.1_10.4.2.1 PCI DSS v4.0.1 10.4.2.1 Frequency of Log Reviews PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration PCI_DSS_v4.0.1 10.4.2.1 PCI_DSS_v4.0.1_10.4.2.1 PCI DSS v4.0.1 10.4.2.1 Frequency of Log Reviews PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning PCI_DSS_v4.0.1 10.4.2.1 PCI_DSS_v4.0.1_10.4.2.1 PCI DSS v4.0.1 10.4.2.1 Frequency of Log Reviews PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring PCI_DSS_v4.0.1 10.4.2.1 PCI_DSS_v4.0.1_10.4.2.1 PCI DSS v4.0.1 10.4.2.1 Frequency of Log Reviews PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics PCI_DSS_v4.0.1 10.4.2.1 PCI_DSS_v4.0.1_10.4.2.1 PCI DSS v4.0.1 10.4.2.1 Frequency of Log Reviews PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes PCI_DSS_v4.0.1 10.4.2.1 PCI_DSS_v4.0.1_10.4.2.1 PCI DSS v4.0.1 10.4.2.1 Frequency of Log Reviews PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration PCI_DSS_v4.0.1 10.4.2.1 PCI_DSS_v4.0.1_10.4.2.1 PCI DSS v4.0.1 10.4.2.1 Frequency of Log Reviews PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring PCI_DSS_v4.0.1 10.4.2.1 PCI_DSS_v4.0.1_10.4.2.1 PCI DSS v4.0.1 10.4.2.1 Frequency of Log Reviews PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB PCI_DSS_v4.0.1 10.4.2.1 PCI_DSS_v4.0.1_10.4.2.1 PCI DSS v4.0.1 10.4.2.1 Frequency of Log Reviews PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring PCI_DSS_v4.0.1 10.4.2.1 PCI_DSS_v4.0.1_10.4.2.1 PCI DSS v4.0.1 10.4.2.1 Frequency of Log Reviews PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration PCI_DSS_v4.0.1 10.4.2.1 PCI_DSS_v4.0.1_10.4.2.1 PCI DSS v4.0.1 10.4.2.1 Frequency of Log Reviews PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache PCI_DSS_v4.0.1 10.4.2.1 PCI_DSS_v4.0.1_10.4.2.1 PCI DSS v4.0.1 10.4.2.1 Frequency of Log Reviews PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring PCI_DSS_v4.0.1 10.4.2.1 PCI_DSS_v4.0.1_10.4.2.1 PCI DSS v4.0.1 10.4.2.1 Frequency of Log Reviews PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things PCI_DSS_v4.0.1 10.4.2.1 PCI_DSS_v4.0.1_10.4.2.1 PCI DSS v4.0.1 10.4.2.1 Frequency of Log Reviews PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault PCI_DSS_v4.0.1 10.4.2.1 PCI_DSS_v4.0.1_10.4.2.1 PCI DSS v4.0.1 10.4.2.1 Frequency of Log Reviews PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps PCI_DSS_v4.0.1 10.4.2.1 PCI_DSS_v4.0.1_10.4.2.1 PCI DSS v4.0.1 10.4.2.1 Frequency of Log Reviews PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake PCI_DSS_v4.0.1 10.4.2.1 PCI_DSS_v4.0.1_10.4.2.1 PCI DSS v4.0.1 10.4.2.1 Frequency of Log Reviews PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake PCI_DSS_v4.0.1 10.4.2.1 PCI_DSS_v4.0.1_10.4.2.1 PCI DSS v4.0.1 10.4.2.1 Frequency of Log Reviews PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration PCI_DSS_v4.0.1 10.4.2.1 PCI_DSS_v4.0.1_10.4.2.1 PCI DSS v4.0.1 10.4.2.1 Frequency of Log Reviews PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL PCI_DSS_v4.0.1 10.4.2.1 PCI_DSS_v4.0.1_10.4.2.1 PCI DSS v4.0.1 10.4.2.1 Frequency of Log Reviews PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub PCI_DSS_v4.0.1 10.4.2.1 PCI_DSS_v4.0.1_10.4.2.1 PCI DSS v4.0.1 10.4.2.1 Frequency of Log Reviews PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring PCI_DSS_v4.0.1 10.4.2.1 PCI_DSS_v4.0.1_10.4.2.1 PCI DSS v4.0.1 10.4.2.1 Frequency of Log Reviews PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus PCI_DSS_v4.0.1 10.4.2.1 PCI_DSS_v4.0.1_10.4.2.1 PCI DSS v4.0.1 10.4.2.1 Frequency of Log Reviews PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General PCI_DSS_v4.0.1 10.4.2.1 PCI_DSS_v4.0.1_10.4.2.1 PCI DSS v4.0.1 10.4.2.1 Frequency of Log Reviews PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration PCI_DSS_v4.0.1 10.4.3 PCI_DSS_v4.0.1_10.4.3 PCI DSS v4.0.1 10.4.3 Addressing Log Anomalies PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault PCI_DSS_v4.0.1 10.4.3 PCI_DSS_v4.0.1_10.4.3 PCI DSS v4.0.1 10.4.3 Addressing Log Anomalies PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring PCI_DSS_v4.0.1 10.4.3 PCI_DSS_v4.0.1_10.4.3 PCI DSS v4.0.1 10.4.3 Addressing Log Anomalies PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring PCI_DSS_v4.0.1 10.4.3 PCI_DSS_v4.0.1_10.4.3 PCI DSS v4.0.1 10.4.3 Addressing Log Anomalies PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring PCI_DSS_v4.0.1 10.4.3 PCI_DSS_v4.0.1_10.4.3 PCI DSS v4.0.1 10.4.3 Addressing Log Anomalies PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration PCI_DSS_v4.0.1 10.4.3 PCI_DSS_v4.0.1_10.4.3 PCI DSS v4.0.1 10.4.3 Addressing Log Anomalies PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring PCI_DSS_v4.0.1 10.4.3 PCI_DSS_v4.0.1_10.4.3 PCI DSS v4.0.1 10.4.3 Addressing Log Anomalies PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring PCI_DSS_v4.0.1 10.4.3 PCI_DSS_v4.0.1_10.4.3 PCI DSS v4.0.1 10.4.3 Addressing Log Anomalies PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring PCI_DSS_v4.0.1 10.4.3 PCI_DSS_v4.0.1_10.4.3 PCI DSS v4.0.1 10.4.3 Addressing Log Anomalies PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring PCI_DSS_v4.0.1 10.7.1 PCI_DSS_v4.0.1_10.7.1 PCI DSS v4.0.1 10.7.1 Detection and Addressing of Critical Failures PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring PCI_DSS_v4.0.1 10.7.2 PCI_DSS_v4.0.1_10.7.2 PCI DSS v4.0.1 10.7.2 Addressing Security Control Failures PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center PCI_DSS_v4.0.1 11.3.1 PCI_DSS_v4.0.1_11.3.1 PCI DSS v4.0.1 11.3.1 Internal Vulnerability Scans PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center PCI_DSS_v4.0.1 11.3.1 PCI_DSS_v4.0.1_11.3.1 PCI DSS v4.0.1 11.3.1 Internal Vulnerability Scans PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL PCI_DSS_v4.0.1 11.3.1 PCI_DSS_v4.0.1_11.3.1 PCI DSS v4.0.1 11.3.1 Internal Vulnerability Scans PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes PCI_DSS_v4.0.1 11.3.1 PCI_DSS_v4.0.1_11.3.1 PCI DSS v4.0.1 11.3.1 Internal Vulnerability Scans PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center PCI_DSS_v4.0.1 11.3.1 PCI_DSS_v4.0.1_11.3.1 PCI DSS v4.0.1 11.3.1 Internal Vulnerability Scans PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center PCI_DSS_v4.0.1 11.3.1 PCI_DSS_v4.0.1_11.3.1 PCI DSS v4.0.1 11.3.1 Internal Vulnerability Scans PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center PCI_DSS_v4.0.1 11.3.1 PCI_DSS_v4.0.1_11.3.1 PCI DSS v4.0.1 11.3.1 Internal Vulnerability Scans PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes PCI_DSS_v4.0.1 11.3.1 PCI_DSS_v4.0.1_11.3.1 PCI DSS v4.0.1 11.3.1 Internal Vulnerability Scans PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL PCI_DSS_v4.0.1 11.3.1 PCI_DSS_v4.0.1_11.3.1 PCI DSS v4.0.1 11.3.1 Internal Vulnerability Scans PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center PCI_DSS_v4.0.1 11.3.1 PCI_DSS_v4.0.1_11.3.1 PCI DSS v4.0.1 11.3.1 Internal Vulnerability Scans PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center PCI_DSS_v4.0.1 11.3.1 PCI_DSS_v4.0.1_11.3.1 PCI DSS v4.0.1 11.3.1 Internal Vulnerability Scans PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center PCI_DSS_v4.0.1 11.3.1 PCI_DSS_v4.0.1_11.3.1 PCI DSS v4.0.1 11.3.1 Internal Vulnerability Scans PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center PCI_DSS_v4.0.1 11.3.1 PCI_DSS_v4.0.1_11.3.1 PCI DSS v4.0.1 11.3.1 Internal Vulnerability Scans PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center PCI_DSS_v4.0.1 11.3.1 PCI_DSS_v4.0.1_11.3.1 PCI DSS v4.0.1 11.3.1 Internal Vulnerability Scans PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center PCI_DSS_v4.0.1 11.3.1 PCI_DSS_v4.0.1_11.3.1 PCI DSS v4.0.1 11.3.1 Internal Vulnerability Scans PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center PCI_DSS_v4.0.1 11.3.1.1 PCI_DSS_v4.0.1_11.3.1.1 PCI DSS v4.0.1 11.3.1.1 Management of Other Vulnerabilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center PCI_DSS_v4.0.1 11.3.1.1 PCI_DSS_v4.0.1_11.3.1.1 PCI DSS v4.0.1 11.3.1.1 Management of Other Vulnerabilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL PCI_DSS_v4.0.1 11.3.1.1 PCI_DSS_v4.0.1_11.3.1.1 PCI DSS v4.0.1 11.3.1.1 Management of Other Vulnerabilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center PCI_DSS_v4.0.1 11.3.1.1 PCI_DSS_v4.0.1_11.3.1.1 PCI DSS v4.0.1 11.3.1.1 Management of Other Vulnerabilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center PCI_DSS_v4.0.1 11.3.1.1 PCI_DSS_v4.0.1_11.3.1.1 PCI DSS v4.0.1 11.3.1.1 Management of Other Vulnerabilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center PCI_DSS_v4.0.1 11.3.1.1 PCI_DSS_v4.0.1_11.3.1.1 PCI DSS v4.0.1 11.3.1.1 Management of Other Vulnerabilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL PCI_DSS_v4.0.1 11.3.1.1 PCI_DSS_v4.0.1_11.3.1.1 PCI DSS v4.0.1 11.3.1.1 Management of Other Vulnerabilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center PCI_DSS_v4.0.1 11.3.1.1 PCI_DSS_v4.0.1_11.3.1.1 PCI DSS v4.0.1 11.3.1.1 Management of Other Vulnerabilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center PCI_DSS_v4.0.1 11.3.1.1 PCI_DSS_v4.0.1_11.3.1.1 PCI DSS v4.0.1 11.3.1.1 Management of Other Vulnerabilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center PCI_DSS_v4.0.1 11.3.1.1 PCI_DSS_v4.0.1_11.3.1.1 PCI DSS v4.0.1 11.3.1.1 Management of Other Vulnerabilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes PCI_DSS_v4.0.1 11.3.1.1 PCI_DSS_v4.0.1_11.3.1.1 PCI DSS v4.0.1 11.3.1.1 Management of Other Vulnerabilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center PCI_DSS_v4.0.1 11.3.1.1 PCI_DSS_v4.0.1_11.3.1.1 PCI DSS v4.0.1 11.3.1.1 Management of Other Vulnerabilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center PCI_DSS_v4.0.1 11.3.1.1 PCI_DSS_v4.0.1_11.3.1.1 PCI DSS v4.0.1 11.3.1.1 Management of Other Vulnerabilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center PCI_DSS_v4.0.1 11.3.1.1 PCI_DSS_v4.0.1_11.3.1.1 PCI DSS v4.0.1 11.3.1.1 Management of Other Vulnerabilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes PCI_DSS_v4.0.1 11.3.1.2 PCI_DSS_v4.0.1_11.3.1.2 PCI DSS v4.0.1 11.3.1.2 Authenticated Vulnerability Scans PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center PCI_DSS_v4.0.1 11.4.4 PCI_DSS_v4.0.1_11.4.4 PCI DSS v4.0.1 11.4.4 Addressing Penetration Testing Findings PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center PCI_DSS_v4.0.1 11.4.4 PCI_DSS_v4.0.1_11.4.4 PCI DSS v4.0.1 11.4.4 Addressing Penetration Testing Findings PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL PCI_DSS_v4.0.1 11.4.4 PCI_DSS_v4.0.1_11.4.4 PCI DSS v4.0.1 11.4.4 Addressing Penetration Testing Findings PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center PCI_DSS_v4.0.1 11.4.4 PCI_DSS_v4.0.1_11.4.4 PCI DSS v4.0.1 11.4.4 Addressing Penetration Testing Findings PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center PCI_DSS_v4.0.1 11.4.4 PCI_DSS_v4.0.1_11.4.4 PCI DSS v4.0.1 11.4.4 Addressing Penetration Testing Findings PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center PCI_DSS_v4.0.1 11.4.4 PCI_DSS_v4.0.1_11.4.4 PCI DSS v4.0.1 11.4.4 Addressing Penetration Testing Findings PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center PCI_DSS_v4.0.1 11.4.4 PCI_DSS_v4.0.1_11.4.4 PCI DSS v4.0.1 11.4.4 Addressing Penetration Testing Findings PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center PCI_DSS_v4.0.1 11.4.4 PCI_DSS_v4.0.1_11.4.4 PCI DSS v4.0.1 11.4.4 Addressing Penetration Testing Findings PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center PCI_DSS_v4.0.1 11.4.4 PCI_DSS_v4.0.1_11.4.4 PCI DSS v4.0.1 11.4.4 Addressing Penetration Testing Findings PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL PCI_DSS_v4.0.1 11.4.4 PCI_DSS_v4.0.1_11.4.4 PCI DSS v4.0.1 11.4.4 Addressing Penetration Testing Findings PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center PCI_DSS_v4.0.1 11.4.4 PCI_DSS_v4.0.1_11.4.4 PCI DSS v4.0.1 11.4.4 Addressing Penetration Testing Findings PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center PCI_DSS_v4.0.1 11.4.4 PCI_DSS_v4.0.1_11.4.4 PCI DSS v4.0.1 11.4.4 Addressing Penetration Testing Findings PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center PCI_DSS_v4.0.1 11.4.4 PCI_DSS_v4.0.1_11.4.4 PCI DSS v4.0.1 11.4.4 Addressing Penetration Testing Findings PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes PCI_DSS_v4.0.1 11.4.4 PCI_DSS_v4.0.1_11.4.4 PCI DSS v4.0.1 11.4.4 Addressing Penetration Testing Findings PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring PCI_DSS_v4.0.1 11.5.1 PCI_DSS_v4.0.1_11.5.1 PCI DSS v4.0.1 11.5.1 Intrusion Detection/Prevention PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center PCI_DSS_v4.0.1 11.5.1 PCI_DSS_v4.0.1_11.5.1 PCI DSS v4.0.1 11.5.1 Intrusion Detection/Prevention PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center PCI_DSS_v4.0.1 11.5.1 PCI_DSS_v4.0.1_11.5.1 PCI DSS v4.0.1 11.5.1 Intrusion Detection/Prevention PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center PCI_DSS_v4.0.1 11.5.1 PCI_DSS_v4.0.1_11.5.1 PCI DSS v4.0.1 11.5.1 Intrusion Detection/Prevention PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes PCI_DSS_v4.0.1 11.5.1 PCI_DSS_v4.0.1_11.5.1 PCI DSS v4.0.1 11.5.1 Intrusion Detection/Prevention PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring PCI_DSS_v4.0.1 11.5.1 PCI_DSS_v4.0.1_11.5.1 PCI DSS v4.0.1 11.5.1 Intrusion Detection/Prevention PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center PCI_DSS_v4.0.1 11.5.1 PCI_DSS_v4.0.1_11.5.1 PCI DSS v4.0.1 11.5.1 Intrusion Detection/Prevention PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center PCI_DSS_v4.0.1 11.5.1 PCI_DSS_v4.0.1_11.5.1 PCI DSS v4.0.1 11.5.1 Intrusion Detection/Prevention PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring PCI_DSS_v4.0.1 11.5.1 PCI_DSS_v4.0.1_11.5.1 PCI DSS v4.0.1 11.5.1 Intrusion Detection/Prevention PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring PCI_DSS_v4.0.1 11.5.1 PCI_DSS_v4.0.1_11.5.1 PCI DSS v4.0.1 11.5.1 Intrusion Detection/Prevention PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring PCI_DSS_v4.0.1 11.5.1 PCI_DSS_v4.0.1_11.5.1 PCI DSS v4.0.1 11.5.1 Intrusion Detection/Prevention PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring PCI_DSS_v4.0.1 11.5.1 PCI_DSS_v4.0.1_11.5.1 PCI DSS v4.0.1 11.5.1 Intrusion Detection/Prevention PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network PCI_DSS_v4.0.1 11.5.1 PCI_DSS_v4.0.1_11.5.1 PCI DSS v4.0.1 11.5.1 Intrusion Detection/Prevention PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center PCI_DSS_v4.0.1 11.5.1 PCI_DSS_v4.0.1_11.5.1 PCI DSS v4.0.1 11.5.1 Intrusion Detection/Prevention PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring PCI_DSS_v4.0.1 11.5.1 PCI_DSS_v4.0.1_11.5.1 PCI DSS v4.0.1 11.5.1 Intrusion Detection/Prevention PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes PCI_DSS_v4.0.1 11.5.1 PCI_DSS_v4.0.1_11.5.1 PCI DSS v4.0.1 11.5.1 Intrusion Detection/Prevention PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL PCI_DSS_v4.0.1 11.5.1 PCI_DSS_v4.0.1_11.5.1 PCI DSS v4.0.1 11.5.1 Intrusion Detection/Prevention PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute PCI_DSS_v4.0.1 11.5.1 PCI_DSS_v4.0.1_11.5.1 PCI DSS v4.0.1 11.5.1 Intrusion Detection/Prevention PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center PCI_DSS_v4.0.1 11.5.1 PCI_DSS_v4.0.1_11.5.1 PCI DSS v4.0.1 11.5.1 Intrusion Detection/Prevention PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring PCI_DSS_v4.0.1 11.5.1 PCI_DSS_v4.0.1_11.5.1 PCI DSS v4.0.1 11.5.1 Intrusion Detection/Prevention PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center PCI_DSS_v4.0.1 11.5.1 PCI_DSS_v4.0.1_11.5.1 PCI DSS v4.0.1 11.5.1 Intrusion Detection/Prevention PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes PCI_DSS_v4.0.1 11.5.1 PCI_DSS_v4.0.1_11.5.1 PCI DSS v4.0.1 11.5.1 Intrusion Detection/Prevention PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center PCI_DSS_v4.0.1 11.5.1 PCI_DSS_v4.0.1_11.5.1 PCI DSS v4.0.1 11.5.1 Intrusion Detection/Prevention PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring PCI_DSS_v4.0.1 11.5.1.1 PCI_DSS_v4.0.1_11.5.1.1 PCI DSS v4.0.1 11.5.1.1 Covert Malware Detection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center PCI_DSS_v4.0.1 11.5.1.1 PCI_DSS_v4.0.1_11.5.1.1 PCI DSS v4.0.1 11.5.1.1 Covert Malware Detection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring PCI_DSS_v4.0.1 11.5.1.1 PCI_DSS_v4.0.1_11.5.1.1 PCI DSS v4.0.1 11.5.1.1 Covert Malware Detection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center PCI_DSS_v4.0.1 11.5.1.1 PCI_DSS_v4.0.1_11.5.1.1 PCI DSS v4.0.1 11.5.1.1 Covert Malware Detection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute PCI_DSS_v4.0.1 11.5.1.1 PCI_DSS_v4.0.1_11.5.1.1 PCI DSS v4.0.1 11.5.1.1 Covert Malware Detection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center PCI_DSS_v4.0.1 11.5.1.1 PCI_DSS_v4.0.1_11.5.1.1 PCI DSS v4.0.1 11.5.1.1 Covert Malware Detection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring PCI_DSS_v4.0.1 11.5.1.1 PCI_DSS_v4.0.1_11.5.1.1 PCI DSS v4.0.1 11.5.1.1 Covert Malware Detection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center PCI_DSS_v4.0.1 11.5.1.1 PCI_DSS_v4.0.1_11.5.1.1 PCI DSS v4.0.1 11.5.1.1 Covert Malware Detection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network PCI_DSS_v4.0.1 11.5.1.1 PCI_DSS_v4.0.1_11.5.1.1 PCI DSS v4.0.1 11.5.1.1 Covert Malware Detection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center PCI_DSS_v4.0.1 11.5.1.1 PCI_DSS_v4.0.1_11.5.1.1 PCI DSS v4.0.1 11.5.1.1 Covert Malware Detection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring PCI_DSS_v4.0.1 11.5.1.1 PCI_DSS_v4.0.1_11.5.1.1 PCI DSS v4.0.1 11.5.1.1 Covert Malware Detection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes PCI_DSS_v4.0.1 11.5.1.1 PCI_DSS_v4.0.1_11.5.1.1 PCI DSS v4.0.1 11.5.1.1 Covert Malware Detection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center PCI_DSS_v4.0.1 11.5.1.1 PCI_DSS_v4.0.1_11.5.1.1 PCI DSS v4.0.1 11.5.1.1 Covert Malware Detection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring PCI_DSS_v4.0.1 11.5.1.1 PCI_DSS_v4.0.1_11.5.1.1 PCI DSS v4.0.1 11.5.1.1 Covert Malware Detection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes PCI_DSS_v4.0.1 11.5.1.1 PCI_DSS_v4.0.1_11.5.1.1 PCI DSS v4.0.1 11.5.1.1 Covert Malware Detection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring PCI_DSS_v4.0.1 11.5.1.1 PCI_DSS_v4.0.1_11.5.1.1 PCI DSS v4.0.1 11.5.1.1 Covert Malware Detection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center PCI_DSS_v4.0.1 11.5.1.1 PCI_DSS_v4.0.1_11.5.1.1 PCI DSS v4.0.1 11.5.1.1 Covert Malware Detection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring PCI_DSS_v4.0.1 11.5.1.1 PCI_DSS_v4.0.1_11.5.1.1 PCI DSS v4.0.1 11.5.1.1 Covert Malware Detection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring PCI_DSS_v4.0.1 11.5.1.1 PCI_DSS_v4.0.1_11.5.1.1 PCI DSS v4.0.1 11.5.1.1 Covert Malware Detection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL PCI_DSS_v4.0.1 11.5.1.1 PCI_DSS_v4.0.1_11.5.1.1 PCI DSS v4.0.1 11.5.1.1 Covert Malware Detection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center PCI_DSS_v4.0.1 11.5.1.1 PCI_DSS_v4.0.1_11.5.1.1 PCI DSS v4.0.1 11.5.1.1 Covert Malware Detection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center PCI_DSS_v4.0.1 11.5.2 PCI_DSS_v4.0.1_11.5.2 PCI DSS v4.0.1 11.5.2 Change-Detection Mechanism Deployment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center PCI_DSS_v4.0.1 11.5.2 PCI_DSS_v4.0.1_11.5.2 PCI DSS v4.0.1 11.5.2 Change-Detection Mechanism Deployment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center PCI_DSS_v4.0.1 11.5.2 PCI_DSS_v4.0.1_11.5.2 PCI DSS v4.0.1 11.5.2 Change-Detection Mechanism Deployment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring PCI_DSS_v4.0.1 11.5.2 PCI_DSS_v4.0.1_11.5.2 PCI DSS v4.0.1 11.5.2 Change-Detection Mechanism Deployment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring PCI_DSS_v4.0.1 11.5.2 PCI_DSS_v4.0.1_11.5.2 PCI DSS v4.0.1 11.5.2 Change-Detection Mechanism Deployment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring PCI_DSS_v4.0.1 11.5.2 PCI_DSS_v4.0.1_11.5.2 PCI DSS v4.0.1 11.5.2 Change-Detection Mechanism Deployment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center PCI_DSS_v4.0.1 11.5.2 PCI_DSS_v4.0.1_11.5.2 PCI DSS v4.0.1 11.5.2 Change-Detection Mechanism Deployment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center PCI_DSS_v4.0.1 11.5.2 PCI_DSS_v4.0.1_11.5.2 PCI DSS v4.0.1 11.5.2 Change-Detection Mechanism Deployment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration PCI_DSS_v4.0.1 11.5.2 PCI_DSS_v4.0.1_11.5.2 PCI DSS v4.0.1 11.5.2 Change-Detection Mechanism Deployment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes PCI_DSS_v4.0.1 11.5.2 PCI_DSS_v4.0.1_11.5.2 PCI DSS v4.0.1 11.5.2 Change-Detection Mechanism Deployment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes PCI_DSS_v4.0.1 11.5.2 PCI_DSS_v4.0.1_11.5.2 PCI DSS v4.0.1 11.5.2 Change-Detection Mechanism Deployment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center PCI_DSS_v4.0.1 11.5.2 PCI_DSS_v4.0.1_11.5.2 PCI DSS v4.0.1 11.5.2 Change-Detection Mechanism Deployment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring PCI_DSS_v4.0.1 11.5.2 PCI_DSS_v4.0.1_11.5.2 PCI DSS v4.0.1 11.5.2 Change-Detection Mechanism Deployment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring PCI_DSS_v4.0.1 11.5.2 PCI_DSS_v4.0.1_11.5.2 PCI DSS v4.0.1 11.5.2 Change-Detection Mechanism Deployment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network PCI_DSS_v4.0.1 11.5.2 PCI_DSS_v4.0.1_11.5.2 PCI DSS v4.0.1 11.5.2 Change-Detection Mechanism Deployment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring PCI_DSS_v4.0.1 11.5.2 PCI_DSS_v4.0.1_11.5.2 PCI DSS v4.0.1 11.5.2 Change-Detection Mechanism Deployment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring PCI_DSS_v4.0.1 11.5.2 PCI_DSS_v4.0.1_11.5.2 PCI DSS v4.0.1 11.5.2 Change-Detection Mechanism Deployment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring PCI_DSS_v4.0.1 11.5.2 PCI_DSS_v4.0.1_11.5.2 PCI DSS v4.0.1 11.5.2 Change-Detection Mechanism Deployment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL PCI_DSS_v4.0.1 11.5.2 PCI_DSS_v4.0.1_11.5.2 PCI DSS v4.0.1 11.5.2 Change-Detection Mechanism Deployment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring PCI_DSS_v4.0.1 11.5.2 PCI_DSS_v4.0.1_11.5.2 PCI DSS v4.0.1 11.5.2 Change-Detection Mechanism Deployment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes PCI_DSS_v4.0.1 11.5.2 PCI_DSS_v4.0.1_11.5.2 PCI DSS v4.0.1 11.5.2 Change-Detection Mechanism Deployment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center PCI_DSS_v4.0.1 11.5.2 PCI_DSS_v4.0.1_11.5.2 PCI DSS v4.0.1 11.5.2 Change-Detection Mechanism Deployment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center PCI_DSS_v4.0.1 11.5.2 PCI_DSS_v4.0.1_11.5.2 PCI DSS v4.0.1 11.5.2 Change-Detection Mechanism Deployment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center PCI_DSS_v4.0.1 11.5.2 PCI_DSS_v4.0.1_11.5.2 PCI DSS v4.0.1 11.5.2 Change-Detection Mechanism Deployment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center PCI_DSS_v4.0.1 11.5.2 PCI_DSS_v4.0.1_11.5.2 PCI DSS v4.0.1 11.5.2 Change-Detection Mechanism Deployment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center PCI_DSS_v4.0.1 11.5.2 PCI_DSS_v4.0.1_11.5.2 PCI DSS v4.0.1 11.5.2 Change-Detection Mechanism Deployment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center PCI_DSS_v4.0.1 11.5.2 PCI_DSS_v4.0.1_11.5.2 PCI DSS v4.0.1 11.5.2 Change-Detection Mechanism Deployment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring PCI_DSS_v4.0.1 11.5.2 PCI_DSS_v4.0.1_11.5.2 PCI DSS v4.0.1 11.5.2 Change-Detection Mechanism Deployment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network PCI_DSS_v4.0.1 11.5.2 PCI_DSS_v4.0.1_11.5.2 PCI DSS v4.0.1 11.5.2 Change-Detection Mechanism Deployment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring PCI_DSS_v4.0.1 11.5.2 PCI_DSS_v4.0.1_11.5.2 PCI DSS v4.0.1 11.5.2 Change-Detection Mechanism Deployment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes PCI_DSS_v4.0.1 11.5.2 PCI_DSS_v4.0.1_11.5.2 PCI DSS v4.0.1 11.5.2 Change-Detection Mechanism Deployment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center PCI_DSS_v4.0.1 12.10.1 PCI_DSS_v4.0.1_12.10.1 PCI DSS v4.0.1 12.10.1 Incident Response Plan PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute PCI_DSS_v4.0.1 12.10.1 PCI_DSS_v4.0.1_12.10.1 PCI DSS v4.0.1 12.10.1 Incident Response Plan PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center PCI_DSS_v4.0.1 12.10.2 PCI_DSS_v4.0.1_12.10.2 PCI DSS v4.0.1 12.10.2 Incident Response Review PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center PCI_DSS_v4.0.1 12.10.3 PCI_DSS_v4.0.1_12.10.3 PCI DSS v4.0.1 12.10.3 24/7 Incident Response Personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB PCI_DSS_v4.0.1 12.10.5 PCI_DSS_v4.0.1_12.10.5 PCI DSS v4.0.1 12.10.5 Monitoring and Alert Response PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault PCI_DSS_v4.0.1 12.10.7 PCI_DSS_v4.0.1_12.10.7 PCI DSS v4.0.1 12.10.7 Procedures for PAN Discovery PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring PCI_DSS_v4.0.1 12.2.1 PCI_DSS_v4.0.1_12.2.1 PCI DSS v4.0.1 12.2.1 Documented Acceptable Use Policies PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration PCI_DSS_v4.0.1 12.2.1 PCI_DSS_v4.0.1_12.2.1 PCI DSS v4.0.1 12.2.1 Documented Acceptable Use Policies PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring PCI_DSS_v4.0.1 12.2.1 PCI_DSS_v4.0.1_12.2.1 PCI DSS v4.0.1 12.2.1 Documented Acceptable Use Policies PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service PCI_DSS_v4.0.1 12.2.1 PCI_DSS_v4.0.1_12.2.1 PCI DSS v4.0.1 12.2.1 Documented Acceptable Use Policies PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration PCI_DSS_v4.0.1 12.2.1 PCI_DSS_v4.0.1_12.2.1 PCI DSS v4.0.1 12.2.1 Documented Acceptable Use Policies PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring PCI_DSS_v4.0.1 12.2.1 PCI_DSS_v4.0.1_12.2.1 PCI DSS v4.0.1 12.2.1 Documented Acceptable Use Policies PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center PCI_DSS_v4.0.1 12.4.1 PCI_DSS_v4.0.1_12.4.1 PCI DSS v4.0.1 12.4.1 Executive Management Responsibility for PCI DSS PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center PCI_DSS_v4.0.1 12.4.1 PCI_DSS_v4.0.1_12.4.1 PCI DSS v4.0.1 12.4.1 Executive Management Responsibility for PCI DSS PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center PCI_DSS_v4.0.1 12.4.1 PCI_DSS_v4.0.1_12.4.1 PCI DSS v4.0.1 12.4.1 Executive Management Responsibility for PCI DSS PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center PCI_DSS_v4.0.1 12.4.1 PCI_DSS_v4.0.1_12.4.1 PCI DSS v4.0.1 12.4.1 Executive Management Responsibility for PCI DSS PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center PCI_DSS_v4.0.1 12.4.1 PCI_DSS_v4.0.1_12.4.1 PCI DSS v4.0.1 12.4.1 Executive Management Responsibility for PCI DSS PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center PCI_DSS_v4.0.1 12.4.1 PCI_DSS_v4.0.1_12.4.1 PCI DSS v4.0.1 12.4.1 Executive Management Responsibility for PCI DSS PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center PCI_DSS_v4.0.1 12.4.1 PCI_DSS_v4.0.1_12.4.1 PCI DSS v4.0.1 12.4.1 Executive Management Responsibility for PCI DSS PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center PCI_DSS_v4.0.1 12.4.1 PCI_DSS_v4.0.1_12.4.1 PCI DSS v4.0.1 12.4.1 Executive Management Responsibility for PCI DSS PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center PCI_DSS_v4.0.1 12.4.1 PCI_DSS_v4.0.1_12.4.1 PCI DSS v4.0.1 12.4.1 Executive Management Responsibility for PCI DSS PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center PCI_DSS_v4.0.1 12.4.1 PCI_DSS_v4.0.1_12.4.1 PCI DSS v4.0.1 12.4.1 Executive Management Responsibility for PCI DSS PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL PCI_DSS_v4.0.1 12.4.1 PCI_DSS_v4.0.1_12.4.1 PCI DSS v4.0.1 12.4.1 Executive Management Responsibility for PCI DSS PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center PCI_DSS_v4.0.1 12.4.1 PCI_DSS_v4.0.1_12.4.1 PCI DSS v4.0.1 12.4.1 Executive Management Responsibility for PCI DSS PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes PCI_DSS_v4.0.1 12.4.1 PCI_DSS_v4.0.1_12.4.1 PCI DSS v4.0.1 12.4.1 Executive Management Responsibility for PCI DSS PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center PCI_DSS_v4.0.1 12.4.1 PCI_DSS_v4.0.1_12.4.1 PCI DSS v4.0.1 12.4.1 Executive Management Responsibility for PCI DSS PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center PCI_DSS_v4.0.1 12.4.1 PCI_DSS_v4.0.1_12.4.1 PCI DSS v4.0.1 12.4.1 Executive Management Responsibility for PCI DSS PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center PCI_DSS_v4.0.1 12.4.1 PCI_DSS_v4.0.1_12.4.1 PCI DSS v4.0.1 12.4.1 Executive Management Responsibility for PCI DSS PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center PCI_DSS_v4.0.1 12.4.1 PCI_DSS_v4.0.1_12.4.1 PCI DSS v4.0.1 12.4.1 Executive Management Responsibility for PCI DSS PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes PCI_DSS_v4.0.1 12.4.2 PCI_DSS_v4.0.1_12.4.2 PCI DSS v4.0.1 12.4.2 Quarterly Task Performance Reviews PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration PCI_DSS_v4.0.1 12.4.2 PCI_DSS_v4.0.1_12.4.2 PCI DSS v4.0.1 12.4.2 Quarterly Task Performance Reviews PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration PCI_DSS_v4.0.1 2.2.1 PCI_DSS_v4.0.1_2.2.1 PCI DSS v4.0.1 2.2.1 Configuration standards are developed, implemented, and maintained to cover all system components, address all known security vulnerabilities, be consistent with industry-accepted system hardening standards or vendor hardening recommendations, be updated as new vulnerability issues are identified, and be applied when new systems are configured and verified as in place before or immediately after a system component is connected to a production environment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network PCI_DSS_v4.0.1 2.2.1 PCI_DSS_v4.0.1_2.2.1 PCI DSS v4.0.1 2.2.1 Configuration standards are developed, implemented, and maintained to cover all system components, address all known security vulnerabilities, be consistent with industry-accepted system hardening standards or vendor hardening recommendations, be updated as new vulnerability issues are identified, and be applied when new systems are configured and verified as in place before or immediately after a system component is connected to a production environment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center PCI_DSS_v4.0.1 2.2.1 PCI_DSS_v4.0.1_2.2.1 PCI DSS v4.0.1 2.2.1 Configuration standards are developed, implemented, and maintained to cover all system components, address all known security vulnerabilities, be consistent with industry-accepted system hardening standards or vendor hardening recommendations, be updated as new vulnerability issues are identified, and be applied when new systems are configured and verified as in place before or immediately after a system component is connected to a production environment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service PCI_DSS_v4.0.1 2.2.1 PCI_DSS_v4.0.1_2.2.1 PCI DSS v4.0.1 2.2.1 Configuration standards are developed, implemented, and maintained to cover all system components, address all known security vulnerabilities, be consistent with industry-accepted system hardening standards or vendor hardening recommendations, be updated as new vulnerability issues are identified, and be applied when new systems are configured and verified as in place before or immediately after a system component is connected to a production environment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes PCI_DSS_v4.0.1 2.2.1 PCI_DSS_v4.0.1_2.2.1 PCI DSS v4.0.1 2.2.1 Configuration standards are developed, implemented, and maintained to cover all system components, address all known security vulnerabilities, be consistent with industry-accepted system hardening standards or vendor hardening recommendations, be updated as new vulnerability issues are identified, and be applied when new systems are configured and verified as in place before or immediately after a system component is connected to a production environment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
6b2122c1-8120-4ff5-801b-17625a355590 Azure Arc enabled Kubernetes clusters should have the Azure Policy extension installed Kubernetes PCI_DSS_v4.0.1 2.2.1 PCI_DSS_v4.0.1_2.2.1 PCI DSS v4.0.1 2.2.1 Configuration standards are developed, implemented, and maintained to cover all system components, address all known security vulnerabilities, be consistent with industry-accepted system hardening standards or vendor hardening recommendations, be updated as new vulnerability issues are identified, and be applied when new systems are configured and verified as in place before or immediately after a system component is connected to a production environment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center PCI_DSS_v4.0.1 2.2.1 PCI_DSS_v4.0.1_2.2.1 PCI DSS v4.0.1 2.2.1 Configuration standards are developed, implemented, and maintained to cover all system components, address all known security vulnerabilities, be consistent with industry-accepted system hardening standards or vendor hardening recommendations, be updated as new vulnerability issues are identified, and be applied when new systems are configured and verified as in place before or immediately after a system component is connected to a production environment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center PCI_DSS_v4.0.1 2.2.1 PCI_DSS_v4.0.1_2.2.1 PCI DSS v4.0.1 2.2.1 Configuration standards are developed, implemented, and maintained to cover all system components, address all known security vulnerabilities, be consistent with industry-accepted system hardening standards or vendor hardening recommendations, be updated as new vulnerability issues are identified, and be applied when new systems are configured and verified as in place before or immediately after a system component is connected to a production environment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration PCI_DSS_v4.0.1 2.2.1 PCI_DSS_v4.0.1_2.2.1 PCI DSS v4.0.1 2.2.1 Configuration standards are developed, implemented, and maintained to cover all system components, address all known security vulnerabilities, be consistent with industry-accepted system hardening standards or vendor hardening recommendations, be updated as new vulnerability issues are identified, and be applied when new systems are configured and verified as in place before or immediately after a system component is connected to a production environment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration PCI_DSS_v4.0.1 2.2.1 PCI_DSS_v4.0.1_2.2.1 PCI DSS v4.0.1 2.2.1 Configuration standards are developed, implemented, and maintained to cover all system components, address all known security vulnerabilities, be consistent with industry-accepted system hardening standards or vendor hardening recommendations, be updated as new vulnerability issues are identified, and be applied when new systems are configured and verified as in place before or immediately after a system component is connected to a production environment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes PCI_DSS_v4.0.1 2.2.1 PCI_DSS_v4.0.1_2.2.1 PCI DSS v4.0.1 2.2.1 Configuration standards are developed, implemented, and maintained to cover all system components, address all known security vulnerabilities, be consistent with industry-accepted system hardening standards or vendor hardening recommendations, be updated as new vulnerability issues are identified, and be applied when new systems are configured and verified as in place before or immediately after a system component is connected to a production environment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center PCI_DSS_v4.0.1 2.2.1 PCI_DSS_v4.0.1_2.2.1 PCI DSS v4.0.1 2.2.1 Configuration standards are developed, implemented, and maintained to cover all system components, address all known security vulnerabilities, be consistent with industry-accepted system hardening standards or vendor hardening recommendations, be updated as new vulnerability issues are identified, and be applied when new systems are configured and verified as in place before or immediately after a system component is connected to a production environment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration PCI_DSS_v4.0.1 2.2.1 PCI_DSS_v4.0.1_2.2.1 PCI DSS v4.0.1 2.2.1 Configuration standards are developed, implemented, and maintained to cover all system components, address all known security vulnerabilities, be consistent with industry-accepted system hardening standards or vendor hardening recommendations, be updated as new vulnerability issues are identified, and be applied when new systems are configured and verified as in place before or immediately after a system component is connected to a production environment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network PCI_DSS_v4.0.1 2.2.1 PCI_DSS_v4.0.1_2.2.1 PCI DSS v4.0.1 2.2.1 Configuration standards are developed, implemented, and maintained to cover all system components, address all known security vulnerabilities, be consistent with industry-accepted system hardening standards or vendor hardening recommendations, be updated as new vulnerability issues are identified, and be applied when new systems are configured and verified as in place before or immediately after a system component is connected to a production environment PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service PCI_DSS_v4.0.1 2.2.2 PCI_DSS_v4.0.1_2.2.2 PCI DSS v4.0.1 2.2.2 Vendor default accounts are managed as follows: If the vendor default account(s) will be used, the default password is changed per Requirement 8.3.6. If the vendor default account(s) will not be used, the account is removed or disabled PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration PCI_DSS_v4.0.1 2.2.2 PCI_DSS_v4.0.1_2.2.2 PCI DSS v4.0.1 2.2.2 Vendor default accounts are managed as follows: If the vendor default account(s) will be used, the default password is changed per Requirement 8.3.6. If the vendor default account(s) will not be used, the account is removed or disabled PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB PCI_DSS_v4.0.1 2.2.2 PCI_DSS_v4.0.1_2.2.2 PCI DSS v4.0.1 2.2.2 Vendor default accounts are managed as follows: If the vendor default account(s) will be used, the default password is changed per Requirement 8.3.6. If the vendor default account(s) will not be used, the account is removed or disabled PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL PCI_DSS_v4.0.1 2.2.2 PCI_DSS_v4.0.1_2.2.2 PCI DSS v4.0.1 2.2.2 Vendor default accounts are managed as follows: If the vendor default account(s) will be used, the default password is changed per Requirement 8.3.6. If the vendor default account(s) will not be used, the account is removed or disabled PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes PCI_DSS_v4.0.1 2.2.4 PCI_DSS_v4.0.1_2.2.4 PCI DSS v4.0.1 2.2.4 Only necessary services, protocols, daemons, and functions are enabled, and all unnecessary functionality is removed or disabled PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes PCI_DSS_v4.0.1 2.2.4 PCI_DSS_v4.0.1_2.2.4 PCI DSS v4.0.1 2.2.4 Only necessary services, protocols, daemons, and functions are enabled, and all unnecessary functionality is removed or disabled PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration PCI_DSS_v4.0.1 2.2.4 PCI_DSS_v4.0.1_2.2.4 PCI DSS v4.0.1 2.2.4 Only necessary services, protocols, daemons, and functions are enabled, and all unnecessary functionality is removed or disabled PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration PCI_DSS_v4.0.1 2.2.4 PCI_DSS_v4.0.1_2.2.4 PCI DSS v4.0.1 2.2.4 Only necessary services, protocols, daemons, and functions are enabled, and all unnecessary functionality is removed or disabled PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes PCI_DSS_v4.0.1 2.2.4 PCI_DSS_v4.0.1_2.2.4 PCI DSS v4.0.1 2.2.4 Only necessary services, protocols, daemons, and functions are enabled, and all unnecessary functionality is removed or disabled PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service PCI_DSS_v4.0.1 2.2.4 PCI_DSS_v4.0.1_2.2.4 PCI DSS v4.0.1 2.2.4 Only necessary services, protocols, daemons, and functions are enabled, and all unnecessary functionality is removed or disabled PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes PCI_DSS_v4.0.1 2.2.4 PCI_DSS_v4.0.1_2.2.4 PCI DSS v4.0.1 2.2.4 Only necessary services, protocols, daemons, and functions are enabled, and all unnecessary functionality is removed or disabled PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration PCI_DSS_v4.0.1 2.2.4 PCI_DSS_v4.0.1_2.2.4 PCI DSS v4.0.1 2.2.4 Only necessary services, protocols, daemons, and functions are enabled, and all unnecessary functionality is removed or disabled PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes PCI_DSS_v4.0.1 2.2.4 PCI_DSS_v4.0.1_2.2.4 PCI DSS v4.0.1 2.2.4 Only necessary services, protocols, daemons, and functions are enabled, and all unnecessary functionality is removed or disabled PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center PCI_DSS_v4.0.1 2.2.4 PCI_DSS_v4.0.1_2.2.4 PCI DSS v4.0.1 2.2.4 Only necessary services, protocols, daemons, and functions are enabled, and all unnecessary functionality is removed or disabled PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes PCI_DSS_v4.0.1 2.2.4 PCI_DSS_v4.0.1_2.2.4 PCI DSS v4.0.1 2.2.4 Only necessary services, protocols, daemons, and functions are enabled, and all unnecessary functionality is removed or disabled PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network PCI_DSS_v4.0.1 2.2.4 PCI_DSS_v4.0.1_2.2.4 PCI DSS v4.0.1 2.2.4 Only necessary services, protocols, daemons, and functions are enabled, and all unnecessary functionality is removed or disabled PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network PCI_DSS_v4.0.1 2.2.4 PCI_DSS_v4.0.1_2.2.4 PCI DSS v4.0.1 2.2.4 Only necessary services, protocols, daemons, and functions are enabled, and all unnecessary functionality is removed or disabled PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL PCI_DSS_v4.0.1 2.2.4 PCI_DSS_v4.0.1_2.2.4 PCI DSS v4.0.1 2.2.4 Only necessary services, protocols, daemons, and functions are enabled, and all unnecessary functionality is removed or disabled PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration PCI_DSS_v4.0.1 2.2.4 PCI_DSS_v4.0.1_2.2.4 PCI DSS v4.0.1 2.2.4 Only necessary services, protocols, daemons, and functions are enabled, and all unnecessary functionality is removed or disabled PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration PCI_DSS_v4.0.1 2.2.4 PCI_DSS_v4.0.1_2.2.4 PCI DSS v4.0.1 2.2.4 Only necessary services, protocols, daemons, and functions are enabled, and all unnecessary functionality is removed or disabled PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network PCI_DSS_v4.0.1 2.2.4 PCI_DSS_v4.0.1_2.2.4 PCI DSS v4.0.1 2.2.4 Only necessary services, protocols, daemons, and functions are enabled, and all unnecessary functionality is removed or disabled PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration PCI_DSS_v4.0.1 2.2.4 PCI_DSS_v4.0.1_2.2.4 PCI DSS v4.0.1 2.2.4 Only necessary services, protocols, daemons, and functions are enabled, and all unnecessary functionality is removed or disabled PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration PCI_DSS_v4.0.1 2.2.4 PCI_DSS_v4.0.1_2.2.4 PCI DSS v4.0.1 2.2.4 Only necessary services, protocols, daemons, and functions are enabled, and all unnecessary functionality is removed or disabled PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center PCI_DSS_v4.0.1 2.2.4 PCI_DSS_v4.0.1_2.2.4 PCI DSS v4.0.1 2.2.4 Only necessary services, protocols, daemons, and functions are enabled, and all unnecessary functionality is removed or disabled PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network PCI_DSS_v4.0.1 2.2.4 PCI_DSS_v4.0.1_2.2.4 PCI DSS v4.0.1 2.2.4 Only necessary services, protocols, daemons, and functions are enabled, and all unnecessary functionality is removed or disabled PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL PCI_DSS_v4.0.1 2.2.4 PCI_DSS_v4.0.1_2.2.4 PCI DSS v4.0.1 2.2.4 Only necessary services, protocols, daemons, and functions are enabled, and all unnecessary functionality is removed or disabled PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration PCI_DSS_v4.0.1 2.2.4 PCI_DSS_v4.0.1_2.2.4 PCI DSS v4.0.1 2.2.4 Only necessary services, protocols, daemons, and functions are enabled, and all unnecessary functionality is removed or disabled PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network PCI_DSS_v4.0.1 2.2.4 PCI_DSS_v4.0.1_2.2.4 PCI DSS v4.0.1 2.2.4 Only necessary services, protocols, daemons, and functions are enabled, and all unnecessary functionality is removed or disabled PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center PCI_DSS_v4.0.1 2.2.4 PCI_DSS_v4.0.1_2.2.4 PCI DSS v4.0.1 2.2.4 Only necessary services, protocols, daemons, and functions are enabled, and all unnecessary functionality is removed or disabled PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service PCI_DSS_v4.0.1 2.3.1 PCI_DSS_v4.0.1_2.3.1 PCI DSS v4.0.1 2.3.1 For wireless environments connected to the CDE or transmitting account data, all wireless vendor defaults are changed at installation or are confirmed to be secure, including but not limited to: Default wireless encryption keys. Passwords on wireless access points. SNMP defaults. Any other security-related wireless vendor defaults PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration PCI_DSS_v4.0.1 2.3.1 PCI_DSS_v4.0.1_2.3.1 PCI DSS v4.0.1 2.3.1 For wireless environments connected to the CDE or transmitting account data, all wireless vendor defaults are changed at installation or are confirmed to be secure, including but not limited to: Default wireless encryption keys. Passwords on wireless access points. SNMP defaults. Any other security-related wireless vendor defaults PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB PCI_DSS_v4.0.1 2.3.1 PCI_DSS_v4.0.1_2.3.1 PCI DSS v4.0.1 2.3.1 For wireless environments connected to the CDE or transmitting account data, all wireless vendor defaults are changed at installation or are confirmed to be secure, including but not limited to: Default wireless encryption keys. Passwords on wireless access points. SNMP defaults. Any other security-related wireless vendor defaults PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL PCI_DSS_v4.0.1 2.3.1 PCI_DSS_v4.0.1_2.3.1 PCI DSS v4.0.1 2.3.1 For wireless environments connected to the CDE or transmitting account data, all wireless vendor defaults are changed at installation or are confirmed to be secure, including but not limited to: Default wireless encryption keys. Passwords on wireless access points. SNMP defaults. Any other security-related wireless vendor defaults PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration PCI_DSS_v4.0.1 3.2.1 PCI_DSS_v4.0.1_3.2.1 PCI DSS v4.0.1 3.2.1 Account data storage is kept to a minimum through implementation of data retention and disposal policies, procedures, and processes that include at least the following: coverage for all locations of stored account data, coverage for any sensitive authentication data (SAD) stored prior to completion of authorization, limiting data storage amount and retention time to that which is required for legal or regulatory, and/or business requirements, specific retention requirements for stored account data that defines length of retention period and includes a documented business justification, processes for secure deletion or rendering account data unrecoverable when no longer needed per the retention policy, a process for verifying, at least once every three months, that stored account data exceeding the defined retention period has been securely deleted or rendered unrecoverable PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service PCI_DSS_v4.0.1 3.2.1 PCI_DSS_v4.0.1_3.2.1 PCI DSS v4.0.1 3.2.1 Account data storage is kept to a minimum through implementation of data retention and disposal policies, procedures, and processes that include at least the following: coverage for all locations of stored account data, coverage for any sensitive authentication data (SAD) stored prior to completion of authorization, limiting data storage amount and retention time to that which is required for legal or regulatory, and/or business requirements, specific retention requirements for stored account data that defines length of retention period and includes a documented business justification, processes for secure deletion or rendering account data unrecoverable when no longer needed per the retention policy, a process for verifying, at least once every three months, that stored account data exceeding the defined retention period has been securely deleted or rendered unrecoverable PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB PCI_DSS_v4.0.1 3.2.1 PCI_DSS_v4.0.1_3.2.1 PCI DSS v4.0.1 3.2.1 Account data storage is kept to a minimum through implementation of data retention and disposal policies, procedures, and processes that include at least the following: coverage for all locations of stored account data, coverage for any sensitive authentication data (SAD) stored prior to completion of authorization, limiting data storage amount and retention time to that which is required for legal or regulatory, and/or business requirements, specific retention requirements for stored account data that defines length of retention period and includes a documented business justification, processes for secure deletion or rendering account data unrecoverable when no longer needed per the retention policy, a process for verifying, at least once every three months, that stored account data exceeding the defined retention period has been securely deleted or rendered unrecoverable PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL PCI_DSS_v4.0.1 3.2.1 PCI_DSS_v4.0.1_3.2.1 PCI DSS v4.0.1 3.2.1 Account data storage is kept to a minimum through implementation of data retention and disposal policies, procedures, and processes that include at least the following: coverage for all locations of stored account data, coverage for any sensitive authentication data (SAD) stored prior to completion of authorization, limiting data storage amount and retention time to that which is required for legal or regulatory, and/or business requirements, specific retention requirements for stored account data that defines length of retention period and includes a documented business justification, processes for secure deletion or rendering account data unrecoverable when no longer needed per the retention policy, a process for verifying, at least once every three months, that stored account data exceeding the defined retention period has been securely deleted or rendered unrecoverable PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration PCI_DSS_v4.0.1 3.3.2 PCI_DSS_v4.0.1_3.3.2 PCI DSS v4.0.1 3.3.2 SAD that is stored electronically prior to completion of authorization is encrypted using strong cryptography PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service PCI_DSS_v4.0.1 3.3.2 PCI_DSS_v4.0.1_3.3.2 PCI DSS v4.0.1 3.3.2 SAD that is stored electronically prior to completion of authorization is encrypted using strong cryptography PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB PCI_DSS_v4.0.1 3.3.3 PCI_DSS_v4.0.1_3.3.3 PCI DSS v4.0.1 3.3.3 Additional requirement for issuers and companies that support issuing services and store sensitive authentication data: Any storage of sensitive authentication data is limited to that which is needed for a legitimate issuing business need and is secured. Encrypted using strong cryptography PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration PCI_DSS_v4.0.1 3.3.3 PCI_DSS_v4.0.1_3.3.3 PCI DSS v4.0.1 3.3.3 Additional requirement for issuers and companies that support issuing services and store sensitive authentication data: Any storage of sensitive authentication data is limited to that which is needed for a legitimate issuing business need and is secured. Encrypted using strong cryptography PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL PCI_DSS_v4.0.1 3.3.3 PCI_DSS_v4.0.1_3.3.3 PCI DSS v4.0.1 3.3.3 Additional requirement for issuers and companies that support issuing services and store sensitive authentication data: Any storage of sensitive authentication data is limited to that which is needed for a legitimate issuing business need and is secured. Encrypted using strong cryptography PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service PCI_DSS_v4.0.1 3.3.3 PCI_DSS_v4.0.1_3.3.3 PCI DSS v4.0.1 3.3.3 Additional requirement for issuers and companies that support issuing services and store sensitive authentication data: Any storage of sensitive authentication data is limited to that which is needed for a legitimate issuing business need and is secured. Encrypted using strong cryptography PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration PCI_DSS_v4.0.1 3.3.3 PCI_DSS_v4.0.1_3.3.3 PCI DSS v4.0.1 3.3.3 Additional requirement for issuers and companies that support issuing services and store sensitive authentication data: Any storage of sensitive authentication data is limited to that which is needed for a legitimate issuing business need and is secured. Encrypted using strong cryptography PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service PCI_DSS_v4.0.1 3.3.3 PCI_DSS_v4.0.1_3.3.3 PCI DSS v4.0.1 3.3.3 Additional requirement for issuers and companies that support issuing services and store sensitive authentication data: Any storage of sensitive authentication data is limited to that which is needed for a legitimate issuing business need and is secured. Encrypted using strong cryptography PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL PCI_DSS_v4.0.1 3.5.1.1 PCI_DSS_v4.0.1_3.5.1.1 PCI DSS v4.0.1 3.5.1.1 Hashes used to render PAN unreadable (per the first bullet of Requirement 3.5.1) are keyed cryptographic hashes of the entire PAN, with associated key-management processes and procedures in accordance with Requirements 3.6 and 3.7 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance PCI_DSS_v4.0.1 3.5.1.1 PCI_DSS_v4.0.1_3.5.1.1 PCI DSS v4.0.1 3.5.1.1 Hashes used to render PAN unreadable (per the first bullet of Requirement 3.5.1) are keyed cryptographic hashes of the entire PAN, with associated key-management processes and procedures in accordance with Requirements 3.6 and 3.7 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer PCI_DSS_v4.0.1 3.5.1.1 PCI_DSS_v4.0.1_3.5.1.1 PCI DSS v4.0.1 3.5.1.1 Hashes used to render PAN unreadable (per the first bullet of Requirement 3.5.1) are keyed cryptographic hashes of the entire PAN, with associated key-management processes and procedures in accordance with Requirements 3.6 and 3.7 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation PCI_DSS_v4.0.1 3.5.1.1 PCI_DSS_v4.0.1_3.5.1.1 PCI DSS v4.0.1 3.5.1.1 Hashes used to render PAN unreadable (per the first bullet of Requirement 3.5.1) are keyed cryptographic hashes of the entire PAN, with associated key-management processes and procedures in accordance with Requirements 3.6 and 3.7 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute PCI_DSS_v4.0.1 3.5.1.1 PCI_DSS_v4.0.1_3.5.1.1 PCI DSS v4.0.1 3.5.1.1 Hashes used to render PAN unreadable (per the first bullet of Requirement 3.5.1) are keyed cryptographic hashes of the entire PAN, with associated key-management processes and procedures in accordance with Requirements 3.6 and 3.7 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL PCI_DSS_v4.0.1 3.5.1.1 PCI_DSS_v4.0.1_3.5.1.1 PCI DSS v4.0.1 3.5.1.1 Hashes used to render PAN unreadable (per the first bullet of Requirement 3.5.1) are keyed cryptographic hashes of the entire PAN, with associated key-management processes and procedures in accordance with Requirements 3.6 and 3.7 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL PCI_DSS_v4.0.1 3.5.1.1 PCI_DSS_v4.0.1_3.5.1.1 PCI DSS v4.0.1 3.5.1.1 Hashes used to render PAN unreadable (per the first bullet of Requirement 3.5.1) are keyed cryptographic hashes of the entire PAN, with associated key-management processes and procedures in accordance with Requirements 3.6 and 3.7 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault PCI_DSS_v4.0.1 3.5.1.1 PCI_DSS_v4.0.1_3.5.1.1 PCI DSS v4.0.1 3.5.1.1 Hashes used to render PAN unreadable (per the first bullet of Requirement 3.5.1) are keyed cryptographic hashes of the entire PAN, with associated key-management processes and procedures in accordance with Requirements 3.6 and 3.7 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration PCI_DSS_v4.0.1 3.5.1.1 PCI_DSS_v4.0.1_3.5.1.1 PCI DSS v4.0.1 3.5.1.1 Hashes used to render PAN unreadable (per the first bullet of Requirement 3.5.1) are keyed cryptographic hashes of the entire PAN, with associated key-management processes and procedures in accordance with Requirements 3.6 and 3.7 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration PCI_DSS_v4.0.1 3.5.1.1 PCI_DSS_v4.0.1_3.5.1.1 PCI DSS v4.0.1 3.5.1.1 Hashes used to render PAN unreadable (per the first bullet of Requirement 3.5.1) are keyed cryptographic hashes of the entire PAN, with associated key-management processes and procedures in accordance with Requirements 3.6 and 3.7 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault PCI_DSS_v4.0.1 3.5.1.1 PCI_DSS_v4.0.1_3.5.1.1 PCI DSS v4.0.1 3.5.1.1 Hashes used to render PAN unreadable (per the first bullet of Requirement 3.5.1) are keyed cryptographic hashes of the entire PAN, with associated key-management processes and procedures in accordance with Requirements 3.6 and 3.7 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute PCI_DSS_v4.0.1 3.5.1.1 PCI_DSS_v4.0.1_3.5.1.1 PCI DSS v4.0.1 3.5.1.1 Hashes used to render PAN unreadable (per the first bullet of Requirement 3.5.1) are keyed cryptographic hashes of the entire PAN, with associated key-management processes and procedures in accordance with Requirements 3.6 and 3.7 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics PCI_DSS_v4.0.1 3.5.1.1 PCI_DSS_v4.0.1_3.5.1.1 PCI DSS v4.0.1 3.5.1.1 Hashes used to render PAN unreadable (per the first bullet of Requirement 3.5.1) are keyed cryptographic hashes of the entire PAN, with associated key-management processes and procedures in accordance with Requirements 3.6 and 3.7 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer PCI_DSS_v4.0.1 3.5.1.1 PCI_DSS_v4.0.1_3.5.1.1 PCI DSS v4.0.1 3.5.1.1 Hashes used to render PAN unreadable (per the first bullet of Requirement 3.5.1) are keyed cryptographic hashes of the entire PAN, with associated key-management processes and procedures in accordance with Requirements 3.6 and 3.7 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center PCI_DSS_v4.0.1 3.5.1.1 PCI_DSS_v4.0.1_3.5.1.1 PCI DSS v4.0.1 3.5.1.1 Hashes used to render PAN unreadable (per the first bullet of Requirement 3.5.1) are keyed cryptographic hashes of the entire PAN, with associated key-management processes and procedures in accordance with Requirements 3.6 and 3.7 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage PCI_DSS_v4.0.1 3.5.1.1 PCI_DSS_v4.0.1_3.5.1.1 PCI DSS v4.0.1 3.5.1.1 Hashes used to render PAN unreadable (per the first bullet of Requirement 3.5.1) are keyed cryptographic hashes of the entire PAN, with associated key-management processes and procedures in accordance with Requirements 3.6 and 3.7 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration PCI_DSS_v4.0.1 3.5.1.1 PCI_DSS_v4.0.1_3.5.1.1 PCI DSS v4.0.1 3.5.1.1 Hashes used to render PAN unreadable (per the first bullet of Requirement 3.5.1) are keyed cryptographic hashes of the entire PAN, with associated key-management processes and procedures in accordance with Requirements 3.6 and 3.7 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL PCI_DSS_v4.0.1 3.5.1.1 PCI_DSS_v4.0.1_3.5.1.1 PCI DSS v4.0.1 3.5.1.1 Hashes used to render PAN unreadable (per the first bullet of Requirement 3.5.1) are keyed cryptographic hashes of the entire PAN, with associated key-management processes and procedures in accordance with Requirements 3.6 and 3.7 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL PCI_DSS_v4.0.1 3.5.1.1 PCI_DSS_v4.0.1_3.5.1.1 PCI DSS v4.0.1 3.5.1.1 Hashes used to render PAN unreadable (per the first bullet of Requirement 3.5.1) are keyed cryptographic hashes of the entire PAN, with associated key-management processes and procedures in accordance with Requirements 3.6 and 3.7 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring PCI_DSS_v4.0.1 3.5.1.2 PCI_DSS_v4.0.1_3.5.1.2 PCI DSS v4.0.1 3.5.1.2 If disk-level or partition-level encryption (rather than file-, column-, or field-level database encryption) is used to render PAN unreadable, it is implemented only as follows: on removable electronic media OR if used for non-removable electronic media, PAN is also rendered unreadable via another mechanism that meets Requirement 3.5.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration PCI_DSS_v4.0.1 3.5.1.2 PCI_DSS_v4.0.1_3.5.1.2 PCI DSS v4.0.1 3.5.1.2 If disk-level or partition-level encryption (rather than file-, column-, or field-level database encryption) is used to render PAN unreadable, it is implemented only as follows: on removable electronic media OR if used for non-removable electronic media, PAN is also rendered unreadable via another mechanism that meets Requirement 3.5.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration PCI_DSS_v4.0.1 3.5.1.2 PCI_DSS_v4.0.1_3.5.1.2 PCI DSS v4.0.1 3.5.1.2 If disk-level or partition-level encryption (rather than file-, column-, or field-level database encryption) is used to render PAN unreadable, it is implemented only as follows: on removable electronic media OR if used for non-removable electronic media, PAN is also rendered unreadable via another mechanism that meets Requirement 3.5.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer PCI_DSS_v4.0.1 3.5.1.2 PCI_DSS_v4.0.1_3.5.1.2 PCI DSS v4.0.1 3.5.1.2 If disk-level or partition-level encryption (rather than file-, column-, or field-level database encryption) is used to render PAN unreadable, it is implemented only as follows: on removable electronic media OR if used for non-removable electronic media, PAN is also rendered unreadable via another mechanism that meets Requirement 3.5.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute PCI_DSS_v4.0.1 3.5.1.2 PCI_DSS_v4.0.1_3.5.1.2 PCI DSS v4.0.1 3.5.1.2 If disk-level or partition-level encryption (rather than file-, column-, or field-level database encryption) is used to render PAN unreadable, it is implemented only as follows: on removable electronic media OR if used for non-removable electronic media, PAN is also rendered unreadable via another mechanism that meets Requirement 3.5.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute PCI_DSS_v4.0.1 3.5.1.2 PCI_DSS_v4.0.1_3.5.1.2 PCI DSS v4.0.1 3.5.1.2 If disk-level or partition-level encryption (rather than file-, column-, or field-level database encryption) is used to render PAN unreadable, it is implemented only as follows: on removable electronic media OR if used for non-removable electronic media, PAN is also rendered unreadable via another mechanism that meets Requirement 3.5.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things PCI_DSS_v4.0.1 3.5.1.2 PCI_DSS_v4.0.1_3.5.1.2 PCI DSS v4.0.1 3.5.1.2 If disk-level or partition-level encryption (rather than file-, column-, or field-level database encryption) is used to render PAN unreadable, it is implemented only as follows: on removable electronic media OR if used for non-removable electronic media, PAN is also rendered unreadable via another mechanism that meets Requirement 3.5.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services PCI_DSS_v4.0.1 3.5.1.2 PCI_DSS_v4.0.1_3.5.1.2 PCI DSS v4.0.1 3.5.1.2 If disk-level or partition-level encryption (rather than file-, column-, or field-level database encryption) is used to render PAN unreadable, it is implemented only as follows: on removable electronic media OR if used for non-removable electronic media, PAN is also rendered unreadable via another mechanism that meets Requirement 3.5.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage PCI_DSS_v4.0.1 3.5.1.2 PCI_DSS_v4.0.1_3.5.1.2 PCI DSS v4.0.1 3.5.1.2 If disk-level or partition-level encryption (rather than file-, column-, or field-level database encryption) is used to render PAN unreadable, it is implemented only as follows: on removable electronic media OR if used for non-removable electronic media, PAN is also rendered unreadable via another mechanism that meets Requirement 3.5.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance PCI_DSS_v4.0.1 3.6.1 PCI_DSS_v4.0.1_3.6.1 PCI DSS v4.0.1 3.6.1 Procedures are defined and implemented to protect cryptographic keys used to protect stored account data against disclosure and misuse that include: access to keys is restricted to the fewest number of custodians necessary. Key-encrypting keys are at least as strong as the data-encrypting keys they protect. Key-encrypting keys are stored separately from data-encrypting keys. Keys are stored securely in the fewest possible locations and forms PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage PCI_DSS_v4.0.1 3.6.1 PCI_DSS_v4.0.1_3.6.1 PCI DSS v4.0.1 3.6.1 Procedures are defined and implemented to protect cryptographic keys used to protect stored account data against disclosure and misuse that include: access to keys is restricted to the fewest number of custodians necessary. Key-encrypting keys are at least as strong as the data-encrypting keys they protect. Key-encrypting keys are stored separately from data-encrypting keys. Keys are stored securely in the fewest possible locations and forms PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics PCI_DSS_v4.0.1 3.6.1 PCI_DSS_v4.0.1_3.6.1 PCI DSS v4.0.1 3.6.1 Procedures are defined and implemented to protect cryptographic keys used to protect stored account data against disclosure and misuse that include: access to keys is restricted to the fewest number of custodians necessary. Key-encrypting keys are at least as strong as the data-encrypting keys they protect. Key-encrypting keys are stored separately from data-encrypting keys. Keys are stored securely in the fewest possible locations and forms PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration PCI_DSS_v4.0.1 3.6.1 PCI_DSS_v4.0.1_3.6.1 PCI DSS v4.0.1 3.6.1 Procedures are defined and implemented to protect cryptographic keys used to protect stored account data against disclosure and misuse that include: access to keys is restricted to the fewest number of custodians necessary. Key-encrypting keys are at least as strong as the data-encrypting keys they protect. Key-encrypting keys are stored separately from data-encrypting keys. Keys are stored securely in the fewest possible locations and forms PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault PCI_DSS_v4.0.1 3.6.1 PCI_DSS_v4.0.1_3.6.1 PCI DSS v4.0.1 3.6.1 Procedures are defined and implemented to protect cryptographic keys used to protect stored account data against disclosure and misuse that include: access to keys is restricted to the fewest number of custodians necessary. Key-encrypting keys are at least as strong as the data-encrypting keys they protect. Key-encrypting keys are stored separately from data-encrypting keys. Keys are stored securely in the fewest possible locations and forms PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL PCI_DSS_v4.0.1 3.6.1 PCI_DSS_v4.0.1_3.6.1 PCI DSS v4.0.1 3.6.1 Procedures are defined and implemented to protect cryptographic keys used to protect stored account data against disclosure and misuse that include: access to keys is restricted to the fewest number of custodians necessary. Key-encrypting keys are at least as strong as the data-encrypting keys they protect. Key-encrypting keys are stored separately from data-encrypting keys. Keys are stored securely in the fewest possible locations and forms PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault PCI_DSS_v4.0.1 3.6.1 PCI_DSS_v4.0.1_3.6.1 PCI DSS v4.0.1 3.6.1 Procedures are defined and implemented to protect cryptographic keys used to protect stored account data against disclosure and misuse that include: access to keys is restricted to the fewest number of custodians necessary. Key-encrypting keys are at least as strong as the data-encrypting keys they protect. Key-encrypting keys are stored separately from data-encrypting keys. Keys are stored securely in the fewest possible locations and forms PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute PCI_DSS_v4.0.1 3.6.1 PCI_DSS_v4.0.1_3.6.1 PCI DSS v4.0.1 3.6.1 Procedures are defined and implemented to protect cryptographic keys used to protect stored account data against disclosure and misuse that include: access to keys is restricted to the fewest number of custodians necessary. Key-encrypting keys are at least as strong as the data-encrypting keys they protect. Key-encrypting keys are stored separately from data-encrypting keys. Keys are stored securely in the fewest possible locations and forms PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things PCI_DSS_v4.0.1 3.6.1 PCI_DSS_v4.0.1_3.6.1 PCI DSS v4.0.1 3.6.1 Procedures are defined and implemented to protect cryptographic keys used to protect stored account data against disclosure and misuse that include: access to keys is restricted to the fewest number of custodians necessary. Key-encrypting keys are at least as strong as the data-encrypting keys they protect. Key-encrypting keys are stored separately from data-encrypting keys. Keys are stored securely in the fewest possible locations and forms PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation PCI_DSS_v4.0.1 3.6.1 PCI_DSS_v4.0.1_3.6.1 PCI DSS v4.0.1 3.6.1 Procedures are defined and implemented to protect cryptographic keys used to protect stored account data against disclosure and misuse that include: access to keys is restricted to the fewest number of custodians necessary. Key-encrypting keys are at least as strong as the data-encrypting keys they protect. Key-encrypting keys are stored separately from data-encrypting keys. Keys are stored securely in the fewest possible locations and forms PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault PCI_DSS_v4.0.1 3.6.1 PCI_DSS_v4.0.1_3.6.1 PCI DSS v4.0.1 3.6.1 Procedures are defined and implemented to protect cryptographic keys used to protect stored account data against disclosure and misuse that include: access to keys is restricted to the fewest number of custodians necessary. Key-encrypting keys are at least as strong as the data-encrypting keys they protect. Key-encrypting keys are stored separately from data-encrypting keys. Keys are stored securely in the fewest possible locations and forms PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault PCI_DSS_v4.0.1 3.6.1 PCI_DSS_v4.0.1_3.6.1 PCI DSS v4.0.1 3.6.1 Procedures are defined and implemented to protect cryptographic keys used to protect stored account data against disclosure and misuse that include: access to keys is restricted to the fewest number of custodians necessary. Key-encrypting keys are at least as strong as the data-encrypting keys they protect. Key-encrypting keys are stored separately from data-encrypting keys. Keys are stored securely in the fewest possible locations and forms PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault PCI_DSS_v4.0.1 3.6.1 PCI_DSS_v4.0.1_3.6.1 PCI DSS v4.0.1 3.6.1 Procedures are defined and implemented to protect cryptographic keys used to protect stored account data against disclosure and misuse that include: access to keys is restricted to the fewest number of custodians necessary. Key-encrypting keys are at least as strong as the data-encrypting keys they protect. Key-encrypting keys are stored separately from data-encrypting keys. Keys are stored securely in the fewest possible locations and forms PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage PCI_DSS_v4.0.1 3.6.1 PCI_DSS_v4.0.1_3.6.1 PCI DSS v4.0.1 3.6.1 Procedures are defined and implemented to protect cryptographic keys used to protect stored account data against disclosure and misuse that include: access to keys is restricted to the fewest number of custodians necessary. Key-encrypting keys are at least as strong as the data-encrypting keys they protect. Key-encrypting keys are stored separately from data-encrypting keys. Keys are stored securely in the fewest possible locations and forms PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL PCI_DSS_v4.0.1 3.6.1 PCI_DSS_v4.0.1_3.6.1 PCI DSS v4.0.1 3.6.1 Procedures are defined and implemented to protect cryptographic keys used to protect stored account data against disclosure and misuse that include: access to keys is restricted to the fewest number of custodians necessary. Key-encrypting keys are at least as strong as the data-encrypting keys they protect. Key-encrypting keys are stored separately from data-encrypting keys. Keys are stored securely in the fewest possible locations and forms PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute PCI_DSS_v4.0.1 3.6.1 PCI_DSS_v4.0.1_3.6.1 PCI DSS v4.0.1 3.6.1 Procedures are defined and implemented to protect cryptographic keys used to protect stored account data against disclosure and misuse that include: access to keys is restricted to the fewest number of custodians necessary. Key-encrypting keys are at least as strong as the data-encrypting keys they protect. Key-encrypting keys are stored separately from data-encrypting keys. Keys are stored securely in the fewest possible locations and forms PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage PCI_DSS_v4.0.1 3.6.1.1 PCI_DSS_v4.0.1_3.6.1.1 PCI DSS v4.0.1 3.6.1.1 Additional requirement for service providers only: A documented description of the cryptographic architecture is maintained that includes: details of all algorithms, protocols, and keys used for the protection of stored account data, including key strength and expiry date. Preventing the use of the same cryptographic keys in production and test environments. Description of the key usage for each key. Inventory of any hardware security modules (HSMs), key management systems (KMS), and other secure cryptographic devices (SCDs) used for key management, including type and location of devices, to support meeting Requirement 12.3.4 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage PCI_DSS_v4.0.1 3.6.1.1 PCI_DSS_v4.0.1_3.6.1.1 PCI DSS v4.0.1 3.6.1.1 Additional requirement for service providers only: A documented description of the cryptographic architecture is maintained that includes: details of all algorithms, protocols, and keys used for the protection of stored account data, including key strength and expiry date. Preventing the use of the same cryptographic keys in production and test environments. Description of the key usage for each key. Inventory of any hardware security modules (HSMs), key management systems (KMS), and other secure cryptographic devices (SCDs) used for key management, including type and location of devices, to support meeting Requirement 12.3.4 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance PCI_DSS_v4.0.1 3.6.1.1 PCI_DSS_v4.0.1_3.6.1.1 PCI DSS v4.0.1 3.6.1.1 Additional requirement for service providers only: A documented description of the cryptographic architecture is maintained that includes: details of all algorithms, protocols, and keys used for the protection of stored account data, including key strength and expiry date. Preventing the use of the same cryptographic keys in production and test environments. Description of the key usage for each key. Inventory of any hardware security modules (HSMs), key management systems (KMS), and other secure cryptographic devices (SCDs) used for key management, including type and location of devices, to support meeting Requirement 12.3.4 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation PCI_DSS_v4.0.1 3.6.1.1 PCI_DSS_v4.0.1_3.6.1.1 PCI DSS v4.0.1 3.6.1.1 Additional requirement for service providers only: A documented description of the cryptographic architecture is maintained that includes: details of all algorithms, protocols, and keys used for the protection of stored account data, including key strength and expiry date. Preventing the use of the same cryptographic keys in production and test environments. Description of the key usage for each key. Inventory of any hardware security modules (HSMs), key management systems (KMS), and other secure cryptographic devices (SCDs) used for key management, including type and location of devices, to support meeting Requirement 12.3.4 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute PCI_DSS_v4.0.1 3.6.1.1 PCI_DSS_v4.0.1_3.6.1.1 PCI DSS v4.0.1 3.6.1.1 Additional requirement for service providers only: A documented description of the cryptographic architecture is maintained that includes: details of all algorithms, protocols, and keys used for the protection of stored account data, including key strength and expiry date. Preventing the use of the same cryptographic keys in production and test environments. Description of the key usage for each key. Inventory of any hardware security modules (HSMs), key management systems (KMS), and other secure cryptographic devices (SCDs) used for key management, including type and location of devices, to support meeting Requirement 12.3.4 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute PCI_DSS_v4.0.1 3.6.1.1 PCI_DSS_v4.0.1_3.6.1.1 PCI DSS v4.0.1 3.6.1.1 Additional requirement for service providers only: A documented description of the cryptographic architecture is maintained that includes: details of all algorithms, protocols, and keys used for the protection of stored account data, including key strength and expiry date. Preventing the use of the same cryptographic keys in production and test environments. Description of the key usage for each key. Inventory of any hardware security modules (HSMs), key management systems (KMS), and other secure cryptographic devices (SCDs) used for key management, including type and location of devices, to support meeting Requirement 12.3.4 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics PCI_DSS_v4.0.1 3.6.1.1 PCI_DSS_v4.0.1_3.6.1.1 PCI DSS v4.0.1 3.6.1.1 Additional requirement for service providers only: A documented description of the cryptographic architecture is maintained that includes: details of all algorithms, protocols, and keys used for the protection of stored account data, including key strength and expiry date. Preventing the use of the same cryptographic keys in production and test environments. Description of the key usage for each key. Inventory of any hardware security modules (HSMs), key management systems (KMS), and other secure cryptographic devices (SCDs) used for key management, including type and location of devices, to support meeting Requirement 12.3.4 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things PCI_DSS_v4.0.1 3.6.1.1 PCI_DSS_v4.0.1_3.6.1.1 PCI DSS v4.0.1 3.6.1.1 Additional requirement for service providers only: A documented description of the cryptographic architecture is maintained that includes: details of all algorithms, protocols, and keys used for the protection of stored account data, including key strength and expiry date. Preventing the use of the same cryptographic keys in production and test environments. Description of the key usage for each key. Inventory of any hardware security modules (HSMs), key management systems (KMS), and other secure cryptographic devices (SCDs) used for key management, including type and location of devices, to support meeting Requirement 12.3.4 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault PCI_DSS_v4.0.1 3.6.1.1 PCI_DSS_v4.0.1_3.6.1.1 PCI DSS v4.0.1 3.6.1.1 Additional requirement for service providers only: A documented description of the cryptographic architecture is maintained that includes: details of all algorithms, protocols, and keys used for the protection of stored account data, including key strength and expiry date. Preventing the use of the same cryptographic keys in production and test environments. Description of the key usage for each key. Inventory of any hardware security modules (HSMs), key management systems (KMS), and other secure cryptographic devices (SCDs) used for key management, including type and location of devices, to support meeting Requirement 12.3.4 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL PCI_DSS_v4.0.1 3.6.1.1 PCI_DSS_v4.0.1_3.6.1.1 PCI DSS v4.0.1 3.6.1.1 Additional requirement for service providers only: A documented description of the cryptographic architecture is maintained that includes: details of all algorithms, protocols, and keys used for the protection of stored account data, including key strength and expiry date. Preventing the use of the same cryptographic keys in production and test environments. Description of the key usage for each key. Inventory of any hardware security modules (HSMs), key management systems (KMS), and other secure cryptographic devices (SCDs) used for key management, including type and location of devices, to support meeting Requirement 12.3.4 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL PCI_DSS_v4.0.1 3.6.1.1 PCI_DSS_v4.0.1_3.6.1.1 PCI DSS v4.0.1 3.6.1.1 Additional requirement for service providers only: A documented description of the cryptographic architecture is maintained that includes: details of all algorithms, protocols, and keys used for the protection of stored account data, including key strength and expiry date. Preventing the use of the same cryptographic keys in production and test environments. Description of the key usage for each key. Inventory of any hardware security modules (HSMs), key management systems (KMS), and other secure cryptographic devices (SCDs) used for key management, including type and location of devices, to support meeting Requirement 12.3.4 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault PCI_DSS_v4.0.1 3.6.1.1 PCI_DSS_v4.0.1_3.6.1.1 PCI DSS v4.0.1 3.6.1.1 Additional requirement for service providers only: A documented description of the cryptographic architecture is maintained that includes: details of all algorithms, protocols, and keys used for the protection of stored account data, including key strength and expiry date. Preventing the use of the same cryptographic keys in production and test environments. Description of the key usage for each key. Inventory of any hardware security modules (HSMs), key management systems (KMS), and other secure cryptographic devices (SCDs) used for key management, including type and location of devices, to support meeting Requirement 12.3.4 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault PCI_DSS_v4.0.1 3.6.1.1 PCI_DSS_v4.0.1_3.6.1.1 PCI DSS v4.0.1 3.6.1.1 Additional requirement for service providers only: A documented description of the cryptographic architecture is maintained that includes: details of all algorithms, protocols, and keys used for the protection of stored account data, including key strength and expiry date. Preventing the use of the same cryptographic keys in production and test environments. Description of the key usage for each key. Inventory of any hardware security modules (HSMs), key management systems (KMS), and other secure cryptographic devices (SCDs) used for key management, including type and location of devices, to support meeting Requirement 12.3.4 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration PCI_DSS_v4.0.1 3.6.1.1 PCI_DSS_v4.0.1_3.6.1.1 PCI DSS v4.0.1 3.6.1.1 Additional requirement for service providers only: A documented description of the cryptographic architecture is maintained that includes: details of all algorithms, protocols, and keys used for the protection of stored account data, including key strength and expiry date. Preventing the use of the same cryptographic keys in production and test environments. Description of the key usage for each key. Inventory of any hardware security modules (HSMs), key management systems (KMS), and other secure cryptographic devices (SCDs) used for key management, including type and location of devices, to support meeting Requirement 12.3.4 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault PCI_DSS_v4.0.1 3.6.1.2 PCI_DSS_v4.0.1_3.6.1.2 PCI DSS v4.0.1 3.6.1.2 Secret and private keys used to protect stored account data are stored in one (or more) of the following forms at all times: encrypted with a key-encrypting key that is at least as strong as the data-encrypting key, and that is stored separately from the data-encrypting key. Within a secure cryptographic device (SCD), such as a hardware security module (HSM) or PTS-approved point-of-interaction device. As at least two full-length key components or key shares, in accordance with an industry-accepted method PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute PCI_DSS_v4.0.1 3.6.1.3 PCI_DSS_v4.0.1_3.6.1.3 PCI DSS v4.0.1 3.6.1.3 Access to cleartext cryptographic key components is restricted to the fewest number of custodians necessary PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault PCI_DSS_v4.0.1 3.6.1.4 PCI_DSS_v4.0.1_3.6.1.4 PCI DSS v4.0.1 3.6.1.4 Cryptographic keys are stored in the fewest possible locations PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL PCI_DSS_v4.0.1 3.7.1 PCI_DSS_v4.0.1_3.7.1 PCI DSS v4.0.1 3.7.1 Key-management policies and procedures are implemented to include generation of strong cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL PCI_DSS_v4.0.1 3.7.1 PCI_DSS_v4.0.1_3.7.1 PCI DSS v4.0.1 3.7.1 Key-management policies and procedures are implemented to include generation of strong cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault PCI_DSS_v4.0.1 3.7.1 PCI_DSS_v4.0.1_3.7.1 PCI DSS v4.0.1 3.7.1 Key-management policies and procedures are implemented to include generation of strong cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault PCI_DSS_v4.0.1 3.7.1 PCI_DSS_v4.0.1_3.7.1 PCI DSS v4.0.1 3.7.1 Key-management policies and procedures are implemented to include generation of strong cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault PCI_DSS_v4.0.1 3.7.1 PCI_DSS_v4.0.1_3.7.1 PCI DSS v4.0.1 3.7.1 Key-management policies and procedures are implemented to include generation of strong cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration PCI_DSS_v4.0.1 3.7.1 PCI_DSS_v4.0.1_3.7.1 PCI DSS v4.0.1 3.7.1 Key-management policies and procedures are implemented to include generation of strong cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics PCI_DSS_v4.0.1 3.7.1 PCI_DSS_v4.0.1_3.7.1 PCI DSS v4.0.1 3.7.1 Key-management policies and procedures are implemented to include generation of strong cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute PCI_DSS_v4.0.1 3.7.1 PCI_DSS_v4.0.1_3.7.1 PCI DSS v4.0.1 3.7.1 Key-management policies and procedures are implemented to include generation of strong cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage PCI_DSS_v4.0.1 3.7.1 PCI_DSS_v4.0.1_3.7.1 PCI DSS v4.0.1 3.7.1 Key-management policies and procedures are implemented to include generation of strong cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage PCI_DSS_v4.0.1 3.7.1 PCI_DSS_v4.0.1_3.7.1 PCI DSS v4.0.1 3.7.1 Key-management policies and procedures are implemented to include generation of strong cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance PCI_DSS_v4.0.1 3.7.1 PCI_DSS_v4.0.1_3.7.1 PCI DSS v4.0.1 3.7.1 Key-management policies and procedures are implemented to include generation of strong cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault PCI_DSS_v4.0.1 3.7.1 PCI_DSS_v4.0.1_3.7.1 PCI DSS v4.0.1 3.7.1 Key-management policies and procedures are implemented to include generation of strong cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault PCI_DSS_v4.0.1 3.7.1 PCI_DSS_v4.0.1_3.7.1 PCI DSS v4.0.1 3.7.1 Key-management policies and procedures are implemented to include generation of strong cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things PCI_DSS_v4.0.1 3.7.1 PCI_DSS_v4.0.1_3.7.1 PCI DSS v4.0.1 3.7.1 Key-management policies and procedures are implemented to include generation of strong cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute PCI_DSS_v4.0.1 3.7.1 PCI_DSS_v4.0.1_3.7.1 PCI DSS v4.0.1 3.7.1 Key-management policies and procedures are implemented to include generation of strong cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation PCI_DSS_v4.0.1 3.7.1 PCI_DSS_v4.0.1_3.7.1 PCI DSS v4.0.1 3.7.1 Key-management policies and procedures are implemented to include generation of strong cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault PCI_DSS_v4.0.1 3.7.2 PCI_DSS_v4.0.1_3.7.2 PCI DSS v4.0.1 3.7.2 Key-management policies and procedures are implemented to include secure distribution of cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute PCI_DSS_v4.0.1 3.7.2 PCI_DSS_v4.0.1_3.7.2 PCI DSS v4.0.1 3.7.2 Key-management policies and procedures are implemented to include secure distribution of cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation PCI_DSS_v4.0.1 3.7.2 PCI_DSS_v4.0.1_3.7.2 PCI DSS v4.0.1 3.7.2 Key-management policies and procedures are implemented to include secure distribution of cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration PCI_DSS_v4.0.1 3.7.2 PCI_DSS_v4.0.1_3.7.2 PCI DSS v4.0.1 3.7.2 Key-management policies and procedures are implemented to include secure distribution of cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance PCI_DSS_v4.0.1 3.7.2 PCI_DSS_v4.0.1_3.7.2 PCI DSS v4.0.1 3.7.2 Key-management policies and procedures are implemented to include secure distribution of cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage PCI_DSS_v4.0.1 3.7.2 PCI_DSS_v4.0.1_3.7.2 PCI DSS v4.0.1 3.7.2 Key-management policies and procedures are implemented to include secure distribution of cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault PCI_DSS_v4.0.1 3.7.2 PCI_DSS_v4.0.1_3.7.2 PCI DSS v4.0.1 3.7.2 Key-management policies and procedures are implemented to include secure distribution of cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL PCI_DSS_v4.0.1 3.7.2 PCI_DSS_v4.0.1_3.7.2 PCI DSS v4.0.1 3.7.2 Key-management policies and procedures are implemented to include secure distribution of cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics PCI_DSS_v4.0.1 3.7.2 PCI_DSS_v4.0.1_3.7.2 PCI DSS v4.0.1 3.7.2 Key-management policies and procedures are implemented to include secure distribution of cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL PCI_DSS_v4.0.1 3.7.2 PCI_DSS_v4.0.1_3.7.2 PCI DSS v4.0.1 3.7.2 Key-management policies and procedures are implemented to include secure distribution of cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things PCI_DSS_v4.0.1 3.7.2 PCI_DSS_v4.0.1_3.7.2 PCI DSS v4.0.1 3.7.2 Key-management policies and procedures are implemented to include secure distribution of cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault PCI_DSS_v4.0.1 3.7.2 PCI_DSS_v4.0.1_3.7.2 PCI DSS v4.0.1 3.7.2 Key-management policies and procedures are implemented to include secure distribution of cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault PCI_DSS_v4.0.1 3.7.2 PCI_DSS_v4.0.1_3.7.2 PCI DSS v4.0.1 3.7.2 Key-management policies and procedures are implemented to include secure distribution of cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault PCI_DSS_v4.0.1 3.7.2 PCI_DSS_v4.0.1_3.7.2 PCI DSS v4.0.1 3.7.2 Key-management policies and procedures are implemented to include secure distribution of cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage PCI_DSS_v4.0.1 3.7.2 PCI_DSS_v4.0.1_3.7.2 PCI DSS v4.0.1 3.7.2 Key-management policies and procedures are implemented to include secure distribution of cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute PCI_DSS_v4.0.1 3.7.2 PCI_DSS_v4.0.1_3.7.2 PCI DSS v4.0.1 3.7.2 Key-management policies and procedures are implemented to include secure distribution of cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance PCI_DSS_v4.0.1 3.7.3 PCI_DSS_v4.0.1_3.7.3 PCI DSS v4.0.1 3.7.3 Key-management policies and procedures are implemented to include secure storage of cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage PCI_DSS_v4.0.1 3.7.3 PCI_DSS_v4.0.1_3.7.3 PCI DSS v4.0.1 3.7.3 Key-management policies and procedures are implemented to include secure storage of cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL PCI_DSS_v4.0.1 3.7.3 PCI_DSS_v4.0.1_3.7.3 PCI DSS v4.0.1 3.7.3 Key-management policies and procedures are implemented to include secure storage of cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage PCI_DSS_v4.0.1 3.7.3 PCI_DSS_v4.0.1_3.7.3 PCI DSS v4.0.1 3.7.3 Key-management policies and procedures are implemented to include secure storage of cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault PCI_DSS_v4.0.1 3.7.3 PCI_DSS_v4.0.1_3.7.3 PCI DSS v4.0.1 3.7.3 Key-management policies and procedures are implemented to include secure storage of cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault PCI_DSS_v4.0.1 3.7.3 PCI_DSS_v4.0.1_3.7.3 PCI DSS v4.0.1 3.7.3 Key-management policies and procedures are implemented to include secure storage of cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault PCI_DSS_v4.0.1 3.7.3 PCI_DSS_v4.0.1_3.7.3 PCI DSS v4.0.1 3.7.3 Key-management policies and procedures are implemented to include secure storage of cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things PCI_DSS_v4.0.1 3.7.3 PCI_DSS_v4.0.1_3.7.3 PCI DSS v4.0.1 3.7.3 Key-management policies and procedures are implemented to include secure storage of cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL PCI_DSS_v4.0.1 3.7.3 PCI_DSS_v4.0.1_3.7.3 PCI DSS v4.0.1 3.7.3 Key-management policies and procedures are implemented to include secure storage of cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration PCI_DSS_v4.0.1 3.7.3 PCI_DSS_v4.0.1_3.7.3 PCI DSS v4.0.1 3.7.3 Key-management policies and procedures are implemented to include secure storage of cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation PCI_DSS_v4.0.1 3.7.3 PCI_DSS_v4.0.1_3.7.3 PCI DSS v4.0.1 3.7.3 Key-management policies and procedures are implemented to include secure storage of cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics PCI_DSS_v4.0.1 3.7.3 PCI_DSS_v4.0.1_3.7.3 PCI DSS v4.0.1 3.7.3 Key-management policies and procedures are implemented to include secure storage of cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute PCI_DSS_v4.0.1 3.7.3 PCI_DSS_v4.0.1_3.7.3 PCI DSS v4.0.1 3.7.3 Key-management policies and procedures are implemented to include secure storage of cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute PCI_DSS_v4.0.1 3.7.3 PCI_DSS_v4.0.1_3.7.3 PCI DSS v4.0.1 3.7.3 Key-management policies and procedures are implemented to include secure storage of cryptographic keys used to protect stored account data PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage PCI_DSS_v4.0.1 3.7.5 PCI_DSS_v4.0.1_3.7.5 PCI DSS v4.0.1 3.7.5 Key management policies procedures are implemented to include the retirement, replacement, or destruction of keys used to protect stored account data, as deemed necessary when: the key has reached the end of its defined cryptoperiod. The integrity of the key has been weakened, including when personnel with knowledge of a cleartext key component leaves the company, or the role for which the key component was known. The key is suspected of or known to be compromised. Retired or replaced keys are not used for encryption operations PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault PCI_DSS_v4.0.1 3.7.5 PCI_DSS_v4.0.1_3.7.5 PCI DSS v4.0.1 3.7.5 Key management policies procedures are implemented to include the retirement, replacement, or destruction of keys used to protect stored account data, as deemed necessary when: the key has reached the end of its defined cryptoperiod. The integrity of the key has been weakened, including when personnel with knowledge of a cleartext key component leaves the company, or the role for which the key component was known. The key is suspected of or known to be compromised. Retired or replaced keys are not used for encryption operations PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault PCI_DSS_v4.0.1 3.7.5 PCI_DSS_v4.0.1_3.7.5 PCI DSS v4.0.1 3.7.5 Key management policies procedures are implemented to include the retirement, replacement, or destruction of keys used to protect stored account data, as deemed necessary when: the key has reached the end of its defined cryptoperiod. The integrity of the key has been weakened, including when personnel with knowledge of a cleartext key component leaves the company, or the role for which the key component was known. The key is suspected of or known to be compromised. Retired or replaced keys are not used for encryption operations PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault PCI_DSS_v4.0.1 3.7.5 PCI_DSS_v4.0.1_3.7.5 PCI DSS v4.0.1 3.7.5 Key management policies procedures are implemented to include the retirement, replacement, or destruction of keys used to protect stored account data, as deemed necessary when: the key has reached the end of its defined cryptoperiod. The integrity of the key has been weakened, including when personnel with knowledge of a cleartext key component leaves the company, or the role for which the key component was known. The key is suspected of or known to be compromised. Retired or replaced keys are not used for encryption operations PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things PCI_DSS_v4.0.1 3.7.5 PCI_DSS_v4.0.1_3.7.5 PCI DSS v4.0.1 3.7.5 Key management policies procedures are implemented to include the retirement, replacement, or destruction of keys used to protect stored account data, as deemed necessary when: the key has reached the end of its defined cryptoperiod. The integrity of the key has been weakened, including when personnel with knowledge of a cleartext key component leaves the company, or the role for which the key component was known. The key is suspected of or known to be compromised. Retired or replaced keys are not used for encryption operations PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL PCI_DSS_v4.0.1 3.7.5 PCI_DSS_v4.0.1_3.7.5 PCI DSS v4.0.1 3.7.5 Key management policies procedures are implemented to include the retirement, replacement, or destruction of keys used to protect stored account data, as deemed necessary when: the key has reached the end of its defined cryptoperiod. The integrity of the key has been weakened, including when personnel with knowledge of a cleartext key component leaves the company, or the role for which the key component was known. The key is suspected of or known to be compromised. Retired or replaced keys are not used for encryption operations PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL PCI_DSS_v4.0.1 3.7.5 PCI_DSS_v4.0.1_3.7.5 PCI DSS v4.0.1 3.7.5 Key management policies procedures are implemented to include the retirement, replacement, or destruction of keys used to protect stored account data, as deemed necessary when: the key has reached the end of its defined cryptoperiod. The integrity of the key has been weakened, including when personnel with knowledge of a cleartext key component leaves the company, or the role for which the key component was known. The key is suspected of or known to be compromised. Retired or replaced keys are not used for encryption operations PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration PCI_DSS_v4.0.1 3.7.5 PCI_DSS_v4.0.1_3.7.5 PCI DSS v4.0.1 3.7.5 Key management policies procedures are implemented to include the retirement, replacement, or destruction of keys used to protect stored account data, as deemed necessary when: the key has reached the end of its defined cryptoperiod. The integrity of the key has been weakened, including when personnel with knowledge of a cleartext key component leaves the company, or the role for which the key component was known. The key is suspected of or known to be compromised. Retired or replaced keys are not used for encryption operations PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance PCI_DSS_v4.0.1 3.7.5 PCI_DSS_v4.0.1_3.7.5 PCI DSS v4.0.1 3.7.5 Key management policies procedures are implemented to include the retirement, replacement, or destruction of keys used to protect stored account data, as deemed necessary when: the key has reached the end of its defined cryptoperiod. The integrity of the key has been weakened, including when personnel with knowledge of a cleartext key component leaves the company, or the role for which the key component was known. The key is suspected of or known to be compromised. Retired or replaced keys are not used for encryption operations PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation PCI_DSS_v4.0.1 3.7.5 PCI_DSS_v4.0.1_3.7.5 PCI DSS v4.0.1 3.7.5 Key management policies procedures are implemented to include the retirement, replacement, or destruction of keys used to protect stored account data, as deemed necessary when: the key has reached the end of its defined cryptoperiod. The integrity of the key has been weakened, including when personnel with knowledge of a cleartext key component leaves the company, or the role for which the key component was known. The key is suspected of or known to be compromised. Retired or replaced keys are not used for encryption operations PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute PCI_DSS_v4.0.1 3.7.5 PCI_DSS_v4.0.1_3.7.5 PCI DSS v4.0.1 3.7.5 Key management policies procedures are implemented to include the retirement, replacement, or destruction of keys used to protect stored account data, as deemed necessary when: the key has reached the end of its defined cryptoperiod. The integrity of the key has been weakened, including when personnel with knowledge of a cleartext key component leaves the company, or the role for which the key component was known. The key is suspected of or known to be compromised. Retired or replaced keys are not used for encryption operations PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute PCI_DSS_v4.0.1 3.7.5 PCI_DSS_v4.0.1_3.7.5 PCI DSS v4.0.1 3.7.5 Key management policies procedures are implemented to include the retirement, replacement, or destruction of keys used to protect stored account data, as deemed necessary when: the key has reached the end of its defined cryptoperiod. The integrity of the key has been weakened, including when personnel with knowledge of a cleartext key component leaves the company, or the role for which the key component was known. The key is suspected of or known to be compromised. Retired or replaced keys are not used for encryption operations PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics PCI_DSS_v4.0.1 3.7.5 PCI_DSS_v4.0.1_3.7.5 PCI DSS v4.0.1 3.7.5 Key management policies procedures are implemented to include the retirement, replacement, or destruction of keys used to protect stored account data, as deemed necessary when: the key has reached the end of its defined cryptoperiod. The integrity of the key has been weakened, including when personnel with knowledge of a cleartext key component leaves the company, or the role for which the key component was known. The key is suspected of or known to be compromised. Retired or replaced keys are not used for encryption operations PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage PCI_DSS_v4.0.1 3.7.5 PCI_DSS_v4.0.1_3.7.5 PCI DSS v4.0.1 3.7.5 Key management policies procedures are implemented to include the retirement, replacement, or destruction of keys used to protect stored account data, as deemed necessary when: the key has reached the end of its defined cryptoperiod. The integrity of the key has been weakened, including when personnel with knowledge of a cleartext key component leaves the company, or the role for which the key component was known. The key is suspected of or known to be compromised. Retired or replaced keys are not used for encryption operations PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault PCI_DSS_v4.0.1 3.7.6 PCI_DSS_v4.0.1_3.7.6 PCI DSS v4.0.1 3.7.6 Where manual cleartext cryptographic key-management operations are performed by personnel, key-management policies and procedures are implemented, including managing these operations using split knowledge and dual control PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things PCI_DSS_v4.0.1 3.7.6 PCI_DSS_v4.0.1_3.7.6 PCI DSS v4.0.1 3.7.6 Where manual cleartext cryptographic key-management operations are performed by personnel, key-management policies and procedures are implemented, including managing these operations using split knowledge and dual control PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault PCI_DSS_v4.0.1 3.7.6 PCI_DSS_v4.0.1_3.7.6 PCI DSS v4.0.1 3.7.6 Where manual cleartext cryptographic key-management operations are performed by personnel, key-management policies and procedures are implemented, including managing these operations using split knowledge and dual control PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault PCI_DSS_v4.0.1 3.7.6 PCI_DSS_v4.0.1_3.7.6 PCI DSS v4.0.1 3.7.6 Where manual cleartext cryptographic key-management operations are performed by personnel, key-management policies and procedures are implemented, including managing these operations using split knowledge and dual control PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault PCI_DSS_v4.0.1 3.7.6 PCI_DSS_v4.0.1_3.7.6 PCI DSS v4.0.1 3.7.6 Where manual cleartext cryptographic key-management operations are performed by personnel, key-management policies and procedures are implemented, including managing these operations using split knowledge and dual control PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL PCI_DSS_v4.0.1 3.7.6 PCI_DSS_v4.0.1_3.7.6 PCI DSS v4.0.1 3.7.6 Where manual cleartext cryptographic key-management operations are performed by personnel, key-management policies and procedures are implemented, including managing these operations using split knowledge and dual control PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance PCI_DSS_v4.0.1 3.7.6 PCI_DSS_v4.0.1_3.7.6 PCI DSS v4.0.1 3.7.6 Where manual cleartext cryptographic key-management operations are performed by personnel, key-management policies and procedures are implemented, including managing these operations using split knowledge and dual control PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault PCI_DSS_v4.0.1 3.7.6 PCI_DSS_v4.0.1_3.7.6 PCI DSS v4.0.1 3.7.6 Where manual cleartext cryptographic key-management operations are performed by personnel, key-management policies and procedures are implemented, including managing these operations using split knowledge and dual control PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation PCI_DSS_v4.0.1 3.7.6 PCI_DSS_v4.0.1_3.7.6 PCI DSS v4.0.1 3.7.6 Where manual cleartext cryptographic key-management operations are performed by personnel, key-management policies and procedures are implemented, including managing these operations using split knowledge and dual control PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute PCI_DSS_v4.0.1 3.7.6 PCI_DSS_v4.0.1_3.7.6 PCI DSS v4.0.1 3.7.6 Where manual cleartext cryptographic key-management operations are performed by personnel, key-management policies and procedures are implemented, including managing these operations using split knowledge and dual control PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL PCI_DSS_v4.0.1 3.7.6 PCI_DSS_v4.0.1_3.7.6 PCI DSS v4.0.1 3.7.6 Where manual cleartext cryptographic key-management operations are performed by personnel, key-management policies and procedures are implemented, including managing these operations using split knowledge and dual control PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics PCI_DSS_v4.0.1 3.7.6 PCI_DSS_v4.0.1_3.7.6 PCI DSS v4.0.1 3.7.6 Where manual cleartext cryptographic key-management operations are performed by personnel, key-management policies and procedures are implemented, including managing these operations using split knowledge and dual control PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration PCI_DSS_v4.0.1 3.7.6 PCI_DSS_v4.0.1_3.7.6 PCI DSS v4.0.1 3.7.6 Where manual cleartext cryptographic key-management operations are performed by personnel, key-management policies and procedures are implemented, including managing these operations using split knowledge and dual control PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage PCI_DSS_v4.0.1 3.7.6 PCI_DSS_v4.0.1_3.7.6 PCI DSS v4.0.1 3.7.6 Where manual cleartext cryptographic key-management operations are performed by personnel, key-management policies and procedures are implemented, including managing these operations using split knowledge and dual control PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage PCI_DSS_v4.0.1 3.7.6 PCI_DSS_v4.0.1_3.7.6 PCI DSS v4.0.1 3.7.6 Where manual cleartext cryptographic key-management operations are performed by personnel, key-management policies and procedures are implemented, including managing these operations using split knowledge and dual control PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute PCI_DSS_v4.0.1 3.7.6 PCI_DSS_v4.0.1_3.7.6 PCI DSS v4.0.1 3.7.6 Where manual cleartext cryptographic key-management operations are performed by personnel, key-management policies and procedures are implemented, including managing these operations using split knowledge and dual control PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage PCI_DSS_v4.0.1 3.7.7 PCI_DSS_v4.0.1_3.7.7 PCI DSS v4.0.1 3.7.7 Key management policies and procedures are implemented to include the prevention of unauthorized substitution of cryptographic keys PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault PCI_DSS_v4.0.1 3.7.7 PCI_DSS_v4.0.1_3.7.7 PCI DSS v4.0.1 3.7.7 Key management policies and procedures are implemented to include the prevention of unauthorized substitution of cryptographic keys PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics PCI_DSS_v4.0.1 3.7.7 PCI_DSS_v4.0.1_3.7.7 PCI DSS v4.0.1 3.7.7 Key management policies and procedures are implemented to include the prevention of unauthorized substitution of cryptographic keys PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance PCI_DSS_v4.0.1 3.7.7 PCI_DSS_v4.0.1_3.7.7 PCI DSS v4.0.1 3.7.7 Key management policies and procedures are implemented to include the prevention of unauthorized substitution of cryptographic keys PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage PCI_DSS_v4.0.1 3.7.7 PCI_DSS_v4.0.1_3.7.7 PCI DSS v4.0.1 3.7.7 Key management policies and procedures are implemented to include the prevention of unauthorized substitution of cryptographic keys PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation PCI_DSS_v4.0.1 3.7.7 PCI_DSS_v4.0.1_3.7.7 PCI DSS v4.0.1 3.7.7 Key management policies and procedures are implemented to include the prevention of unauthorized substitution of cryptographic keys PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute PCI_DSS_v4.0.1 3.7.7 PCI_DSS_v4.0.1_3.7.7 PCI DSS v4.0.1 3.7.7 Key management policies and procedures are implemented to include the prevention of unauthorized substitution of cryptographic keys PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault PCI_DSS_v4.0.1 3.7.7 PCI_DSS_v4.0.1_3.7.7 PCI DSS v4.0.1 3.7.7 Key management policies and procedures are implemented to include the prevention of unauthorized substitution of cryptographic keys PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault PCI_DSS_v4.0.1 3.7.7 PCI_DSS_v4.0.1_3.7.7 PCI DSS v4.0.1 3.7.7 Key management policies and procedures are implemented to include the prevention of unauthorized substitution of cryptographic keys PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things PCI_DSS_v4.0.1 3.7.7 PCI_DSS_v4.0.1_3.7.7 PCI DSS v4.0.1 3.7.7 Key management policies and procedures are implemented to include the prevention of unauthorized substitution of cryptographic keys PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute PCI_DSS_v4.0.1 3.7.7 PCI_DSS_v4.0.1_3.7.7 PCI DSS v4.0.1 3.7.7 Key management policies and procedures are implemented to include the prevention of unauthorized substitution of cryptographic keys PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL PCI_DSS_v4.0.1 3.7.7 PCI_DSS_v4.0.1_3.7.7 PCI DSS v4.0.1 3.7.7 Key management policies and procedures are implemented to include the prevention of unauthorized substitution of cryptographic keys PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL PCI_DSS_v4.0.1 3.7.7 PCI_DSS_v4.0.1_3.7.7 PCI DSS v4.0.1 3.7.7 Key management policies and procedures are implemented to include the prevention of unauthorized substitution of cryptographic keys PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration PCI_DSS_v4.0.1 3.7.7 PCI_DSS_v4.0.1_3.7.7 PCI DSS v4.0.1 3.7.7 Key management policies and procedures are implemented to include the prevention of unauthorized substitution of cryptographic keys PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration PCI_DSS_v4.0.1 3.7.8 PCI_DSS_v4.0.1_3.7.8 PCI DSS v4.0.1 3.7.8 Key management policies and procedures are implemented to include that cryptographic key custodians formally acknowledge (in writing or electronically) that they understand and accept their key-custodian responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage PCI_DSS_v4.0.1 3.7.8 PCI_DSS_v4.0.1_3.7.8 PCI DSS v4.0.1 3.7.8 Key management policies and procedures are implemented to include that cryptographic key custodians formally acknowledge (in writing or electronically) that they understand and accept their key-custodian responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance PCI_DSS_v4.0.1 3.7.8 PCI_DSS_v4.0.1_3.7.8 PCI DSS v4.0.1 3.7.8 Key management policies and procedures are implemented to include that cryptographic key custodians formally acknowledge (in writing or electronically) that they understand and accept their key-custodian responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation PCI_DSS_v4.0.1 3.7.8 PCI_DSS_v4.0.1_3.7.8 PCI DSS v4.0.1 3.7.8 Key management policies and procedures are implemented to include that cryptographic key custodians formally acknowledge (in writing or electronically) that they understand and accept their key-custodian responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics PCI_DSS_v4.0.1 3.7.8 PCI_DSS_v4.0.1_3.7.8 PCI DSS v4.0.1 3.7.8 Key management policies and procedures are implemented to include that cryptographic key custodians formally acknowledge (in writing or electronically) that they understand and accept their key-custodian responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage PCI_DSS_v4.0.1 3.7.8 PCI_DSS_v4.0.1_3.7.8 PCI DSS v4.0.1 3.7.8 Key management policies and procedures are implemented to include that cryptographic key custodians formally acknowledge (in writing or electronically) that they understand and accept their key-custodian responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault PCI_DSS_v4.0.1 3.7.8 PCI_DSS_v4.0.1_3.7.8 PCI DSS v4.0.1 3.7.8 Key management policies and procedures are implemented to include that cryptographic key custodians formally acknowledge (in writing or electronically) that they understand and accept their key-custodian responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault PCI_DSS_v4.0.1 3.7.8 PCI_DSS_v4.0.1_3.7.8 PCI DSS v4.0.1 3.7.8 Key management policies and procedures are implemented to include that cryptographic key custodians formally acknowledge (in writing or electronically) that they understand and accept their key-custodian responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute PCI_DSS_v4.0.1 3.7.8 PCI_DSS_v4.0.1_3.7.8 PCI DSS v4.0.1 3.7.8 Key management policies and procedures are implemented to include that cryptographic key custodians formally acknowledge (in writing or electronically) that they understand and accept their key-custodian responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault PCI_DSS_v4.0.1 3.7.8 PCI_DSS_v4.0.1_3.7.8 PCI DSS v4.0.1 3.7.8 Key management policies and procedures are implemented to include that cryptographic key custodians formally acknowledge (in writing or electronically) that they understand and accept their key-custodian responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things PCI_DSS_v4.0.1 3.7.8 PCI_DSS_v4.0.1_3.7.8 PCI DSS v4.0.1 3.7.8 Key management policies and procedures are implemented to include that cryptographic key custodians formally acknowledge (in writing or electronically) that they understand and accept their key-custodian responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute PCI_DSS_v4.0.1 3.7.8 PCI_DSS_v4.0.1_3.7.8 PCI DSS v4.0.1 3.7.8 Key management policies and procedures are implemented to include that cryptographic key custodians formally acknowledge (in writing or electronically) that they understand and accept their key-custodian responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL PCI_DSS_v4.0.1 3.7.8 PCI_DSS_v4.0.1_3.7.8 PCI DSS v4.0.1 3.7.8 Key management policies and procedures are implemented to include that cryptographic key custodians formally acknowledge (in writing or electronically) that they understand and accept their key-custodian responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL PCI_DSS_v4.0.1 3.7.8 PCI_DSS_v4.0.1_3.7.8 PCI DSS v4.0.1 3.7.8 Key management policies and procedures are implemented to include that cryptographic key custodians formally acknowledge (in writing or electronically) that they understand and accept their key-custodian responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute PCI_DSS_v4.0.1 4.2.1 PCI_DSS_v4.0.1_4.2.1 PCI DSS v4.0.1 4.2.1 Strong cryptography and security protocols are implemented as follows to safeguard PAN during transmission over open, public networks: Only trusted keys and certificates are accepted. Certificates used to safeguard PAN during transmission over open, public networks are confirmed as valid and are not expired or revoked. The protocol in use supports only secure versions or configurations and does not support fallback to, or use of insecure versions, algorithms, key sizes, or implementations. The encryption strength is appropriate for the encryption methodology in use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute PCI_DSS_v4.0.1 4.2.1 PCI_DSS_v4.0.1_4.2.1 PCI DSS v4.0.1 4.2.1 Strong cryptography and security protocols are implemented as follows to safeguard PAN during transmission over open, public networks: Only trusted keys and certificates are accepted. Certificates used to safeguard PAN during transmission over open, public networks are confirmed as valid and are not expired or revoked. The protocol in use supports only secure versions or configurations and does not support fallback to, or use of insecure versions, algorithms, key sizes, or implementations. The encryption strength is appropriate for the encryption methodology in use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance PCI_DSS_v4.0.1 4.2.1 PCI_DSS_v4.0.1_4.2.1 PCI DSS v4.0.1 4.2.1 Strong cryptography and security protocols are implemented as follows to safeguard PAN during transmission over open, public networks: Only trusted keys and certificates are accepted. Certificates used to safeguard PAN during transmission over open, public networks are confirmed as valid and are not expired or revoked. The protocol in use supports only secure versions or configurations and does not support fallback to, or use of insecure versions, algorithms, key sizes, or implementations. The encryption strength is appropriate for the encryption methodology in use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics PCI_DSS_v4.0.1 4.2.1 PCI_DSS_v4.0.1_4.2.1 PCI DSS v4.0.1 4.2.1 Strong cryptography and security protocols are implemented as follows to safeguard PAN during transmission over open, public networks: Only trusted keys and certificates are accepted. Certificates used to safeguard PAN during transmission over open, public networks are confirmed as valid and are not expired or revoked. The protocol in use supports only secure versions or configurations and does not support fallback to, or use of insecure versions, algorithms, key sizes, or implementations. The encryption strength is appropriate for the encryption methodology in use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault PCI_DSS_v4.0.1 4.2.1 PCI_DSS_v4.0.1_4.2.1 PCI DSS v4.0.1 4.2.1 Strong cryptography and security protocols are implemented as follows to safeguard PAN during transmission over open, public networks: Only trusted keys and certificates are accepted. Certificates used to safeguard PAN during transmission over open, public networks are confirmed as valid and are not expired or revoked. The protocol in use supports only secure versions or configurations and does not support fallback to, or use of insecure versions, algorithms, key sizes, or implementations. The encryption strength is appropriate for the encryption methodology in use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation PCI_DSS_v4.0.1 4.2.1 PCI_DSS_v4.0.1_4.2.1 PCI DSS v4.0.1 4.2.1 Strong cryptography and security protocols are implemented as follows to safeguard PAN during transmission over open, public networks: Only trusted keys and certificates are accepted. Certificates used to safeguard PAN during transmission over open, public networks are confirmed as valid and are not expired or revoked. The protocol in use supports only secure versions or configurations and does not support fallback to, or use of insecure versions, algorithms, key sizes, or implementations. The encryption strength is appropriate for the encryption methodology in use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer PCI_DSS_v4.0.1 4.2.1 PCI_DSS_v4.0.1_4.2.1 PCI DSS v4.0.1 4.2.1 Strong cryptography and security protocols are implemented as follows to safeguard PAN during transmission over open, public networks: Only trusted keys and certificates are accepted. Certificates used to safeguard PAN during transmission over open, public networks are confirmed as valid and are not expired or revoked. The protocol in use supports only secure versions or configurations and does not support fallback to, or use of insecure versions, algorithms, key sizes, or implementations. The encryption strength is appropriate for the encryption methodology in use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration PCI_DSS_v4.0.1 4.2.1 PCI_DSS_v4.0.1_4.2.1 PCI DSS v4.0.1 4.2.1 Strong cryptography and security protocols are implemented as follows to safeguard PAN during transmission over open, public networks: Only trusted keys and certificates are accepted. Certificates used to safeguard PAN during transmission over open, public networks are confirmed as valid and are not expired or revoked. The protocol in use supports only secure versions or configurations and does not support fallback to, or use of insecure versions, algorithms, key sizes, or implementations. The encryption strength is appropriate for the encryption methodology in use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL PCI_DSS_v4.0.1 4.2.1 PCI_DSS_v4.0.1_4.2.1 PCI DSS v4.0.1 4.2.1 Strong cryptography and security protocols are implemented as follows to safeguard PAN during transmission over open, public networks: Only trusted keys and certificates are accepted. Certificates used to safeguard PAN during transmission over open, public networks are confirmed as valid and are not expired or revoked. The protocol in use supports only secure versions or configurations and does not support fallback to, or use of insecure versions, algorithms, key sizes, or implementations. The encryption strength is appropriate for the encryption methodology in use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL PCI_DSS_v4.0.1 4.2.1 PCI_DSS_v4.0.1_4.2.1 PCI DSS v4.0.1 4.2.1 Strong cryptography and security protocols are implemented as follows to safeguard PAN during transmission over open, public networks: Only trusted keys and certificates are accepted. Certificates used to safeguard PAN during transmission over open, public networks are confirmed as valid and are not expired or revoked. The protocol in use supports only secure versions or configurations and does not support fallback to, or use of insecure versions, algorithms, key sizes, or implementations. The encryption strength is appropriate for the encryption methodology in use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration PCI_DSS_v4.0.1 4.2.1 PCI_DSS_v4.0.1_4.2.1 PCI DSS v4.0.1 4.2.1 Strong cryptography and security protocols are implemented as follows to safeguard PAN during transmission over open, public networks: Only trusted keys and certificates are accepted. Certificates used to safeguard PAN during transmission over open, public networks are confirmed as valid and are not expired or revoked. The protocol in use supports only secure versions or configurations and does not support fallback to, or use of insecure versions, algorithms, key sizes, or implementations. The encryption strength is appropriate for the encryption methodology in use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL PCI_DSS_v4.0.1 4.2.1 PCI_DSS_v4.0.1_4.2.1 PCI DSS v4.0.1 4.2.1 Strong cryptography and security protocols are implemented as follows to safeguard PAN during transmission over open, public networks: Only trusted keys and certificates are accepted. Certificates used to safeguard PAN during transmission over open, public networks are confirmed as valid and are not expired or revoked. The protocol in use supports only secure versions or configurations and does not support fallback to, or use of insecure versions, algorithms, key sizes, or implementations. The encryption strength is appropriate for the encryption methodology in use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center PCI_DSS_v4.0.1 4.2.1 PCI_DSS_v4.0.1_4.2.1 PCI DSS v4.0.1 4.2.1 Strong cryptography and security protocols are implemented as follows to safeguard PAN during transmission over open, public networks: Only trusted keys and certificates are accepted. Certificates used to safeguard PAN during transmission over open, public networks are confirmed as valid and are not expired or revoked. The protocol in use supports only secure versions or configurations and does not support fallback to, or use of insecure versions, algorithms, key sizes, or implementations. The encryption strength is appropriate for the encryption methodology in use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL PCI_DSS_v4.0.1 4.2.1 PCI_DSS_v4.0.1_4.2.1 PCI DSS v4.0.1 4.2.1 Strong cryptography and security protocols are implemented as follows to safeguard PAN during transmission over open, public networks: Only trusted keys and certificates are accepted. Certificates used to safeguard PAN during transmission over open, public networks are confirmed as valid and are not expired or revoked. The protocol in use supports only secure versions or configurations and does not support fallback to, or use of insecure versions, algorithms, key sizes, or implementations. The encryption strength is appropriate for the encryption methodology in use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault PCI_DSS_v4.0.1 4.2.1 PCI_DSS_v4.0.1_4.2.1 PCI DSS v4.0.1 4.2.1 Strong cryptography and security protocols are implemented as follows to safeguard PAN during transmission over open, public networks: Only trusted keys and certificates are accepted. Certificates used to safeguard PAN during transmission over open, public networks are confirmed as valid and are not expired or revoked. The protocol in use supports only secure versions or configurations and does not support fallback to, or use of insecure versions, algorithms, key sizes, or implementations. The encryption strength is appropriate for the encryption methodology in use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage PCI_DSS_v4.0.1 4.2.1 PCI_DSS_v4.0.1_4.2.1 PCI DSS v4.0.1 4.2.1 Strong cryptography and security protocols are implemented as follows to safeguard PAN during transmission over open, public networks: Only trusted keys and certificates are accepted. Certificates used to safeguard PAN during transmission over open, public networks are confirmed as valid and are not expired or revoked. The protocol in use supports only secure versions or configurations and does not support fallback to, or use of insecure versions, algorithms, key sizes, or implementations. The encryption strength is appropriate for the encryption methodology in use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer PCI_DSS_v4.0.1 4.2.1 PCI_DSS_v4.0.1_4.2.1 PCI DSS v4.0.1 4.2.1 Strong cryptography and security protocols are implemented as follows to safeguard PAN during transmission over open, public networks: Only trusted keys and certificates are accepted. Certificates used to safeguard PAN during transmission over open, public networks are confirmed as valid and are not expired or revoked. The protocol in use supports only secure versions or configurations and does not support fallback to, or use of insecure versions, algorithms, key sizes, or implementations. The encryption strength is appropriate for the encryption methodology in use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration PCI_DSS_v4.0.1 4.2.1 PCI_DSS_v4.0.1_4.2.1 PCI DSS v4.0.1 4.2.1 Strong cryptography and security protocols are implemented as follows to safeguard PAN during transmission over open, public networks: Only trusted keys and certificates are accepted. Certificates used to safeguard PAN during transmission over open, public networks are confirmed as valid and are not expired or revoked. The protocol in use supports only secure versions or configurations and does not support fallback to, or use of insecure versions, algorithms, key sizes, or implementations. The encryption strength is appropriate for the encryption methodology in use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL PCI_DSS_v4.0.1 4.2.1 PCI_DSS_v4.0.1_4.2.1 PCI DSS v4.0.1 4.2.1 Strong cryptography and security protocols are implemented as follows to safeguard PAN during transmission over open, public networks: Only trusted keys and certificates are accepted. Certificates used to safeguard PAN during transmission over open, public networks are confirmed as valid and are not expired or revoked. The protocol in use supports only secure versions or configurations and does not support fallback to, or use of insecure versions, algorithms, key sizes, or implementations. The encryption strength is appropriate for the encryption methodology in use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration PCI_DSS_v4.0.1 4.2.1.2 PCI_DSS_v4.0.1_4.2.1.2 PCI DSS v4.0.1 4.2.1.2 Wireless networks transmitting PAN or connected to the CDE use industry best practices to implement strong cryptography for authentication and transmission PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service PCI_DSS_v4.0.1 4.2.1.2 PCI_DSS_v4.0.1_4.2.1.2 PCI DSS v4.0.1 4.2.1.2 Wireless networks transmitting PAN or connected to the CDE use industry best practices to implement strong cryptography for authentication and transmission PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service PCI_DSS_v4.0.1 4.2.2 PCI_DSS_v4.0.1_4.2.2 PCI DSS v4.0.1 4.2.2 PAN is secured with strong cryptography whenever it is sent via end-user messaging technologies PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration PCI_DSS_v4.0.1 4.2.2 PCI_DSS_v4.0.1_4.2.2 PCI DSS v4.0.1 4.2.2 PAN is secured with strong cryptography whenever it is sent via end-user messaging technologies PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center PCI_DSS_v4.0.1 5.2.1 PCI_DSS_v4.0.1_5.2.1 PCI DSS v4.0.1 5.2.1 An anti-malware solution(s) is deployed on all system components, except for those system components identified in periodic evaluations per Requirement 5.2.3 that concludes the system components are not at risk from malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center PCI_DSS_v4.0.1 5.2.1 PCI_DSS_v4.0.1_5.2.1 PCI DSS v4.0.1 5.2.1 An anti-malware solution(s) is deployed on all system components, except for those system components identified in periodic evaluations per Requirement 5.2.3 that concludes the system components are not at risk from malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center PCI_DSS_v4.0.1 5.2.1 PCI_DSS_v4.0.1_5.2.1 PCI DSS v4.0.1 5.2.1 An anti-malware solution(s) is deployed on all system components, except for those system components identified in periodic evaluations per Requirement 5.2.3 that concludes the system components are not at risk from malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes PCI_DSS_v4.0.1 5.2.1 PCI_DSS_v4.0.1_5.2.1 PCI DSS v4.0.1 5.2.1 An anti-malware solution(s) is deployed on all system components, except for those system components identified in periodic evaluations per Requirement 5.2.3 that concludes the system components are not at risk from malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL PCI_DSS_v4.0.1 5.2.1 PCI_DSS_v4.0.1_5.2.1 PCI DSS v4.0.1 5.2.1 An anti-malware solution(s) is deployed on all system components, except for those system components identified in periodic evaluations per Requirement 5.2.3 that concludes the system components are not at risk from malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center PCI_DSS_v4.0.1 5.2.1 PCI_DSS_v4.0.1_5.2.1 PCI DSS v4.0.1 5.2.1 An anti-malware solution(s) is deployed on all system components, except for those system components identified in periodic evaluations per Requirement 5.2.3 that concludes the system components are not at risk from malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center PCI_DSS_v4.0.1 5.2.1 PCI_DSS_v4.0.1_5.2.1 PCI DSS v4.0.1 5.2.1 An anti-malware solution(s) is deployed on all system components, except for those system components identified in periodic evaluations per Requirement 5.2.3 that concludes the system components are not at risk from malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center PCI_DSS_v4.0.1 5.2.1 PCI_DSS_v4.0.1_5.2.1 PCI DSS v4.0.1 5.2.1 An anti-malware solution(s) is deployed on all system components, except for those system components identified in periodic evaluations per Requirement 5.2.3 that concludes the system components are not at risk from malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center PCI_DSS_v4.0.1 5.2.1 PCI_DSS_v4.0.1_5.2.1 PCI DSS v4.0.1 5.2.1 An anti-malware solution(s) is deployed on all system components, except for those system components identified in periodic evaluations per Requirement 5.2.3 that concludes the system components are not at risk from malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center PCI_DSS_v4.0.1 5.2.1 PCI_DSS_v4.0.1_5.2.1 PCI DSS v4.0.1 5.2.1 An anti-malware solution(s) is deployed on all system components, except for those system components identified in periodic evaluations per Requirement 5.2.3 that concludes the system components are not at risk from malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center PCI_DSS_v4.0.1 5.2.1 PCI_DSS_v4.0.1_5.2.1 PCI DSS v4.0.1 5.2.1 An anti-malware solution(s) is deployed on all system components, except for those system components identified in periodic evaluations per Requirement 5.2.3 that concludes the system components are not at risk from malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center PCI_DSS_v4.0.1 5.2.1 PCI_DSS_v4.0.1_5.2.1 PCI DSS v4.0.1 5.2.1 An anti-malware solution(s) is deployed on all system components, except for those system components identified in periodic evaluations per Requirement 5.2.3 that concludes the system components are not at risk from malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL PCI_DSS_v4.0.1 5.2.1 PCI_DSS_v4.0.1_5.2.1 PCI DSS v4.0.1 5.2.1 An anti-malware solution(s) is deployed on all system components, except for those system components identified in periodic evaluations per Requirement 5.2.3 that concludes the system components are not at risk from malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes PCI_DSS_v4.0.1 5.2.1 PCI_DSS_v4.0.1_5.2.1 PCI DSS v4.0.1 5.2.1 An anti-malware solution(s) is deployed on all system components, except for those system components identified in periodic evaluations per Requirement 5.2.3 that concludes the system components are not at risk from malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute PCI_DSS_v4.0.1 5.2.1 PCI_DSS_v4.0.1_5.2.1 PCI DSS v4.0.1 5.2.1 An anti-malware solution(s) is deployed on all system components, except for those system components identified in periodic evaluations per Requirement 5.2.3 that concludes the system components are not at risk from malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute PCI_DSS_v4.0.1 5.2.1 PCI_DSS_v4.0.1_5.2.1 PCI DSS v4.0.1 5.2.1 An anti-malware solution(s) is deployed on all system components, except for those system components identified in periodic evaluations per Requirement 5.2.3 that concludes the system components are not at risk from malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network PCI_DSS_v4.0.1 5.2.1 PCI_DSS_v4.0.1_5.2.1 PCI DSS v4.0.1 5.2.1 An anti-malware solution(s) is deployed on all system components, except for those system components identified in periodic evaluations per Requirement 5.2.3 that concludes the system components are not at risk from malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center PCI_DSS_v4.0.1 5.2.1 PCI_DSS_v4.0.1_5.2.1 PCI DSS v4.0.1 5.2.1 An anti-malware solution(s) is deployed on all system components, except for those system components identified in periodic evaluations per Requirement 5.2.3 that concludes the system components are not at risk from malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network PCI_DSS_v4.0.1 5.2.1 PCI_DSS_v4.0.1_5.2.1 PCI DSS v4.0.1 5.2.1 An anti-malware solution(s) is deployed on all system components, except for those system components identified in periodic evaluations per Requirement 5.2.3 that concludes the system components are not at risk from malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center PCI_DSS_v4.0.1 5.2.2 PCI_DSS_v4.0.1_5.2.2 PCI DSS v4.0.1 5.2.2 The deployed anti-malware solution(s) detects all known types of malware and removes, blocks, or contains all known types of malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center PCI_DSS_v4.0.1 5.2.2 PCI_DSS_v4.0.1_5.2.2 PCI DSS v4.0.1 5.2.2 The deployed anti-malware solution(s) detects all known types of malware and removes, blocks, or contains all known types of malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center PCI_DSS_v4.0.1 5.2.2 PCI_DSS_v4.0.1_5.2.2 PCI DSS v4.0.1 5.2.2 The deployed anti-malware solution(s) detects all known types of malware and removes, blocks, or contains all known types of malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center PCI_DSS_v4.0.1 5.2.2 PCI_DSS_v4.0.1_5.2.2 PCI DSS v4.0.1 5.2.2 The deployed anti-malware solution(s) detects all known types of malware and removes, blocks, or contains all known types of malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center PCI_DSS_v4.0.1 5.2.2 PCI_DSS_v4.0.1_5.2.2 PCI DSS v4.0.1 5.2.2 The deployed anti-malware solution(s) detects all known types of malware and removes, blocks, or contains all known types of malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes PCI_DSS_v4.0.1 5.2.2 PCI_DSS_v4.0.1_5.2.2 PCI DSS v4.0.1 5.2.2 The deployed anti-malware solution(s) detects all known types of malware and removes, blocks, or contains all known types of malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL PCI_DSS_v4.0.1 5.2.2 PCI_DSS_v4.0.1_5.2.2 PCI DSS v4.0.1 5.2.2 The deployed anti-malware solution(s) detects all known types of malware and removes, blocks, or contains all known types of malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center PCI_DSS_v4.0.1 5.2.2 PCI_DSS_v4.0.1_5.2.2 PCI DSS v4.0.1 5.2.2 The deployed anti-malware solution(s) detects all known types of malware and removes, blocks, or contains all known types of malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network PCI_DSS_v4.0.1 5.2.2 PCI_DSS_v4.0.1_5.2.2 PCI DSS v4.0.1 5.2.2 The deployed anti-malware solution(s) detects all known types of malware and removes, blocks, or contains all known types of malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network PCI_DSS_v4.0.1 5.2.2 PCI_DSS_v4.0.1_5.2.2 PCI DSS v4.0.1 5.2.2 The deployed anti-malware solution(s) detects all known types of malware and removes, blocks, or contains all known types of malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center PCI_DSS_v4.0.1 5.2.2 PCI_DSS_v4.0.1_5.2.2 PCI DSS v4.0.1 5.2.2 The deployed anti-malware solution(s) detects all known types of malware and removes, blocks, or contains all known types of malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center PCI_DSS_v4.0.1 5.2.2 PCI_DSS_v4.0.1_5.2.2 PCI DSS v4.0.1 5.2.2 The deployed anti-malware solution(s) detects all known types of malware and removes, blocks, or contains all known types of malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL PCI_DSS_v4.0.1 5.2.2 PCI_DSS_v4.0.1_5.2.2 PCI DSS v4.0.1 5.2.2 The deployed anti-malware solution(s) detects all known types of malware and removes, blocks, or contains all known types of malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute PCI_DSS_v4.0.1 5.2.2 PCI_DSS_v4.0.1_5.2.2 PCI DSS v4.0.1 5.2.2 The deployed anti-malware solution(s) detects all known types of malware and removes, blocks, or contains all known types of malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute PCI_DSS_v4.0.1 5.2.2 PCI_DSS_v4.0.1_5.2.2 PCI DSS v4.0.1 5.2.2 The deployed anti-malware solution(s) detects all known types of malware and removes, blocks, or contains all known types of malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes PCI_DSS_v4.0.1 5.2.2 PCI_DSS_v4.0.1_5.2.2 PCI DSS v4.0.1 5.2.2 The deployed anti-malware solution(s) detects all known types of malware and removes, blocks, or contains all known types of malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center PCI_DSS_v4.0.1 5.2.2 PCI_DSS_v4.0.1_5.2.2 PCI DSS v4.0.1 5.2.2 The deployed anti-malware solution(s) detects all known types of malware and removes, blocks, or contains all known types of malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center PCI_DSS_v4.0.1 5.2.2 PCI_DSS_v4.0.1_5.2.2 PCI DSS v4.0.1 5.2.2 The deployed anti-malware solution(s) detects all known types of malware and removes, blocks, or contains all known types of malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center PCI_DSS_v4.0.1 5.2.2 PCI_DSS_v4.0.1_5.2.2 PCI DSS v4.0.1 5.2.2 The deployed anti-malware solution(s) detects all known types of malware and removes, blocks, or contains all known types of malware PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center PCI_DSS_v4.0.1 5.2.3 PCI_DSS_v4.0.1_5.2.3 PCI DSS v4.0.1 5.2.3 Any system components that are not at risk for malware are evaluated periodically to include the following: a documented list of all system components not at risk for malware, identification and evaluation of evolving malware threats for those system components, confirmation whether such system components continue to not require anti-malware protection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center PCI_DSS_v4.0.1 5.2.3 PCI_DSS_v4.0.1_5.2.3 PCI DSS v4.0.1 5.2.3 Any system components that are not at risk for malware are evaluated periodically to include the following: a documented list of all system components not at risk for malware, identification and evaluation of evolving malware threats for those system components, confirmation whether such system components continue to not require anti-malware protection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center PCI_DSS_v4.0.1 5.2.3 PCI_DSS_v4.0.1_5.2.3 PCI DSS v4.0.1 5.2.3 Any system components that are not at risk for malware are evaluated periodically to include the following: a documented list of all system components not at risk for malware, identification and evaluation of evolving malware threats for those system components, confirmation whether such system components continue to not require anti-malware protection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center PCI_DSS_v4.0.1 5.2.3 PCI_DSS_v4.0.1_5.2.3 PCI DSS v4.0.1 5.2.3 Any system components that are not at risk for malware are evaluated periodically to include the following: a documented list of all system components not at risk for malware, identification and evaluation of evolving malware threats for those system components, confirmation whether such system components continue to not require anti-malware protection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center PCI_DSS_v4.0.1 5.2.3 PCI_DSS_v4.0.1_5.2.3 PCI DSS v4.0.1 5.2.3 Any system components that are not at risk for malware are evaluated periodically to include the following: a documented list of all system components not at risk for malware, identification and evaluation of evolving malware threats for those system components, confirmation whether such system components continue to not require anti-malware protection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL PCI_DSS_v4.0.1 5.2.3 PCI_DSS_v4.0.1_5.2.3 PCI DSS v4.0.1 5.2.3 Any system components that are not at risk for malware are evaluated periodically to include the following: a documented list of all system components not at risk for malware, identification and evaluation of evolving malware threats for those system components, confirmation whether such system components continue to not require anti-malware protection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center PCI_DSS_v4.0.1 5.2.3 PCI_DSS_v4.0.1_5.2.3 PCI DSS v4.0.1 5.2.3 Any system components that are not at risk for malware are evaluated periodically to include the following: a documented list of all system components not at risk for malware, identification and evaluation of evolving malware threats for those system components, confirmation whether such system components continue to not require anti-malware protection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center PCI_DSS_v4.0.1 5.2.3 PCI_DSS_v4.0.1_5.2.3 PCI DSS v4.0.1 5.2.3 Any system components that are not at risk for malware are evaluated periodically to include the following: a documented list of all system components not at risk for malware, identification and evaluation of evolving malware threats for those system components, confirmation whether such system components continue to not require anti-malware protection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center PCI_DSS_v4.0.1 5.2.3 PCI_DSS_v4.0.1_5.2.3 PCI DSS v4.0.1 5.2.3 Any system components that are not at risk for malware are evaluated periodically to include the following: a documented list of all system components not at risk for malware, identification and evaluation of evolving malware threats for those system components, confirmation whether such system components continue to not require anti-malware protection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center PCI_DSS_v4.0.1 5.2.3 PCI_DSS_v4.0.1_5.2.3 PCI DSS v4.0.1 5.2.3 Any system components that are not at risk for malware are evaluated periodically to include the following: a documented list of all system components not at risk for malware, identification and evaluation of evolving malware threats for those system components, confirmation whether such system components continue to not require anti-malware protection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network PCI_DSS_v4.0.1 5.2.3 PCI_DSS_v4.0.1_5.2.3 PCI DSS v4.0.1 5.2.3 Any system components that are not at risk for malware are evaluated periodically to include the following: a documented list of all system components not at risk for malware, identification and evaluation of evolving malware threats for those system components, confirmation whether such system components continue to not require anti-malware protection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center PCI_DSS_v4.0.1 5.2.3 PCI_DSS_v4.0.1_5.2.3 PCI DSS v4.0.1 5.2.3 Any system components that are not at risk for malware are evaluated periodically to include the following: a documented list of all system components not at risk for malware, identification and evaluation of evolving malware threats for those system components, confirmation whether such system components continue to not require anti-malware protection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes PCI_DSS_v4.0.1 5.2.3 PCI_DSS_v4.0.1_5.2.3 PCI DSS v4.0.1 5.2.3 Any system components that are not at risk for malware are evaluated periodically to include the following: a documented list of all system components not at risk for malware, identification and evaluation of evolving malware threats for those system components, confirmation whether such system components continue to not require anti-malware protection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center PCI_DSS_v4.0.1 5.2.3 PCI_DSS_v4.0.1_5.2.3 PCI DSS v4.0.1 5.2.3 Any system components that are not at risk for malware are evaluated periodically to include the following: a documented list of all system components not at risk for malware, identification and evaluation of evolving malware threats for those system components, confirmation whether such system components continue to not require anti-malware protection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network PCI_DSS_v4.0.1 5.2.3 PCI_DSS_v4.0.1_5.2.3 PCI DSS v4.0.1 5.2.3 Any system components that are not at risk for malware are evaluated periodically to include the following: a documented list of all system components not at risk for malware, identification and evaluation of evolving malware threats for those system components, confirmation whether such system components continue to not require anti-malware protection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute PCI_DSS_v4.0.1 5.2.3 PCI_DSS_v4.0.1_5.2.3 PCI DSS v4.0.1 5.2.3 Any system components that are not at risk for malware are evaluated periodically to include the following: a documented list of all system components not at risk for malware, identification and evaluation of evolving malware threats for those system components, confirmation whether such system components continue to not require anti-malware protection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute PCI_DSS_v4.0.1 5.2.3 PCI_DSS_v4.0.1_5.2.3 PCI DSS v4.0.1 5.2.3 Any system components that are not at risk for malware are evaluated periodically to include the following: a documented list of all system components not at risk for malware, identification and evaluation of evolving malware threats for those system components, confirmation whether such system components continue to not require anti-malware protection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL PCI_DSS_v4.0.1 5.2.3 PCI_DSS_v4.0.1_5.2.3 PCI DSS v4.0.1 5.2.3 Any system components that are not at risk for malware are evaluated periodically to include the following: a documented list of all system components not at risk for malware, identification and evaluation of evolving malware threats for those system components, confirmation whether such system components continue to not require anti-malware protection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes PCI_DSS_v4.0.1 5.2.3 PCI_DSS_v4.0.1_5.2.3 PCI DSS v4.0.1 5.2.3 Any system components that are not at risk for malware are evaluated periodically to include the following: a documented list of all system components not at risk for malware, identification and evaluation of evolving malware threats for those system components, confirmation whether such system components continue to not require anti-malware protection PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL PCI_DSS_v4.0.1 5.3.1 PCI_DSS_v4.0.1_5.3.1 PCI DSS v4.0.1 5.3.1 The anti-malware solution(s) is kept current via automatic updates PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center PCI_DSS_v4.0.1 5.3.1 PCI_DSS_v4.0.1_5.3.1 PCI DSS v4.0.1 5.3.1 The anti-malware solution(s) is kept current via automatic updates PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute PCI_DSS_v4.0.1 5.3.1 PCI_DSS_v4.0.1_5.3.1 PCI DSS v4.0.1 5.3.1 The anti-malware solution(s) is kept current via automatic updates PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute PCI_DSS_v4.0.1 5.3.1 PCI_DSS_v4.0.1_5.3.1 PCI DSS v4.0.1 5.3.1 The anti-malware solution(s) is kept current via automatic updates PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center PCI_DSS_v4.0.1 5.3.1 PCI_DSS_v4.0.1_5.3.1 PCI DSS v4.0.1 5.3.1 The anti-malware solution(s) is kept current via automatic updates PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center PCI_DSS_v4.0.1 5.3.1 PCI_DSS_v4.0.1_5.3.1 PCI DSS v4.0.1 5.3.1 The anti-malware solution(s) is kept current via automatic updates PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center PCI_DSS_v4.0.1 5.3.1 PCI_DSS_v4.0.1_5.3.1 PCI DSS v4.0.1 5.3.1 The anti-malware solution(s) is kept current via automatic updates PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center PCI_DSS_v4.0.1 5.3.1 PCI_DSS_v4.0.1_5.3.1 PCI DSS v4.0.1 5.3.1 The anti-malware solution(s) is kept current via automatic updates PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center PCI_DSS_v4.0.1 5.3.1 PCI_DSS_v4.0.1_5.3.1 PCI DSS v4.0.1 5.3.1 The anti-malware solution(s) is kept current via automatic updates PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network PCI_DSS_v4.0.1 5.3.1 PCI_DSS_v4.0.1_5.3.1 PCI DSS v4.0.1 5.3.1 The anti-malware solution(s) is kept current via automatic updates PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center PCI_DSS_v4.0.1 5.3.1 PCI_DSS_v4.0.1_5.3.1 PCI DSS v4.0.1 5.3.1 The anti-malware solution(s) is kept current via automatic updates PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center PCI_DSS_v4.0.1 5.3.1 PCI_DSS_v4.0.1_5.3.1 PCI DSS v4.0.1 5.3.1 The anti-malware solution(s) is kept current via automatic updates PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes PCI_DSS_v4.0.1 5.3.1 PCI_DSS_v4.0.1_5.3.1 PCI DSS v4.0.1 5.3.1 The anti-malware solution(s) is kept current via automatic updates PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center PCI_DSS_v4.0.1 5.3.1 PCI_DSS_v4.0.1_5.3.1 PCI DSS v4.0.1 5.3.1 The anti-malware solution(s) is kept current via automatic updates PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center PCI_DSS_v4.0.1 5.3.1 PCI_DSS_v4.0.1_5.3.1 PCI DSS v4.0.1 5.3.1 The anti-malware solution(s) is kept current via automatic updates PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network PCI_DSS_v4.0.1 5.3.1 PCI_DSS_v4.0.1_5.3.1 PCI DSS v4.0.1 5.3.1 The anti-malware solution(s) is kept current via automatic updates PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center PCI_DSS_v4.0.1 5.3.1 PCI_DSS_v4.0.1_5.3.1 PCI DSS v4.0.1 5.3.1 The anti-malware solution(s) is kept current via automatic updates PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes PCI_DSS_v4.0.1 5.3.1 PCI_DSS_v4.0.1_5.3.1 PCI DSS v4.0.1 5.3.1 The anti-malware solution(s) is kept current via automatic updates PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL PCI_DSS_v4.0.1 5.3.1 PCI_DSS_v4.0.1_5.3.1 PCI DSS v4.0.1 5.3.1 The anti-malware solution(s) is kept current via automatic updates PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL PCI_DSS_v4.0.1 5.3.2 PCI_DSS_v4.0.1_5.3.2 PCI DSS v4.0.1 5.3.2 The anti-malware solution(s) performs periodic scans and active or real-time scans, or performs continuous behavioral analysis of systems or processes PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center PCI_DSS_v4.0.1 5.3.2 PCI_DSS_v4.0.1_5.3.2 PCI DSS v4.0.1 5.3.2 The anti-malware solution(s) performs periodic scans and active or real-time scans, or performs continuous behavioral analysis of systems or processes PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes PCI_DSS_v4.0.1 5.3.2 PCI_DSS_v4.0.1_5.3.2 PCI DSS v4.0.1 5.3.2 The anti-malware solution(s) performs periodic scans and active or real-time scans, or performs continuous behavioral analysis of systems or processes PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center PCI_DSS_v4.0.1 5.3.2 PCI_DSS_v4.0.1_5.3.2 PCI DSS v4.0.1 5.3.2 The anti-malware solution(s) performs periodic scans and active or real-time scans, or performs continuous behavioral analysis of systems or processes PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL PCI_DSS_v4.0.1 5.3.2 PCI_DSS_v4.0.1_5.3.2 PCI DSS v4.0.1 5.3.2 The anti-malware solution(s) performs periodic scans and active or real-time scans, or performs continuous behavioral analysis of systems or processes PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center PCI_DSS_v4.0.1 5.3.2 PCI_DSS_v4.0.1_5.3.2 PCI DSS v4.0.1 5.3.2 The anti-malware solution(s) performs periodic scans and active or real-time scans, or performs continuous behavioral analysis of systems or processes PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes PCI_DSS_v4.0.1 5.3.2 PCI_DSS_v4.0.1_5.3.2 PCI DSS v4.0.1 5.3.2 The anti-malware solution(s) performs periodic scans and active or real-time scans, or performs continuous behavioral analysis of systems or processes PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center PCI_DSS_v4.0.1 5.3.2 PCI_DSS_v4.0.1_5.3.2 PCI DSS v4.0.1 5.3.2 The anti-malware solution(s) performs periodic scans and active or real-time scans, or performs continuous behavioral analysis of systems or processes PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center PCI_DSS_v4.0.1 5.3.2 PCI_DSS_v4.0.1_5.3.2 PCI DSS v4.0.1 5.3.2 The anti-malware solution(s) performs periodic scans and active or real-time scans, or performs continuous behavioral analysis of systems or processes PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network PCI_DSS_v4.0.1 5.3.2 PCI_DSS_v4.0.1_5.3.2 PCI DSS v4.0.1 5.3.2 The anti-malware solution(s) performs periodic scans and active or real-time scans, or performs continuous behavioral analysis of systems or processes PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center PCI_DSS_v4.0.1 5.3.2 PCI_DSS_v4.0.1_5.3.2 PCI DSS v4.0.1 5.3.2 The anti-malware solution(s) performs periodic scans and active or real-time scans, or performs continuous behavioral analysis of systems or processes PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute PCI_DSS_v4.0.1 5.3.2 PCI_DSS_v4.0.1_5.3.2 PCI DSS v4.0.1 5.3.2 The anti-malware solution(s) performs periodic scans and active or real-time scans, or performs continuous behavioral analysis of systems or processes PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network PCI_DSS_v4.0.1 5.3.2 PCI_DSS_v4.0.1_5.3.2 PCI DSS v4.0.1 5.3.2 The anti-malware solution(s) performs periodic scans and active or real-time scans, or performs continuous behavioral analysis of systems or processes PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center PCI_DSS_v4.0.1 5.3.2 PCI_DSS_v4.0.1_5.3.2 PCI DSS v4.0.1 5.3.2 The anti-malware solution(s) performs periodic scans and active or real-time scans, or performs continuous behavioral analysis of systems or processes PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center PCI_DSS_v4.0.1 5.3.2 PCI_DSS_v4.0.1_5.3.2 PCI DSS v4.0.1 5.3.2 The anti-malware solution(s) performs periodic scans and active or real-time scans, or performs continuous behavioral analysis of systems or processes PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center PCI_DSS_v4.0.1 5.3.2 PCI_DSS_v4.0.1_5.3.2 PCI DSS v4.0.1 5.3.2 The anti-malware solution(s) performs periodic scans and active or real-time scans, or performs continuous behavioral analysis of systems or processes PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center PCI_DSS_v4.0.1 5.3.2 PCI_DSS_v4.0.1_5.3.2 PCI DSS v4.0.1 5.3.2 The anti-malware solution(s) performs periodic scans and active or real-time scans, or performs continuous behavioral analysis of systems or processes PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute PCI_DSS_v4.0.1 5.3.2 PCI_DSS_v4.0.1_5.3.2 PCI DSS v4.0.1 5.3.2 The anti-malware solution(s) performs periodic scans and active or real-time scans, or performs continuous behavioral analysis of systems or processes PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center PCI_DSS_v4.0.1 5.3.2 PCI_DSS_v4.0.1_5.3.2 PCI DSS v4.0.1 5.3.2 The anti-malware solution(s) performs periodic scans and active or real-time scans, or performs continuous behavioral analysis of systems or processes PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network PCI_DSS_v4.0.1 5.3.3 PCI_DSS_v4.0.1_5.3.3 PCI DSS v4.0.1 5.3.3 For removable electronic media, the anti-malware solution(s) performs automatic scans of when the media is inserted, connected, or logically mounted, or performs continuous behavioral analysis of systems or processes when the media is inserted, connected, or logically mounted PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center PCI_DSS_v4.0.1 5.3.3 PCI_DSS_v4.0.1_5.3.3 PCI DSS v4.0.1 5.3.3 For removable electronic media, the anti-malware solution(s) performs automatic scans of when the media is inserted, connected, or logically mounted, or performs continuous behavioral analysis of systems or processes when the media is inserted, connected, or logically mounted PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center PCI_DSS_v4.0.1 5.3.3 PCI_DSS_v4.0.1_5.3.3 PCI DSS v4.0.1 5.3.3 For removable electronic media, the anti-malware solution(s) performs automatic scans of when the media is inserted, connected, or logically mounted, or performs continuous behavioral analysis of systems or processes when the media is inserted, connected, or logically mounted PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center PCI_DSS_v4.0.1 5.3.3 PCI_DSS_v4.0.1_5.3.3 PCI DSS v4.0.1 5.3.3 For removable electronic media, the anti-malware solution(s) performs automatic scans of when the media is inserted, connected, or logically mounted, or performs continuous behavioral analysis of systems or processes when the media is inserted, connected, or logically mounted PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes PCI_DSS_v4.0.1 5.3.3 PCI_DSS_v4.0.1_5.3.3 PCI DSS v4.0.1 5.3.3 For removable electronic media, the anti-malware solution(s) performs automatic scans of when the media is inserted, connected, or logically mounted, or performs continuous behavioral analysis of systems or processes when the media is inserted, connected, or logically mounted PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL PCI_DSS_v4.0.1 5.3.3 PCI_DSS_v4.0.1_5.3.3 PCI DSS v4.0.1 5.3.3 For removable electronic media, the anti-malware solution(s) performs automatic scans of when the media is inserted, connected, or logically mounted, or performs continuous behavioral analysis of systems or processes when the media is inserted, connected, or logically mounted PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center PCI_DSS_v4.0.1 5.3.3 PCI_DSS_v4.0.1_5.3.3 PCI DSS v4.0.1 5.3.3 For removable electronic media, the anti-malware solution(s) performs automatic scans of when the media is inserted, connected, or logically mounted, or performs continuous behavioral analysis of systems or processes when the media is inserted, connected, or logically mounted PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center PCI_DSS_v4.0.1 5.3.3 PCI_DSS_v4.0.1_5.3.3 PCI DSS v4.0.1 5.3.3 For removable electronic media, the anti-malware solution(s) performs automatic scans of when the media is inserted, connected, or logically mounted, or performs continuous behavioral analysis of systems or processes when the media is inserted, connected, or logically mounted PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center PCI_DSS_v4.0.1 5.3.3 PCI_DSS_v4.0.1_5.3.3 PCI DSS v4.0.1 5.3.3 For removable electronic media, the anti-malware solution(s) performs automatic scans of when the media is inserted, connected, or logically mounted, or performs continuous behavioral analysis of systems or processes when the media is inserted, connected, or logically mounted PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center PCI_DSS_v4.0.1 5.3.3 PCI_DSS_v4.0.1_5.3.3 PCI DSS v4.0.1 5.3.3 For removable electronic media, the anti-malware solution(s) performs automatic scans of when the media is inserted, connected, or logically mounted, or performs continuous behavioral analysis of systems or processes when the media is inserted, connected, or logically mounted PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center PCI_DSS_v4.0.1 5.3.3 PCI_DSS_v4.0.1_5.3.3 PCI DSS v4.0.1 5.3.3 For removable electronic media, the anti-malware solution(s) performs automatic scans of when the media is inserted, connected, or logically mounted, or performs continuous behavioral analysis of systems or processes when the media is inserted, connected, or logically mounted PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center PCI_DSS_v4.0.1 5.3.3 PCI_DSS_v4.0.1_5.3.3 PCI DSS v4.0.1 5.3.3 For removable electronic media, the anti-malware solution(s) performs automatic scans of when the media is inserted, connected, or logically mounted, or performs continuous behavioral analysis of systems or processes when the media is inserted, connected, or logically mounted PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center PCI_DSS_v4.0.1 5.3.3 PCI_DSS_v4.0.1_5.3.3 PCI DSS v4.0.1 5.3.3 For removable electronic media, the anti-malware solution(s) performs automatic scans of when the media is inserted, connected, or logically mounted, or performs continuous behavioral analysis of systems or processes when the media is inserted, connected, or logically mounted PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center PCI_DSS_v4.0.1 5.3.3 PCI_DSS_v4.0.1_5.3.3 PCI DSS v4.0.1 5.3.3 For removable electronic media, the anti-malware solution(s) performs automatic scans of when the media is inserted, connected, or logically mounted, or performs continuous behavioral analysis of systems or processes when the media is inserted, connected, or logically mounted PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes PCI_DSS_v4.0.1 5.3.3 PCI_DSS_v4.0.1_5.3.3 PCI DSS v4.0.1 5.3.3 For removable electronic media, the anti-malware solution(s) performs automatic scans of when the media is inserted, connected, or logically mounted, or performs continuous behavioral analysis of systems or processes when the media is inserted, connected, or logically mounted PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute PCI_DSS_v4.0.1 5.3.3 PCI_DSS_v4.0.1_5.3.3 PCI DSS v4.0.1 5.3.3 For removable electronic media, the anti-malware solution(s) performs automatic scans of when the media is inserted, connected, or logically mounted, or performs continuous behavioral analysis of systems or processes when the media is inserted, connected, or logically mounted PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute PCI_DSS_v4.0.1 5.3.3 PCI_DSS_v4.0.1_5.3.3 PCI DSS v4.0.1 5.3.3 For removable electronic media, the anti-malware solution(s) performs automatic scans of when the media is inserted, connected, or logically mounted, or performs continuous behavioral analysis of systems or processes when the media is inserted, connected, or logically mounted PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network PCI_DSS_v4.0.1 5.3.3 PCI_DSS_v4.0.1_5.3.3 PCI DSS v4.0.1 5.3.3 For removable electronic media, the anti-malware solution(s) performs automatic scans of when the media is inserted, connected, or logically mounted, or performs continuous behavioral analysis of systems or processes when the media is inserted, connected, or logically mounted PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL PCI_DSS_v4.0.1 5.3.3 PCI_DSS_v4.0.1_5.3.3 PCI DSS v4.0.1 5.3.3 For removable electronic media, the anti-malware solution(s) performs automatic scans of when the media is inserted, connected, or logically mounted, or performs continuous behavioral analysis of systems or processes when the media is inserted, connected, or logically mounted PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring PCI_DSS_v4.0.1 5.3.4 PCI_DSS_v4.0.1_5.3.4 PCI DSS v4.0.1 5.3.4 Audit logs for the anti-malware solution(s) are enabled and retained in accordance with Requirement 10.5.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL PCI_DSS_v4.0.1 6.3.1 PCI_DSS_v4.0.1_6.3.1 PCI DSS v4.0.1 6.3.1 Security vulnerabilities are identified and managed as follows: New security vulnerabilities are identified using industry-recognized sources for security vulnerability information, including alerts from international and national computer emergency response teams (CERTs). Vulnerabilities are assigned a risk ranking based on industry best practices and consideration of potential impact. Risk rankings identify, at a minimum, all vulnerabilities considered to be a high-risk or critical to the environment. Vulnerabilities for bespoke and custom, and third-party software (for example operating systems and databases) are covered PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL PCI_DSS_v4.0.1 6.3.1 PCI_DSS_v4.0.1_6.3.1 PCI DSS v4.0.1 6.3.1 Security vulnerabilities are identified and managed as follows: New security vulnerabilities are identified using industry-recognized sources for security vulnerability information, including alerts from international and national computer emergency response teams (CERTs). Vulnerabilities are assigned a risk ranking based on industry best practices and consideration of potential impact. Risk rankings identify, at a minimum, all vulnerabilities considered to be a high-risk or critical to the environment. Vulnerabilities for bespoke and custom, and third-party software (for example operating systems and databases) are covered PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes PCI_DSS_v4.0.1 6.3.3 PCI_DSS_v4.0.1_6.3.3 PCI DSS v4.0.1 6.3.3 All system components are protected from known vulnerabilities by installing applicable security patches/updates as follows: Patches/updates for critical vulnerabilities (identified according to the risk ranking process at Requirement 6.3.1) are installed within one month of release. All other applicable security patches/updates are installed within an appropriate time frame as determined by the entity’s assessment of the criticality of the risk to the environment as identified according to the risk ranking process at Requirement 6.3.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL PCI_DSS_v4.0.1 6.3.3 PCI_DSS_v4.0.1_6.3.3 PCI DSS v4.0.1 6.3.3 All system components are protected from known vulnerabilities by installing applicable security patches/updates as follows: Patches/updates for critical vulnerabilities (identified according to the risk ranking process at Requirement 6.3.1) are installed within one month of release. All other applicable security patches/updates are installed within an appropriate time frame as determined by the entity’s assessment of the criticality of the risk to the environment as identified according to the risk ranking process at Requirement 6.3.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center PCI_DSS_v4.0.1 6.3.3 PCI_DSS_v4.0.1_6.3.3 PCI DSS v4.0.1 6.3.3 All system components are protected from known vulnerabilities by installing applicable security patches/updates as follows: Patches/updates for critical vulnerabilities (identified according to the risk ranking process at Requirement 6.3.1) are installed within one month of release. All other applicable security patches/updates are installed within an appropriate time frame as determined by the entity’s assessment of the criticality of the risk to the environment as identified according to the risk ranking process at Requirement 6.3.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center PCI_DSS_v4.0.1 6.3.3 PCI_DSS_v4.0.1_6.3.3 PCI DSS v4.0.1 6.3.3 All system components are protected from known vulnerabilities by installing applicable security patches/updates as follows: Patches/updates for critical vulnerabilities (identified according to the risk ranking process at Requirement 6.3.1) are installed within one month of release. All other applicable security patches/updates are installed within an appropriate time frame as determined by the entity’s assessment of the criticality of the risk to the environment as identified according to the risk ranking process at Requirement 6.3.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center PCI_DSS_v4.0.1 6.3.3 PCI_DSS_v4.0.1_6.3.3 PCI DSS v4.0.1 6.3.3 All system components are protected from known vulnerabilities by installing applicable security patches/updates as follows: Patches/updates for critical vulnerabilities (identified according to the risk ranking process at Requirement 6.3.1) are installed within one month of release. All other applicable security patches/updates are installed within an appropriate time frame as determined by the entity’s assessment of the criticality of the risk to the environment as identified according to the risk ranking process at Requirement 6.3.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center PCI_DSS_v4.0.1 6.3.3 PCI_DSS_v4.0.1_6.3.3 PCI DSS v4.0.1 6.3.3 All system components are protected from known vulnerabilities by installing applicable security patches/updates as follows: Patches/updates for critical vulnerabilities (identified according to the risk ranking process at Requirement 6.3.1) are installed within one month of release. All other applicable security patches/updates are installed within an appropriate time frame as determined by the entity’s assessment of the criticality of the risk to the environment as identified according to the risk ranking process at Requirement 6.3.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center PCI_DSS_v4.0.1 6.3.3 PCI_DSS_v4.0.1_6.3.3 PCI DSS v4.0.1 6.3.3 All system components are protected from known vulnerabilities by installing applicable security patches/updates as follows: Patches/updates for critical vulnerabilities (identified according to the risk ranking process at Requirement 6.3.1) are installed within one month of release. All other applicable security patches/updates are installed within an appropriate time frame as determined by the entity’s assessment of the criticality of the risk to the environment as identified according to the risk ranking process at Requirement 6.3.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center PCI_DSS_v4.0.1 6.3.3 PCI_DSS_v4.0.1_6.3.3 PCI DSS v4.0.1 6.3.3 All system components are protected from known vulnerabilities by installing applicable security patches/updates as follows: Patches/updates for critical vulnerabilities (identified according to the risk ranking process at Requirement 6.3.1) are installed within one month of release. All other applicable security patches/updates are installed within an appropriate time frame as determined by the entity’s assessment of the criticality of the risk to the environment as identified according to the risk ranking process at Requirement 6.3.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center PCI_DSS_v4.0.1 6.3.3 PCI_DSS_v4.0.1_6.3.3 PCI DSS v4.0.1 6.3.3 All system components are protected from known vulnerabilities by installing applicable security patches/updates as follows: Patches/updates for critical vulnerabilities (identified according to the risk ranking process at Requirement 6.3.1) are installed within one month of release. All other applicable security patches/updates are installed within an appropriate time frame as determined by the entity’s assessment of the criticality of the risk to the environment as identified according to the risk ranking process at Requirement 6.3.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center PCI_DSS_v4.0.1 6.3.3 PCI_DSS_v4.0.1_6.3.3 PCI DSS v4.0.1 6.3.3 All system components are protected from known vulnerabilities by installing applicable security patches/updates as follows: Patches/updates for critical vulnerabilities (identified according to the risk ranking process at Requirement 6.3.1) are installed within one month of release. All other applicable security patches/updates are installed within an appropriate time frame as determined by the entity’s assessment of the criticality of the risk to the environment as identified according to the risk ranking process at Requirement 6.3.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL PCI_DSS_v4.0.1 6.3.3 PCI_DSS_v4.0.1_6.3.3 PCI DSS v4.0.1 6.3.3 All system components are protected from known vulnerabilities by installing applicable security patches/updates as follows: Patches/updates for critical vulnerabilities (identified according to the risk ranking process at Requirement 6.3.1) are installed within one month of release. All other applicable security patches/updates are installed within an appropriate time frame as determined by the entity’s assessment of the criticality of the risk to the environment as identified according to the risk ranking process at Requirement 6.3.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center PCI_DSS_v4.0.1 6.3.3 PCI_DSS_v4.0.1_6.3.3 PCI DSS v4.0.1 6.3.3 All system components are protected from known vulnerabilities by installing applicable security patches/updates as follows: Patches/updates for critical vulnerabilities (identified according to the risk ranking process at Requirement 6.3.1) are installed within one month of release. All other applicable security patches/updates are installed within an appropriate time frame as determined by the entity’s assessment of the criticality of the risk to the environment as identified according to the risk ranking process at Requirement 6.3.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center PCI_DSS_v4.0.1 6.3.3 PCI_DSS_v4.0.1_6.3.3 PCI DSS v4.0.1 6.3.3 All system components are protected from known vulnerabilities by installing applicable security patches/updates as follows: Patches/updates for critical vulnerabilities (identified according to the risk ranking process at Requirement 6.3.1) are installed within one month of release. All other applicable security patches/updates are installed within an appropriate time frame as determined by the entity’s assessment of the criticality of the risk to the environment as identified according to the risk ranking process at Requirement 6.3.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center PCI_DSS_v4.0.1 6.3.3 PCI_DSS_v4.0.1_6.3.3 PCI DSS v4.0.1 6.3.3 All system components are protected from known vulnerabilities by installing applicable security patches/updates as follows: Patches/updates for critical vulnerabilities (identified according to the risk ranking process at Requirement 6.3.1) are installed within one month of release. All other applicable security patches/updates are installed within an appropriate time frame as determined by the entity’s assessment of the criticality of the risk to the environment as identified according to the risk ranking process at Requirement 6.3.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager PCI_DSS_v4.0.1 6.3.3 PCI_DSS_v4.0.1_6.3.3 PCI DSS v4.0.1 6.3.3 All system components are protected from known vulnerabilities by installing applicable security patches/updates as follows: Patches/updates for critical vulnerabilities (identified according to the risk ranking process at Requirement 6.3.1) are installed within one month of release. All other applicable security patches/updates are installed within an appropriate time frame as determined by the entity’s assessment of the criticality of the risk to the environment as identified according to the risk ranking process at Requirement 6.3.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center PCI_DSS_v4.0.1 6.3.3 PCI_DSS_v4.0.1_6.3.3 PCI DSS v4.0.1 6.3.3 All system components are protected from known vulnerabilities by installing applicable security patches/updates as follows: Patches/updates for critical vulnerabilities (identified according to the risk ranking process at Requirement 6.3.1) are installed within one month of release. All other applicable security patches/updates are installed within an appropriate time frame as determined by the entity’s assessment of the criticality of the risk to the environment as identified according to the risk ranking process at Requirement 6.3.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring PCI_DSS_v4.0.1 6.3.3 PCI_DSS_v4.0.1_6.3.3 PCI DSS v4.0.1 6.3.3 All system components are protected from known vulnerabilities by installing applicable security patches/updates as follows: Patches/updates for critical vulnerabilities (identified according to the risk ranking process at Requirement 6.3.1) are installed within one month of release. All other applicable security patches/updates are installed within an appropriate time frame as determined by the entity’s assessment of the criticality of the risk to the environment as identified according to the risk ranking process at Requirement 6.3.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning PCI_DSS_v4.0.1 6.3.3 PCI_DSS_v4.0.1_6.3.3 PCI DSS v4.0.1 6.3.3 All system components are protected from known vulnerabilities by installing applicable security patches/updates as follows: Patches/updates for critical vulnerabilities (identified according to the risk ranking process at Requirement 6.3.1) are installed within one month of release. All other applicable security patches/updates are installed within an appropriate time frame as determined by the entity’s assessment of the criticality of the risk to the environment as identified according to the risk ranking process at Requirement 6.3.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center PCI_DSS_v4.0.1 6.3.3 PCI_DSS_v4.0.1_6.3.3 PCI DSS v4.0.1 6.3.3 All system components are protected from known vulnerabilities by installing applicable security patches/updates as follows: Patches/updates for critical vulnerabilities (identified according to the risk ranking process at Requirement 6.3.1) are installed within one month of release. All other applicable security patches/updates are installed within an appropriate time frame as determined by the entity’s assessment of the criticality of the risk to the environment as identified according to the risk ranking process at Requirement 6.3.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute PCI_DSS_v4.0.1 6.3.3 PCI_DSS_v4.0.1_6.3.3 PCI DSS v4.0.1 6.3.3 All system components are protected from known vulnerabilities by installing applicable security patches/updates as follows: Patches/updates for critical vulnerabilities (identified according to the risk ranking process at Requirement 6.3.1) are installed within one month of release. All other applicable security patches/updates are installed within an appropriate time frame as determined by the entity’s assessment of the criticality of the risk to the environment as identified according to the risk ranking process at Requirement 6.3.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute PCI_DSS_v4.0.1 6.3.3 PCI_DSS_v4.0.1_6.3.3 PCI DSS v4.0.1 6.3.3 All system components are protected from known vulnerabilities by installing applicable security patches/updates as follows: Patches/updates for critical vulnerabilities (identified according to the risk ranking process at Requirement 6.3.1) are installed within one month of release. All other applicable security patches/updates are installed within an appropriate time frame as determined by the entity’s assessment of the criticality of the risk to the environment as identified according to the risk ranking process at Requirement 6.3.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL PCI_DSS_v4.0.1 6.3.3 PCI_DSS_v4.0.1_6.3.3 PCI DSS v4.0.1 6.3.3 All system components are protected from known vulnerabilities by installing applicable security patches/updates as follows: Patches/updates for critical vulnerabilities (identified according to the risk ranking process at Requirement 6.3.1) are installed within one month of release. All other applicable security patches/updates are installed within an appropriate time frame as determined by the entity’s assessment of the criticality of the risk to the environment as identified according to the risk ranking process at Requirement 6.3.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse PCI_DSS_v4.0.1 6.3.3 PCI_DSS_v4.0.1_6.3.3 PCI DSS v4.0.1 6.3.3 All system components are protected from known vulnerabilities by installing applicable security patches/updates as follows: Patches/updates for critical vulnerabilities (identified according to the risk ranking process at Requirement 6.3.1) are installed within one month of release. All other applicable security patches/updates are installed within an appropriate time frame as determined by the entity’s assessment of the criticality of the risk to the environment as identified according to the risk ranking process at Requirement 6.3.1 PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center PCI_DSS_v4.0.1 6.4.1 PCI_DSS_v4.0.1_6.4.1 PCI DSS v4.0.1 6.4.1 For public-facing web applications, new threats and vulnerabilities are addressed on an ongoing basis and these applications are protected against known attacks as follows: Reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods as follows: At least once every 12 months and after significant changes. By an entity that specializes in application security. Including, at a minimum, all common software attacks in Requirement 6.2.4. All vulnerabilities are ranked in accordance with requirement 6.3.1. All vulnerabilities are corrected. The application is re-evaluated after the corrections. OR Installing an automated technical solution(s) that continually detects and prevents web-based attacks as follows: Installed in front of public-facing web applications to detect and prevent web-based attacks. Actively running and up to date as applicable. Generating audit logs. Configured to either block web-based attacks or generate an alert that is immediately investigated PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes PCI_DSS_v4.0.1 6.4.1 PCI_DSS_v4.0.1_6.4.1 PCI DSS v4.0.1 6.4.1 For public-facing web applications, new threats and vulnerabilities are addressed on an ongoing basis and these applications are protected against known attacks as follows: Reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods as follows: At least once every 12 months and after significant changes. By an entity that specializes in application security. Including, at a minimum, all common software attacks in Requirement 6.2.4. All vulnerabilities are ranked in accordance with requirement 6.3.1. All vulnerabilities are corrected. The application is re-evaluated after the corrections. OR Installing an automated technical solution(s) that continually detects and prevents web-based attacks as follows: Installed in front of public-facing web applications to detect and prevent web-based attacks. Actively running and up to date as applicable. Generating audit logs. Configured to either block web-based attacks or generate an alert that is immediately investigated PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center PCI_DSS_v4.0.1 6.4.1 PCI_DSS_v4.0.1_6.4.1 PCI DSS v4.0.1 6.4.1 For public-facing web applications, new threats and vulnerabilities are addressed on an ongoing basis and these applications are protected against known attacks as follows: Reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods as follows: At least once every 12 months and after significant changes. By an entity that specializes in application security. Including, at a minimum, all common software attacks in Requirement 6.2.4. All vulnerabilities are ranked in accordance with requirement 6.3.1. All vulnerabilities are corrected. The application is re-evaluated after the corrections. OR Installing an automated technical solution(s) that continually detects and prevents web-based attacks as follows: Installed in front of public-facing web applications to detect and prevent web-based attacks. Actively running and up to date as applicable. Generating audit logs. Configured to either block web-based attacks or generate an alert that is immediately investigated PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center PCI_DSS_v4.0.1 6.4.1 PCI_DSS_v4.0.1_6.4.1 PCI DSS v4.0.1 6.4.1 For public-facing web applications, new threats and vulnerabilities are addressed on an ongoing basis and these applications are protected against known attacks as follows: Reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods as follows: At least once every 12 months and after significant changes. By an entity that specializes in application security. Including, at a minimum, all common software attacks in Requirement 6.2.4. All vulnerabilities are ranked in accordance with requirement 6.3.1. All vulnerabilities are corrected. The application is re-evaluated after the corrections. OR Installing an automated technical solution(s) that continually detects and prevents web-based attacks as follows: Installed in front of public-facing web applications to detect and prevent web-based attacks. Actively running and up to date as applicable. Generating audit logs. Configured to either block web-based attacks or generate an alert that is immediately investigated PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center PCI_DSS_v4.0.1 6.4.1 PCI_DSS_v4.0.1_6.4.1 PCI DSS v4.0.1 6.4.1 For public-facing web applications, new threats and vulnerabilities are addressed on an ongoing basis and these applications are protected against known attacks as follows: Reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods as follows: At least once every 12 months and after significant changes. By an entity that specializes in application security. Including, at a minimum, all common software attacks in Requirement 6.2.4. All vulnerabilities are ranked in accordance with requirement 6.3.1. All vulnerabilities are corrected. The application is re-evaluated after the corrections. OR Installing an automated technical solution(s) that continually detects and prevents web-based attacks as follows: Installed in front of public-facing web applications to detect and prevent web-based attacks. Actively running and up to date as applicable. Generating audit logs. Configured to either block web-based attacks or generate an alert that is immediately investigated PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL PCI_DSS_v4.0.1 6.4.1 PCI_DSS_v4.0.1_6.4.1 PCI DSS v4.0.1 6.4.1 For public-facing web applications, new threats and vulnerabilities are addressed on an ongoing basis and these applications are protected against known attacks as follows: Reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods as follows: At least once every 12 months and after significant changes. By an entity that specializes in application security. Including, at a minimum, all common software attacks in Requirement 6.2.4. All vulnerabilities are ranked in accordance with requirement 6.3.1. All vulnerabilities are corrected. The application is re-evaluated after the corrections. OR Installing an automated technical solution(s) that continually detects and prevents web-based attacks as follows: Installed in front of public-facing web applications to detect and prevent web-based attacks. Actively running and up to date as applicable. Generating audit logs. Configured to either block web-based attacks or generate an alert that is immediately investigated PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center PCI_DSS_v4.0.1 6.4.1 PCI_DSS_v4.0.1_6.4.1 PCI DSS v4.0.1 6.4.1 For public-facing web applications, new threats and vulnerabilities are addressed on an ongoing basis and these applications are protected against known attacks as follows: Reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods as follows: At least once every 12 months and after significant changes. By an entity that specializes in application security. Including, at a minimum, all common software attacks in Requirement 6.2.4. All vulnerabilities are ranked in accordance with requirement 6.3.1. All vulnerabilities are corrected. The application is re-evaluated after the corrections. OR Installing an automated technical solution(s) that continually detects and prevents web-based attacks as follows: Installed in front of public-facing web applications to detect and prevent web-based attacks. Actively running and up to date as applicable. Generating audit logs. Configured to either block web-based attacks or generate an alert that is immediately investigated PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center PCI_DSS_v4.0.1 6.4.1 PCI_DSS_v4.0.1_6.4.1 PCI DSS v4.0.1 6.4.1 For public-facing web applications, new threats and vulnerabilities are addressed on an ongoing basis and these applications are protected against known attacks as follows: Reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods as follows: At least once every 12 months and after significant changes. By an entity that specializes in application security. Including, at a minimum, all common software attacks in Requirement 6.2.4. All vulnerabilities are ranked in accordance with requirement 6.3.1. All vulnerabilities are corrected. The application is re-evaluated after the corrections. OR Installing an automated technical solution(s) that continually detects and prevents web-based attacks as follows: Installed in front of public-facing web applications to detect and prevent web-based attacks. Actively running and up to date as applicable. Generating audit logs. Configured to either block web-based attacks or generate an alert that is immediately investigated PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center PCI_DSS_v4.0.1 6.4.1 PCI_DSS_v4.0.1_6.4.1 PCI DSS v4.0.1 6.4.1 For public-facing web applications, new threats and vulnerabilities are addressed on an ongoing basis and these applications are protected against known attacks as follows: Reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods as follows: At least once every 12 months and after significant changes. By an entity that specializes in application security. Including, at a minimum, all common software attacks in Requirement 6.2.4. All vulnerabilities are ranked in accordance with requirement 6.3.1. All vulnerabilities are corrected. The application is re-evaluated after the corrections. OR Installing an automated technical solution(s) that continually detects and prevents web-based attacks as follows: Installed in front of public-facing web applications to detect and prevent web-based attacks. Actively running and up to date as applicable. Generating audit logs. Configured to either block web-based attacks or generate an alert that is immediately investigated PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL PCI_DSS_v4.0.1 6.4.1 PCI_DSS_v4.0.1_6.4.1 PCI DSS v4.0.1 6.4.1 For public-facing web applications, new threats and vulnerabilities are addressed on an ongoing basis and these applications are protected against known attacks as follows: Reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods as follows: At least once every 12 months and after significant changes. By an entity that specializes in application security. Including, at a minimum, all common software attacks in Requirement 6.2.4. All vulnerabilities are ranked in accordance with requirement 6.3.1. All vulnerabilities are corrected. The application is re-evaluated after the corrections. OR Installing an automated technical solution(s) that continually detects and prevents web-based attacks as follows: Installed in front of public-facing web applications to detect and prevent web-based attacks. Actively running and up to date as applicable. Generating audit logs. Configured to either block web-based attacks or generate an alert that is immediately investigated PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center PCI_DSS_v4.0.1 6.4.1 PCI_DSS_v4.0.1_6.4.1 PCI DSS v4.0.1 6.4.1 For public-facing web applications, new threats and vulnerabilities are addressed on an ongoing basis and these applications are protected against known attacks as follows: Reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods as follows: At least once every 12 months and after significant changes. By an entity that specializes in application security. Including, at a minimum, all common software attacks in Requirement 6.2.4. All vulnerabilities are ranked in accordance with requirement 6.3.1. All vulnerabilities are corrected. The application is re-evaluated after the corrections. OR Installing an automated technical solution(s) that continually detects and prevents web-based attacks as follows: Installed in front of public-facing web applications to detect and prevent web-based attacks. Actively running and up to date as applicable. Generating audit logs. Configured to either block web-based attacks or generate an alert that is immediately investigated PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL PCI_DSS_v4.0.1 6.4.1 PCI_DSS_v4.0.1_6.4.1 PCI DSS v4.0.1 6.4.1 For public-facing web applications, new threats and vulnerabilities are addressed on an ongoing basis and these applications are protected against known attacks as follows: Reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods as follows: At least once every 12 months and after significant changes. By an entity that specializes in application security. Including, at a minimum, all common software attacks in Requirement 6.2.4. All vulnerabilities are ranked in accordance with requirement 6.3.1. All vulnerabilities are corrected. The application is re-evaluated after the corrections. OR Installing an automated technical solution(s) that continually detects and prevents web-based attacks as follows: Installed in front of public-facing web applications to detect and prevent web-based attacks. Actively running and up to date as applicable. Generating audit logs. Configured to either block web-based attacks or generate an alert that is immediately investigated PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center PCI_DSS_v4.0.1 6.4.1 PCI_DSS_v4.0.1_6.4.1 PCI DSS v4.0.1 6.4.1 For public-facing web applications, new threats and vulnerabilities are addressed on an ongoing basis and these applications are protected against known attacks as follows: Reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods as follows: At least once every 12 months and after significant changes. By an entity that specializes in application security. Including, at a minimum, all common software attacks in Requirement 6.2.4. All vulnerabilities are ranked in accordance with requirement 6.3.1. All vulnerabilities are corrected. The application is re-evaluated after the corrections. OR Installing an automated technical solution(s) that continually detects and prevents web-based attacks as follows: Installed in front of public-facing web applications to detect and prevent web-based attacks. Actively running and up to date as applicable. Generating audit logs. Configured to either block web-based attacks or generate an alert that is immediately investigated PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center PCI_DSS_v4.0.1 6.4.1 PCI_DSS_v4.0.1_6.4.1 PCI DSS v4.0.1 6.4.1 For public-facing web applications, new threats and vulnerabilities are addressed on an ongoing basis and these applications are protected against known attacks as follows: Reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods as follows: At least once every 12 months and after significant changes. By an entity that specializes in application security. Including, at a minimum, all common software attacks in Requirement 6.2.4. All vulnerabilities are ranked in accordance with requirement 6.3.1. All vulnerabilities are corrected. The application is re-evaluated after the corrections. OR Installing an automated technical solution(s) that continually detects and prevents web-based attacks as follows: Installed in front of public-facing web applications to detect and prevent web-based attacks. Actively running and up to date as applicable. Generating audit logs. Configured to either block web-based attacks or generate an alert that is immediately investigated PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center PCI_DSS_v4.0.1 6.4.1 PCI_DSS_v4.0.1_6.4.1 PCI DSS v4.0.1 6.4.1 For public-facing web applications, new threats and vulnerabilities are addressed on an ongoing basis and these applications are protected against known attacks as follows: Reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods as follows: At least once every 12 months and after significant changes. By an entity that specializes in application security. Including, at a minimum, all common software attacks in Requirement 6.2.4. All vulnerabilities are ranked in accordance with requirement 6.3.1. All vulnerabilities are corrected. The application is re-evaluated after the corrections. OR Installing an automated technical solution(s) that continually detects and prevents web-based attacks as follows: Installed in front of public-facing web applications to detect and prevent web-based attacks. Actively running and up to date as applicable. Generating audit logs. Configured to either block web-based attacks or generate an alert that is immediately investigated PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center PCI_DSS_v4.0.1 6.5.1 PCI_DSS_v4.0.1_6.5.1 PCI DSS v4.0.1 6.5.1 Changes to all system components in the production environment are made according to established procedures that include: Reason for, and description of, the change. Documentation of security impact. Documented change approval by authorized parties. Testing to verify that the change does not adversely impact system security. For bespoke and custom software changes, all updates are tested for compliance with Requirement 6.2.4 before being deployed into production. Procedures to address failures and return to a secure state PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center PCI_DSS_v4.0.1 6.5.1 PCI_DSS_v4.0.1_6.5.1 PCI DSS v4.0.1 6.5.1 Changes to all system components in the production environment are made according to established procedures that include: Reason for, and description of, the change. Documentation of security impact. Documented change approval by authorized parties. Testing to verify that the change does not adversely impact system security. For bespoke and custom software changes, all updates are tested for compliance with Requirement 6.2.4 before being deployed into production. Procedures to address failures and return to a secure state PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center PCI_DSS_v4.0.1 6.5.2 PCI_DSS_v4.0.1_6.5.2 PCI DSS v4.0.1 6.5.2 Upon completion of a significant change, all applicable PCI DSS requirements are confirmed to be in place on all new or changed systems and networks, and documentation is updated as applicable PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Required privileges are approved by authorized personnel PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center PCI_DSS_v4.0.1 7.3.1 PCI_DSS_v4.0.1_7.3.1 PCI DSS v4.0.1 7.3.1 An access control system(s) is in place that restricts access based on a user’s need to know and covers all system components PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring PCI_DSS_v4.0.1 7.3.1 PCI_DSS_v4.0.1_7.3.1 PCI DSS v4.0.1 7.3.1 An access control system(s) is in place that restricts access based on a user’s need to know and covers all system components PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute PCI_DSS_v4.0.1 7.3.1 PCI_DSS_v4.0.1_7.3.1 PCI DSS v4.0.1 7.3.1 An access control system(s) is in place that restricts access based on a user’s need to know and covers all system components PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring PCI_DSS_v4.0.1 7.3.1 PCI_DSS_v4.0.1_7.3.1 PCI DSS v4.0.1 7.3.1 An access control system(s) is in place that restricts access based on a user’s need to know and covers all system components PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL PCI_DSS_v4.0.1 7.3.1 PCI_DSS_v4.0.1_7.3.1 PCI DSS v4.0.1 7.3.1 An access control system(s) is in place that restricts access based on a user’s need to know and covers all system components PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning PCI_DSS_v4.0.1 7.3.1 PCI_DSS_v4.0.1_7.3.1 PCI DSS v4.0.1 7.3.1 An access control system(s) is in place that restricts access based on a user’s need to know and covers all system components PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL PCI_DSS_v4.0.1 7.3.1 PCI_DSS_v4.0.1_7.3.1 PCI DSS v4.0.1 7.3.1 An access control system(s) is in place that restricts access based on a user’s need to know and covers all system components PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration PCI_DSS_v4.0.1 7.3.1 PCI_DSS_v4.0.1_7.3.1 PCI DSS v4.0.1 7.3.1 An access control system(s) is in place that restricts access based on a user’s need to know and covers all system components PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch PCI_DSS_v4.0.1 7.3.1 PCI_DSS_v4.0.1_7.3.1 PCI DSS v4.0.1 7.3.1 An access control system(s) is in place that restricts access based on a user’s need to know and covers all system components PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR PCI_DSS_v4.0.1 7.3.1 PCI_DSS_v4.0.1_7.3.1 PCI DSS v4.0.1 7.3.1 An access control system(s) is in place that restricts access based on a user’s need to know and covers all system components PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub PCI_DSS_v4.0.1 7.3.1 PCI_DSS_v4.0.1_7.3.1 PCI DSS v4.0.1 7.3.1 An access control system(s) is in place that restricts access based on a user’s need to know and covers all system components PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes PCI_DSS_v4.0.1 7.3.1 PCI_DSS_v4.0.1_7.3.1 PCI DSS v4.0.1 7.3.1 An access control system(s) is in place that restricts access based on a user’s need to know and covers all system components PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage PCI_DSS_v4.0.1 7.3.1 PCI_DSS_v4.0.1_7.3.1 PCI DSS v4.0.1 7.3.1 An access control system(s) is in place that restricts access based on a user’s need to know and covers all system components PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management PCI_DSS_v4.0.1 7.3.1 PCI_DSS_v4.0.1_7.3.1 PCI DSS v4.0.1 7.3.1 An access control system(s) is in place that restricts access based on a user’s need to know and covers all system components PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub PCI_DSS_v4.0.1 7.3.1 PCI_DSS_v4.0.1_7.3.1 PCI DSS v4.0.1 7.3.1 An access control system(s) is in place that restricts access based on a user’s need to know and covers all system components PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus PCI_DSS_v4.0.1 7.3.1 PCI_DSS_v4.0.1_7.3.1 PCI DSS v4.0.1 7.3.1 An access control system(s) is in place that restricts access based on a user’s need to know and covers all system components PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL PCI_DSS_v4.0.1 7.3.1 PCI_DSS_v4.0.1_7.3.1 PCI DSS v4.0.1 7.3.1 An access control system(s) is in place that restricts access based on a user’s need to know and covers all system components PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service PCI_DSS_v4.0.1 7.3.1 PCI_DSS_v4.0.1_7.3.1 PCI DSS v4.0.1 7.3.1 An access control system(s) is in place that restricts access based on a user’s need to know and covers all system components PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes PCI_DSS_v4.0.1 7.3.1 PCI_DSS_v4.0.1_7.3.1 PCI DSS v4.0.1 7.3.1 An access control system(s) is in place that restricts access based on a user’s need to know and covers all system components PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring PCI_DSS_v4.0.1 7.3.1 PCI_DSS_v4.0.1_7.3.1 PCI DSS v4.0.1 7.3.1 An access control system(s) is in place that restricts access based on a user’s need to know and covers all system components PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL PCI_DSS_v4.0.1 7.3.1 PCI_DSS_v4.0.1_7.3.1 PCI DSS v4.0.1 7.3.1 An access control system(s) is in place that restricts access based on a user’s need to know and covers all system components PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB PCI_DSS_v4.0.1 7.3.1 PCI_DSS_v4.0.1_7.3.1 PCI DSS v4.0.1 7.3.1 An access control system(s) is in place that restricts access based on a user’s need to know and covers all system components PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network PCI_DSS_v4.0.1 7.3.1 PCI_DSS_v4.0.1_7.3.1 PCI DSS v4.0.1 7.3.1 An access control system(s) is in place that restricts access based on a user’s need to know and covers all system components PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache PCI_DSS_v4.0.1 7.3.1 PCI_DSS_v4.0.1_7.3.1 PCI DSS v4.0.1 7.3.1 An access control system(s) is in place that restricts access based on a user’s need to know and covers all system components PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL PCI_DSS_v4.0.1 7.3.1 PCI_DSS_v4.0.1_7.3.1 PCI DSS v4.0.1 7.3.1 An access control system(s) is in place that restricts access based on a user’s need to know and covers all system components PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL PCI_DSS_v4.0.1 7.3.1 PCI_DSS_v4.0.1_7.3.1 PCI DSS v4.0.1 7.3.1 An access control system(s) is in place that restricts access based on a user’s need to know and covers all system components PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL PCI_DSS_v4.0.1 7.3.1 PCI_DSS_v4.0.1_7.3.1 PCI DSS v4.0.1 7.3.1 An access control system(s) is in place that restricts access based on a user’s need to know and covers all system components PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance PCI_DSS_v4.0.1 9.4.1.2 PCI_DSS_v4.0.1_9.4.1.2 PCI DSS v4.0.1 9.4.1.2 The security of the offline media backup location(s) with cardholder data is reviewed at least once every 12 months PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance PCI_DSS_v4.0.1 9.4.1.2 PCI_DSS_v4.0.1_9.4.1.2 PCI DSS v4.0.1 9.4.1.2 The security of the offline media backup location(s) with cardholder data is reviewed at least once every 12 months PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring PCI_DSS_v4.0.1 9.5.1 PCI_DSS_v4.0.1_9.5.1 PCI DSS v4.0.1 9.5.1 Protection Measures for POI Devices Against Tampering and Unauthorized Substitution PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ebb67efd-3c46-49b0-adfe-5599eb944998 Audit Windows machines that don't have the specified applications installed Guest Configuration PCI_DSS_v4.0.1 9.5.1 PCI_DSS_v4.0.1_9.5.1 PCI DSS v4.0.1 9.5.1 Protection Measures for POI Devices Against Tampering and Unauthorized Substitution PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring PCI_DSS_v4.0.1 9.5.1 PCI_DSS_v4.0.1_9.5.1 PCI DSS v4.0.1 9.5.1 Protection Measures for POI Devices Against Tampering and Unauthorized Substitution PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network PCI_DSS_v4.0.1 9.5.1 PCI_DSS_v4.0.1_9.5.1 PCI DSS v4.0.1 9.5.1 Protection Measures for POI Devices Against Tampering and Unauthorized Substitution PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute PCI_DSS_v4.0.1 9.5.1 PCI_DSS_v4.0.1_9.5.1 PCI DSS v4.0.1 9.5.1 Protection Measures for POI Devices Against Tampering and Unauthorized Substitution PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center PCI_DSS_v4.0.1 9.5.1 PCI_DSS_v4.0.1_9.5.1 PCI DSS v4.0.1 9.5.1 Protection Measures for POI Devices Against Tampering and Unauthorized Substitution PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center PCI_DSS_v4.0.1 9.5.1 PCI_DSS_v4.0.1_9.5.1 PCI DSS v4.0.1 9.5.1 Protection Measures for POI Devices Against Tampering and Unauthorized Substitution PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring PCI_DSS_v4.0.1 9.5.1 PCI_DSS_v4.0.1_9.5.1 PCI DSS v4.0.1 9.5.1 Protection Measures for POI Devices Against Tampering and Unauthorized Substitution PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center PCI_DSS_v4.0.1 9.5.1 PCI_DSS_v4.0.1_9.5.1 PCI DSS v4.0.1 9.5.1 Protection Measures for POI Devices Against Tampering and Unauthorized Substitution PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network PCI_DSS_v4.0.1 9.5.1.1 PCI_DSS_v4.0.1_9.5.1.1 PCI DSS v4.0.1 9.5.1.1 Maintenance of an Up-to-Date List of POI Devices PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring PCI_DSS_v4.0.1 9.5.1.1 PCI_DSS_v4.0.1_9.5.1.1 PCI DSS v4.0.1 9.5.1.1 Maintenance of an Up-to-Date List of POI Devices PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring PCI_DSS_v4.0.1 9.5.1.1 PCI_DSS_v4.0.1_9.5.1.1 PCI DSS v4.0.1 9.5.1.1 Maintenance of an Up-to-Date List of POI Devices PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center PCI_DSS_v4.0.1 9.5.1.1 PCI_DSS_v4.0.1_9.5.1.1 PCI DSS v4.0.1 9.5.1.1 Maintenance of an Up-to-Date List of POI Devices PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
ebb67efd-3c46-49b0-adfe-5599eb944998 Audit Windows machines that don't have the specified applications installed Guest Configuration PCI_DSS_v4.0.1 9.5.1.1 PCI_DSS_v4.0.1_9.5.1.1 PCI DSS v4.0.1 9.5.1.1 Maintenance of an Up-to-Date List of POI Devices PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring PCI_DSS_v4.0.1 9.5.1.1 PCI_DSS_v4.0.1_9.5.1.1 PCI DSS v4.0.1 9.5.1.1 Maintenance of an Up-to-Date List of POI Devices PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute PCI_DSS_v4.0.1 9.5.1.1 PCI_DSS_v4.0.1_9.5.1.1 PCI DSS v4.0.1 9.5.1.1 Maintenance of an Up-to-Date List of POI Devices PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center PCI_DSS_v4.0.1 9.5.1.3 PCI_DSS_v4.0.1_9.5.1.3 PCI DSS v4.0.1 9.5.1.3 Training for POI Environment Security PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center PCI_DSS_v4.0.1 9.5.1.3 PCI_DSS_v4.0.1_9.5.1.3 PCI DSS v4.0.1 9.5.1.3 Training for POI Environment Security PCI DSS v4.0.1 (a06d5deb-24aa-4991-9d58-fa7563154e31)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance PCI_DSS_v4.0 1.1.1 PCI_DSS_v4.0_1.1.1 PCI DSS v4.0 1.1.1 Processes and mechanisms for installing and maintaining network security controls are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance PCI_DSS_v4.0 1.1.1 PCI_DSS_v4.0_1.1.1 PCI DSS v4.0 1.1.1 Processes and mechanisms for installing and maintaining network security controls are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance PCI_DSS_v4.0 1.2.1 PCI_DSS_v4.0_1.2.1 PCI DSS v4.0 1.2.1 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance PCI_DSS_v4.0 1.2.1 PCI_DSS_v4.0_1.2.1 PCI DSS v4.0 1.2.1 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance PCI_DSS_v4.0 1.2.1 PCI_DSS_v4.0_1.2.1 PCI DSS v4.0 1.2.1 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance PCI_DSS_v4.0 1.2.1 PCI_DSS_v4.0_1.2.1 PCI DSS v4.0 1.2.1 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance PCI_DSS_v4.0 1.2.1 PCI_DSS_v4.0_1.2.1 PCI DSS v4.0 1.2.1 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance PCI_DSS_v4.0 1.2.1 PCI_DSS_v4.0_1.2.1 PCI DSS v4.0 1.2.1 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance PCI_DSS_v4.0 1.2.2 PCI_DSS_v4.0_1.2.2 PCI DSS v4.0 1.2.2 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance PCI_DSS_v4.0 1.2.2 PCI_DSS_v4.0_1.2.2 PCI DSS v4.0 1.2.2 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance PCI_DSS_v4.0 1.2.2 PCI_DSS_v4.0_1.2.2 PCI DSS v4.0 1.2.2 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance PCI_DSS_v4.0 1.2.2 PCI_DSS_v4.0_1.2.2 PCI DSS v4.0 1.2.2 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance PCI_DSS_v4.0 1.2.2 PCI_DSS_v4.0_1.2.2 PCI DSS v4.0 1.2.2 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance PCI_DSS_v4.0 1.2.2 PCI_DSS_v4.0_1.2.2 PCI DSS v4.0 1.2.2 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance PCI_DSS_v4.0 1.2.2 PCI_DSS_v4.0_1.2.2 PCI DSS v4.0 1.2.2 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance PCI_DSS_v4.0 1.2.2 PCI_DSS_v4.0_1.2.2 PCI DSS v4.0 1.2.2 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance PCI_DSS_v4.0 1.2.3 PCI_DSS_v4.0_1.2.3 PCI DSS v4.0 1.2.3 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance PCI_DSS_v4.0 1.2.4 PCI_DSS_v4.0_1.2.4 PCI DSS v4.0 1.2.4 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance PCI_DSS_v4.0 1.2.5 PCI_DSS_v4.0_1.2.5 PCI DSS v4.0 1.2.5 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f6da5cca-5795-60ff-49e1-4972567815fe Require developer to identify SDLC ports, protocols, and services Regulatory Compliance PCI_DSS_v4.0 1.2.5 PCI_DSS_v4.0_1.2.5 PCI DSS v4.0 1.2.5 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c246d146-82b0-301f-32e7-1065dcd248b7 Review changes for any unauthorized changes Regulatory Compliance PCI_DSS_v4.0 1.2.8 PCI_DSS_v4.0_1.2.8 PCI DSS v4.0 1.2.8 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8cd815bf-97e1-5144-0735-11f6ddb50a59 Enforce and audit access restrictions Regulatory Compliance PCI_DSS_v4.0 1.2.8 PCI_DSS_v4.0_1.2.8 PCI DSS v4.0 1.2.8 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance PCI_DSS_v4.0 1.2.8 PCI_DSS_v4.0_1.2.8 PCI DSS v4.0 1.2.8 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center PCI_DSS_v4.0 1.3.2 PCI_DSS_v4.0_1.3.2 PCI DSS v4.0 1.3.2 Network access to and from the cardholder data environment is restricted PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage PCI_DSS_v4.0 1.3.2 PCI_DSS_v4.0_1.3.2 PCI DSS v4.0 1.3.2 Network access to and from the cardholder data environment is restricted PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance PCI_DSS_v4.0 1.3.3 PCI_DSS_v4.0_1.3.3 PCI DSS v4.0 1.3.3 Network access to and from the cardholder data environment is restricted PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance PCI_DSS_v4.0 1.3.3 PCI_DSS_v4.0_1.3.3 PCI DSS v4.0 1.3.3 Network access to and from the cardholder data environment is restricted PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance PCI_DSS_v4.0 1.4.1 PCI_DSS_v4.0_1.4.1 PCI DSS v4.0 1.4.1 Network connections between trusted and untrusted networks are controlled PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance PCI_DSS_v4.0 1.4.1 PCI_DSS_v4.0_1.4.1 PCI DSS v4.0 1.4.1 Network connections between trusted and untrusted networks are controlled PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance PCI_DSS_v4.0 1.4.1 PCI_DSS_v4.0_1.4.1 PCI DSS v4.0 1.4.1 Network connections between trusted and untrusted networks are controlled PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance PCI_DSS_v4.0 1.4.1 PCI_DSS_v4.0_1.4.1 PCI DSS v4.0 1.4.1 Network connections between trusted and untrusted networks are controlled PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance PCI_DSS_v4.0 1.4.1 PCI_DSS_v4.0_1.4.1 PCI DSS v4.0 1.4.1 Network connections between trusted and untrusted networks are controlled PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage PCI_DSS_v4.0 1.4.2 PCI_DSS_v4.0_1.4.2 PCI DSS v4.0 1.4.2 Network connections between trusted and untrusted networks are controlled PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center PCI_DSS_v4.0 1.4.2 PCI_DSS_v4.0_1.4.2 PCI DSS v4.0 1.4.2 Network connections between trusted and untrusted networks are controlled PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance PCI_DSS_v4.0 1.4.2 PCI_DSS_v4.0_1.4.2 PCI DSS v4.0 1.4.2 Network connections between trusted and untrusted networks are controlled PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance PCI_DSS_v4.0 1.4.2 PCI_DSS_v4.0_1.4.2 PCI DSS v4.0 1.4.2 Network connections between trusted and untrusted networks are controlled PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance PCI_DSS_v4.0 1.4.2 PCI_DSS_v4.0_1.4.2 PCI DSS v4.0 1.4.2 Network connections between trusted and untrusted networks are controlled PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance PCI_DSS_v4.0 1.4.2 PCI_DSS_v4.0_1.4.2 PCI DSS v4.0 1.4.2 Network connections between trusted and untrusted networks are controlled PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance PCI_DSS_v4.0 1.4.2 PCI_DSS_v4.0_1.4.2 PCI DSS v4.0 1.4.2 Network connections between trusted and untrusted networks are controlled PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance PCI_DSS_v4.0 1.4.3 PCI_DSS_v4.0_1.4.3 PCI DSS v4.0 1.4.3 Network connections between trusted and untrusted networks are controlled PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance PCI_DSS_v4.0 1.4.3 PCI_DSS_v4.0_1.4.3 PCI DSS v4.0 1.4.3 Network connections between trusted and untrusted networks are controlled PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance PCI_DSS_v4.0 1.4.4 PCI_DSS_v4.0_1.4.4 PCI DSS v4.0 1.4.4 Network connections between trusted and untrusted networks are controlled PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance PCI_DSS_v4.0 1.4.4 PCI_DSS_v4.0_1.4.4 PCI DSS v4.0 1.4.4 Network connections between trusted and untrusted networks are controlled PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance PCI_DSS_v4.0 1.5.1 PCI_DSS_v4.0_1.5.1 PCI DSS v4.0 1.5.1 Risks to the CDE from computing devices that are able to connect to both untrusted networks and the CDE are mitigated PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance PCI_DSS_v4.0 1.5.1 PCI_DSS_v4.0_1.5.1 PCI DSS v4.0 1.5.1 Risks to the CDE from computing devices that are able to connect to both untrusted networks and the CDE are mitigated PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance PCI_DSS_v4.0 1.5.1 PCI_DSS_v4.0_1.5.1 PCI DSS v4.0 1.5.1 Risks to the CDE from computing devices that are able to connect to both untrusted networks and the CDE are mitigated PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance PCI_DSS_v4.0 1.5.1 PCI_DSS_v4.0_1.5.1 PCI DSS v4.0 1.5.1 Risks to the CDE from computing devices that are able to connect to both untrusted networks and the CDE are mitigated PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance PCI_DSS_v4.0 1.5.1 PCI_DSS_v4.0_1.5.1 PCI DSS v4.0 1.5.1 Risks to the CDE from computing devices that are able to connect to both untrusted networks and the CDE are mitigated PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance PCI_DSS_v4.0 10.1.1 PCI_DSS_v4.0_10.1.1 PCI DSS v4.0 10.1.1 Processes and mechanisms for logging and monitoring all access to system components and cardholder data are defined and documented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance PCI_DSS_v4.0 10.1.1 PCI_DSS_v4.0_10.1.1 PCI DSS v4.0 10.1.1 Processes and mechanisms for logging and monitoring all access to system components and cardholder data are defined and documented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance PCI_DSS_v4.0 10.1.1 PCI_DSS_v4.0_10.1.1 PCI DSS v4.0 10.1.1 Processes and mechanisms for logging and monitoring all access to system components and cardholder data are defined and documented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance PCI_DSS_v4.0 10.1.1 PCI_DSS_v4.0_10.1.1 PCI DSS v4.0 10.1.1 Processes and mechanisms for logging and monitoring all access to system components and cardholder data are defined and documented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance PCI_DSS_v4.0 10.2.1 PCI_DSS_v4.0_10.2.1 PCI DSS v4.0 10.2.1 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance PCI_DSS_v4.0 10.2.1 PCI_DSS_v4.0_10.2.1 PCI DSS v4.0 10.2.1 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance PCI_DSS_v4.0 10.2.1 PCI_DSS_v4.0_10.2.1 PCI DSS v4.0 10.2.1 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance PCI_DSS_v4.0 10.2.1 PCI_DSS_v4.0_10.2.1 PCI DSS v4.0 10.2.1 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance PCI_DSS_v4.0 10.2.1.1 PCI_DSS_v4.0_10.2.1.1 PCI DSS v4.0 10.2.1.1 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance PCI_DSS_v4.0 10.2.1.2 PCI_DSS_v4.0_10.2.1.2 PCI DSS v4.0 10.2.1.2 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance PCI_DSS_v4.0 10.2.1.2 PCI_DSS_v4.0_10.2.1.2 PCI DSS v4.0 10.2.1.2 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance PCI_DSS_v4.0 10.2.1.2 PCI_DSS_v4.0_10.2.1.2 PCI DSS v4.0 10.2.1.2 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance PCI_DSS_v4.0 10.2.1.2 PCI_DSS_v4.0_10.2.1.2 PCI DSS v4.0 10.2.1.2 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance PCI_DSS_v4.0 10.2.1.2 PCI_DSS_v4.0_10.2.1.2 PCI DSS v4.0 10.2.1.2 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance PCI_DSS_v4.0 10.2.1.2 PCI_DSS_v4.0_10.2.1.2 PCI DSS v4.0 10.2.1.2 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance PCI_DSS_v4.0 10.2.1.2 PCI_DSS_v4.0_10.2.1.2 PCI DSS v4.0 10.2.1.2 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance PCI_DSS_v4.0 10.2.1.3 PCI_DSS_v4.0_10.2.1.3 PCI DSS v4.0 10.2.1.3 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance PCI_DSS_v4.0 10.2.1.3 PCI_DSS_v4.0_10.2.1.3 PCI DSS v4.0 10.2.1.3 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance PCI_DSS_v4.0 10.2.1.3 PCI_DSS_v4.0_10.2.1.3 PCI DSS v4.0 10.2.1.3 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance PCI_DSS_v4.0 10.2.1.3 PCI_DSS_v4.0_10.2.1.3 PCI DSS v4.0 10.2.1.3 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance PCI_DSS_v4.0 10.2.1.3 PCI_DSS_v4.0_10.2.1.3 PCI DSS v4.0 10.2.1.3 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance PCI_DSS_v4.0 10.2.1.3 PCI_DSS_v4.0_10.2.1.3 PCI DSS v4.0 10.2.1.3 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance PCI_DSS_v4.0 10.2.1.3 PCI_DSS_v4.0_10.2.1.3 PCI DSS v4.0 10.2.1.3 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance PCI_DSS_v4.0 10.2.1.3 PCI_DSS_v4.0_10.2.1.3 PCI DSS v4.0 10.2.1.3 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance PCI_DSS_v4.0 10.2.1.4 PCI_DSS_v4.0_10.2.1.4 PCI DSS v4.0 10.2.1.4 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance PCI_DSS_v4.0 10.2.1.5 PCI_DSS_v4.0_10.2.1.5 PCI DSS v4.0 10.2.1.5 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance PCI_DSS_v4.0 10.2.1.5 PCI_DSS_v4.0_10.2.1.5 PCI DSS v4.0 10.2.1.5 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance PCI_DSS_v4.0 10.2.1.5 PCI_DSS_v4.0_10.2.1.5 PCI DSS v4.0 10.2.1.5 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance PCI_DSS_v4.0 10.2.1.5 PCI_DSS_v4.0_10.2.1.5 PCI DSS v4.0 10.2.1.5 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance PCI_DSS_v4.0 10.2.1.5 PCI_DSS_v4.0_10.2.1.5 PCI DSS v4.0 10.2.1.5 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance PCI_DSS_v4.0 10.2.1.5 PCI_DSS_v4.0_10.2.1.5 PCI DSS v4.0 10.2.1.5 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance PCI_DSS_v4.0 10.2.1.5 PCI_DSS_v4.0_10.2.1.5 PCI DSS v4.0 10.2.1.5 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance PCI_DSS_v4.0 10.2.1.5 PCI_DSS_v4.0_10.2.1.5 PCI DSS v4.0 10.2.1.5 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance PCI_DSS_v4.0 10.2.1.5 PCI_DSS_v4.0_10.2.1.5 PCI DSS v4.0 10.2.1.5 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance PCI_DSS_v4.0 10.2.1.5 PCI_DSS_v4.0_10.2.1.5 PCI DSS v4.0 10.2.1.5 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance PCI_DSS_v4.0 10.2.1.5 PCI_DSS_v4.0_10.2.1.5 PCI DSS v4.0 10.2.1.5 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance PCI_DSS_v4.0 10.2.1.5 PCI_DSS_v4.0_10.2.1.5 PCI DSS v4.0 10.2.1.5 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance PCI_DSS_v4.0 10.2.1.5 PCI_DSS_v4.0_10.2.1.5 PCI DSS v4.0 10.2.1.5 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance PCI_DSS_v4.0 10.2.1.6 PCI_DSS_v4.0_10.2.1.6 PCI DSS v4.0 10.2.1.6 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance PCI_DSS_v4.0 10.2.1.6 PCI_DSS_v4.0_10.2.1.6 PCI DSS v4.0 10.2.1.6 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance PCI_DSS_v4.0 10.2.1.6 PCI_DSS_v4.0_10.2.1.6 PCI DSS v4.0 10.2.1.6 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance PCI_DSS_v4.0 10.2.1.6 PCI_DSS_v4.0_10.2.1.6 PCI DSS v4.0 10.2.1.6 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance PCI_DSS_v4.0 10.2.1.6 PCI_DSS_v4.0_10.2.1.6 PCI DSS v4.0 10.2.1.6 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance PCI_DSS_v4.0 10.2.1.6 PCI_DSS_v4.0_10.2.1.6 PCI DSS v4.0 10.2.1.6 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance PCI_DSS_v4.0 10.2.1.6 PCI_DSS_v4.0_10.2.1.6 PCI DSS v4.0 10.2.1.6 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance PCI_DSS_v4.0 10.2.1.6 PCI_DSS_v4.0_10.2.1.6 PCI DSS v4.0 10.2.1.6 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance PCI_DSS_v4.0 10.2.1.7 PCI_DSS_v4.0_10.2.1.7 PCI DSS v4.0 10.2.1.7 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute PCI_DSS_v4.0 10.2.2 PCI_DSS_v4.0_10.2.2 PCI DSS v4.0 10.2.2 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage PCI_DSS_v4.0 10.2.2 PCI_DSS_v4.0_10.2.2 PCI DSS v4.0 10.2.2 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring PCI_DSS_v4.0 10.2.2 PCI_DSS_v4.0_10.2.2 PCI DSS v4.0 10.2.2 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance PCI_DSS_v4.0 10.2.2 PCI_DSS_v4.0_10.2.2 PCI DSS v4.0 10.2.2 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL PCI_DSS_v4.0 10.2.2 PCI_DSS_v4.0_10.2.2 PCI DSS v4.0 10.2.2 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance PCI_DSS_v4.0 10.3.1 PCI_DSS_v4.0_10.3.1 PCI DSS v4.0 10.3.1 Audit logs are protected from destruction and unauthorized modifications PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance PCI_DSS_v4.0 10.3.1 PCI_DSS_v4.0_10.3.1 PCI DSS v4.0 10.3.1 Audit logs are protected from destruction and unauthorized modifications PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance PCI_DSS_v4.0 10.3.2 PCI_DSS_v4.0_10.3.2 PCI DSS v4.0 10.3.2 Audit logs are protected from destruction and unauthorized modifications PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance PCI_DSS_v4.0 10.3.2 PCI_DSS_v4.0_10.3.2 PCI DSS v4.0 10.3.2 Audit logs are protected from destruction and unauthorized modifications PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance PCI_DSS_v4.0 10.3.3 PCI_DSS_v4.0_10.3.3 PCI DSS v4.0 10.3.3 Audit logs are protected from destruction and unauthorized modifications PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute PCI_DSS_v4.0 10.3.3 PCI_DSS_v4.0_10.3.3 PCI DSS v4.0 10.3.3 Audit logs are protected from destruction and unauthorized modifications PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage PCI_DSS_v4.0 10.3.3 PCI_DSS_v4.0_10.3.3 PCI DSS v4.0 10.3.3 Audit logs are protected from destruction and unauthorized modifications PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring PCI_DSS_v4.0 10.3.3 PCI_DSS_v4.0_10.3.3 PCI DSS v4.0 10.3.3 Audit logs are protected from destruction and unauthorized modifications PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL PCI_DSS_v4.0 10.3.3 PCI_DSS_v4.0_10.3.3 PCI DSS v4.0 10.3.3 Audit logs are protected from destruction and unauthorized modifications PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance PCI_DSS_v4.0 10.3.4 PCI_DSS_v4.0_10.3.4 PCI DSS v4.0 10.3.4 Audit logs are protected from destruction and unauthorized modifications PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance PCI_DSS_v4.0 10.3.4 PCI_DSS_v4.0_10.3.4 PCI DSS v4.0 10.3.4 Audit logs are protected from destruction and unauthorized modifications PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance PCI_DSS_v4.0 10.4.1 PCI_DSS_v4.0_10.4.1 PCI DSS v4.0 10.4.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance PCI_DSS_v4.0 10.4.1 PCI_DSS_v4.0_10.4.1 PCI DSS v4.0 10.4.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance PCI_DSS_v4.0 10.4.1 PCI_DSS_v4.0_10.4.1 PCI DSS v4.0 10.4.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance PCI_DSS_v4.0 10.4.1 PCI_DSS_v4.0_10.4.1 PCI DSS v4.0 10.4.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance PCI_DSS_v4.0 10.4.1 PCI_DSS_v4.0_10.4.1 PCI DSS v4.0 10.4.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance PCI_DSS_v4.0 10.4.1 PCI_DSS_v4.0_10.4.1 PCI DSS v4.0 10.4.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance PCI_DSS_v4.0 10.4.1 PCI_DSS_v4.0_10.4.1 PCI DSS v4.0 10.4.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance PCI_DSS_v4.0 10.4.1 PCI_DSS_v4.0_10.4.1 PCI DSS v4.0 10.4.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance PCI_DSS_v4.0 10.4.1 PCI_DSS_v4.0_10.4.1 PCI DSS v4.0 10.4.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance PCI_DSS_v4.0 10.4.1 PCI_DSS_v4.0_10.4.1 PCI DSS v4.0 10.4.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance PCI_DSS_v4.0 10.4.1 PCI_DSS_v4.0_10.4.1 PCI DSS v4.0 10.4.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance PCI_DSS_v4.0 10.4.1.1 PCI_DSS_v4.0_10.4.1.1 PCI DSS v4.0 10.4.1.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance PCI_DSS_v4.0 10.4.1.1 PCI_DSS_v4.0_10.4.1.1 PCI DSS v4.0 10.4.1.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance PCI_DSS_v4.0 10.4.1.1 PCI_DSS_v4.0_10.4.1.1 PCI DSS v4.0 10.4.1.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance PCI_DSS_v4.0 10.4.1.1 PCI_DSS_v4.0_10.4.1.1 PCI DSS v4.0 10.4.1.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance PCI_DSS_v4.0 10.4.1.1 PCI_DSS_v4.0_10.4.1.1 PCI DSS v4.0 10.4.1.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance PCI_DSS_v4.0 10.4.1.1 PCI_DSS_v4.0_10.4.1.1 PCI DSS v4.0 10.4.1.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance PCI_DSS_v4.0 10.4.1.1 PCI_DSS_v4.0_10.4.1.1 PCI DSS v4.0 10.4.1.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance PCI_DSS_v4.0 10.4.1.1 PCI_DSS_v4.0_10.4.1.1 PCI DSS v4.0 10.4.1.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance PCI_DSS_v4.0 10.4.1.1 PCI_DSS_v4.0_10.4.1.1 PCI DSS v4.0 10.4.1.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance PCI_DSS_v4.0 10.4.1.1 PCI_DSS_v4.0_10.4.1.1 PCI DSS v4.0 10.4.1.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance PCI_DSS_v4.0 10.4.1.1 PCI_DSS_v4.0_10.4.1.1 PCI DSS v4.0 10.4.1.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance PCI_DSS_v4.0 10.4.2 PCI_DSS_v4.0_10.4.2 PCI DSS v4.0 10.4.2 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance PCI_DSS_v4.0 10.4.2 PCI_DSS_v4.0_10.4.2 PCI DSS v4.0 10.4.2 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance PCI_DSS_v4.0 10.4.2 PCI_DSS_v4.0_10.4.2 PCI DSS v4.0 10.4.2 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance PCI_DSS_v4.0 10.4.2 PCI_DSS_v4.0_10.4.2 PCI DSS v4.0 10.4.2 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance PCI_DSS_v4.0 10.4.2 PCI_DSS_v4.0_10.4.2 PCI DSS v4.0 10.4.2 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance PCI_DSS_v4.0 10.4.2 PCI_DSS_v4.0_10.4.2 PCI DSS v4.0 10.4.2 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance PCI_DSS_v4.0 10.4.2 PCI_DSS_v4.0_10.4.2 PCI DSS v4.0 10.4.2 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance PCI_DSS_v4.0 10.4.2 PCI_DSS_v4.0_10.4.2 PCI DSS v4.0 10.4.2 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance PCI_DSS_v4.0 10.4.2 PCI_DSS_v4.0_10.4.2 PCI DSS v4.0 10.4.2 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance PCI_DSS_v4.0 10.4.2 PCI_DSS_v4.0_10.4.2 PCI DSS v4.0 10.4.2 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance PCI_DSS_v4.0 10.4.2 PCI_DSS_v4.0_10.4.2 PCI DSS v4.0 10.4.2 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance PCI_DSS_v4.0 10.4.2.1 PCI_DSS_v4.0_10.4.2.1 PCI DSS v4.0 10.4.2.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance PCI_DSS_v4.0 10.4.2.1 PCI_DSS_v4.0_10.4.2.1 PCI DSS v4.0 10.4.2.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance PCI_DSS_v4.0 10.4.2.1 PCI_DSS_v4.0_10.4.2.1 PCI DSS v4.0 10.4.2.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance PCI_DSS_v4.0 10.4.2.1 PCI_DSS_v4.0_10.4.2.1 PCI DSS v4.0 10.4.2.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance PCI_DSS_v4.0 10.4.2.1 PCI_DSS_v4.0_10.4.2.1 PCI DSS v4.0 10.4.2.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance PCI_DSS_v4.0 10.4.2.1 PCI_DSS_v4.0_10.4.2.1 PCI DSS v4.0 10.4.2.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance PCI_DSS_v4.0 10.4.2.1 PCI_DSS_v4.0_10.4.2.1 PCI DSS v4.0 10.4.2.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance PCI_DSS_v4.0 10.4.2.1 PCI_DSS_v4.0_10.4.2.1 PCI DSS v4.0 10.4.2.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance PCI_DSS_v4.0 10.4.2.1 PCI_DSS_v4.0_10.4.2.1 PCI DSS v4.0 10.4.2.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance PCI_DSS_v4.0 10.4.2.1 PCI_DSS_v4.0_10.4.2.1 PCI DSS v4.0 10.4.2.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance PCI_DSS_v4.0 10.4.2.1 PCI_DSS_v4.0_10.4.2.1 PCI DSS v4.0 10.4.2.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance PCI_DSS_v4.0 10.4.3 PCI_DSS_v4.0_10.4.3 PCI DSS v4.0 10.4.3 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance PCI_DSS_v4.0 10.4.3 PCI_DSS_v4.0_10.4.3 PCI DSS v4.0 10.4.3 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance PCI_DSS_v4.0 10.4.3 PCI_DSS_v4.0_10.4.3 PCI DSS v4.0 10.4.3 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance PCI_DSS_v4.0 10.4.3 PCI_DSS_v4.0_10.4.3 PCI DSS v4.0 10.4.3 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance PCI_DSS_v4.0 10.4.3 PCI_DSS_v4.0_10.4.3 PCI DSS v4.0 10.4.3 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance PCI_DSS_v4.0 10.4.3 PCI_DSS_v4.0_10.4.3 PCI DSS v4.0 10.4.3 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance PCI_DSS_v4.0 10.4.3 PCI_DSS_v4.0_10.4.3 PCI DSS v4.0 10.4.3 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance PCI_DSS_v4.0 10.4.3 PCI_DSS_v4.0_10.4.3 PCI DSS v4.0 10.4.3 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance PCI_DSS_v4.0 10.4.3 PCI_DSS_v4.0_10.4.3 PCI DSS v4.0 10.4.3 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance PCI_DSS_v4.0 10.4.3 PCI_DSS_v4.0_10.4.3 PCI DSS v4.0 10.4.3 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance PCI_DSS_v4.0 10.4.3 PCI_DSS_v4.0_10.4.3 PCI DSS v4.0 10.4.3 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance PCI_DSS_v4.0 10.5.1 PCI_DSS_v4.0_10.5.1 PCI DSS v4.0 10.5.1 Audit log history is retained and available for analysis PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance PCI_DSS_v4.0 10.5.1 PCI_DSS_v4.0_10.5.1 PCI DSS v4.0 10.5.1 Audit log history is retained and available for analysis PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance PCI_DSS_v4.0 10.5.1 PCI_DSS_v4.0_10.5.1 PCI DSS v4.0 10.5.1 Audit log history is retained and available for analysis PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1ee4c7eb-480a-0007-77ff-4ba370776266 Use system clocks for audit records Regulatory Compliance PCI_DSS_v4.0 10.6.1 PCI_DSS_v4.0_10.6.1 PCI DSS v4.0 10.6.1 Time-synchronization mechanisms support consistent time settings across all systems PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1ee4c7eb-480a-0007-77ff-4ba370776266 Use system clocks for audit records Regulatory Compliance PCI_DSS_v4.0 10.6.2 PCI_DSS_v4.0_10.6.2 PCI DSS v4.0 10.6.2 Time-synchronization mechanisms support consistent time settings across all systems PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance PCI_DSS_v4.0 10.6.3 PCI_DSS_v4.0_10.6.3 PCI DSS v4.0 10.6.3 Time-synchronization mechanisms support consistent time settings across all systems PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance PCI_DSS_v4.0 10.6.3 PCI_DSS_v4.0_10.6.3 PCI DSS v4.0 10.6.3 Time-synchronization mechanisms support consistent time settings across all systems PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance PCI_DSS_v4.0 10.6.3 PCI_DSS_v4.0_10.6.3 PCI DSS v4.0 10.6.3 Time-synchronization mechanisms support consistent time settings across all systems PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance PCI_DSS_v4.0 10.6.3 PCI_DSS_v4.0_10.6.3 PCI DSS v4.0 10.6.3 Time-synchronization mechanisms support consistent time settings across all systems PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance PCI_DSS_v4.0 10.6.3 PCI_DSS_v4.0_10.6.3 PCI DSS v4.0 10.6.3 Time-synchronization mechanisms support consistent time settings across all systems PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance PCI_DSS_v4.0 10.6.3 PCI_DSS_v4.0_10.6.3 PCI DSS v4.0 10.6.3 Time-synchronization mechanisms support consistent time settings across all systems PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance PCI_DSS_v4.0 10.6.3 PCI_DSS_v4.0_10.6.3 PCI DSS v4.0 10.6.3 Time-synchronization mechanisms support consistent time settings across all systems PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance PCI_DSS_v4.0 10.6.3 PCI_DSS_v4.0_10.6.3 PCI DSS v4.0 10.6.3 Time-synchronization mechanisms support consistent time settings across all systems PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance PCI_DSS_v4.0 10.6.3 PCI_DSS_v4.0_10.6.3 PCI DSS v4.0 10.6.3 Time-synchronization mechanisms support consistent time settings across all systems PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance PCI_DSS_v4.0 10.6.3 PCI_DSS_v4.0_10.6.3 PCI DSS v4.0 10.6.3 Time-synchronization mechanisms support consistent time settings across all systems PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance PCI_DSS_v4.0 10.7.1 PCI_DSS_v4.0_10.7.1 PCI DSS v4.0 10.7.1 Failures of critical security control systems are detected, reported, and responded to promptly PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
18e9d748-73d4-0c96-55ab-b108bfbd5bc3 Notify personnel of any failed security verification tests Regulatory Compliance PCI_DSS_v4.0 10.7.1 PCI_DSS_v4.0_10.7.1 PCI DSS v4.0 10.7.1 Failures of critical security control systems are detected, reported, and responded to promptly PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f30edfad-4e1d-1eef-27ee-9292d6d89842 Perform security function verification at a defined frequency Regulatory Compliance PCI_DSS_v4.0 10.7.1 PCI_DSS_v4.0_10.7.1 PCI DSS v4.0 10.7.1 Failures of critical security control systems are detected, reported, and responded to promptly PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ece8bb17-4080-5127-915f-dc7267ee8549 Verify security functions Regulatory Compliance PCI_DSS_v4.0 10.7.1 PCI_DSS_v4.0_10.7.1 PCI DSS v4.0 10.7.1 Failures of critical security control systems are detected, reported, and responded to promptly PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2 Create alternative actions for identified anomalies Regulatory Compliance PCI_DSS_v4.0 10.7.1 PCI_DSS_v4.0_10.7.1 PCI DSS v4.0 10.7.1 Failures of critical security control systems are detected, reported, and responded to promptly PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
18e9d748-73d4-0c96-55ab-b108bfbd5bc3 Notify personnel of any failed security verification tests Regulatory Compliance PCI_DSS_v4.0 10.7.2 PCI_DSS_v4.0_10.7.2 PCI DSS v4.0 10.7.2 Failures of critical security control systems are detected, reported, and responded to promptly PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2 Create alternative actions for identified anomalies Regulatory Compliance PCI_DSS_v4.0 10.7.2 PCI_DSS_v4.0_10.7.2 PCI DSS v4.0 10.7.2 Failures of critical security control systems are detected, reported, and responded to promptly PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ece8bb17-4080-5127-915f-dc7267ee8549 Verify security functions Regulatory Compliance PCI_DSS_v4.0 10.7.2 PCI_DSS_v4.0_10.7.2 PCI DSS v4.0 10.7.2 Failures of critical security control systems are detected, reported, and responded to promptly PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f30edfad-4e1d-1eef-27ee-9292d6d89842 Perform security function verification at a defined frequency Regulatory Compliance PCI_DSS_v4.0 10.7.2 PCI_DSS_v4.0_10.7.2 PCI DSS v4.0 10.7.2 Failures of critical security control systems are detected, reported, and responded to promptly PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance PCI_DSS_v4.0 10.7.2 PCI_DSS_v4.0_10.7.2 PCI DSS v4.0 10.7.2 Failures of critical security control systems are detected, reported, and responded to promptly PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2 Create alternative actions for identified anomalies Regulatory Compliance PCI_DSS_v4.0 10.7.3 PCI_DSS_v4.0_10.7.3 PCI DSS v4.0 10.7.3 Failures of critical security control systems are detected, reported, and responded to promptly PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
18e9d748-73d4-0c96-55ab-b108bfbd5bc3 Notify personnel of any failed security verification tests Regulatory Compliance PCI_DSS_v4.0 10.7.3 PCI_DSS_v4.0_10.7.3 PCI DSS v4.0 10.7.3 Failures of critical security control systems are detected, reported, and responded to promptly PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ece8bb17-4080-5127-915f-dc7267ee8549 Verify security functions Regulatory Compliance PCI_DSS_v4.0 10.7.3 PCI_DSS_v4.0_10.7.3 PCI DSS v4.0 10.7.3 Failures of critical security control systems are detected, reported, and responded to promptly PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f30edfad-4e1d-1eef-27ee-9292d6d89842 Perform security function verification at a defined frequency Regulatory Compliance PCI_DSS_v4.0 10.7.3 PCI_DSS_v4.0_10.7.3 PCI DSS v4.0 10.7.3 Failures of critical security control systems are detected, reported, and responded to promptly PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance PCI_DSS_v4.0 11.1.1 PCI_DSS_v4.0_11.1.1 PCI DSS v4.0 11.1.1 Processes and mechanisms for regularly testing security of systems and networks are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance PCI_DSS_v4.0 11.1.1 PCI_DSS_v4.0_11.1.1 PCI DSS v4.0 11.1.1 Processes and mechanisms for regularly testing security of systems and networks are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance PCI_DSS_v4.0 11.1.1 PCI_DSS_v4.0_11.1.1 PCI DSS v4.0 11.1.1 Processes and mechanisms for regularly testing security of systems and networks are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance PCI_DSS_v4.0 11.2.2 PCI_DSS_v4.0_11.2.2 PCI DSS v4.0 11.2.2 Wireless access points are identified and monitored, and unauthorized wireless access points are addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance PCI_DSS_v4.0 11.2.2 PCI_DSS_v4.0_11.2.2 PCI DSS v4.0 11.2.2 Wireless access points are identified and monitored, and unauthorized wireless access points are addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center PCI_DSS_v4.0 11.3.1 PCI_DSS_v4.0_11.3.1 PCI DSS v4.0 11.3.1 External and internal vulnerabilities are regularly identified, prioritized, and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance PCI_DSS_v4.0 11.3.1 PCI_DSS_v4.0_11.3.1 PCI DSS v4.0 11.3.1 External and internal vulnerabilities are regularly identified, prioritized, and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance PCI_DSS_v4.0 11.3.1 PCI_DSS_v4.0_11.3.1 PCI DSS v4.0 11.3.1 External and internal vulnerabilities are regularly identified, prioritized, and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center PCI_DSS_v4.0 11.3.1 PCI_DSS_v4.0_11.3.1 PCI DSS v4.0 11.3.1 External and internal vulnerabilities are regularly identified, prioritized, and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance PCI_DSS_v4.0 11.3.1.1 PCI_DSS_v4.0_11.3.1.1 PCI DSS v4.0 11.3.1.1 External and internal vulnerabilities are regularly identified, prioritized, and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance PCI_DSS_v4.0 11.3.1.1 PCI_DSS_v4.0_11.3.1.1 PCI DSS v4.0 11.3.1.1 External and internal vulnerabilities are regularly identified, prioritized, and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance PCI_DSS_v4.0 11.3.1.3 PCI_DSS_v4.0_11.3.1.3 PCI DSS v4.0 11.3.1.3 External and internal vulnerabilities are regularly identified, prioritized, and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance PCI_DSS_v4.0 11.3.1.3 PCI_DSS_v4.0_11.3.1.3 PCI DSS v4.0 11.3.1.3 External and internal vulnerabilities are regularly identified, prioritized, and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance PCI_DSS_v4.0 11.3.2 PCI_DSS_v4.0_11.3.2 PCI DSS v4.0 11.3.2 External and internal vulnerabilities are regularly identified, prioritized, and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance PCI_DSS_v4.0 11.3.2 PCI_DSS_v4.0_11.3.2 PCI DSS v4.0 11.3.2 External and internal vulnerabilities are regularly identified, prioritized, and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance PCI_DSS_v4.0 11.3.2.1 PCI_DSS_v4.0_11.3.2.1 PCI DSS v4.0 11.3.2.1 External and internal vulnerabilities are regularly identified, prioritized, and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance PCI_DSS_v4.0 11.3.2.1 PCI_DSS_v4.0_11.3.2.1 PCI DSS v4.0 11.3.2.1 External and internal vulnerabilities are regularly identified, prioritized, and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
611ebc63-8600-50b6-a0e3-fef272457132 Employ independent team for penetration testing Regulatory Compliance PCI_DSS_v4.0 11.4.1 PCI_DSS_v4.0_11.4.1 PCI DSS v4.0 11.4.1 External and internal penetration testing is regularly performed, and exploitable vulnerabilities and security weaknesses are corrected PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
611ebc63-8600-50b6-a0e3-fef272457132 Employ independent team for penetration testing Regulatory Compliance PCI_DSS_v4.0 11.4.3 PCI_DSS_v4.0_11.4.3 PCI DSS v4.0 11.4.3 External and internal penetration testing is regularly performed, and exploitable vulnerabilities and security weaknesses are corrected PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance PCI_DSS_v4.0 11.5.1 PCI_DSS_v4.0_11.5.1 PCI DSS v4.0 11.5.1 Network intrusions and unexpected file changes are detected and responded to PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance PCI_DSS_v4.0 11.5.1 PCI_DSS_v4.0_11.5.1 PCI DSS v4.0 11.5.1 Network intrusions and unexpected file changes are detected and responded to PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance PCI_DSS_v4.0 11.5.1 PCI_DSS_v4.0_11.5.1 PCI DSS v4.0 11.5.1 Network intrusions and unexpected file changes are detected and responded to PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9e1a2a94-cf7e-47de-b28e-d445ecc63902 Set file integrity rules in your organization Regulatory Compliance PCI_DSS_v4.0 11.5.1 PCI_DSS_v4.0_11.5.1 PCI DSS v4.0 11.5.1 Network intrusions and unexpected file changes are detected and responded to PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance PCI_DSS_v4.0 11.5.1 PCI_DSS_v4.0_11.5.1 PCI DSS v4.0 11.5.1 Network intrusions and unexpected file changes are detected and responded to PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance PCI_DSS_v4.0 11.5.1.1 PCI_DSS_v4.0_11.5.1.1 PCI DSS v4.0 11.5.1.1 Network intrusions and unexpected file changes are detected and responded to PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance PCI_DSS_v4.0 11.5.1.1 PCI_DSS_v4.0_11.5.1.1 PCI DSS v4.0 11.5.1.1 Network intrusions and unexpected file changes are detected and responded to PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance PCI_DSS_v4.0 11.5.1.1 PCI_DSS_v4.0_11.5.1.1 PCI DSS v4.0 11.5.1.1 Network intrusions and unexpected file changes are detected and responded to PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance PCI_DSS_v4.0 11.5.2 PCI_DSS_v4.0_11.5.2 PCI DSS v4.0 11.5.2 Network intrusions and unexpected file changes are detected and responded to PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance PCI_DSS_v4.0 11.5.2 PCI_DSS_v4.0_11.5.2 PCI DSS v4.0 11.5.2 Network intrusions and unexpected file changes are detected and responded to PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9e1a2a94-cf7e-47de-b28e-d445ecc63902 Set file integrity rules in your organization Regulatory Compliance PCI_DSS_v4.0 11.5.2 PCI_DSS_v4.0_11.5.2 PCI DSS v4.0 11.5.2 Network intrusions and unexpected file changes are detected and responded to PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Employ automatic shutdown/restart when violations are detected Regulatory Compliance PCI_DSS_v4.0 11.5.2 PCI_DSS_v4.0_11.5.2 PCI DSS v4.0 11.5.2 Network intrusions and unexpected file changes are detected and responded to PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Employ automatic shutdown/restart when violations are detected Regulatory Compliance PCI_DSS_v4.0 11.6.1 PCI_DSS_v4.0_11.6.1 PCI DSS v4.0 11.6.1 Unauthorized changes on payment pages are detected and responded to PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance PCI_DSS_v4.0 11.6.1 PCI_DSS_v4.0_11.6.1 PCI DSS v4.0 11.6.1 Unauthorized changes on payment pages are detected and responded to PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance PCI_DSS_v4.0 11.6.1 PCI_DSS_v4.0_11.6.1 PCI DSS v4.0 11.6.1 Unauthorized changes on payment pages are detected and responded to PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance PCI_DSS_v4.0 12.1.2 PCI_DSS_v4.0_12.1.2 PCI DSS v4.0 12.1.2 A comprehensive information security policy that governs and provides direction for protection of the entity’s information assets is known and current PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance PCI_DSS_v4.0 12.1.2 PCI_DSS_v4.0_12.1.2 PCI DSS v4.0 12.1.2 A comprehensive information security policy that governs and provides direction for protection of the entity’s information assets is known and current PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance PCI_DSS_v4.0 12.1.4 PCI_DSS_v4.0_12.1.4 PCI DSS v4.0 12.1.4 A comprehensive information security policy that governs and provides direction for protection of the entity’s information assets is known and current PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance PCI_DSS_v4.0 12.10.2 PCI_DSS_v4.0_12.10.2 PCI DSS v4.0 12.10.2 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance PCI_DSS_v4.0 12.10.2 PCI_DSS_v4.0_12.10.2 PCI DSS v4.0 12.10.2 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance PCI_DSS_v4.0 12.10.2 PCI_DSS_v4.0_12.10.2 PCI DSS v4.0 12.10.2 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance PCI_DSS_v4.0 12.10.2 PCI_DSS_v4.0_12.10.2 PCI DSS v4.0 12.10.2 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records Regulatory Compliance PCI_DSS_v4.0 12.10.2 PCI_DSS_v4.0_12.10.2 PCI DSS v4.0 12.10.2 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance PCI_DSS_v4.0 12.10.2 PCI_DSS_v4.0_12.10.2 PCI DSS v4.0 12.10.2 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance PCI_DSS_v4.0 12.10.4 PCI_DSS_v4.0_12.10.4 PCI DSS v4.0 12.10.4 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance PCI_DSS_v4.0 12.10.4.1 PCI_DSS_v4.0_12.10.4.1 PCI DSS v4.0 12.10.4.1 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance PCI_DSS_v4.0 12.10.5 PCI_DSS_v4.0_12.10.5 PCI DSS v4.0 12.10.5 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance PCI_DSS_v4.0 12.10.5 PCI_DSS_v4.0_12.10.5 PCI DSS v4.0 12.10.5 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance PCI_DSS_v4.0 12.10.5 PCI_DSS_v4.0_12.10.5 PCI DSS v4.0 12.10.5 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance PCI_DSS_v4.0 12.10.6 PCI_DSS_v4.0_12.10.6 PCI DSS v4.0 12.10.6 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance PCI_DSS_v4.0 12.10.6 PCI_DSS_v4.0_12.10.6 PCI DSS v4.0 12.10.6 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance PCI_DSS_v4.0 12.10.7 PCI_DSS_v4.0_12.10.7 PCI DSS v4.0 12.10.7 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance PCI_DSS_v4.0 12.10.7 PCI_DSS_v4.0_12.10.7 PCI DSS v4.0 12.10.7 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance PCI_DSS_v4.0 12.10.7 PCI_DSS_v4.0_12.10.7 PCI DSS v4.0 12.10.7 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance PCI_DSS_v4.0 12.10.7 PCI_DSS_v4.0_12.10.7 PCI DSS v4.0 12.10.7 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance PCI_DSS_v4.0 12.10.7 PCI_DSS_v4.0_12.10.7 PCI DSS v4.0 12.10.7 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance PCI_DSS_v4.0 12.10.7 PCI_DSS_v4.0_12.10.7 PCI DSS v4.0 12.10.7 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance PCI_DSS_v4.0 12.10.7 PCI_DSS_v4.0_12.10.7 PCI DSS v4.0 12.10.7 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance PCI_DSS_v4.0 12.10.7 PCI_DSS_v4.0_12.10.7 PCI DSS v4.0 12.10.7 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
77cc89bb-774f-48d7-8a84-fb8c322c3000 Track software license usage Regulatory Compliance PCI_DSS_v4.0 12.2.1 PCI_DSS_v4.0_12.2.1 PCI DSS v4.0 12.2.1 Acceptable use policies for end-user technologies are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance PCI_DSS_v4.0 12.2.1 PCI_DSS_v4.0_12.2.1 PCI DSS v4.0 12.2.1 Acceptable use policies for end-user technologies are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
725164e5-3b21-1ec2-7e42-14f077862841 Require compliance with intellectual property rights Regulatory Compliance PCI_DSS_v4.0 12.2.1 PCI_DSS_v4.0_12.2.1 PCI DSS v4.0 12.2.1 Acceptable use policies for end-user technologies are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance PCI_DSS_v4.0 12.2.1 PCI_DSS_v4.0_12.2.1 PCI DSS v4.0 12.2.1 Acceptable use policies for end-user technologies are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance PCI_DSS_v4.0 12.3.1 PCI_DSS_v4.0_12.3.1 PCI DSS v4.0 12.3.1 Risks to the cardholder data environment are formally identified, evaluated, and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance PCI_DSS_v4.0 12.3.1 PCI_DSS_v4.0_12.3.1 PCI DSS v4.0 12.3.1 Risks to the cardholder data environment are formally identified, evaluated, and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance PCI_DSS_v4.0 12.3.1 PCI_DSS_v4.0_12.3.1 PCI DSS v4.0 12.3.1 Risks to the cardholder data environment are formally identified, evaluated, and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance PCI_DSS_v4.0 12.3.1 PCI_DSS_v4.0_12.3.1 PCI DSS v4.0 12.3.1 Risks to the cardholder data environment are formally identified, evaluated, and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance PCI_DSS_v4.0 12.3.2 PCI_DSS_v4.0_12.3.2 PCI DSS v4.0 12.3.2 Risks to the cardholder data environment are formally identified, evaluated, and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance PCI_DSS_v4.0 12.3.2 PCI_DSS_v4.0_12.3.2 PCI DSS v4.0 12.3.2 Risks to the cardholder data environment are formally identified, evaluated, and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance PCI_DSS_v4.0 12.3.2 PCI_DSS_v4.0_12.3.2 PCI DSS v4.0 12.3.2 Risks to the cardholder data environment are formally identified, evaluated, and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance PCI_DSS_v4.0 12.3.2 PCI_DSS_v4.0_12.3.2 PCI DSS v4.0 12.3.2 Risks to the cardholder data environment are formally identified, evaluated, and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Disseminate security alerts to personnel Regulatory Compliance PCI_DSS_v4.0 12.3.4 PCI_DSS_v4.0_12.3.4 PCI DSS v4.0 12.3.4 Risks to the cardholder data environment are formally identified, evaluated, and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b0e3035d-6366-2e37-796e-8bcab9c649e6 Establish a threat intelligence program Regulatory Compliance PCI_DSS_v4.0 12.3.4 PCI_DSS_v4.0_12.3.4 PCI DSS v4.0 12.3.4 Risks to the cardholder data environment are formally identified, evaluated, and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance PCI_DSS_v4.0 12.3.4 PCI_DSS_v4.0_12.3.4 PCI DSS v4.0 12.3.4 Risks to the cardholder data environment are formally identified, evaluated, and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4e400494-53a5-5147-6f4d-718b539c7394 Manage compliance activities Regulatory Compliance PCI_DSS_v4.0 12.4.1 PCI_DSS_v4.0_12.4.1 PCI DSS v4.0 12.4.1 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance PCI_DSS_v4.0 12.4.1 PCI_DSS_v4.0_12.4.1 PCI DSS v4.0 12.4.1 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance PCI_DSS_v4.0 12.4.1 PCI_DSS_v4.0_12.4.1 PCI DSS v4.0 12.4.1 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance PCI_DSS_v4.0 12.4.1 PCI_DSS_v4.0_12.4.1 PCI DSS v4.0 12.4.1 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance PCI_DSS_v4.0 12.4.1 PCI_DSS_v4.0_12.4.1 PCI DSS v4.0 12.4.1 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance PCI_DSS_v4.0 12.4.2 PCI_DSS_v4.0_12.4.2 PCI DSS v4.0 12.4.2 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f78fc35e-1268-0bca-a798-afcba9d2330a Select additional testing for security control assessments Regulatory Compliance PCI_DSS_v4.0 12.4.2 PCI_DSS_v4.0_12.4.2 PCI DSS v4.0 12.4.2 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance PCI_DSS_v4.0 12.4.2 PCI_DSS_v4.0_12.4.2 PCI DSS v4.0 12.4.2 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance PCI_DSS_v4.0 12.4.2 PCI_DSS_v4.0_12.4.2 PCI DSS v4.0 12.4.2 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance PCI_DSS_v4.0 12.4.2 PCI_DSS_v4.0_12.4.2 PCI DSS v4.0 12.4.2 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance PCI_DSS_v4.0 12.4.2 PCI_DSS_v4.0_12.4.2 PCI DSS v4.0 12.4.2 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance PCI_DSS_v4.0 12.4.2.1 PCI_DSS_v4.0_12.4.2.1 PCI DSS v4.0 12.4.2.1 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance PCI_DSS_v4.0 12.4.2.1 PCI_DSS_v4.0_12.4.2.1 PCI DSS v4.0 12.4.2.1 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance PCI_DSS_v4.0 12.4.2.1 PCI_DSS_v4.0_12.4.2.1 PCI DSS v4.0 12.4.2.1 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance PCI_DSS_v4.0 12.4.2.1 PCI_DSS_v4.0_12.4.2.1 PCI DSS v4.0 12.4.2.1 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance PCI_DSS_v4.0 12.4.2.1 PCI_DSS_v4.0_12.4.2.1 PCI DSS v4.0 12.4.2.1 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance PCI_DSS_v4.0 12.4.2.1 PCI_DSS_v4.0_12.4.2.1 PCI DSS v4.0 12.4.2.1 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance PCI_DSS_v4.0 12.4.2.1 PCI_DSS_v4.0_12.4.2.1 PCI DSS v4.0 12.4.2.1 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance PCI_DSS_v4.0 12.5.2 PCI_DSS_v4.0_12.5.2 PCI DSS v4.0 12.5.2 PCI DSS scope is documented and validated PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance PCI_DSS_v4.0 12.5.2.1 PCI_DSS_v4.0_12.5.2.1 PCI DSS v4.0 12.5.2.1 PCI DSS scope is documented and validated PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance PCI_DSS_v4.0 12.5.2.1 PCI_DSS_v4.0_12.5.2.1 PCI DSS v4.0 12.5.2.1 PCI DSS scope is documented and validated PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance PCI_DSS_v4.0 12.5.3 PCI_DSS_v4.0_12.5.3 PCI DSS v4.0 12.5.3 PCI DSS scope is documented and validated PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance PCI_DSS_v4.0 12.5.3 PCI_DSS_v4.0_12.5.3 PCI DSS v4.0 12.5.3 PCI DSS scope is documented and validated PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance PCI_DSS_v4.0 12.6.1 PCI_DSS_v4.0_12.6.1 PCI DSS v4.0 12.6.1 Security awareness education is an ongoing activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b544f797-a73b-1be3-6d01-6b1a085376bc Establish information security workforce development and improvement program Regulatory Compliance PCI_DSS_v4.0 12.6.1 PCI_DSS_v4.0_12.6.1 PCI DSS v4.0 12.6.1 Security awareness education is an ongoing activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance PCI_DSS_v4.0 12.6.2 PCI_DSS_v4.0_12.6.2 PCI DSS v4.0 12.6.2 Security awareness education is an ongoing activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance PCI_DSS_v4.0 12.6.3 PCI_DSS_v4.0_12.6.3 PCI DSS v4.0 12.6.3 Security awareness education is an ongoing activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance PCI_DSS_v4.0 12.6.3 PCI_DSS_v4.0_12.6.3 PCI DSS v4.0 12.6.3 Security awareness education is an ongoing activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance PCI_DSS_v4.0 12.6.3 PCI_DSS_v4.0_12.6.3 PCI DSS v4.0 12.6.3 Security awareness education is an ongoing activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance PCI_DSS_v4.0 12.6.3 PCI_DSS_v4.0_12.6.3 PCI DSS v4.0 12.6.3 Security awareness education is an ongoing activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance PCI_DSS_v4.0 12.6.3 PCI_DSS_v4.0_12.6.3 PCI DSS v4.0 12.6.3 Security awareness education is an ongoing activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance PCI_DSS_v4.0 12.6.3 PCI_DSS_v4.0_12.6.3 PCI DSS v4.0 12.6.3 Security awareness education is an ongoing activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance PCI_DSS_v4.0 12.6.3 PCI_DSS_v4.0_12.6.3 PCI DSS v4.0 12.6.3 Security awareness education is an ongoing activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance PCI_DSS_v4.0 12.6.3 PCI_DSS_v4.0_12.6.3 PCI DSS v4.0 12.6.3 Security awareness education is an ongoing activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
35de8462-03ff-45b3-5746-9d4603c74c56 Implement an insider threat program Regulatory Compliance PCI_DSS_v4.0 12.6.3.1 PCI_DSS_v4.0_12.6.3.1 PCI DSS v4.0 12.6.3.1 Security awareness education is an ongoing activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance PCI_DSS_v4.0 12.6.3.1 PCI_DSS_v4.0_12.6.3.1 PCI DSS v4.0 12.6.3.1 Security awareness education is an ongoing activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
015b4935-448a-8684-27c0-d13086356c33 Implement a threat awareness program Regulatory Compliance PCI_DSS_v4.0 12.6.3.1 PCI_DSS_v4.0_12.6.3.1 PCI DSS v4.0 12.6.3.1 Security awareness education is an ongoing activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance PCI_DSS_v4.0 12.6.3.2 PCI_DSS_v4.0_12.6.3.2 PCI DSS v4.0 12.6.3.2 Security awareness education is an ongoing activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance PCI_DSS_v4.0 12.6.3.2 PCI_DSS_v4.0_12.6.3.2 PCI DSS v4.0 12.6.3.2 Security awareness education is an ongoing activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c6aeb800-0b19-944d-92dc-59b893722329 Rescreen individuals at a defined frequency Regulatory Compliance PCI_DSS_v4.0 12.7.1 PCI_DSS_v4.0_12.7.1 PCI DSS v4.0 12.7.1 Personnel are screened to reduce risks from insider threats PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c42f19c9-5d88-92da-0742-371a0ea03126 Clear personnel with access to classified information Regulatory Compliance PCI_DSS_v4.0 12.7.1 PCI_DSS_v4.0_12.7.1 PCI DSS v4.0 12.7.1 Personnel are screened to reduce risks from insider threats PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e0c480bf-0d68-a42d-4cbb-b60f851f8716 Implement personnel screening Regulatory Compliance PCI_DSS_v4.0 12.7.1 PCI_DSS_v4.0_12.7.1 PCI DSS v4.0 12.7.1 Personnel are screened to reduce risks from insider threats PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance PCI_DSS_v4.0 12.8.1 PCI_DSS_v4.0_12.8.1 PCI DSS v4.0 12.8.1 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance PCI_DSS_v4.0 12.8.2 PCI_DSS_v4.0_12.8.2 PCI DSS v4.0 12.8.2 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance PCI_DSS_v4.0 12.8.2 PCI_DSS_v4.0_12.8.2 PCI DSS v4.0 12.8.2 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance PCI_DSS_v4.0 12.8.2 PCI_DSS_v4.0_12.8.2 PCI DSS v4.0 12.8.2 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance PCI_DSS_v4.0 12.8.2 PCI_DSS_v4.0_12.8.2 PCI DSS v4.0 12.8.2 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance PCI_DSS_v4.0 12.8.2 PCI_DSS_v4.0_12.8.2 PCI DSS v4.0 12.8.2 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance PCI_DSS_v4.0 12.8.2 PCI_DSS_v4.0_12.8.2 PCI DSS v4.0 12.8.2 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance PCI_DSS_v4.0 12.8.2 PCI_DSS_v4.0_12.8.2 PCI DSS v4.0 12.8.2 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance PCI_DSS_v4.0 12.8.2 PCI_DSS_v4.0_12.8.2 PCI DSS v4.0 12.8.2 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
44b71aa8-099d-8b97-1557-0e853ec38e0d Obtain functional properties of security controls Regulatory Compliance PCI_DSS_v4.0 12.8.2 PCI_DSS_v4.0_12.8.2 PCI DSS v4.0 12.8.2 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
22a02c9a-49e4-5dc9-0d14-eb35ad717154 Obtain design and implementation information for the security controls Regulatory Compliance PCI_DSS_v4.0 12.8.2 PCI_DSS_v4.0_12.8.2 PCI DSS v4.0 12.8.2 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8b1da407-5e60-5037-612e-2caa1b590719 Record disclosures of PII to third parties Regulatory Compliance PCI_DSS_v4.0 12.8.2 PCI_DSS_v4.0_12.8.2 PCI DSS v4.0 12.8.2 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
52375c01-4d4c-7acc-3aa4-5b3d53a047ec Define the duties of processors Regulatory Compliance PCI_DSS_v4.0 12.8.2 PCI_DSS_v4.0_12.8.2 PCI DSS v4.0 12.8.2 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance PCI_DSS_v4.0 12.8.2 PCI_DSS_v4.0_12.8.2 PCI DSS v4.0 12.8.2 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance PCI_DSS_v4.0 12.8.2 PCI_DSS_v4.0_12.8.2 PCI DSS v4.0 12.8.2 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance PCI_DSS_v4.0 12.8.2 PCI_DSS_v4.0_12.8.2 PCI DSS v4.0 12.8.2 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance PCI_DSS_v4.0 12.8.3 PCI_DSS_v4.0_12.8.3 PCI DSS v4.0 12.8.3 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance PCI_DSS_v4.0 12.8.3 PCI_DSS_v4.0_12.8.3 PCI DSS v4.0 12.8.3 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance PCI_DSS_v4.0 12.8.3 PCI_DSS_v4.0_12.8.3 PCI DSS v4.0 12.8.3 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance PCI_DSS_v4.0 12.8.3 PCI_DSS_v4.0_12.8.3 PCI DSS v4.0 12.8.3 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance PCI_DSS_v4.0 12.8.3 PCI_DSS_v4.0_12.8.3 PCI DSS v4.0 12.8.3 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ca6d7878-3189-1833-4620-6c7254ed1607 Obtain continuous monitoring plan for security controls Regulatory Compliance PCI_DSS_v4.0 12.8.4 PCI_DSS_v4.0_12.8.4 PCI DSS v4.0 12.8.4 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance PCI_DSS_v4.0 12.8.4 PCI_DSS_v4.0_12.8.4 PCI DSS v4.0 12.8.4 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance PCI_DSS_v4.0 12.8.4 PCI_DSS_v4.0_12.8.4 PCI DSS v4.0 12.8.4 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance PCI_DSS_v4.0 12.8.4 PCI_DSS_v4.0_12.8.4 PCI DSS v4.0 12.8.4 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance PCI_DSS_v4.0 12.8.4 PCI_DSS_v4.0_12.8.4 PCI DSS v4.0 12.8.4 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance PCI_DSS_v4.0 12.8.4 PCI_DSS_v4.0_12.8.4 PCI DSS v4.0 12.8.4 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance PCI_DSS_v4.0 12.8.4 PCI_DSS_v4.0_12.8.4 PCI DSS v4.0 12.8.4 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance PCI_DSS_v4.0 12.8.4 PCI_DSS_v4.0_12.8.4 PCI DSS v4.0 12.8.4 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance PCI_DSS_v4.0 12.8.5 PCI_DSS_v4.0_12.8.5 PCI DSS v4.0 12.8.5 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance PCI_DSS_v4.0 12.8.5 PCI_DSS_v4.0_12.8.5 PCI DSS v4.0 12.8.5 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance PCI_DSS_v4.0 12.8.5 PCI_DSS_v4.0_12.8.5 PCI DSS v4.0 12.8.5 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance PCI_DSS_v4.0 12.8.5 PCI_DSS_v4.0_12.8.5 PCI DSS v4.0 12.8.5 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance PCI_DSS_v4.0 12.8.5 PCI_DSS_v4.0_12.8.5 PCI DSS v4.0 12.8.5 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance PCI_DSS_v4.0 12.8.5 PCI_DSS_v4.0_12.8.5 PCI DSS v4.0 12.8.5 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance PCI_DSS_v4.0 12.8.5 PCI_DSS_v4.0_12.8.5 PCI DSS v4.0 12.8.5 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance PCI_DSS_v4.0 12.8.5 PCI_DSS_v4.0_12.8.5 PCI DSS v4.0 12.8.5 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance PCI_DSS_v4.0 12.8.5 PCI_DSS_v4.0_12.8.5 PCI DSS v4.0 12.8.5 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
22a02c9a-49e4-5dc9-0d14-eb35ad717154 Obtain design and implementation information for the security controls Regulatory Compliance PCI_DSS_v4.0 12.8.5 PCI_DSS_v4.0_12.8.5 PCI DSS v4.0 12.8.5 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
44b71aa8-099d-8b97-1557-0e853ec38e0d Obtain functional properties of security controls Regulatory Compliance PCI_DSS_v4.0 12.8.5 PCI_DSS_v4.0_12.8.5 PCI DSS v4.0 12.8.5 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance PCI_DSS_v4.0 12.8.5 PCI_DSS_v4.0_12.8.5 PCI DSS v4.0 12.8.5 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance PCI_DSS_v4.0 12.8.5 PCI_DSS_v4.0_12.8.5 PCI DSS v4.0 12.8.5 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8b1da407-5e60-5037-612e-2caa1b590719 Record disclosures of PII to third parties Regulatory Compliance PCI_DSS_v4.0 12.9.1 PCI_DSS_v4.0_12.9.1 PCI DSS v4.0 12.9.1 Third-party service providers (TPSPs) support their customers’ PCI DSS compliance PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance PCI_DSS_v4.0 12.9.1 PCI_DSS_v4.0_12.9.1 PCI DSS v4.0 12.9.1 Third-party service providers (TPSPs) support their customers’ PCI DSS compliance PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
52375c01-4d4c-7acc-3aa4-5b3d53a047ec Define the duties of processors Regulatory Compliance PCI_DSS_v4.0 12.9.1 PCI_DSS_v4.0_12.9.1 PCI DSS v4.0 12.9.1 Third-party service providers (TPSPs) support their customers’ PCI DSS compliance PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance PCI_DSS_v4.0 12.9.2 PCI_DSS_v4.0_12.9.2 PCI DSS v4.0 12.9.2 Third-party service providers (TPSPs) support their customers’ PCI DSS compliance PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance PCI_DSS_v4.0 12.9.2 PCI_DSS_v4.0_12.9.2 PCI DSS v4.0 12.9.2 Third-party service providers (TPSPs) support their customers’ PCI DSS compliance PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance PCI_DSS_v4.0 12.9.2 PCI_DSS_v4.0_12.9.2 PCI DSS v4.0 12.9.2 Third-party service providers (TPSPs) support their customers’ PCI DSS compliance PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance PCI_DSS_v4.0 2.1.1 PCI_DSS_v4.0_2.1.1 PCI DSS v4.0 2.1.1 Processes and mechanisms for applying secure configurations to all system components are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance PCI_DSS_v4.0 2.2.1 PCI_DSS_v4.0_2.2.1 PCI DSS v4.0 2.2.1 System components are configured and managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance PCI_DSS_v4.0 2.2.1 PCI_DSS_v4.0_2.2.1 PCI DSS v4.0 2.2.1 System components are configured and managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance PCI_DSS_v4.0 2.2.1 PCI_DSS_v4.0_2.2.1 PCI DSS v4.0 2.2.1 System components are configured and managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance PCI_DSS_v4.0 2.2.1 PCI_DSS_v4.0_2.2.1 PCI DSS v4.0 2.2.1 System components are configured and managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance PCI_DSS_v4.0 2.2.1 PCI_DSS_v4.0_2.2.1 PCI DSS v4.0 2.2.1 System components are configured and managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance PCI_DSS_v4.0 2.2.1 PCI_DSS_v4.0_2.2.1 PCI DSS v4.0 2.2.1 System components are configured and managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance PCI_DSS_v4.0 2.2.2 PCI_DSS_v4.0_2.2.2 PCI DSS v4.0 2.2.2 System components are configured and managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance PCI_DSS_v4.0 2.2.5 PCI_DSS_v4.0_2.2.5 PCI DSS v4.0 2.2.5 System components are configured and managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance PCI_DSS_v4.0 2.2.5 PCI_DSS_v4.0_2.2.5 PCI DSS v4.0 2.2.5 System components are configured and managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
10c3a1b1-29b0-a2d5-8f4c-a284b0f07830 Implement cryptographic mechanisms Regulatory Compliance PCI_DSS_v4.0 2.2.7 PCI_DSS_v4.0_2.2.7 PCI DSS v4.0 2.2.7 System components are configured and managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance PCI_DSS_v4.0 2.3.1 PCI_DSS_v4.0_2.3.1 PCI DSS v4.0 2.3.1 Wireless environments are configured and managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance PCI_DSS_v4.0 2.3.1 PCI_DSS_v4.0_2.3.1 PCI DSS v4.0 2.3.1 Wireless environments are configured and managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance PCI_DSS_v4.0 2.3.1 PCI_DSS_v4.0_2.3.1 PCI DSS v4.0 2.3.1 Wireless environments are configured and managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance PCI_DSS_v4.0 2.3.2 PCI_DSS_v4.0_2.3.2 PCI DSS v4.0 2.3.2 Wireless environments are configured and managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance PCI_DSS_v4.0 2.3.2 PCI_DSS_v4.0_2.3.2 PCI DSS v4.0 2.3.2 Wireless environments are configured and managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance PCI_DSS_v4.0 2.3.2 PCI_DSS_v4.0_2.3.2 PCI DSS v4.0 2.3.2 Wireless environments are configured and managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance PCI_DSS_v4.0 3.1.1 PCI_DSS_v4.0_3.1.1 PCI DSS v4.0 3.1.1 Processes and mechanisms for protecting stored account data are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance PCI_DSS_v4.0 3.1.1 PCI_DSS_v4.0_3.1.1 PCI DSS v4.0 3.1.1 Processes and mechanisms for protecting stored account data are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance PCI_DSS_v4.0 3.1.1 PCI_DSS_v4.0_3.1.1 PCI DSS v4.0 3.1.1 Processes and mechanisms for protecting stored account data are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance PCI_DSS_v4.0 3.2.1 PCI_DSS_v4.0_3.2.1 PCI DSS v4.0 3.2.1 Storage of account data is kept to a minimum PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance PCI_DSS_v4.0 3.2.1 PCI_DSS_v4.0_3.2.1 PCI DSS v4.0 3.2.1 Storage of account data is kept to a minimum PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance PCI_DSS_v4.0 3.2.1 PCI_DSS_v4.0_3.2.1 PCI DSS v4.0 3.2.1 Storage of account data is kept to a minimum PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance PCI_DSS_v4.0 3.2.1 PCI_DSS_v4.0_3.2.1 PCI DSS v4.0 3.2.1 Storage of account data is kept to a minimum PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance PCI_DSS_v4.0 3.2.1 PCI_DSS_v4.0_3.2.1 PCI DSS v4.0 3.2.1 Storage of account data is kept to a minimum PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance PCI_DSS_v4.0 3.2.1 PCI_DSS_v4.0_3.2.1 PCI DSS v4.0 3.2.1 Storage of account data is kept to a minimum PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
79c75b38-334b-1a69-65e0-a9d929a42f75 Document the legal basis for processing personal information Regulatory Compliance PCI_DSS_v4.0 3.2.1 PCI_DSS_v4.0_3.2.1 PCI DSS v4.0 3.2.1 Storage of account data is kept to a minimum PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance PCI_DSS_v4.0 3.2.1 PCI_DSS_v4.0_3.2.1 PCI DSS v4.0 3.2.1 Storage of account data is kept to a minimum PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance PCI_DSS_v4.0 3.3.1 PCI_DSS_v4.0_3.3.1 PCI DSS v4.0 3.3.1 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance PCI_DSS_v4.0 3.3.1 PCI_DSS_v4.0_3.3.1 PCI DSS v4.0 3.3.1 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance PCI_DSS_v4.0 3.3.1 PCI_DSS_v4.0_3.3.1 PCI DSS v4.0 3.3.1 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance PCI_DSS_v4.0 3.3.1 PCI_DSS_v4.0_3.3.1 PCI DSS v4.0 3.3.1 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance PCI_DSS_v4.0 3.3.1 PCI_DSS_v4.0_3.3.1 PCI DSS v4.0 3.3.1 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance PCI_DSS_v4.0 3.3.1 PCI_DSS_v4.0_3.3.1 PCI DSS v4.0 3.3.1 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
79c75b38-334b-1a69-65e0-a9d929a42f75 Document the legal basis for processing personal information Regulatory Compliance PCI_DSS_v4.0 3.3.1 PCI_DSS_v4.0_3.3.1 PCI DSS v4.0 3.3.1 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance PCI_DSS_v4.0 3.3.1 PCI_DSS_v4.0_3.3.1 PCI DSS v4.0 3.3.1 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance PCI_DSS_v4.0 3.3.1.1 PCI_DSS_v4.0_3.3.1.1 PCI DSS v4.0 3.3.1.1 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance PCI_DSS_v4.0 3.3.1.1 PCI_DSS_v4.0_3.3.1.1 PCI DSS v4.0 3.3.1.1 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance PCI_DSS_v4.0 3.3.1.1 PCI_DSS_v4.0_3.3.1.1 PCI DSS v4.0 3.3.1.1 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
79c75b38-334b-1a69-65e0-a9d929a42f75 Document the legal basis for processing personal information Regulatory Compliance PCI_DSS_v4.0 3.3.1.1 PCI_DSS_v4.0_3.3.1.1 PCI DSS v4.0 3.3.1.1 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance PCI_DSS_v4.0 3.3.1.1 PCI_DSS_v4.0_3.3.1.1 PCI DSS v4.0 3.3.1.1 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance PCI_DSS_v4.0 3.3.1.1 PCI_DSS_v4.0_3.3.1.1 PCI DSS v4.0 3.3.1.1 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance PCI_DSS_v4.0 3.3.1.1 PCI_DSS_v4.0_3.3.1.1 PCI DSS v4.0 3.3.1.1 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance PCI_DSS_v4.0 3.3.1.1 PCI_DSS_v4.0_3.3.1.1 PCI DSS v4.0 3.3.1.1 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance PCI_DSS_v4.0 3.3.1.2 PCI_DSS_v4.0_3.3.1.2 PCI DSS v4.0 3.3.1.2 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
79c75b38-334b-1a69-65e0-a9d929a42f75 Document the legal basis for processing personal information Regulatory Compliance PCI_DSS_v4.0 3.3.1.2 PCI_DSS_v4.0_3.3.1.2 PCI DSS v4.0 3.3.1.2 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance PCI_DSS_v4.0 3.3.1.2 PCI_DSS_v4.0_3.3.1.2 PCI DSS v4.0 3.3.1.2 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance PCI_DSS_v4.0 3.3.1.2 PCI_DSS_v4.0_3.3.1.2 PCI DSS v4.0 3.3.1.2 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance PCI_DSS_v4.0 3.3.1.2 PCI_DSS_v4.0_3.3.1.2 PCI DSS v4.0 3.3.1.2 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance PCI_DSS_v4.0 3.3.1.3 PCI_DSS_v4.0_3.3.1.3 PCI DSS v4.0 3.3.1.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance PCI_DSS_v4.0 3.3.1.3 PCI_DSS_v4.0_3.3.1.3 PCI DSS v4.0 3.3.1.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance PCI_DSS_v4.0 3.3.1.3 PCI_DSS_v4.0_3.3.1.3 PCI DSS v4.0 3.3.1.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
79c75b38-334b-1a69-65e0-a9d929a42f75 Document the legal basis for processing personal information Regulatory Compliance PCI_DSS_v4.0 3.3.1.3 PCI_DSS_v4.0_3.3.1.3 PCI DSS v4.0 3.3.1.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance PCI_DSS_v4.0 3.3.1.3 PCI_DSS_v4.0_3.3.1.3 PCI DSS v4.0 3.3.1.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance PCI_DSS_v4.0 3.3.1.3 PCI_DSS_v4.0_3.3.1.3 PCI DSS v4.0 3.3.1.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance PCI_DSS_v4.0 3.3.1.3 PCI_DSS_v4.0_3.3.1.3 PCI DSS v4.0 3.3.1.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance PCI_DSS_v4.0 3.3.1.3 PCI_DSS_v4.0_3.3.1.3 PCI DSS v4.0 3.3.1.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance PCI_DSS_v4.0 3.3.2 PCI_DSS_v4.0_3.3.2 PCI DSS v4.0 3.3.2 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance PCI_DSS_v4.0 3.3.3 PCI_DSS_v4.0_3.3.3 PCI DSS v4.0 3.3.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance PCI_DSS_v4.0 3.3.3 PCI_DSS_v4.0_3.3.3 PCI DSS v4.0 3.3.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
79c75b38-334b-1a69-65e0-a9d929a42f75 Document the legal basis for processing personal information Regulatory Compliance PCI_DSS_v4.0 3.3.3 PCI_DSS_v4.0_3.3.3 PCI DSS v4.0 3.3.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance PCI_DSS_v4.0 3.3.3 PCI_DSS_v4.0_3.3.3 PCI DSS v4.0 3.3.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance PCI_DSS_v4.0 3.3.3 PCI_DSS_v4.0_3.3.3 PCI DSS v4.0 3.3.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 3.3.3 PCI_DSS_v4.0_3.3.3 PCI DSS v4.0 3.3.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 3.3.3 PCI_DSS_v4.0_3.3.3 PCI DSS v4.0 3.3.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 3.3.3 PCI_DSS_v4.0_3.3.3 PCI DSS v4.0 3.3.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL PCI_DSS_v4.0 3.3.3 PCI_DSS_v4.0_3.3.3 PCI DSS v4.0 3.3.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance PCI_DSS_v4.0 3.3.3 PCI_DSS_v4.0_3.3.3 PCI DSS v4.0 3.3.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General PCI_DSS_v4.0 3.3.3 PCI_DSS_v4.0_3.3.3 PCI DSS v4.0 3.3.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance PCI_DSS_v4.0 3.4.1 PCI_DSS_v4.0_3.4.1 PCI DSS v4.0 3.4.1 Access to displays of full PAN and ability to copy cardholder data are restricted PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance PCI_DSS_v4.0 3.4.1 PCI_DSS_v4.0_3.4.1 PCI DSS v4.0 3.4.1 Access to displays of full PAN and ability to copy cardholder data are restricted PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance PCI_DSS_v4.0 3.4.1 PCI_DSS_v4.0_3.4.1 PCI DSS v4.0 3.4.1 Access to displays of full PAN and ability to copy cardholder data are restricted PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance PCI_DSS_v4.0 3.4.2 PCI_DSS_v4.0_3.4.2 PCI DSS v4.0 3.4.2 Access to displays of full PAN and ability to copy cardholder data are restricted PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance PCI_DSS_v4.0 3.4.2 PCI_DSS_v4.0_3.4.2 PCI DSS v4.0 3.4.2 Access to displays of full PAN and ability to copy cardholder data are restricted PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance PCI_DSS_v4.0 3.4.2 PCI_DSS_v4.0_3.4.2 PCI DSS v4.0 3.4.2 Access to displays of full PAN and ability to copy cardholder data are restricted PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation PCI_DSS_v4.0 3.5.1 PCI_DSS_v4.0_3.5.1 PCI DSS v4.0 3.5.1 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service PCI_DSS_v4.0 3.5.1 PCI_DSS_v4.0_3.5.1 PCI DSS v4.0 3.5.1 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service PCI_DSS_v4.0 3.5.1 PCI_DSS_v4.0_3.5.1 PCI DSS v4.0 3.5.1 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance PCI_DSS_v4.0 3.5.1 PCI_DSS_v4.0_3.5.1 PCI DSS v4.0 3.5.1 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric PCI_DSS_v4.0 3.5.1 PCI_DSS_v4.0_3.5.1 PCI DSS v4.0 3.5.1 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance PCI_DSS_v4.0 3.5.1 PCI_DSS_v4.0_3.5.1 PCI DSS v4.0 3.5.1 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage PCI_DSS_v4.0 3.5.1 PCI_DSS_v4.0_3.5.1 PCI DSS v4.0 3.5.1 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance PCI_DSS_v4.0 3.5.1 PCI_DSS_v4.0_3.5.1 PCI DSS v4.0 3.5.1 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance PCI_DSS_v4.0 3.5.1 PCI_DSS_v4.0_3.5.1 PCI DSS v4.0 3.5.1 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache PCI_DSS_v4.0 3.5.1 PCI_DSS_v4.0_3.5.1 PCI DSS v4.0 3.5.1 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL PCI_DSS_v4.0 3.5.1 PCI_DSS_v4.0_3.5.1 PCI DSS v4.0 3.5.1 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance PCI_DSS_v4.0 3.5.1.1 PCI_DSS_v4.0_3.5.1.1 PCI DSS v4.0 3.5.1.1 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance PCI_DSS_v4.0 3.5.1.1 PCI_DSS_v4.0_3.5.1.1 PCI DSS v4.0 3.5.1.1 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance PCI_DSS_v4.0 3.5.1.1 PCI_DSS_v4.0_3.5.1.1 PCI DSS v4.0 3.5.1.1 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance PCI_DSS_v4.0 3.5.1.1 PCI_DSS_v4.0_3.5.1.1 PCI DSS v4.0 3.5.1.1 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance PCI_DSS_v4.0 3.5.1.2 PCI_DSS_v4.0_3.5.1.2 PCI DSS v4.0 3.5.1.2 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance PCI_DSS_v4.0 3.5.1.2 PCI_DSS_v4.0_3.5.1.2 PCI DSS v4.0 3.5.1.2 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance PCI_DSS_v4.0 3.5.1.2 PCI_DSS_v4.0_3.5.1.2 PCI DSS v4.0 3.5.1.2 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance PCI_DSS_v4.0 3.5.1.2 PCI_DSS_v4.0_3.5.1.2 PCI DSS v4.0 3.5.1.2 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance PCI_DSS_v4.0 3.5.1.3 PCI_DSS_v4.0_3.5.1.3 PCI DSS v4.0 3.5.1.3 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance PCI_DSS_v4.0 3.5.1.3 PCI_DSS_v4.0_3.5.1.3 PCI DSS v4.0 3.5.1.3 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance PCI_DSS_v4.0 3.5.1.3 PCI_DSS_v4.0_3.5.1.3 PCI DSS v4.0 3.5.1.3 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance PCI_DSS_v4.0 3.5.1.3 PCI_DSS_v4.0_3.5.1.3 PCI DSS v4.0 3.5.1.3 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance PCI_DSS_v4.0 3.6.1 PCI_DSS_v4.0_3.6.1 PCI DSS v4.0 3.6.1 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.6.1 PCI_DSS_v4.0_3.6.1 PCI DSS v4.0 3.6.1 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance PCI_DSS_v4.0 3.6.1 PCI_DSS_v4.0_3.6.1 PCI DSS v4.0 3.6.1 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance PCI_DSS_v4.0 3.6.1 PCI_DSS_v4.0_3.6.1 PCI DSS v4.0 3.6.1 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance PCI_DSS_v4.0 3.6.1 PCI_DSS_v4.0_3.6.1 PCI DSS v4.0 3.6.1 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance PCI_DSS_v4.0 3.6.1 PCI_DSS_v4.0_3.6.1 PCI DSS v4.0 3.6.1 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance PCI_DSS_v4.0 3.6.1 PCI_DSS_v4.0_3.6.1 PCI DSS v4.0 3.6.1 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.6.1.1 PCI_DSS_v4.0_3.6.1.1 PCI DSS v4.0 3.6.1.1 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance PCI_DSS_v4.0 3.6.1.1 PCI_DSS_v4.0_3.6.1.1 PCI DSS v4.0 3.6.1.1 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance PCI_DSS_v4.0 3.6.1.1 PCI_DSS_v4.0_3.6.1.1 PCI DSS v4.0 3.6.1.1 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance PCI_DSS_v4.0 3.6.1.1 PCI_DSS_v4.0_3.6.1.1 PCI DSS v4.0 3.6.1.1 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance PCI_DSS_v4.0 3.6.1.1 PCI_DSS_v4.0_3.6.1.1 PCI DSS v4.0 3.6.1.1 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance PCI_DSS_v4.0 3.6.1.1 PCI_DSS_v4.0_3.6.1.1 PCI DSS v4.0 3.6.1.1 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance PCI_DSS_v4.0 3.6.1.1 PCI_DSS_v4.0_3.6.1.1 PCI DSS v4.0 3.6.1.1 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.6.1.2 PCI_DSS_v4.0_3.6.1.2 PCI DSS v4.0 3.6.1.2 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance PCI_DSS_v4.0 3.6.1.2 PCI_DSS_v4.0_3.6.1.2 PCI DSS v4.0 3.6.1.2 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
16c54e01-9e65-7524-7c33-beda48a75779 Produce, control and distribute symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.6.1.2 PCI_DSS_v4.0_3.6.1.2 PCI DSS v4.0 3.6.1.2 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance PCI_DSS_v4.0 3.6.1.2 PCI_DSS_v4.0_3.6.1.2 PCI DSS v4.0 3.6.1.2 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance PCI_DSS_v4.0 3.6.1.2 PCI_DSS_v4.0_3.6.1.2 PCI DSS v4.0 3.6.1.2 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance PCI_DSS_v4.0 3.6.1.2 PCI_DSS_v4.0_3.6.1.2 PCI DSS v4.0 3.6.1.2 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance PCI_DSS_v4.0 3.6.1.2 PCI_DSS_v4.0_3.6.1.2 PCI DSS v4.0 3.6.1.2 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance PCI_DSS_v4.0 3.6.1.2 PCI_DSS_v4.0_3.6.1.2 PCI DSS v4.0 3.6.1.2 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance PCI_DSS_v4.0 3.6.1.3 PCI_DSS_v4.0_3.6.1.3 PCI DSS v4.0 3.6.1.3 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance PCI_DSS_v4.0 3.6.1.3 PCI_DSS_v4.0_3.6.1.3 PCI DSS v4.0 3.6.1.3 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance PCI_DSS_v4.0 3.6.1.3 PCI_DSS_v4.0_3.6.1.3 PCI DSS v4.0 3.6.1.3 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance PCI_DSS_v4.0 3.6.1.3 PCI_DSS_v4.0_3.6.1.3 PCI DSS v4.0 3.6.1.3 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance PCI_DSS_v4.0 3.6.1.3 PCI_DSS_v4.0_3.6.1.3 PCI DSS v4.0 3.6.1.3 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.6.1.3 PCI_DSS_v4.0_3.6.1.3 PCI DSS v4.0 3.6.1.3 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance PCI_DSS_v4.0 3.6.1.3 PCI_DSS_v4.0_3.6.1.3 PCI DSS v4.0 3.6.1.3 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance PCI_DSS_v4.0 3.6.1.4 PCI_DSS_v4.0_3.6.1.4 PCI DSS v4.0 3.6.1.4 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance PCI_DSS_v4.0 3.6.1.4 PCI_DSS_v4.0_3.6.1.4 PCI DSS v4.0 3.6.1.4 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance PCI_DSS_v4.0 3.6.1.4 PCI_DSS_v4.0_3.6.1.4 PCI DSS v4.0 3.6.1.4 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance PCI_DSS_v4.0 3.6.1.4 PCI_DSS_v4.0_3.6.1.4 PCI DSS v4.0 3.6.1.4 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.6.1.4 PCI_DSS_v4.0_3.6.1.4 PCI DSS v4.0 3.6.1.4 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance PCI_DSS_v4.0 3.6.1.4 PCI_DSS_v4.0_3.6.1.4 PCI DSS v4.0 3.6.1.4 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance PCI_DSS_v4.0 3.6.1.4 PCI_DSS_v4.0_3.6.1.4 PCI DSS v4.0 3.6.1.4 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.7.1 PCI_DSS_v4.0_3.7.1 PCI DSS v4.0 3.7.1 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance PCI_DSS_v4.0 3.7.1 PCI_DSS_v4.0_3.7.1 PCI DSS v4.0 3.7.1 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance PCI_DSS_v4.0 3.7.1 PCI_DSS_v4.0_3.7.1 PCI DSS v4.0 3.7.1 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance PCI_DSS_v4.0 3.7.1 PCI_DSS_v4.0_3.7.1 PCI DSS v4.0 3.7.1 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance PCI_DSS_v4.0 3.7.1 PCI_DSS_v4.0_3.7.1 PCI DSS v4.0 3.7.1 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance PCI_DSS_v4.0 3.7.1 PCI_DSS_v4.0_3.7.1 PCI DSS v4.0 3.7.1 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance PCI_DSS_v4.0 3.7.1 PCI_DSS_v4.0_3.7.1 PCI DSS v4.0 3.7.1 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
16c54e01-9e65-7524-7c33-beda48a75779 Produce, control and distribute symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.7.2 PCI_DSS_v4.0_3.7.2 PCI DSS v4.0 3.7.2 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.7.2 PCI_DSS_v4.0_3.7.2 PCI DSS v4.0 3.7.2 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance PCI_DSS_v4.0 3.7.2 PCI_DSS_v4.0_3.7.2 PCI DSS v4.0 3.7.2 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance PCI_DSS_v4.0 3.7.2 PCI_DSS_v4.0_3.7.2 PCI DSS v4.0 3.7.2 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance PCI_DSS_v4.0 3.7.2 PCI_DSS_v4.0_3.7.2 PCI DSS v4.0 3.7.2 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance PCI_DSS_v4.0 3.7.2 PCI_DSS_v4.0_3.7.2 PCI DSS v4.0 3.7.2 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance PCI_DSS_v4.0 3.7.2 PCI_DSS_v4.0_3.7.2 PCI DSS v4.0 3.7.2 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance PCI_DSS_v4.0 3.7.2 PCI_DSS_v4.0_3.7.2 PCI DSS v4.0 3.7.2 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance PCI_DSS_v4.0 3.7.3 PCI_DSS_v4.0_3.7.3 PCI DSS v4.0 3.7.3 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.7.3 PCI_DSS_v4.0_3.7.3 PCI DSS v4.0 3.7.3 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3ad7f0bc-3d03-0585-4d24-529779bb02c2 Maintain availability of information Regulatory Compliance PCI_DSS_v4.0 3.7.3 PCI_DSS_v4.0_3.7.3 PCI DSS v4.0 3.7.3 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
16c54e01-9e65-7524-7c33-beda48a75779 Produce, control and distribute symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.7.3 PCI_DSS_v4.0_3.7.3 PCI DSS v4.0 3.7.3 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance PCI_DSS_v4.0 3.7.3 PCI_DSS_v4.0_3.7.3 PCI DSS v4.0 3.7.3 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance PCI_DSS_v4.0 3.7.3 PCI_DSS_v4.0_3.7.3 PCI DSS v4.0 3.7.3 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance PCI_DSS_v4.0 3.7.3 PCI_DSS_v4.0_3.7.3 PCI DSS v4.0 3.7.3 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance PCI_DSS_v4.0 3.7.3 PCI_DSS_v4.0_3.7.3 PCI DSS v4.0 3.7.3 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance PCI_DSS_v4.0 3.7.3 PCI_DSS_v4.0_3.7.3 PCI DSS v4.0 3.7.3 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance PCI_DSS_v4.0 3.7.4 PCI_DSS_v4.0_3.7.4 PCI DSS v4.0 3.7.4 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance PCI_DSS_v4.0 3.7.4 PCI_DSS_v4.0_3.7.4 PCI DSS v4.0 3.7.4 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance PCI_DSS_v4.0 3.7.4 PCI_DSS_v4.0_3.7.4 PCI DSS v4.0 3.7.4 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.7.4 PCI_DSS_v4.0_3.7.4 PCI DSS v4.0 3.7.4 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance PCI_DSS_v4.0 3.7.4 PCI_DSS_v4.0_3.7.4 PCI DSS v4.0 3.7.4 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance PCI_DSS_v4.0 3.7.4 PCI_DSS_v4.0_3.7.4 PCI DSS v4.0 3.7.4 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance PCI_DSS_v4.0 3.7.4 PCI_DSS_v4.0_3.7.4 PCI DSS v4.0 3.7.4 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance PCI_DSS_v4.0 3.7.5 PCI_DSS_v4.0_3.7.5 PCI DSS v4.0 3.7.5 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance PCI_DSS_v4.0 3.7.5 PCI_DSS_v4.0_3.7.5 PCI DSS v4.0 3.7.5 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance PCI_DSS_v4.0 3.7.5 PCI_DSS_v4.0_3.7.5 PCI DSS v4.0 3.7.5 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.7.5 PCI_DSS_v4.0_3.7.5 PCI DSS v4.0 3.7.5 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance PCI_DSS_v4.0 3.7.5 PCI_DSS_v4.0_3.7.5 PCI DSS v4.0 3.7.5 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance PCI_DSS_v4.0 3.7.5 PCI_DSS_v4.0_3.7.5 PCI DSS v4.0 3.7.5 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance PCI_DSS_v4.0 3.7.5 PCI_DSS_v4.0_3.7.5 PCI DSS v4.0 3.7.5 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance PCI_DSS_v4.0 3.7.6 PCI_DSS_v4.0_3.7.6 PCI DSS v4.0 3.7.6 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.7.6 PCI_DSS_v4.0_3.7.6 PCI DSS v4.0 3.7.6 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance PCI_DSS_v4.0 3.7.6 PCI_DSS_v4.0_3.7.6 PCI DSS v4.0 3.7.6 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance PCI_DSS_v4.0 3.7.6 PCI_DSS_v4.0_3.7.6 PCI DSS v4.0 3.7.6 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance PCI_DSS_v4.0 3.7.6 PCI_DSS_v4.0_3.7.6 PCI DSS v4.0 3.7.6 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance PCI_DSS_v4.0 3.7.6 PCI_DSS_v4.0_3.7.6 PCI DSS v4.0 3.7.6 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance PCI_DSS_v4.0 3.7.6 PCI_DSS_v4.0_3.7.6 PCI DSS v4.0 3.7.6 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance PCI_DSS_v4.0 3.7.7 PCI_DSS_v4.0_3.7.7 PCI DSS v4.0 3.7.7 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance PCI_DSS_v4.0 3.7.7 PCI_DSS_v4.0_3.7.7 PCI DSS v4.0 3.7.7 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance PCI_DSS_v4.0 3.7.7 PCI_DSS_v4.0_3.7.7 PCI DSS v4.0 3.7.7 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance PCI_DSS_v4.0 3.7.7 PCI_DSS_v4.0_3.7.7 PCI DSS v4.0 3.7.7 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance PCI_DSS_v4.0 3.7.7 PCI_DSS_v4.0_3.7.7 PCI DSS v4.0 3.7.7 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance PCI_DSS_v4.0 3.7.7 PCI_DSS_v4.0_3.7.7 PCI DSS v4.0 3.7.7 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.7.7 PCI_DSS_v4.0_3.7.7 PCI DSS v4.0 3.7.7 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance PCI_DSS_v4.0 3.7.8 PCI_DSS_v4.0_3.7.8 PCI DSS v4.0 3.7.8 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance PCI_DSS_v4.0 3.7.8 PCI_DSS_v4.0_3.7.8 PCI DSS v4.0 3.7.8 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance PCI_DSS_v4.0 3.7.8 PCI_DSS_v4.0_3.7.8 PCI DSS v4.0 3.7.8 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance PCI_DSS_v4.0 3.7.8 PCI_DSS_v4.0_3.7.8 PCI DSS v4.0 3.7.8 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance PCI_DSS_v4.0 3.7.8 PCI_DSS_v4.0_3.7.8 PCI DSS v4.0 3.7.8 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.7.8 PCI_DSS_v4.0_3.7.8 PCI DSS v4.0 3.7.8 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance PCI_DSS_v4.0 3.7.8 PCI_DSS_v4.0_3.7.8 PCI DSS v4.0 3.7.8 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance PCI_DSS_v4.0 3.7.9 PCI_DSS_v4.0_3.7.9 PCI DSS v4.0 3.7.9 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance PCI_DSS_v4.0 3.7.9 PCI_DSS_v4.0_3.7.9 PCI DSS v4.0 3.7.9 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance PCI_DSS_v4.0 3.7.9 PCI_DSS_v4.0_3.7.9 PCI DSS v4.0 3.7.9 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance PCI_DSS_v4.0 3.7.9 PCI_DSS_v4.0_3.7.9 PCI DSS v4.0 3.7.9 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance PCI_DSS_v4.0 3.7.9 PCI_DSS_v4.0_3.7.9 PCI DSS v4.0 3.7.9 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance PCI_DSS_v4.0 3.7.9 PCI_DSS_v4.0_3.7.9 PCI DSS v4.0 3.7.9 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.7.9 PCI_DSS_v4.0_3.7.9 PCI DSS v4.0 3.7.9 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance PCI_DSS_v4.0 4.1.1 PCI_DSS_v4.0_4.1.1 PCI DSS v4.0 4.1.1 Processes and mechanisms for protecting cardholder data with strong cryptography during transmission over open, public networks are defined and documented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 4.2.1 PCI_DSS_v4.0_4.2.1 PCI DSS v4.0 4.2.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance PCI_DSS_v4.0 4.2.1 PCI_DSS_v4.0_4.2.1 PCI DSS v4.0 4.2.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance PCI_DSS_v4.0 4.2.1 PCI_DSS_v4.0_4.2.1 PCI DSS v4.0 4.2.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
16c54e01-9e65-7524-7c33-beda48a75779 Produce, control and distribute symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 4.2.1 PCI_DSS_v4.0_4.2.1 PCI DSS v4.0 4.2.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance PCI_DSS_v4.0 4.2.1 PCI_DSS_v4.0_4.2.1 PCI DSS v4.0 4.2.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 4.2.1 PCI_DSS_v4.0_4.2.1 PCI DSS v4.0 4.2.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance PCI_DSS_v4.0 4.2.1 PCI_DSS_v4.0_4.2.1 PCI DSS v4.0 4.2.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance PCI_DSS_v4.0 4.2.1 PCI_DSS_v4.0_4.2.1 PCI DSS v4.0 4.2.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance PCI_DSS_v4.0 4.2.1 PCI_DSS_v4.0_4.2.1 PCI DSS v4.0 4.2.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance PCI_DSS_v4.0 4.2.1 PCI_DSS_v4.0_4.2.1 PCI DSS v4.0 4.2.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance PCI_DSS_v4.0 4.2.1 PCI_DSS_v4.0_4.2.1 PCI DSS v4.0 4.2.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance PCI_DSS_v4.0 4.2.1 PCI_DSS_v4.0_4.2.1 PCI DSS v4.0 4.2.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance PCI_DSS_v4.0 4.2.1.1 PCI_DSS_v4.0_4.2.1.1 PCI DSS v4.0 4.2.1.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance PCI_DSS_v4.0 4.2.1.1 PCI_DSS_v4.0_4.2.1.1 PCI DSS v4.0 4.2.1.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance PCI_DSS_v4.0 4.2.1.1 PCI_DSS_v4.0_4.2.1.1 PCI DSS v4.0 4.2.1.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance PCI_DSS_v4.0 4.2.1.1 PCI_DSS_v4.0_4.2.1.1 PCI DSS v4.0 4.2.1.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance PCI_DSS_v4.0 4.2.1.1 PCI_DSS_v4.0_4.2.1.1 PCI DSS v4.0 4.2.1.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 4.2.1.1 PCI_DSS_v4.0_4.2.1.1 PCI DSS v4.0 4.2.1.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance PCI_DSS_v4.0 4.2.1.1 PCI_DSS_v4.0_4.2.1.1 PCI DSS v4.0 4.2.1.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3ad7f0bc-3d03-0585-4d24-529779bb02c2 Maintain availability of information Regulatory Compliance PCI_DSS_v4.0 4.2.1.1 PCI_DSS_v4.0_4.2.1.1 PCI DSS v4.0 4.2.1.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance PCI_DSS_v4.0 4.2.1.2 PCI_DSS_v4.0_4.2.1.2 PCI DSS v4.0 4.2.1.2 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance PCI_DSS_v4.0 4.2.1.2 PCI_DSS_v4.0_4.2.1.2 PCI DSS v4.0 4.2.1.2 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance PCI_DSS_v4.0 4.2.1.2 PCI_DSS_v4.0_4.2.1.2 PCI DSS v4.0 4.2.1.2 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance PCI_DSS_v4.0 4.2.2 PCI_DSS_v4.0_4.2.2 PCI DSS v4.0 4.2.2 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance PCI_DSS_v4.0 4.2.2 PCI_DSS_v4.0_4.2.2 PCI DSS v4.0 4.2.2 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance PCI_DSS_v4.0 4.2.2 PCI_DSS_v4.0_4.2.2 PCI DSS v4.0 4.2.2 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance PCI_DSS_v4.0 5.1.1 PCI_DSS_v4.0_5.1.1 PCI DSS v4.0 5.1.1 Processes and mechanisms for protecting all systems and networks from malicious software are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance PCI_DSS_v4.0 5.2.1 PCI_DSS_v4.0_5.2.1 PCI DSS v4.0 5.2.1 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance PCI_DSS_v4.0 5.2.1 PCI_DSS_v4.0_5.2.1 PCI DSS v4.0 5.2.1 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance PCI_DSS_v4.0 5.2.1 PCI_DSS_v4.0_5.2.1 PCI DSS v4.0 5.2.1 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance PCI_DSS_v4.0 5.2.1 PCI_DSS_v4.0_5.2.1 PCI DSS v4.0 5.2.1 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance PCI_DSS_v4.0 5.2.1 PCI_DSS_v4.0_5.2.1 PCI DSS v4.0 5.2.1 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center PCI_DSS_v4.0 5.2.1 PCI_DSS_v4.0_5.2.1 PCI DSS v4.0 5.2.1 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center PCI_DSS_v4.0 5.2.1 PCI_DSS_v4.0_5.2.1 PCI DSS v4.0 5.2.1 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance PCI_DSS_v4.0 5.2.1 PCI_DSS_v4.0_5.2.1 PCI DSS v4.0 5.2.1 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance PCI_DSS_v4.0 5.2.1 PCI_DSS_v4.0_5.2.1 PCI DSS v4.0 5.2.1 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center PCI_DSS_v4.0 5.2.2 PCI_DSS_v4.0_5.2.2 PCI DSS v4.0 5.2.2 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center PCI_DSS_v4.0 5.2.2 PCI_DSS_v4.0_5.2.2 PCI DSS v4.0 5.2.2 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance PCI_DSS_v4.0 5.2.2 PCI_DSS_v4.0_5.2.2 PCI DSS v4.0 5.2.2 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance PCI_DSS_v4.0 5.2.2 PCI_DSS_v4.0_5.2.2 PCI DSS v4.0 5.2.2 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance PCI_DSS_v4.0 5.2.2 PCI_DSS_v4.0_5.2.2 PCI DSS v4.0 5.2.2 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance PCI_DSS_v4.0 5.2.2 PCI_DSS_v4.0_5.2.2 PCI DSS v4.0 5.2.2 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance PCI_DSS_v4.0 5.2.2 PCI_DSS_v4.0_5.2.2 PCI DSS v4.0 5.2.2 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance PCI_DSS_v4.0 5.2.2 PCI_DSS_v4.0_5.2.2 PCI DSS v4.0 5.2.2 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance PCI_DSS_v4.0 5.2.2 PCI_DSS_v4.0_5.2.2 PCI DSS v4.0 5.2.2 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center PCI_DSS_v4.0 5.2.3 PCI_DSS_v4.0_5.2.3 PCI DSS v4.0 5.2.3 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center PCI_DSS_v4.0 5.2.3 PCI_DSS_v4.0_5.2.3 PCI DSS v4.0 5.2.3 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance PCI_DSS_v4.0 5.2.3 PCI_DSS_v4.0_5.2.3 PCI DSS v4.0 5.2.3 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance PCI_DSS_v4.0 5.2.3 PCI_DSS_v4.0_5.2.3 PCI DSS v4.0 5.2.3 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance PCI_DSS_v4.0 5.2.3 PCI_DSS_v4.0_5.2.3 PCI DSS v4.0 5.2.3 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance PCI_DSS_v4.0 5.2.3 PCI_DSS_v4.0_5.2.3 PCI DSS v4.0 5.2.3 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance PCI_DSS_v4.0 5.2.3 PCI_DSS_v4.0_5.2.3 PCI DSS v4.0 5.2.3 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance PCI_DSS_v4.0 5.2.3 PCI_DSS_v4.0_5.2.3 PCI DSS v4.0 5.2.3 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance PCI_DSS_v4.0 5.2.3 PCI_DSS_v4.0_5.2.3 PCI DSS v4.0 5.2.3 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance PCI_DSS_v4.0 5.2.3.1 PCI_DSS_v4.0_5.2.3.1 PCI DSS v4.0 5.2.3.1 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance PCI_DSS_v4.0 5.2.3.1 PCI_DSS_v4.0_5.2.3.1 PCI DSS v4.0 5.2.3.1 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance PCI_DSS_v4.0 5.2.3.1 PCI_DSS_v4.0_5.2.3.1 PCI DSS v4.0 5.2.3.1 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance PCI_DSS_v4.0 5.3.1 PCI_DSS_v4.0_5.3.1 PCI DSS v4.0 5.3.1 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance PCI_DSS_v4.0 5.3.1 PCI_DSS_v4.0_5.3.1 PCI DSS v4.0 5.3.1 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance PCI_DSS_v4.0 5.3.1 PCI_DSS_v4.0_5.3.1 PCI DSS v4.0 5.3.1 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance PCI_DSS_v4.0 5.3.1 PCI_DSS_v4.0_5.3.1 PCI DSS v4.0 5.3.1 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance PCI_DSS_v4.0 5.3.1 PCI_DSS_v4.0_5.3.1 PCI DSS v4.0 5.3.1 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance PCI_DSS_v4.0 5.3.1 PCI_DSS_v4.0_5.3.1 PCI DSS v4.0 5.3.1 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance PCI_DSS_v4.0 5.3.3 PCI_DSS_v4.0_5.3.3 PCI DSS v4.0 5.3.3 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance PCI_DSS_v4.0 5.3.3 PCI_DSS_v4.0_5.3.3 PCI DSS v4.0 5.3.3 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance PCI_DSS_v4.0 5.3.3 PCI_DSS_v4.0_5.3.3 PCI DSS v4.0 5.3.3 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance PCI_DSS_v4.0 5.3.3 PCI_DSS_v4.0_5.3.3 PCI DSS v4.0 5.3.3 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance PCI_DSS_v4.0 5.3.3 PCI_DSS_v4.0_5.3.3 PCI DSS v4.0 5.3.3 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance PCI_DSS_v4.0 5.3.3 PCI_DSS_v4.0_5.3.3 PCI DSS v4.0 5.3.3 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance PCI_DSS_v4.0 5.3.3 PCI_DSS_v4.0_5.3.3 PCI DSS v4.0 5.3.3 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance PCI_DSS_v4.0 5.3.4 PCI_DSS_v4.0_5.3.4 PCI DSS v4.0 5.3.4 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance PCI_DSS_v4.0 5.3.4 PCI_DSS_v4.0_5.3.4 PCI DSS v4.0 5.3.4 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance PCI_DSS_v4.0 5.3.4 PCI_DSS_v4.0_5.3.4 PCI DSS v4.0 5.3.4 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance PCI_DSS_v4.0 5.3.4 PCI_DSS_v4.0_5.3.4 PCI DSS v4.0 5.3.4 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance PCI_DSS_v4.0 5.3.5 PCI_DSS_v4.0_5.3.5 PCI DSS v4.0 5.3.5 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance PCI_DSS_v4.0 5.3.5 PCI_DSS_v4.0_5.3.5 PCI DSS v4.0 5.3.5 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance PCI_DSS_v4.0 5.3.5 PCI_DSS_v4.0_5.3.5 PCI DSS v4.0 5.3.5 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance PCI_DSS_v4.0 5.3.5 PCI_DSS_v4.0_5.3.5 PCI DSS v4.0 5.3.5 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance PCI_DSS_v4.0 5.3.5 PCI_DSS_v4.0_5.3.5 PCI DSS v4.0 5.3.5 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance PCI_DSS_v4.0 5.3.5 PCI_DSS_v4.0_5.3.5 PCI DSS v4.0 5.3.5 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance PCI_DSS_v4.0 5.3.5 PCI_DSS_v4.0_5.3.5 PCI DSS v4.0 5.3.5 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance PCI_DSS_v4.0 5.3.5 PCI_DSS_v4.0_5.3.5 PCI DSS v4.0 5.3.5 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance PCI_DSS_v4.0 5.4.1 PCI_DSS_v4.0_5.4.1 PCI DSS v4.0 5.4.1 Anti-phishing mechanisms protect users against phishing attacks PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance PCI_DSS_v4.0 5.4.1 PCI_DSS_v4.0_5.4.1 PCI DSS v4.0 5.4.1 Anti-phishing mechanisms protect users against phishing attacks PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance PCI_DSS_v4.0 5.4.1 PCI_DSS_v4.0_5.4.1 PCI DSS v4.0 5.4.1 Anti-phishing mechanisms protect users against phishing attacks PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance PCI_DSS_v4.0 5.4.1 PCI_DSS_v4.0_5.4.1 PCI DSS v4.0 5.4.1 Anti-phishing mechanisms protect users against phishing attacks PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance PCI_DSS_v4.0 5.4.1 PCI_DSS_v4.0_5.4.1 PCI DSS v4.0 5.4.1 Anti-phishing mechanisms protect users against phishing attacks PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance PCI_DSS_v4.0 5.4.1 PCI_DSS_v4.0_5.4.1 PCI DSS v4.0 5.4.1 Anti-phishing mechanisms protect users against phishing attacks PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance PCI_DSS_v4.0 5.4.1 PCI_DSS_v4.0_5.4.1 PCI DSS v4.0 5.4.1 Anti-phishing mechanisms protect users against phishing attacks PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance PCI_DSS_v4.0 6.1.1 PCI_DSS_v4.0_6.1.1 PCI DSS v4.0 6.1.1 Processes and mechanisms for developing and maintaining secure systems and software are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance PCI_DSS_v4.0 6.1.1 PCI_DSS_v4.0_6.1.1 PCI DSS v4.0 6.1.1 Processes and mechanisms for developing and maintaining secure systems and software are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance PCI_DSS_v4.0 6.2.2 PCI_DSS_v4.0_6.2.2 PCI DSS v4.0 6.2.2 Bespoke and custom software are developed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance PCI_DSS_v4.0 6.2.2 PCI_DSS_v4.0_6.2.2 PCI DSS v4.0 6.2.2 Bespoke and custom software are developed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance PCI_DSS_v4.0 6.2.3.1 PCI_DSS_v4.0_6.2.3.1 PCI DSS v4.0 6.2.3.1 Bespoke and custom software are developed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation PCI_DSS_v4.0 6.2.4 PCI_DSS_v4.0_6.2.4 PCI DSS v4.0 6.2.4 Bespoke and custom software are developed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service PCI_DSS_v4.0 6.2.4 PCI_DSS_v4.0_6.2.4 PCI DSS v4.0 6.2.4 Bespoke and custom software are developed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service PCI_DSS_v4.0 6.2.4 PCI_DSS_v4.0_6.2.4 PCI DSS v4.0 6.2.4 Bespoke and custom software are developed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache PCI_DSS_v4.0 6.2.4 PCI_DSS_v4.0_6.2.4 PCI DSS v4.0 6.2.4 Bespoke and custom software are developed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage PCI_DSS_v4.0 6.2.4 PCI_DSS_v4.0_6.2.4 PCI DSS v4.0 6.2.4 Bespoke and custom software are developed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric PCI_DSS_v4.0 6.2.4 PCI_DSS_v4.0_6.2.4 PCI DSS v4.0 6.2.4 Bespoke and custom software are developed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL PCI_DSS_v4.0 6.2.4 PCI_DSS_v4.0_6.2.4 PCI DSS v4.0 6.2.4 Bespoke and custom software are developed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance PCI_DSS_v4.0 6.3.1 PCI_DSS_v4.0_6.3.1 PCI DSS v4.0 6.3.1 Security vulnerabilities are identified and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
26d178a4-9261-6f04-a100-47ed85314c6e Implement security directives Regulatory Compliance PCI_DSS_v4.0 6.3.1 PCI_DSS_v4.0_6.3.1 PCI DSS v4.0 6.3.1 Security vulnerabilities are identified and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b0e3035d-6366-2e37-796e-8bcab9c649e6 Establish a threat intelligence program Regulatory Compliance PCI_DSS_v4.0 6.3.1 PCI_DSS_v4.0_6.3.1 PCI DSS v4.0 6.3.1 Security vulnerabilities are identified and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Disseminate security alerts to personnel Regulatory Compliance PCI_DSS_v4.0 6.3.1 PCI_DSS_v4.0_6.3.1 PCI DSS v4.0 6.3.1 Security vulnerabilities are identified and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3f1216b0-30ee-1ac9-3899-63eb744e85f5 Obtain Admin documentation Regulatory Compliance PCI_DSS_v4.0 6.3.2 PCI_DSS_v4.0_6.3.2 PCI DSS v4.0 6.3.2 Security vulnerabilities are identified and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center PCI_DSS_v4.0 6.3.3 PCI_DSS_v4.0_6.3.3 PCI DSS v4.0 6.3.3 Security vulnerabilities are identified and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center PCI_DSS_v4.0 6.3.3 PCI_DSS_v4.0_6.3.3 PCI DSS v4.0 6.3.3 Security vulnerabilities are identified and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance PCI_DSS_v4.0 6.4.1 PCI_DSS_v4.0_6.4.1 PCI DSS v4.0 6.4.1 Public-facing web applications are protected against attacks PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center PCI_DSS_v4.0 6.4.1 PCI_DSS_v4.0_6.4.1 PCI DSS v4.0 6.4.1 Public-facing web applications are protected against attacks PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center PCI_DSS_v4.0 6.4.1 PCI_DSS_v4.0_6.4.1 PCI DSS v4.0 6.4.1 Public-facing web applications are protected against attacks PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance PCI_DSS_v4.0 6.4.1 PCI_DSS_v4.0_6.4.1 PCI DSS v4.0 6.4.1 Public-facing web applications are protected against attacks PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance PCI_DSS_v4.0 6.4.3 PCI_DSS_v4.0_6.4.3 PCI DSS v4.0 6.4.3 Public-facing web applications are protected against attacks PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance PCI_DSS_v4.0 6.4.3 PCI_DSS_v4.0_6.4.3 PCI DSS v4.0 6.4.3 Public-facing web applications are protected against attacks PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance PCI_DSS_v4.0 6.5.1 PCI_DSS_v4.0_6.5.1 PCI DSS v4.0 6.5.1 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance PCI_DSS_v4.0 6.5.1 PCI_DSS_v4.0_6.5.1 PCI DSS v4.0 6.5.1 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance PCI_DSS_v4.0 6.5.1 PCI_DSS_v4.0_6.5.1 PCI DSS v4.0 6.5.1 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance PCI_DSS_v4.0 6.5.1 PCI_DSS_v4.0_6.5.1 PCI DSS v4.0 6.5.1 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance PCI_DSS_v4.0 6.5.1 PCI_DSS_v4.0_6.5.1 PCI DSS v4.0 6.5.1 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance PCI_DSS_v4.0 6.5.1 PCI_DSS_v4.0_6.5.1 PCI DSS v4.0 6.5.1 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance PCI_DSS_v4.0 6.5.1 PCI_DSS_v4.0_6.5.1 PCI DSS v4.0 6.5.1 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance PCI_DSS_v4.0 6.5.1 PCI_DSS_v4.0_6.5.1 PCI DSS v4.0 6.5.1 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance PCI_DSS_v4.0 6.5.2 PCI_DSS_v4.0_6.5.2 PCI DSS v4.0 6.5.2 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance PCI_DSS_v4.0 6.5.3 PCI_DSS_v4.0_6.5.3 PCI DSS v4.0 6.5.3 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance PCI_DSS_v4.0 6.5.3 PCI_DSS_v4.0_6.5.3 PCI DSS v4.0 6.5.3 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance PCI_DSS_v4.0 6.5.3 PCI_DSS_v4.0_6.5.3 PCI DSS v4.0 6.5.3 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance PCI_DSS_v4.0 6.5.3 PCI_DSS_v4.0_6.5.3 PCI DSS v4.0 6.5.3 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance PCI_DSS_v4.0 6.5.3 PCI_DSS_v4.0_6.5.3 PCI DSS v4.0 6.5.3 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance PCI_DSS_v4.0 6.5.3 PCI_DSS_v4.0_6.5.3 PCI DSS v4.0 6.5.3 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance PCI_DSS_v4.0 6.5.4 PCI_DSS_v4.0_6.5.4 PCI DSS v4.0 6.5.4 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance PCI_DSS_v4.0 6.5.4 PCI_DSS_v4.0_6.5.4 PCI DSS v4.0 6.5.4 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance PCI_DSS_v4.0 6.5.4 PCI_DSS_v4.0_6.5.4 PCI DSS v4.0 6.5.4 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance PCI_DSS_v4.0 6.5.4 PCI_DSS_v4.0_6.5.4 PCI DSS v4.0 6.5.4 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance PCI_DSS_v4.0 6.5.4 PCI_DSS_v4.0_6.5.4 PCI DSS v4.0 6.5.4 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance PCI_DSS_v4.0 6.5.4 PCI_DSS_v4.0_6.5.4 PCI DSS v4.0 6.5.4 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
834b7a4a-83ab-2188-1a26-9c5033d8173b Incorporate security and data privacy practices in research processing Regulatory Compliance PCI_DSS_v4.0 6.5.5 PCI_DSS_v4.0_6.5.5 PCI DSS v4.0 6.5.5 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance PCI_DSS_v4.0 6.5.6 PCI_DSS_v4.0_6.5.6 PCI DSS v4.0 6.5.6 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance PCI_DSS_v4.0 6.5.6 PCI_DSS_v4.0_6.5.6 PCI DSS v4.0 6.5.6 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance PCI_DSS_v4.0 6.5.6 PCI_DSS_v4.0_6.5.6 PCI DSS v4.0 6.5.6 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance PCI_DSS_v4.0 6.5.6 PCI_DSS_v4.0_6.5.6 PCI DSS v4.0 6.5.6 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance PCI_DSS_v4.0 6.5.6 PCI_DSS_v4.0_6.5.6 PCI DSS v4.0 6.5.6 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance PCI_DSS_v4.0 7.1.1 PCI_DSS_v4.0_7.1.1 PCI DSS v4.0 7.1.1 Processes and mechanisms for restricting access to system components and cardholder data by business need to know are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance PCI_DSS_v4.0 7.1.1 PCI_DSS_v4.0_7.1.1 PCI DSS v4.0 7.1.1 Processes and mechanisms for restricting access to system components and cardholder data by business need to know are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance PCI_DSS_v4.0 7.1.1 PCI_DSS_v4.0_7.1.1 PCI DSS v4.0 7.1.1 Processes and mechanisms for restricting access to system components and cardholder data by business need to know are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance PCI_DSS_v4.0 7.1.1 PCI_DSS_v4.0_7.1.1 PCI DSS v4.0 7.1.1 Processes and mechanisms for restricting access to system components and cardholder data by business need to know are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance PCI_DSS_v4.0 7.1.2 PCI_DSS_v4.0_7.1.2 PCI DSS v4.0 7.1.2 Processes and mechanisms for restricting access to system components and cardholder data by business need to know are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance PCI_DSS_v4.0 7.1.2 PCI_DSS_v4.0_7.1.2 PCI DSS v4.0 7.1.2 Processes and mechanisms for restricting access to system components and cardholder data by business need to know are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance PCI_DSS_v4.0 7.1.2 PCI_DSS_v4.0_7.1.2 PCI DSS v4.0 7.1.2 Processes and mechanisms for restricting access to system components and cardholder data by business need to know are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance PCI_DSS_v4.0 7.2.1 PCI_DSS_v4.0_7.2.1 PCI DSS v4.0 7.2.1 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center PCI_DSS_v4.0 7.2.1 PCI_DSS_v4.0_7.2.1 PCI DSS v4.0 7.2.1 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center PCI_DSS_v4.0 7.2.1 PCI_DSS_v4.0_7.2.1 PCI DSS v4.0 7.2.1 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance PCI_DSS_v4.0 7.2.1 PCI_DSS_v4.0_7.2.1 PCI DSS v4.0 7.2.1 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance PCI_DSS_v4.0 7.2.1 PCI_DSS_v4.0_7.2.1 PCI DSS v4.0 7.2.1 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance PCI_DSS_v4.0 7.2.1 PCI_DSS_v4.0_7.2.1 PCI DSS v4.0 7.2.1 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance PCI_DSS_v4.0 7.2.1 PCI_DSS_v4.0_7.2.1 PCI DSS v4.0 7.2.1 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance PCI_DSS_v4.0 7.2.1 PCI_DSS_v4.0_7.2.1 PCI DSS v4.0 7.2.1 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance PCI_DSS_v4.0 7.2.1 PCI_DSS_v4.0_7.2.1 PCI DSS v4.0 7.2.1 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance PCI_DSS_v4.0 7.2.1 PCI_DSS_v4.0_7.2.1 PCI DSS v4.0 7.2.1 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance PCI_DSS_v4.0 7.2.2 PCI_DSS_v4.0_7.2.2 PCI DSS v4.0 7.2.2 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center PCI_DSS_v4.0 7.2.2 PCI_DSS_v4.0_7.2.2 PCI DSS v4.0 7.2.2 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance PCI_DSS_v4.0 7.2.2 PCI_DSS_v4.0_7.2.2 PCI DSS v4.0 7.2.2 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center PCI_DSS_v4.0 7.2.2 PCI_DSS_v4.0_7.2.2 PCI DSS v4.0 7.2.2 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance PCI_DSS_v4.0 7.2.2 PCI_DSS_v4.0_7.2.2 PCI DSS v4.0 7.2.2 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance PCI_DSS_v4.0 7.2.2 PCI_DSS_v4.0_7.2.2 PCI DSS v4.0 7.2.2 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance PCI_DSS_v4.0 7.2.2 PCI_DSS_v4.0_7.2.2 PCI DSS v4.0 7.2.2 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance PCI_DSS_v4.0 7.2.3 PCI_DSS_v4.0_7.2.3 PCI DSS v4.0 7.2.3 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance PCI_DSS_v4.0 7.2.3 PCI_DSS_v4.0_7.2.3 PCI DSS v4.0 7.2.3 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance PCI_DSS_v4.0 7.2.3 PCI_DSS_v4.0_7.2.3 PCI DSS v4.0 7.2.3 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance PCI_DSS_v4.0 7.2.3 PCI_DSS_v4.0_7.2.3 PCI DSS v4.0 7.2.3 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance PCI_DSS_v4.0 7.2.3 PCI_DSS_v4.0_7.2.3 PCI DSS v4.0 7.2.3 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance PCI_DSS_v4.0 7.2.3 PCI_DSS_v4.0_7.2.3 PCI DSS v4.0 7.2.3 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance PCI_DSS_v4.0 7.2.3 PCI_DSS_v4.0_7.2.3 PCI DSS v4.0 7.2.3 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance PCI_DSS_v4.0 7.2.3 PCI_DSS_v4.0_7.2.3 PCI DSS v4.0 7.2.3 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance PCI_DSS_v4.0 7.2.4 PCI_DSS_v4.0_7.2.4 PCI DSS v4.0 7.2.4 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance PCI_DSS_v4.0 7.2.4 PCI_DSS_v4.0_7.2.4 PCI DSS v4.0 7.2.4 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance PCI_DSS_v4.0 7.2.4 PCI_DSS_v4.0_7.2.4 PCI DSS v4.0 7.2.4 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance PCI_DSS_v4.0 7.2.4 PCI_DSS_v4.0_7.2.4 PCI DSS v4.0 7.2.4 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance PCI_DSS_v4.0 7.2.5 PCI_DSS_v4.0_7.2.5 PCI DSS v4.0 7.2.5 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance PCI_DSS_v4.0 7.2.5.1 PCI_DSS_v4.0_7.2.5.1 PCI DSS v4.0 7.2.5.1 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance PCI_DSS_v4.0 7.2.6 PCI_DSS_v4.0_7.2.6 PCI DSS v4.0 7.2.6 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance PCI_DSS_v4.0 7.2.6 PCI_DSS_v4.0_7.2.6 PCI DSS v4.0 7.2.6 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance PCI_DSS_v4.0 7.2.6 PCI_DSS_v4.0_7.2.6 PCI DSS v4.0 7.2.6 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance PCI_DSS_v4.0 7.2.6 PCI_DSS_v4.0_7.2.6 PCI DSS v4.0 7.2.6 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance PCI_DSS_v4.0 7.2.6 PCI_DSS_v4.0_7.2.6 PCI DSS v4.0 7.2.6 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance PCI_DSS_v4.0 7.2.6 PCI_DSS_v4.0_7.2.6 PCI DSS v4.0 7.2.6 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance PCI_DSS_v4.0 7.2.6 PCI_DSS_v4.0_7.2.6 PCI DSS v4.0 7.2.6 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance PCI_DSS_v4.0 7.2.6 PCI_DSS_v4.0_7.2.6 PCI DSS v4.0 7.2.6 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 7.3.1 PCI_DSS_v4.0_7.3.1 PCI DSS v4.0 7.3.1 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance PCI_DSS_v4.0 7.3.1 PCI_DSS_v4.0_7.3.1 PCI DSS v4.0 7.3.1 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance PCI_DSS_v4.0 7.3.1 PCI_DSS_v4.0_7.3.1 PCI DSS v4.0 7.3.1 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance PCI_DSS_v4.0 7.3.1 PCI_DSS_v4.0_7.3.1 PCI DSS v4.0 7.3.1 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance PCI_DSS_v4.0 7.3.1 PCI_DSS_v4.0_7.3.1 PCI DSS v4.0 7.3.1 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance PCI_DSS_v4.0 7.3.1 PCI_DSS_v4.0_7.3.1 PCI DSS v4.0 7.3.1 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance PCI_DSS_v4.0 7.3.1 PCI_DSS_v4.0_7.3.1 PCI DSS v4.0 7.3.1 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance PCI_DSS_v4.0 7.3.1 PCI_DSS_v4.0_7.3.1 PCI DSS v4.0 7.3.1 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance PCI_DSS_v4.0 7.3.1 PCI_DSS_v4.0_7.3.1 PCI DSS v4.0 7.3.1 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 7.3.1 PCI_DSS_v4.0_7.3.1 PCI DSS v4.0 7.3.1 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance PCI_DSS_v4.0 7.3.1 PCI_DSS_v4.0_7.3.1 PCI DSS v4.0 7.3.1 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance PCI_DSS_v4.0 7.3.1 PCI_DSS_v4.0_7.3.1 PCI DSS v4.0 7.3.1 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General PCI_DSS_v4.0 7.3.1 PCI_DSS_v4.0_7.3.1 PCI DSS v4.0 7.3.1 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 7.3.1 PCI_DSS_v4.0_7.3.1 PCI DSS v4.0 7.3.1 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL PCI_DSS_v4.0 7.3.1 PCI_DSS_v4.0_7.3.1 PCI DSS v4.0 7.3.1 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance PCI_DSS_v4.0 7.3.2 PCI_DSS_v4.0_7.3.2 PCI DSS v4.0 7.3.2 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance PCI_DSS_v4.0 7.3.2 PCI_DSS_v4.0_7.3.2 PCI DSS v4.0 7.3.2 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance PCI_DSS_v4.0 7.3.2 PCI_DSS_v4.0_7.3.2 PCI DSS v4.0 7.3.2 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance PCI_DSS_v4.0 7.3.2 PCI_DSS_v4.0_7.3.2 PCI DSS v4.0 7.3.2 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance PCI_DSS_v4.0 7.3.2 PCI_DSS_v4.0_7.3.2 PCI DSS v4.0 7.3.2 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance PCI_DSS_v4.0 7.3.2 PCI_DSS_v4.0_7.3.2 PCI DSS v4.0 7.3.2 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance PCI_DSS_v4.0 7.3.2 PCI_DSS_v4.0_7.3.2 PCI DSS v4.0 7.3.2 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance PCI_DSS_v4.0 7.3.2 PCI_DSS_v4.0_7.3.2 PCI DSS v4.0 7.3.2 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance PCI_DSS_v4.0 7.3.2 PCI_DSS_v4.0_7.3.2 PCI DSS v4.0 7.3.2 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance PCI_DSS_v4.0 7.3.2 PCI_DSS_v4.0_7.3.2 PCI DSS v4.0 7.3.2 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance PCI_DSS_v4.0 7.3.3 PCI_DSS_v4.0_7.3.3 PCI DSS v4.0 7.3.3 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance PCI_DSS_v4.0 7.3.3 PCI_DSS_v4.0_7.3.3 PCI DSS v4.0 7.3.3 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance PCI_DSS_v4.0 7.3.3 PCI_DSS_v4.0_7.3.3 PCI DSS v4.0 7.3.3 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance PCI_DSS_v4.0 7.3.3 PCI_DSS_v4.0_7.3.3 PCI DSS v4.0 7.3.3 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance PCI_DSS_v4.0 7.3.3 PCI_DSS_v4.0_7.3.3 PCI DSS v4.0 7.3.3 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance PCI_DSS_v4.0 7.3.3 PCI_DSS_v4.0_7.3.3 PCI DSS v4.0 7.3.3 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures Regulatory Compliance PCI_DSS_v4.0 8.1.1 PCI_DSS_v4.0_8.1.1 PCI DSS v4.0 8.1.1 Processes and mechanisms for identifying users and authenticating access to system components are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance PCI_DSS_v4.0 8.2.1 PCI_DSS_v4.0_8.2.1 PCI DSS v4.0 8.2.1 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance PCI_DSS_v4.0 8.2.1 PCI_DSS_v4.0_8.2.1 PCI DSS v4.0 8.2.1 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f29b17a4-0df2-8a50-058a-8570f9979d28 Assign system identifiers Regulatory Compliance PCI_DSS_v4.0 8.2.1 PCI_DSS_v4.0_8.2.1 PCI DSS v4.0 8.2.1 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance PCI_DSS_v4.0 8.2.2 PCI_DSS_v4.0_8.2.2 PCI DSS v4.0 8.2.2 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts Regulatory Compliance PCI_DSS_v4.0 8.2.2 PCI_DSS_v4.0_8.2.2 PCI DSS v4.0 8.2.2 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
76d66b5c-85e4-93f5-96a5-ebb2fad61dc6 Terminate customer controlled account credentials Regulatory Compliance PCI_DSS_v4.0 8.2.2 PCI_DSS_v4.0_8.2.2 PCI DSS v4.0 8.2.2 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
08ad71d0-52be-6503-4908-e015460a16ae Require use of individual authenticators Regulatory Compliance PCI_DSS_v4.0 8.2.2 PCI_DSS_v4.0_8.2.2 PCI DSS v4.0 8.2.2 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance PCI_DSS_v4.0 8.2.3 PCI_DSS_v4.0_8.2.3 PCI DSS v4.0 8.2.3 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance PCI_DSS_v4.0 8.2.3 PCI_DSS_v4.0_8.2.3 PCI DSS v4.0 8.2.3 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance PCI_DSS_v4.0 8.2.3 PCI_DSS_v4.0_8.2.3 PCI DSS v4.0 8.2.3 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 8.2.4 PCI_DSS_v4.0_8.2.4 PCI DSS v4.0 8.2.4 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 8.2.4 PCI_DSS_v4.0_8.2.4 PCI DSS v4.0 8.2.4 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 8.2.4 PCI_DSS_v4.0_8.2.4 PCI DSS v4.0 8.2.4 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance PCI_DSS_v4.0 8.2.4 PCI_DSS_v4.0_8.2.4 PCI DSS v4.0 8.2.4 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f29b17a4-0df2-8a50-058a-8570f9979d28 Assign system identifiers Regulatory Compliance PCI_DSS_v4.0 8.2.4 PCI_DSS_v4.0_8.2.4 PCI DSS v4.0 8.2.4 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 8.2.4 PCI_DSS_v4.0_8.2.4 PCI DSS v4.0 8.2.4 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 8.2.4 PCI_DSS_v4.0_8.2.4 PCI DSS v4.0 8.2.4 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 8.2.5 PCI_DSS_v4.0_8.2.5 PCI DSS v4.0 8.2.5 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 8.2.5 PCI_DSS_v4.0_8.2.5 PCI DSS v4.0 8.2.5 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance PCI_DSS_v4.0 8.2.6 PCI_DSS_v4.0_8.2.6 PCI DSS v4.0 8.2.6 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance PCI_DSS_v4.0 8.2.6 PCI_DSS_v4.0_8.2.6 PCI DSS v4.0 8.2.6 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 8.2.7 PCI_DSS_v4.0_8.2.7 PCI DSS v4.0 8.2.7 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 8.2.7 PCI_DSS_v4.0_8.2.7 PCI DSS v4.0 8.2.7 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 8.2.7 PCI_DSS_v4.0_8.2.7 PCI DSS v4.0 8.2.7 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 8.2.7 PCI_DSS_v4.0_8.2.7 PCI DSS v4.0 8.2.7 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 8.2.7 PCI_DSS_v4.0_8.2.7 PCI DSS v4.0 8.2.7 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance PCI_DSS_v4.0 8.2.7 PCI_DSS_v4.0_8.2.7 PCI DSS v4.0 8.2.7 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2af4640d-11a6-a64b-5ceb-a468f4341c0c Define and enforce inactivity log policy Regulatory Compliance PCI_DSS_v4.0 8.2.8 PCI_DSS_v4.0_8.2.8 PCI DSS v4.0 8.2.8 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance PCI_DSS_v4.0 8.2.8 PCI_DSS_v4.0_8.2.8 PCI DSS v4.0 8.2.8 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance PCI_DSS_v4.0 8.3.1 PCI_DSS_v4.0_8.3.1 PCI DSS v4.0 8.3.1 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance PCI_DSS_v4.0 8.3.1 PCI_DSS_v4.0_8.3.1 PCI DSS v4.0 8.3.1 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance PCI_DSS_v4.0 8.3.1 PCI_DSS_v4.0_8.3.1 PCI DSS v4.0 8.3.1 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance PCI_DSS_v4.0 8.3.1 PCI_DSS_v4.0_8.3.1 PCI DSS v4.0 8.3.1 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance PCI_DSS_v4.0 8.3.10 PCI_DSS_v4.0_8.3.10 PCI DSS v4.0 8.3.10 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance PCI_DSS_v4.0 8.3.10 PCI_DSS_v4.0_8.3.10 PCI DSS v4.0 8.3.10 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance PCI_DSS_v4.0 8.3.10.1 PCI_DSS_v4.0_8.3.10.1 PCI DSS v4.0 8.3.10.1 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance PCI_DSS_v4.0 8.3.10.1 PCI_DSS_v4.0_8.3.10.1 PCI DSS v4.0 8.3.10.1 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance PCI_DSS_v4.0 8.3.11 PCI_DSS_v4.0_8.3.11 PCI DSS v4.0 8.3.11 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance PCI_DSS_v4.0 8.3.11 PCI_DSS_v4.0_8.3.11 PCI DSS v4.0 8.3.11 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance PCI_DSS_v4.0 8.3.11 PCI_DSS_v4.0_8.3.11 PCI DSS v4.0 8.3.11 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance PCI_DSS_v4.0 8.3.11 PCI_DSS_v4.0_8.3.11 PCI DSS v4.0 8.3.11 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance PCI_DSS_v4.0 8.3.11 PCI_DSS_v4.0_8.3.11 PCI DSS v4.0 8.3.11 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
098dcde7-016a-06c3-0985-0daaf3301d3a Distribute authenticators Regulatory Compliance PCI_DSS_v4.0 8.3.11 PCI_DSS_v4.0_8.3.11 PCI DSS v4.0 8.3.11 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
37dbe3dc-0e9c-24fa-36f2-11197cbfa207 Ensure authorized users protect provided authenticators Regulatory Compliance PCI_DSS_v4.0 8.3.2 PCI_DSS_v4.0_8.3.2 PCI DSS v4.0 8.3.2 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance PCI_DSS_v4.0 8.3.2 PCI_DSS_v4.0_8.3.2 PCI DSS v4.0 8.3.2 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b4409bff-2287-8407-05fd-c73175a68302 Enforce a limit of consecutive failed login attempts Regulatory Compliance PCI_DSS_v4.0 8.3.4 PCI_DSS_v4.0_8.3.4 PCI DSS v4.0 8.3.4 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance PCI_DSS_v4.0 8.3.5 PCI_DSS_v4.0_8.3.5 PCI DSS v4.0 8.3.5 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance PCI_DSS_v4.0 8.3.6 PCI_DSS_v4.0_8.3.6 PCI DSS v4.0 8.3.6 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance PCI_DSS_v4.0 8.3.6 PCI_DSS_v4.0_8.3.6 PCI DSS v4.0 8.3.6 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance PCI_DSS_v4.0 8.3.6 PCI_DSS_v4.0_8.3.6 PCI DSS v4.0 8.3.6 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration PCI_DSS_v4.0 8.3.6 PCI_DSS_v4.0_8.3.6 PCI DSS v4.0 8.3.6 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration PCI_DSS_v4.0 8.3.6 PCI_DSS_v4.0_8.3.6 PCI DSS v4.0 8.3.6 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration PCI_DSS_v4.0 8.3.6 PCI_DSS_v4.0_8.3.6 PCI DSS v4.0 8.3.6 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration PCI_DSS_v4.0 8.3.6 PCI_DSS_v4.0_8.3.6 PCI DSS v4.0 8.3.6 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration PCI_DSS_v4.0 8.3.6 PCI_DSS_v4.0_8.3.6 PCI DSS v4.0 8.3.6 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration PCI_DSS_v4.0 8.3.6 PCI_DSS_v4.0_8.3.6 PCI DSS v4.0 8.3.6 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance PCI_DSS_v4.0 8.3.8 PCI_DSS_v4.0_8.3.8 PCI DSS v4.0 8.3.8 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance PCI_DSS_v4.0 8.3.9 PCI_DSS_v4.0_8.3.9 PCI DSS v4.0 8.3.9 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance PCI_DSS_v4.0 8.3.9 PCI_DSS_v4.0_8.3.9 PCI DSS v4.0 8.3.9 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 8.4.1 PCI_DSS_v4.0_8.4.1 PCI DSS v4.0 8.4.1 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 8.4.1 PCI_DSS_v4.0_8.4.1 PCI DSS v4.0 8.4.1 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 8.4.1 PCI_DSS_v4.0_8.4.1 PCI DSS v4.0 8.4.1 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL PCI_DSS_v4.0 8.4.1 PCI_DSS_v4.0_8.4.1 PCI DSS v4.0 8.4.1 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General PCI_DSS_v4.0 8.4.1 PCI_DSS_v4.0_8.4.1 PCI DSS v4.0 8.4.1 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance PCI_DSS_v4.0 8.4.1 PCI_DSS_v4.0_8.4.1 PCI DSS v4.0 8.4.1 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance PCI_DSS_v4.0 8.4.2 PCI_DSS_v4.0_8.4.2 PCI DSS v4.0 8.4.2 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance PCI_DSS_v4.0 8.4.2 PCI_DSS_v4.0_8.4.2 PCI DSS v4.0 8.4.2 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance PCI_DSS_v4.0 8.4.2 PCI_DSS_v4.0_8.4.2 PCI DSS v4.0 8.4.2 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance PCI_DSS_v4.0 8.4.2 PCI_DSS_v4.0_8.4.2 PCI DSS v4.0 8.4.2 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance PCI_DSS_v4.0 8.4.2 PCI_DSS_v4.0_8.4.2 PCI DSS v4.0 8.4.2 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance PCI_DSS_v4.0 8.4.2 PCI_DSS_v4.0_8.4.2 PCI DSS v4.0 8.4.2 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance PCI_DSS_v4.0 8.4.2 PCI_DSS_v4.0_8.4.2 PCI DSS v4.0 8.4.2 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance PCI_DSS_v4.0 8.4.2 PCI_DSS_v4.0_8.4.2 PCI DSS v4.0 8.4.2 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance PCI_DSS_v4.0 8.4.3 PCI_DSS_v4.0_8.4.3 PCI DSS v4.0 8.4.3 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance PCI_DSS_v4.0 8.4.3 PCI_DSS_v4.0_8.4.3 PCI DSS v4.0 8.4.3 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance PCI_DSS_v4.0 8.4.3 PCI_DSS_v4.0_8.4.3 PCI DSS v4.0 8.4.3 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance PCI_DSS_v4.0 8.4.3 PCI_DSS_v4.0_8.4.3 PCI DSS v4.0 8.4.3 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance PCI_DSS_v4.0 8.4.3 PCI_DSS_v4.0_8.4.3 PCI DSS v4.0 8.4.3 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance PCI_DSS_v4.0 8.4.3 PCI_DSS_v4.0_8.4.3 PCI DSS v4.0 8.4.3 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance PCI_DSS_v4.0 8.4.3 PCI_DSS_v4.0_8.4.3 PCI DSS v4.0 8.4.3 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance PCI_DSS_v4.0 8.4.3 PCI_DSS_v4.0_8.4.3 PCI DSS v4.0 8.4.3 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance PCI_DSS_v4.0 8.5.1 PCI_DSS_v4.0_8.5.1 PCI DSS v4.0 8.5.1 Multi-factor authentication (MFA) systems are configured to prevent misuse PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance PCI_DSS_v4.0 8.5.1 PCI_DSS_v4.0_8.5.1 PCI DSS v4.0 8.5.1 Multi-factor authentication (MFA) systems are configured to prevent misuse PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance PCI_DSS_v4.0 8.5.1 PCI_DSS_v4.0_8.5.1 PCI DSS v4.0 8.5.1 Multi-factor authentication (MFA) systems are configured to prevent misuse PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance PCI_DSS_v4.0 8.5.1 PCI_DSS_v4.0_8.5.1 PCI DSS v4.0 8.5.1 Multi-factor authentication (MFA) systems are configured to prevent misuse PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance PCI_DSS_v4.0 8.5.1 PCI_DSS_v4.0_8.5.1 PCI DSS v4.0 8.5.1 Multi-factor authentication (MFA) systems are configured to prevent misuse PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance PCI_DSS_v4.0 8.5.1 PCI_DSS_v4.0_8.5.1 PCI DSS v4.0 8.5.1 Multi-factor authentication (MFA) systems are configured to prevent misuse PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance PCI_DSS_v4.0 8.5.1 PCI_DSS_v4.0_8.5.1 PCI DSS v4.0 8.5.1 Multi-factor authentication (MFA) systems are configured to prevent misuse PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance PCI_DSS_v4.0 8.5.1 PCI_DSS_v4.0_8.5.1 PCI DSS v4.0 8.5.1 Multi-factor authentication (MFA) systems are configured to prevent misuse PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance PCI_DSS_v4.0 8.6.1 PCI_DSS_v4.0_8.6.1 PCI DSS v4.0 8.6.1 Use of application and system accounts and associated authentication factors is strictly managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance PCI_DSS_v4.0 8.6.1 PCI_DSS_v4.0_8.6.1 PCI DSS v4.0 8.6.1 Use of application and system accounts and associated authentication factors is strictly managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance PCI_DSS_v4.0 8.6.2 PCI_DSS_v4.0_8.6.2 PCI DSS v4.0 8.6.2 Use of application and system accounts and associated authentication factors is strictly managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance PCI_DSS_v4.0 8.6.3 PCI_DSS_v4.0_8.6.3 PCI DSS v4.0 8.6.3 Use of application and system accounts and associated authentication factors is strictly managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance PCI_DSS_v4.0 8.6.3 PCI_DSS_v4.0_8.6.3 PCI DSS v4.0 8.6.3 Use of application and system accounts and associated authentication factors is strictly managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance PCI_DSS_v4.0 8.6.3 PCI_DSS_v4.0_8.6.3 PCI DSS v4.0 8.6.3 Use of application and system accounts and associated authentication factors is strictly managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance PCI_DSS_v4.0 8.6.3 PCI_DSS_v4.0_8.6.3 PCI DSS v4.0 8.6.3 Use of application and system accounts and associated authentication factors is strictly managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance PCI_DSS_v4.0 8.6.3 PCI_DSS_v4.0_8.6.3 PCI DSS v4.0 8.6.3 Use of application and system accounts and associated authentication factors is strictly managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance PCI_DSS_v4.0 8.6.3 PCI_DSS_v4.0_8.6.3 PCI DSS v4.0 8.6.3 Use of application and system accounts and associated authentication factors is strictly managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance PCI_DSS_v4.0 9.1.1 PCI_DSS_v4.0_9.1.1 PCI DSS v4.0 9.1.1 Processes and mechanisms for restricting physical access to cardholder data are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance PCI_DSS_v4.0 9.1.1 PCI_DSS_v4.0_9.1.1 PCI DSS v4.0 9.1.1 Processes and mechanisms for restricting physical access to cardholder data are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance PCI_DSS_v4.0 9.2.2 PCI_DSS_v4.0_9.2.2 PCI DSS v4.0 9.2.2 Physical access controls manage entry into facilities and systems containing cardholder data PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance PCI_DSS_v4.0 9.2.3 PCI_DSS_v4.0_9.2.3 PCI DSS v4.0 9.2.3 Physical access controls manage entry into facilities and systems containing cardholder data PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance PCI_DSS_v4.0 9.2.3 PCI_DSS_v4.0_9.2.3 PCI DSS v4.0 9.2.3 Physical access controls manage entry into facilities and systems containing cardholder data PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance PCI_DSS_v4.0 9.2.4 PCI_DSS_v4.0_9.2.4 PCI DSS v4.0 9.2.4 Physical access controls manage entry into facilities and systems containing cardholder data PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance PCI_DSS_v4.0 9.2.4 PCI_DSS_v4.0_9.2.4 PCI DSS v4.0 9.2.4 Physical access controls manage entry into facilities and systems containing cardholder data PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance PCI_DSS_v4.0 9.3.1 PCI_DSS_v4.0_9.3.1 PCI DSS v4.0 9.3.1 Physical access for personnel and visitors is authorized and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance PCI_DSS_v4.0 9.3.1.1 PCI_DSS_v4.0_9.3.1.1 PCI DSS v4.0 9.3.1.1 Physical access for personnel and visitors is authorized and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance PCI_DSS_v4.0 9.3.2 PCI_DSS_v4.0_9.3.2 PCI DSS v4.0 9.3.2 Physical access for personnel and visitors is authorized and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance PCI_DSS_v4.0 9.3.2 PCI_DSS_v4.0_9.3.2 PCI DSS v4.0 9.3.2 Physical access for personnel and visitors is authorized and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance PCI_DSS_v4.0 9.3.3 PCI_DSS_v4.0_9.3.3 PCI DSS v4.0 9.3.3 Physical access for personnel and visitors is authorized and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance PCI_DSS_v4.0 9.3.3 PCI_DSS_v4.0_9.3.3 PCI DSS v4.0 9.3.3 Physical access for personnel and visitors is authorized and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance PCI_DSS_v4.0 9.3.4 PCI_DSS_v4.0_9.3.4 PCI DSS v4.0 9.3.4 Physical access for personnel and visitors is authorized and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance PCI_DSS_v4.0 9.3.4 PCI_DSS_v4.0_9.3.4 PCI DSS v4.0 9.3.4 Physical access for personnel and visitors is authorized and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance PCI_DSS_v4.0 9.4.1 PCI_DSS_v4.0_9.4.1 PCI DSS v4.0 9.4.1 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance PCI_DSS_v4.0 9.4.1.1 PCI_DSS_v4.0_9.4.1.1 PCI DSS v4.0 9.4.1.1 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance PCI_DSS_v4.0 9.4.2 PCI_DSS_v4.0_9.4.2 PCI DSS v4.0 9.4.2 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance PCI_DSS_v4.0 9.4.3 PCI_DSS_v4.0_9.4.3 PCI DSS v4.0 9.4.3 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance PCI_DSS_v4.0 9.4.3 PCI_DSS_v4.0_9.4.3 PCI DSS v4.0 9.4.3 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance PCI_DSS_v4.0 9.4.4 PCI_DSS_v4.0_9.4.4 PCI DSS v4.0 9.4.4 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance PCI_DSS_v4.0 9.4.4 PCI_DSS_v4.0_9.4.4 PCI DSS v4.0 9.4.4 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance PCI_DSS_v4.0 9.4.5.1 PCI_DSS_v4.0_9.4.5.1 PCI DSS v4.0 9.4.5.1 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance PCI_DSS_v4.0 9.4.5.1 PCI_DSS_v4.0_9.4.5.1 PCI DSS v4.0 9.4.5.1 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance PCI_DSS_v4.0 9.4.6 PCI_DSS_v4.0_9.4.6 PCI DSS v4.0 9.4.6 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance PCI_DSS_v4.0 9.4.6 PCI_DSS_v4.0_9.4.6 PCI DSS v4.0 9.4.6 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance PCI_DSS_v4.0 9.4.6 PCI_DSS_v4.0_9.4.6 PCI DSS v4.0 9.4.6 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance PCI_DSS_v4.0 9.4.6 PCI_DSS_v4.0_9.4.6 PCI DSS v4.0 9.4.6 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance PCI_DSS_v4.0 9.4.7 PCI_DSS_v4.0_9.4.7 PCI DSS v4.0 9.4.7 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance PCI_DSS_v4.0 9.4.7 PCI_DSS_v4.0_9.4.7 PCI DSS v4.0 9.4.7 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance PCI_DSS_v4.0 9.4.7 PCI_DSS_v4.0_9.4.7 PCI DSS v4.0 9.4.7 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance PCI_DSS_v4.0 9.4.7 PCI_DSS_v4.0_9.4.7 PCI DSS v4.0 9.4.7 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance PCI_DSS_v4.0 9.5.1 PCI_DSS_v4.0_9.5.1 PCI DSS v4.0 9.5.1 Point of interaction (POI) devices are protected from tampering and unauthorized substitution PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance PCI_DSS_v4.0 9.5.1 PCI_DSS_v4.0_9.5.1 PCI DSS v4.0 9.5.1 Point of interaction (POI) devices are protected from tampering and unauthorized substitution PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance PCI_DSS_v4.0 9.5.1 PCI_DSS_v4.0_9.5.1 PCI DSS v4.0 9.5.1 Point of interaction (POI) devices are protected from tampering and unauthorized substitution PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance PCI_DSS_v4.0 9.5.1.2 PCI_DSS_v4.0_9.5.1.2 PCI DSS v4.0 9.5.1.2 Point of interaction (POI) devices are protected from tampering and unauthorized substitution PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance PCI_DSS_v4.0 9.5.1.2 PCI_DSS_v4.0_9.5.1.2 PCI DSS v4.0 9.5.1.2 Point of interaction (POI) devices are protected from tampering and unauthorized substitution PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance PCI_DSS_v4.0 9.5.1.2 PCI_DSS_v4.0_9.5.1.2 PCI DSS v4.0 9.5.1.2 Point of interaction (POI) devices are protected from tampering and unauthorized substitution PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance PCI_DSS_v4.0 9.5.1.2.1 PCI_DSS_v4.0_9.5.1.2.1 PCI DSS v4.0 9.5.1.2.1 Point of interaction (POI) devices are protected from tampering and unauthorized substitution PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance PCI_DSS_v4.0 9.5.1.2.1 PCI_DSS_v4.0_9.5.1.2.1 PCI DSS v4.0 9.5.1.2.1 Point of interaction (POI) devices are protected from tampering and unauthorized substitution PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance PCI_DSS_v4.0 9.5.1.2.1 PCI_DSS_v4.0_9.5.1.2.1 PCI DSS v4.0 9.5.1.2.1 Point of interaction (POI) devices are protected from tampering and unauthorized substitution PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance PCI_DSS_v4.0 9.5.1.3 PCI_DSS_v4.0_9.5.1.3 PCI DSS v4.0 9.5.1.3 Point of interaction (POI) devices are protected from tampering and unauthorized substitution PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache RBI_CSF_Banks_v2016 10.1 RBI_CSF_Banks_v2016_10.1 Secure Mail And Messaging Systems-10.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center RBI_CSF_Banks_v2016 10.1 RBI_CSF_Banks_v2016_10.1 Secure Mail And Messaging Systems-10.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration RBI_CSF_Banks_v2016 10.1 RBI_CSF_Banks_v2016_10.1 Secure Mail And Messaging Systems-10.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL RBI_CSF_Banks_v2016 10.1 RBI_CSF_Banks_v2016_10.1 Secure Mail And Messaging Systems-10.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service RBI_CSF_Banks_v2016 10.1 RBI_CSF_Banks_v2016_10.1 Secure Mail And Messaging Systems-10.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL RBI_CSF_Banks_v2016 10.1 RBI_CSF_Banks_v2016_10.1 Secure Mail And Messaging Systems-10.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage RBI_CSF_Banks_v2016 10.1 RBI_CSF_Banks_v2016_10.1 Secure Mail And Messaging Systems-10.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service RBI_CSF_Banks_v2016 10.1 RBI_CSF_Banks_v2016_10.1 Secure Mail And Messaging Systems-10.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service RBI_CSF_Banks_v2016 10.1 RBI_CSF_Banks_v2016_10.1 Secure Mail And Messaging Systems-10.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service RBI_CSF_Banks_v2016 10.1 RBI_CSF_Banks_v2016_10.1 Secure Mail And Messaging Systems-10.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service RBI_CSF_Banks_v2016 10.1 RBI_CSF_Banks_v2016_10.1 Secure Mail And Messaging Systems-10.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service RBI_CSF_Banks_v2016 10.1 RBI_CSF_Banks_v2016_10.1 Secure Mail And Messaging Systems-10.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center RBI_CSF_Banks_v2016 10.1 RBI_CSF_Banks_v2016_10.1 Secure Mail And Messaging Systems-10.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center RBI_CSF_Banks_v2016 10.1 RBI_CSF_Banks_v2016_10.1 Secure Mail And Messaging Systems-10.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center RBI_CSF_Banks_v2016 10.1 RBI_CSF_Banks_v2016_10.1 Secure Mail And Messaging Systems-10.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service RBI_CSF_Banks_v2016 10.2 RBI_CSF_Banks_v2016_10.2 Secure Mail And Messaging Systems-10.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache RBI_CSF_Banks_v2016 10.2 RBI_CSF_Banks_v2016_10.2 Secure Mail And Messaging Systems-10.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service RBI_CSF_Banks_v2016 10.2 RBI_CSF_Banks_v2016_10.2 Secure Mail And Messaging Systems-10.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration RBI_CSF_Banks_v2016 10.2 RBI_CSF_Banks_v2016_10.2 Secure Mail And Messaging Systems-10.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service RBI_CSF_Banks_v2016 10.2 RBI_CSF_Banks_v2016_10.2 Secure Mail And Messaging Systems-10.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service RBI_CSF_Banks_v2016 10.2 RBI_CSF_Banks_v2016_10.2 Secure Mail And Messaging Systems-10.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL RBI_CSF_Banks_v2016 10.2 RBI_CSF_Banks_v2016_10.2 Secure Mail And Messaging Systems-10.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service RBI_CSF_Banks_v2016 10.2 RBI_CSF_Banks_v2016_10.2 Secure Mail And Messaging Systems-10.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service RBI_CSF_Banks_v2016 10.2 RBI_CSF_Banks_v2016_10.2 Secure Mail And Messaging Systems-10.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center RBI_CSF_Banks_v2016 10.2 RBI_CSF_Banks_v2016_10.2 Secure Mail And Messaging Systems-10.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center RBI_CSF_Banks_v2016 10.2 RBI_CSF_Banks_v2016_10.2 Secure Mail And Messaging Systems-10.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center RBI_CSF_Banks_v2016 10.2 RBI_CSF_Banks_v2016_10.2 Secure Mail And Messaging Systems-10.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center RBI_CSF_Banks_v2016 10.2 RBI_CSF_Banks_v2016_10.2 Secure Mail And Messaging Systems-10.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage RBI_CSF_Banks_v2016 10.2 RBI_CSF_Banks_v2016_10.2 Secure Mail And Messaging Systems-10.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL RBI_CSF_Banks_v2016 10.2 RBI_CSF_Banks_v2016_10.2 Secure Mail And Messaging Systems-10.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL RBI_CSF_Banks_v2016 13.3 RBI_CSF_Banks_v2016_13.3 Advanced Real-Timethreat Defenceand Management-13.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network RBI_CSF_Banks_v2016 13.3 RBI_CSF_Banks_v2016_13.3 Advanced Real-Timethreat Defenceand Management-13.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center RBI_CSF_Banks_v2016 13.3 RBI_CSF_Banks_v2016_13.3 Advanced Real-Timethreat Defenceand Management-13.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center RBI_CSF_Banks_v2016 13.3 RBI_CSF_Banks_v2016_13.3 Advanced Real-Timethreat Defenceand Management-13.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center RBI_CSF_Banks_v2016 13.3 RBI_CSF_Banks_v2016_13.3 Advanced Real-Timethreat Defenceand Management-13.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center RBI_CSF_Banks_v2016 13.3 RBI_CSF_Banks_v2016_13.3 Advanced Real-Timethreat Defenceand Management-13.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center RBI_CSF_Banks_v2016 13.3 RBI_CSF_Banks_v2016_13.3 Advanced Real-Timethreat Defenceand Management-13.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL RBI_CSF_Banks_v2016 13.3 RBI_CSF_Banks_v2016_13.3 Advanced Real-Timethreat Defenceand Management-13.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup RBI_CSF_Banks_v2016 13.3 RBI_CSF_Banks_v2016_13.3 Advanced Real-Timethreat Defenceand Management-13.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center RBI_CSF_Banks_v2016 13.3 RBI_CSF_Banks_v2016_13.3 Advanced Real-Timethreat Defenceand Management-13.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL RBI_CSF_Banks_v2016 13.3 RBI_CSF_Banks_v2016_13.3 Advanced Real-Timethreat Defenceand Management-13.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center RBI_CSF_Banks_v2016 13.3 RBI_CSF_Banks_v2016_13.3 Advanced Real-Timethreat Defenceand Management-13.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Azure AI Services resources should encrypt data at rest with a customer-managed key (CMK) Cognitive Services RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage RBI_CSF_Banks_v2016 15.1 RBI_CSF_Banks_v2016_15.1 Data Leak Prevention Strategy-15.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
27960feb-a23c-4577-8d36-ef8b5f35e0be All flow log resources should be in enabled state Network RBI_CSF_Banks_v2016 15.1 RBI_CSF_Banks_v2016_15.1 Data Leak Prevention Strategy-15.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration RBI_CSF_Banks_v2016 15.1 RBI_CSF_Banks_v2016_15.1 Data Leak Prevention Strategy-15.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center RBI_CSF_Banks_v2016 15.1 RBI_CSF_Banks_v2016_15.1 Data Leak Prevention Strategy-15.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL RBI_CSF_Banks_v2016 15.2 RBI_CSF_Banks_v2016_15.2 Data Leak Prevention Strategy-15.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL RBI_CSF_Banks_v2016 15.2 RBI_CSF_Banks_v2016_15.2 Data Leak Prevention Strategy-15.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL RBI_CSF_Banks_v2016 15.2 RBI_CSF_Banks_v2016_15.2 Data Leak Prevention Strategy-15.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage RBI_CSF_Banks_v2016 15.2 RBI_CSF_Banks_v2016_15.2 Data Leak Prevention Strategy-15.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL RBI_CSF_Banks_v2016 15.2 RBI_CSF_Banks_v2016_15.2 Data Leak Prevention Strategy-15.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL RBI_CSF_Banks_v2016 15.2 RBI_CSF_Banks_v2016_15.2 Data Leak Prevention Strategy-15.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
b2982f36-99f2-4db5-8eff-283140c09693 Storage accounts should disable public network access Storage RBI_CSF_Banks_v2016 15.2 RBI_CSF_Banks_v2016_15.2 Data Leak Prevention Strategy-15.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration RBI_CSF_Banks_v2016 15.3 RBI_CSF_Banks_v2016_15.3 Data Leak Prevention Strategy-15.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network RBI_CSF_Banks_v2016 16.1 RBI_CSF_Banks_v2016_16.1 Maintenance, Monitoring, And Analysis Of Audit Logs-16.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
2f080164-9f4d-497e-9db6-416dc9f7b48a Network Watcher flow logs should have traffic analytics enabled Network RBI_CSF_Banks_v2016 16.1 RBI_CSF_Banks_v2016_16.1 Maintenance, Monitoring, And Analysis Of Audit Logs-16.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
27960feb-a23c-4577-8d36-ef8b5f35e0be All flow log resources should be in enabled state Network RBI_CSF_Banks_v2016 16.1 RBI_CSF_Banks_v2016_16.1 Maintenance, Monitoring, And Analysis Of Audit Logs-16.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring RBI_CSF_Banks_v2016 16.1 RBI_CSF_Banks_v2016_16.1 Maintenance, Monitoring, And Analysis Of Audit Logs-16.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3 Log duration should be enabled for PostgreSQL database servers SQL RBI_CSF_Banks_v2016 16.1 RBI_CSF_Banks_v2016_16.1 Maintenance, Monitoring, And Analysis Of Audit Logs-16.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring RBI_CSF_Banks_v2016 16.2 RBI_CSF_Banks_v2016_16.2 Maintenance, Monitoring, And Analysis Of Audit Logs-16.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring RBI_CSF_Banks_v2016 16.2 RBI_CSF_Banks_v2016_16.2 Maintenance, Monitoring, And Analysis Of Audit Logs-16.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring RBI_CSF_Banks_v2016 16.2 RBI_CSF_Banks_v2016_16.2 Maintenance, Monitoring, And Analysis Of Audit Logs-16.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring RBI_CSF_Banks_v2016 16.2 RBI_CSF_Banks_v2016_16.2 Maintenance, Monitoring, And Analysis Of Audit Logs-16.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault RBI_CSF_Banks_v2016 16.3 RBI_CSF_Banks_v2016_16.3 Maintenance, Monitoring, And Analysis Of Audit Logs-16.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring RBI_CSF_Banks_v2016 16.3 RBI_CSF_Banks_v2016_16.3 Maintenance, Monitoring, And Analysis Of Audit Logs-16.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring RBI_CSF_Banks_v2016 16.3 RBI_CSF_Banks_v2016_16.3 Maintenance, Monitoring, And Analysis Of Audit Logs-16.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring RBI_CSF_Banks_v2016 16.3 RBI_CSF_Banks_v2016_16.3 Maintenance, Monitoring, And Analysis Of Audit Logs-16.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center RBI_CSF_Banks_v2016 17.1 RBI_CSF_Banks_v2016_17.1 Audit Log Settings-17.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring RBI_CSF_Banks_v2016 17.1 RBI_CSF_Banks_v2016_17.1 Audit Log Settings-17.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration RBI_CSF_Banks_v2016 17.1 RBI_CSF_Banks_v2016_17.1 Audit Log Settings-17.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault RBI_CSF_Banks_v2016 17.1 RBI_CSF_Banks_v2016_17.1 Audit Log Settings-17.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake RBI_CSF_Banks_v2016 17.1 RBI_CSF_Banks_v2016_17.1 Audit Log Settings-17.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub RBI_CSF_Banks_v2016 17.1 RBI_CSF_Banks_v2016_17.1 Audit Log Settings-17.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus RBI_CSF_Banks_v2016 17.1 RBI_CSF_Banks_v2016_17.1 Audit Log Settings-17.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring RBI_CSF_Banks_v2016 17.1 RBI_CSF_Banks_v2016_17.1 Audit Log Settings-17.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps RBI_CSF_Banks_v2016 17.1 RBI_CSF_Banks_v2016_17.1 Audit Log Settings-17.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration RBI_CSF_Banks_v2016 17.1 RBI_CSF_Banks_v2016_17.1 Audit Log Settings-17.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center RBI_CSF_Banks_v2016 17.1 RBI_CSF_Banks_v2016_17.1 Audit Log Settings-17.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake RBI_CSF_Banks_v2016 17.1 RBI_CSF_Banks_v2016_17.1 Audit Log Settings-17.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service RBI_CSF_Banks_v2016 17.1 RBI_CSF_Banks_v2016_17.1 Audit Log Settings-17.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics RBI_CSF_Banks_v2016 17.1 RBI_CSF_Banks_v2016_17.1 Audit Log Settings-17.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL RBI_CSF_Banks_v2016 18.1 RBI_CSF_Banks_v2016_18.1 Vulnerability Assessment And Penetration Test And Red Team Exercises-18.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL RBI_CSF_Banks_v2016 18.1 RBI_CSF_Banks_v2016_18.1 Vulnerability Assessment And Penetration Test And Red Team Exercises-18.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center RBI_CSF_Banks_v2016 18.1 RBI_CSF_Banks_v2016_18.1 Vulnerability Assessment And Penetration Test And Red Team Exercises-18.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center RBI_CSF_Banks_v2016 18.2 RBI_CSF_Banks_v2016_18.2 Vulnerability Assessment And Penetration Test And Red Team Exercises-18.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center RBI_CSF_Banks_v2016 18.2 RBI_CSF_Banks_v2016_18.2 Vulnerability Assessment And Penetration Test And Red Team Exercises-18.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL RBI_CSF_Banks_v2016 18.2 RBI_CSF_Banks_v2016_18.2 Vulnerability Assessment And Penetration Test And Red Team Exercises-18.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL RBI_CSF_Banks_v2016 18.2 RBI_CSF_Banks_v2016_18.2 Vulnerability Assessment And Penetration Test And Red Team Exercises-18.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center RBI_CSF_Banks_v2016 18.4 RBI_CSF_Banks_v2016_18.4 Vulnerability Assessment And Penetration Test And Red Team Exercises-18.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center RBI_CSF_Banks_v2016 18.4 RBI_CSF_Banks_v2016_18.4 Vulnerability Assessment And Penetration Test And Red Team Exercises-18.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center RBI_CSF_Banks_v2016 19.2 RBI_CSF_Banks_v2016_19.2 Responding To Cyber-Incidents:-19.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center RBI_CSF_Banks_v2016 19.2 RBI_CSF_Banks_v2016_19.2 Responding To Cyber-Incidents:-19.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center RBI_CSF_Banks_v2016 19.2 RBI_CSF_Banks_v2016_19.2 Responding To Cyber-Incidents:-19.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute RBI_CSF_Banks_v2016 19.4 RBI_CSF_Banks_v2016_19.4 Recovery From Cyber - Incidents-19.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center RBI_CSF_Banks_v2016 19.4 RBI_CSF_Banks_v2016_19.4 Recovery From Cyber - Incidents-19.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL RBI_CSF_Banks_v2016 19.5 RBI_CSF_Banks_v2016_19.5 Recovery From Cyber - Incidents-19.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL RBI_CSF_Banks_v2016 19.5 RBI_CSF_Banks_v2016_19.5 Recovery From Cyber - Incidents-19.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL RBI_CSF_Banks_v2016 19.5 RBI_CSF_Banks_v2016_19.5 Recovery From Cyber - Incidents-19.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center RBI_CSF_Banks_v2016 19.5 RBI_CSF_Banks_v2016_19.5 Recovery From Cyber - Incidents-19.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup RBI_CSF_Banks_v2016 19.5 RBI_CSF_Banks_v2016_19.5 Recovery From Cyber - Incidents-19.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center RBI_CSF_Banks_v2016 19.6 RBI_CSF_Banks_v2016_19.6 Recovery From Cyber - Incidents-19.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center RBI_CSF_Banks_v2016 19.6 RBI_CSF_Banks_v2016_19.6 Recovery From Cyber - Incidents-19.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center RBI_CSF_Banks_v2016 19.6 RBI_CSF_Banks_v2016_19.6 Recovery From Cyber - Incidents-19.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center RBI_CSF_Banks_v2016 19.6 RBI_CSF_Banks_v2016_19.6 Recovery From Cyber - Incidents-19.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center RBI_CSF_Banks_v2016 19.6b RBI_CSF_Banks_v2016_19.6b Recovery From Cyber - Incidents-19.6b [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center RBI_CSF_Banks_v2016 19.6b RBI_CSF_Banks_v2016_19.6b Recovery From Cyber - Incidents-19.6b [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center RBI_CSF_Banks_v2016 19.6b RBI_CSF_Banks_v2016_19.6b Recovery From Cyber - Incidents-19.6b [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center RBI_CSF_Banks_v2016 19.6b RBI_CSF_Banks_v2016_19.6b Recovery From Cyber - Incidents-19.6b [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center RBI_CSF_Banks_v2016 19.6c RBI_CSF_Banks_v2016_19.6c Recovery From Cyber - Incidents-19.6c [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center RBI_CSF_Banks_v2016 19.6c RBI_CSF_Banks_v2016_19.6c Recovery From Cyber - Incidents-19.6c [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center RBI_CSF_Banks_v2016 19.6c RBI_CSF_Banks_v2016_19.6c Recovery From Cyber - Incidents-19.6c [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center RBI_CSF_Banks_v2016 19.6e RBI_CSF_Banks_v2016_19.6e Recovery From Cyber - Incidents-19.6e [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center RBI_CSF_Banks_v2016 2.3 RBI_CSF_Banks_v2016_2.3 Security Update Management-2.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center RBI_CSF_Banks_v2016 2.3 RBI_CSF_Banks_v2016_2.3 Security Update Management-2.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center RBI_CSF_Banks_v2016 20.1 RBI_CSF_Banks_v2016_20.1 Risk Based Transaction Monitoring-20.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL RBI_CSF_Banks_v2016 20.1 RBI_CSF_Banks_v2016_20.1 Risk Based Transaction Monitoring-20.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL RBI_CSF_Banks_v2016 20.1 RBI_CSF_Banks_v2016_20.1 Risk Based Transaction Monitoring-20.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center RBI_CSF_Banks_v2016 20.1 RBI_CSF_Banks_v2016_20.1 Risk Based Transaction Monitoring-20.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center RBI_CSF_Banks_v2016 20.1 RBI_CSF_Banks_v2016_20.1 Risk Based Transaction Monitoring-20.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center RBI_CSF_Banks_v2016 20.1 RBI_CSF_Banks_v2016_20.1 Risk Based Transaction Monitoring-20.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault RBI_CSF_Banks_v2016 21.1 RBI_CSF_Banks_v2016_21.1 Metrics-21.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault RBI_CSF_Banks_v2016 21.1 RBI_CSF_Banks_v2016_21.1 Metrics-21.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault RBI_CSF_Banks_v2016 21.1 RBI_CSF_Banks_v2016_21.1 Metrics-21.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL RBI_CSF_Banks_v2016 21.1 RBI_CSF_Banks_v2016_21.1 Metrics-21.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center RBI_CSF_Banks_v2016 21.1 RBI_CSF_Banks_v2016_21.1 Metrics-21.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage RBI_CSF_Banks_v2016 21.1 RBI_CSF_Banks_v2016_21.1 Metrics-21.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning RBI_CSF_Banks_v2016 21.1 RBI_CSF_Banks_v2016_21.1 Metrics-21.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB RBI_CSF_Banks_v2016 21.1 RBI_CSF_Banks_v2016_21.1 Metrics-21.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL RBI_CSF_Banks_v2016 21.1 RBI_CSF_Banks_v2016_21.1 Metrics-21.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL RBI_CSF_Banks_v2016 21.1 RBI_CSF_Banks_v2016_21.1 Metrics-21.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault RBI_CSF_Banks_v2016 21.1 RBI_CSF_Banks_v2016_21.1 Metrics-21.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault RBI_CSF_Banks_v2016 21.1 RBI_CSF_Banks_v2016_21.1 Metrics-21.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry RBI_CSF_Banks_v2016 21.1 RBI_CSF_Banks_v2016_21.1 Metrics-21.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL RBI_CSF_Banks_v2016 21.1 RBI_CSF_Banks_v2016_21.1 Metrics-21.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Azure AI Services resources should encrypt data at rest with a customer-managed key (CMK) Cognitive Services RBI_CSF_Banks_v2016 21.1 RBI_CSF_Banks_v2016_21.1 Metrics-21.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6d02d2f7-e38b-4bdc-96f3-adc0a8726abc Hotpatch should be enabled for Windows Server Azure Edition VMs Automanage RBI_CSF_Banks_v2016 21.2 RBI_CSF_Banks_v2016_21.2 Metrics-21.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center RBI_CSF_Banks_v2016 22.1 RBI_CSF_Banks_v2016_22.1 Forensics-22.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center RBI_CSF_Banks_v2016 4.10 RBI_CSF_Banks_v2016_4.10 Perimeter Protection And Detection-4.10 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network RBI_CSF_Banks_v2016 4.10 RBI_CSF_Banks_v2016_4.10 Perimeter Protection And Detection-4.10 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network RBI_CSF_Banks_v2016 4.10 RBI_CSF_Banks_v2016_4.10 Perimeter Protection And Detection-4.10 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center RBI_CSF_Banks_v2016 4.10 RBI_CSF_Banks_v2016_4.10 Perimeter Protection And Detection-4.10 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center RBI_CSF_Banks_v2016 4.10 RBI_CSF_Banks_v2016_4.10 Perimeter Protection And Detection-4.10 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center RBI_CSF_Banks_v2016 4.10 RBI_CSF_Banks_v2016_4.10 Perimeter Protection And Detection-4.10 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center RBI_CSF_Banks_v2016 4.10 RBI_CSF_Banks_v2016_4.10 Perimeter Protection And Detection-4.10 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center RBI_CSF_Banks_v2016 4.10 RBI_CSF_Banks_v2016_4.10 Perimeter Protection And Detection-4.10 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center RBI_CSF_Banks_v2016 4.10 RBI_CSF_Banks_v2016_4.10 Perimeter Protection And Detection-4.10 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network RBI_CSF_Banks_v2016 4.10 RBI_CSF_Banks_v2016_4.10 Perimeter Protection And Detection-4.10 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center RBI_CSF_Banks_v2016 4.10 RBI_CSF_Banks_v2016_4.10 Perimeter Protection And Detection-4.10 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring RBI_CSF_Banks_v2016 4.2 RBI_CSF_Banks_v2016_4.2 Network Inventory-4.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
2f080164-9f4d-497e-9db6-416dc9f7b48a Network Watcher flow logs should have traffic analytics enabled Network RBI_CSF_Banks_v2016 4.2 RBI_CSF_Banks_v2016_4.2 Network Inventory-4.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring RBI_CSF_Banks_v2016 4.2 RBI_CSF_Banks_v2016_4.2 Network Inventory-4.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network RBI_CSF_Banks_v2016 4.2 RBI_CSF_Banks_v2016_4.2 Network Inventory-4.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center RBI_CSF_Banks_v2016 4.3 RBI_CSF_Banks_v2016_4.3 Network Device Configuration Management-4.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network RBI_CSF_Banks_v2016 4.3 RBI_CSF_Banks_v2016_4.3 Network Device Configuration Management-4.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network RBI_CSF_Banks_v2016 4.3 RBI_CSF_Banks_v2016_4.3 Network Device Configuration Management-4.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service RBI_CSF_Banks_v2016 4.3 RBI_CSF_Banks_v2016_4.3 Network Device Configuration Management-4.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center RBI_CSF_Banks_v2016 4.3 RBI_CSF_Banks_v2016_4.3 Network Device Configuration Management-4.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center RBI_CSF_Banks_v2016 4.3 RBI_CSF_Banks_v2016_4.3 Network Device Configuration Management-4.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network RBI_CSF_Banks_v2016 4.3 RBI_CSF_Banks_v2016_4.3 Network Device Configuration Management-4.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center RBI_CSF_Banks_v2016 4.3 RBI_CSF_Banks_v2016_4.3 Network Device Configuration Management-4.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center RBI_CSF_Banks_v2016 4.3 RBI_CSF_Banks_v2016_4.3 Network Device Configuration Management-4.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service RBI_CSF_Banks_v2016 4.3 RBI_CSF_Banks_v2016_4.3 Network Device Configuration Management-4.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center RBI_CSF_Banks_v2016 4.3 RBI_CSF_Banks_v2016_4.3 Network Device Configuration Management-4.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service RBI_CSF_Banks_v2016 4.3 RBI_CSF_Banks_v2016_4.3 Network Device Configuration Management-4.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center RBI_CSF_Banks_v2016 4.3 RBI_CSF_Banks_v2016_4.3 Network Device Configuration Management-4.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center RBI_CSF_Banks_v2016 4.3 RBI_CSF_Banks_v2016_4.3 Network Device Configuration Management-4.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center RBI_CSF_Banks_v2016 4.7 RBI_CSF_Banks_v2016_4.7 Anomaly Detection-4.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center RBI_CSF_Banks_v2016 4.7 RBI_CSF_Banks_v2016_4.7 Anomaly Detection-4.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center RBI_CSF_Banks_v2016 4.7 RBI_CSF_Banks_v2016_4.7 Anomaly Detection-4.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network RBI_CSF_Banks_v2016 4.7 RBI_CSF_Banks_v2016_4.7 Anomaly Detection-4.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center RBI_CSF_Banks_v2016 4.7 RBI_CSF_Banks_v2016_4.7 Anomaly Detection-4.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center RBI_CSF_Banks_v2016 4.7 RBI_CSF_Banks_v2016_4.7 Anomaly Detection-4.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center RBI_CSF_Banks_v2016 4.7 RBI_CSF_Banks_v2016_4.7 Anomaly Detection-4.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network RBI_CSF_Banks_v2016 4.7 RBI_CSF_Banks_v2016_4.7 Anomaly Detection-4.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network RBI_CSF_Banks_v2016 4.7 RBI_CSF_Banks_v2016_4.7 Anomaly Detection-4.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center RBI_CSF_Banks_v2016 4.7 RBI_CSF_Banks_v2016_4.7 Anomaly Detection-4.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center RBI_CSF_Banks_v2016 4.7 RBI_CSF_Banks_v2016_4.7 Anomaly Detection-4.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center RBI_CSF_Banks_v2016 4.7 RBI_CSF_Banks_v2016_4.7 Anomaly Detection-4.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center RBI_CSF_Banks_v2016 4.7 RBI_CSF_Banks_v2016_4.7 Anomaly Detection-4.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center RBI_CSF_Banks_v2016 4.9 RBI_CSF_Banks_v2016_4.9 Security Operation Centre-4.9 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center RBI_CSF_Banks_v2016 4.9 RBI_CSF_Banks_v2016_4.9 Security Operation Centre-4.9 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center RBI_CSF_Banks_v2016 4.9 RBI_CSF_Banks_v2016_4.9 Security Operation Centre-4.9 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center RBI_CSF_Banks_v2016 4.9 RBI_CSF_Banks_v2016_4.9 Security Operation Centre-4.9 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center RBI_CSF_Banks_v2016 4.9 RBI_CSF_Banks_v2016_4.9 Security Operation Centre-4.9 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center RBI_CSF_Banks_v2016 4.9 RBI_CSF_Banks_v2016_4.9 Security Operation Centre-4.9 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center RBI_CSF_Banks_v2016 4.9 RBI_CSF_Banks_v2016_4.9 Security Operation Centre-4.9 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL RBI_CSF_Banks_v2016 4.9 RBI_CSF_Banks_v2016_4.9 Security Operation Centre-4.9 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL RBI_CSF_Banks_v2016 4.9 RBI_CSF_Banks_v2016_4.9 Security Operation Centre-4.9 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center RBI_CSF_Banks_v2016 4.9 RBI_CSF_Banks_v2016_4.9 Security Operation Centre-4.9 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center RBI_CSF_Banks_v2016 4.9 RBI_CSF_Banks_v2016_4.9 Security Operation Centre-4.9 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center RBI_CSF_Banks_v2016 4.9 RBI_CSF_Banks_v2016_4.9 Security Operation Centre-4.9 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network RBI_CSF_Banks_v2016 4.9 RBI_CSF_Banks_v2016_4.9 Security Operation Centre-4.9 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center RBI_CSF_Banks_v2016 4.9 RBI_CSF_Banks_v2016_4.9 Security Operation Centre-4.9 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center RBI_CSF_Banks_v2016 4.9 RBI_CSF_Banks_v2016_4.9 Security Operation Centre-4.9 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center RBI_CSF_Banks_v2016 5.1 RBI_CSF_Banks_v2016_5.1 Secure Configuration-5.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center RBI_CSF_Banks_v2016 5.1 RBI_CSF_Banks_v2016_5.1 Secure Configuration-5.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL RBI_CSF_Banks_v2016 5.1 RBI_CSF_Banks_v2016_5.1 Secure Configuration-5.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center RBI_CSF_Banks_v2016 5.1 RBI_CSF_Banks_v2016_5.1 Secure Configuration-5.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center RBI_CSF_Banks_v2016 5.1 RBI_CSF_Banks_v2016_5.1 Secure Configuration-5.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center RBI_CSF_Banks_v2016 5.1 RBI_CSF_Banks_v2016_5.1 Secure Configuration-5.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL RBI_CSF_Banks_v2016 5.1 RBI_CSF_Banks_v2016_5.1 Secure Configuration-5.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration RBI_CSF_Banks_v2016 5.1 RBI_CSF_Banks_v2016_5.1 Secure Configuration-5.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6d02d2f7-e38b-4bdc-96f3-adc0a8726abc Hotpatch should be enabled for Windows Server Azure Edition VMs Automanage RBI_CSF_Banks_v2016 5.2 RBI_CSF_Banks_v2016_5.2 Secure Configuration-5.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault RBI_CSF_Banks_v2016 6.4 RBI_CSF_Banks_v2016_6.4 Application Security Life Cycle (Aslc)-6.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center RBI_CSF_Banks_v2016 6.4 RBI_CSF_Banks_v2016_6.4 Application Security Life Cycle (Aslc)-6.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service RBI_CSF_Banks_v2016 6.4 RBI_CSF_Banks_v2016_6.4 Application Security Life Cycle (Aslc)-6.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps RBI_CSF_Banks_v2016 6.4 RBI_CSF_Banks_v2016_6.4 Application Security Life Cycle (Aslc)-6.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service RBI_CSF_Banks_v2016 6.4 RBI_CSF_Banks_v2016_6.4 Application Security Life Cycle (Aslc)-6.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring RBI_CSF_Banks_v2016 6.4 RBI_CSF_Banks_v2016_6.4 Application Security Life Cycle (Aslc)-6.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center RBI_CSF_Banks_v2016 6.4 RBI_CSF_Banks_v2016_6.4 Application Security Life Cycle (Aslc)-6.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center RBI_CSF_Banks_v2016 6.4 RBI_CSF_Banks_v2016_6.4 Application Security Life Cycle (Aslc)-6.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center RBI_CSF_Banks_v2016 6.4 RBI_CSF_Banks_v2016_6.4 Application Security Life Cycle (Aslc)-6.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring RBI_CSF_Banks_v2016 6.4 RBI_CSF_Banks_v2016_6.4 Application Security Life Cycle (Aslc)-6.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0c4bd2e8-8872-4f37-a654-03f6f38ddc76 Application Insights components with Private Link enabled should use Bring Your Own Storage accounts for profiler and debugger. Monitoring RBI_CSF_Banks_v2016 6.4 RBI_CSF_Banks_v2016_6.4 Application Security Life Cycle (Aslc)-6.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
199d5677-e4d9-4264-9465-efe1839c06bd Application Insights components should block non-Azure Active Directory based ingestion. Monitoring RBI_CSF_Banks_v2016 6.4 RBI_CSF_Banks_v2016_6.4 Application Security Life Cycle (Aslc)-6.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service RBI_CSF_Banks_v2016 6.4 RBI_CSF_Banks_v2016_6.4 Application Security Life Cycle (Aslc)-6.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network RBI_CSF_Banks_v2016 6.7 RBI_CSF_Banks_v2016_6.7 Application Security Life Cycle (Aslc)-6.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network RBI_CSF_Banks_v2016 6.7 RBI_CSF_Banks_v2016_6.7 Application Security Life Cycle (Aslc)-6.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center RBI_CSF_Banks_v2016 7.1 RBI_CSF_Banks_v2016_7.1 Patch/Vulnerability & Change Management-7.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center RBI_CSF_Banks_v2016 7.1 RBI_CSF_Banks_v2016_7.1 Patch/Vulnerability & Change Management-7.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center RBI_CSF_Banks_v2016 7.1 RBI_CSF_Banks_v2016_7.1 Patch/Vulnerability & Change Management-7.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL RBI_CSF_Banks_v2016 7.1 RBI_CSF_Banks_v2016_7.1 Patch/Vulnerability & Change Management-7.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL RBI_CSF_Banks_v2016 7.1 RBI_CSF_Banks_v2016_7.1 Patch/Vulnerability & Change Management-7.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center RBI_CSF_Banks_v2016 7.2 RBI_CSF_Banks_v2016_7.2 Patch/Vulnerability & Change Management-7.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center RBI_CSF_Banks_v2016 7.2 RBI_CSF_Banks_v2016_7.2 Patch/Vulnerability & Change Management-7.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL RBI_CSF_Banks_v2016 7.2 RBI_CSF_Banks_v2016_7.2 Patch/Vulnerability & Change Management-7.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL RBI_CSF_Banks_v2016 7.2 RBI_CSF_Banks_v2016_7.2 Patch/Vulnerability & Change Management-7.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center RBI_CSF_Banks_v2016 7.2 RBI_CSF_Banks_v2016_7.2 Patch/Vulnerability & Change Management-7.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center RBI_CSF_Banks_v2016 7.6 RBI_CSF_Banks_v2016_7.6 Patch/Vulnerability & Change Management-7.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center RBI_CSF_Banks_v2016 7.6 RBI_CSF_Banks_v2016_7.6 Patch/Vulnerability & Change Management-7.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center RBI_CSF_Banks_v2016 7.6 RBI_CSF_Banks_v2016_7.6 Patch/Vulnerability & Change Management-7.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center RBI_CSF_Banks_v2016 7.6 RBI_CSF_Banks_v2016_7.6 Patch/Vulnerability & Change Management-7.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center RBI_CSF_Banks_v2016 7.6 RBI_CSF_Banks_v2016_7.6 Patch/Vulnerability & Change Management-7.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL RBI_CSF_Banks_v2016 7.6 RBI_CSF_Banks_v2016_7.6 Patch/Vulnerability & Change Management-7.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center RBI_CSF_Banks_v2016 7.6 RBI_CSF_Banks_v2016_7.6 Patch/Vulnerability & Change Management-7.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center RBI_CSF_Banks_v2016 7.6 RBI_CSF_Banks_v2016_7.6 Patch/Vulnerability & Change Management-7.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center RBI_CSF_Banks_v2016 7.6 RBI_CSF_Banks_v2016_7.6 Patch/Vulnerability & Change Management-7.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL RBI_CSF_Banks_v2016 7.6 RBI_CSF_Banks_v2016_7.6 Patch/Vulnerability & Change Management-7.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center RBI_CSF_Banks_v2016 7.6 RBI_CSF_Banks_v2016_7.6 Patch/Vulnerability & Change Management-7.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center RBI_CSF_Banks_v2016 7.6 RBI_CSF_Banks_v2016_7.6 Patch/Vulnerability & Change Management-7.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center RBI_CSF_Banks_v2016 7.6 RBI_CSF_Banks_v2016_7.6 Patch/Vulnerability & Change Management-7.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center RBI_CSF_Banks_v2016 8.1 RBI_CSF_Banks_v2016_8.1 User Access Control / Management-8.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.1 RBI_CSF_Banks_v2016_8.1 User Access Control / Management-8.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.1 RBI_CSF_Banks_v2016_8.1 User Access Control / Management-8.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.1 RBI_CSF_Banks_v2016_8.1 User Access Control / Management-8.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.1 RBI_CSF_Banks_v2016_8.1 User Access Control / Management-8.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General RBI_CSF_Banks_v2016 8.1 RBI_CSF_Banks_v2016_8.1 User Access Control / Management-8.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.1 RBI_CSF_Banks_v2016_8.1 User Access Control / Management-8.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric RBI_CSF_Banks_v2016 8.2 RBI_CSF_Banks_v2016_8.2 User Access Control / Management-8.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.2 RBI_CSF_Banks_v2016_8.2 User Access Control / Management-8.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.2 RBI_CSF_Banks_v2016_8.2 User Access Control / Management-8.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.2 RBI_CSF_Banks_v2016_8.2 User Access Control / Management-8.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.2 RBI_CSF_Banks_v2016_8.2 User Access Control / Management-8.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL RBI_CSF_Banks_v2016 8.2 RBI_CSF_Banks_v2016_8.2 User Access Control / Management-8.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.2 RBI_CSF_Banks_v2016_8.2 User Access Control / Management-8.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center RBI_CSF_Banks_v2016 8.3 RBI_CSF_Banks_v2016_8.3 User Access Control / Management-8.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center RBI_CSF_Banks_v2016 8.3 RBI_CSF_Banks_v2016_8.3 User Access Control / Management-8.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center RBI_CSF_Banks_v2016 8.3 RBI_CSF_Banks_v2016_8.3 User Access Control / Management-8.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.3 RBI_CSF_Banks_v2016_8.3 User Access Control / Management-8.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.3 RBI_CSF_Banks_v2016_8.3 User Access Control / Management-8.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service RBI_CSF_Banks_v2016 8.4 RBI_CSF_Banks_v2016_8.4 User Access Control / Management-8.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service RBI_CSF_Banks_v2016 8.4 RBI_CSF_Banks_v2016_8.4 User Access Control / Management-8.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center RBI_CSF_Banks_v2016 8.4 RBI_CSF_Banks_v2016_8.4 User Access Control / Management-8.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.5 RBI_CSF_Banks_v2016_8.5 User Access Control / Management-8.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General RBI_CSF_Banks_v2016 8.5 RBI_CSF_Banks_v2016_8.5 User Access Control / Management-8.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.5 RBI_CSF_Banks_v2016_8.5 User Access Control / Management-8.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL RBI_CSF_Banks_v2016 8.5 RBI_CSF_Banks_v2016_8.5 User Access Control / Management-8.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center RBI_CSF_Banks_v2016 8.5 RBI_CSF_Banks_v2016_8.5 User Access Control / Management-8.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.5 RBI_CSF_Banks_v2016_8.5 User Access Control / Management-8.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center RBI_CSF_Banks_v2016 8.5 RBI_CSF_Banks_v2016_8.5 User Access Control / Management-8.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.5 RBI_CSF_Banks_v2016_8.5 User Access Control / Management-8.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center RBI_CSF_Banks_v2016 8.5 RBI_CSF_Banks_v2016_8.5 User Access Control / Management-8.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.5 RBI_CSF_Banks_v2016_8.5 User Access Control / Management-8.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center RBI_CSF_Banks_v2016 8.5 RBI_CSF_Banks_v2016_8.5 User Access Control / Management-8.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric RBI_CSF_Banks_v2016 8.5 RBI_CSF_Banks_v2016_8.5 User Access Control / Management-8.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center RBI_CSF_Banks_v2016 8.8 RBI_CSF_Banks_v2016_8.8 User Access Control / Management-8.8 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General RBI_CSF_Banks_v2016 8.8 RBI_CSF_Banks_v2016_8.8 User Access Control / Management-8.8 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration RBI_CSF_Banks_v2016 9.1 RBI_CSF_Banks_v2016_9.1 Authentication Framework For Customers-9.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 9.3 RBI_CSF_Banks_v2016_9.3 Authentication Framework For Customers-9.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 9.3 RBI_CSF_Banks_v2016_9.3 Authentication Framework For Customers-9.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 9.3 RBI_CSF_Banks_v2016_9.3 Authentication Framework For Customers-9.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration RBI_CSF_Banks_v2016 9.3 RBI_CSF_Banks_v2016_9.3 Authentication Framework For Customers-9.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL RBI_ITF_NBFC_v2017 1 RBI_ITF_NBFC_v2017_1 RBI IT Framework 1 IT Governance-1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center RBI_ITF_NBFC_v2017 1 RBI_ITF_NBFC_v2017_1 RBI IT Framework 1 IT Governance-1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center RBI_ITF_NBFC_v2017 1 RBI_ITF_NBFC_v2017_1 RBI IT Framework 1 IT Governance-1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center RBI_ITF_NBFC_v2017 1 RBI_ITF_NBFC_v2017_1 RBI IT Framework 1 IT Governance-1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center RBI_ITF_NBFC_v2017 1 RBI_ITF_NBFC_v2017_1 RBI IT Framework 1 IT Governance-1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center RBI_ITF_NBFC_v2017 1 RBI_ITF_NBFC_v2017_1 RBI IT Framework 1 IT Governance-1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center RBI_ITF_NBFC_v2017 1 RBI_ITF_NBFC_v2017_1 RBI IT Framework 1 IT Governance-1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center RBI_ITF_NBFC_v2017 1 RBI_ITF_NBFC_v2017_1 RBI IT Framework 1 IT Governance-1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL RBI_ITF_NBFC_v2017 1 RBI_ITF_NBFC_v2017_1 RBI IT Framework 1 IT Governance-1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network RBI_ITF_NBFC_v2017 1.1 RBI_ITF_NBFC_v2017_1.1 RBI IT Framework 1.1 IT Governance-1.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center RBI_ITF_NBFC_v2017 1.1 RBI_ITF_NBFC_v2017_1.1 RBI IT Framework 1.1 IT Governance-1.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center RBI_ITF_NBFC_v2017 1.1 RBI_ITF_NBFC_v2017_1.1 RBI IT Framework 1.1 IT Governance-1.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center RBI_ITF_NBFC_v2017 1.1 RBI_ITF_NBFC_v2017_1.1 RBI IT Framework 1.1 IT Governance-1.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center RBI_ITF_NBFC_v2017 3 RBI_ITF_NBFC_v2017_3 RBI IT Framework 3 Information Security-3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center RBI_ITF_NBFC_v2017 3.1.a RBI_ITF_NBFC_v2017_3.1.a RBI IT Framework 3.1.a Identification and Classification of Information Assets-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center RBI_ITF_NBFC_v2017 3.1.a RBI_ITF_NBFC_v2017_3.1.a RBI IT Framework 3.1.a Identification and Classification of Information Assets-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center RBI_ITF_NBFC_v2017 3.1.a RBI_ITF_NBFC_v2017_3.1.a RBI IT Framework 3.1.a Identification and Classification of Information Assets-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center RBI_ITF_NBFC_v2017 3.1.a RBI_ITF_NBFC_v2017_3.1.a RBI IT Framework 3.1.a Identification and Classification of Information Assets-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General RBI_ITF_NBFC_v2017 3.1.a RBI_ITF_NBFC_v2017_3.1.a RBI IT Framework 3.1.a Identification and Classification of Information Assets-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center RBI_ITF_NBFC_v2017 3.1.a RBI_ITF_NBFC_v2017_3.1.a RBI IT Framework 3.1.a Identification and Classification of Information Assets-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center RBI_ITF_NBFC_v2017 3.1.a RBI_ITF_NBFC_v2017_3.1.a RBI IT Framework 3.1.a Identification and Classification of Information Assets-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center RBI_ITF_NBFC_v2017 3.1.b RBI_ITF_NBFC_v2017_3.1.b RBI IT Framework 3.1.b Segregation of Functions-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center RBI_ITF_NBFC_v2017 3.1.b RBI_ITF_NBFC_v2017_3.1.b RBI IT Framework 3.1.b Segregation of Functions-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center RBI_ITF_NBFC_v2017 3.1.b RBI_ITF_NBFC_v2017_3.1.b RBI IT Framework 3.1.b Segregation of Functions-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service RBI_ITF_NBFC_v2017 3.1.b RBI_ITF_NBFC_v2017_3.1.b RBI IT Framework 3.1.b Segregation of Functions-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service RBI_ITF_NBFC_v2017 3.1.b RBI_ITF_NBFC_v2017_3.1.b RBI IT Framework 3.1.b Segregation of Functions-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service RBI_ITF_NBFC_v2017 3.1.b RBI_ITF_NBFC_v2017_3.1.b RBI IT Framework 3.1.b Segregation of Functions-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center RBI_ITF_NBFC_v2017 3.1.c RBI_ITF_NBFC_v2017_3.1.c RBI IT Framework 3.1.c Role based Access Control-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.c RBI_ITF_NBFC_v2017_3.1.c RBI IT Framework 3.1.c Role based Access Control-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center RBI_ITF_NBFC_v2017 3.1.c RBI_ITF_NBFC_v2017_3.1.c RBI IT Framework 3.1.c Role based Access Control-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center RBI_ITF_NBFC_v2017 3.1.c RBI_ITF_NBFC_v2017_3.1.c RBI IT Framework 3.1.c Role based Access Control-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center RBI_ITF_NBFC_v2017 3.1.c RBI_ITF_NBFC_v2017_3.1.c RBI IT Framework 3.1.c Role based Access Control-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center RBI_ITF_NBFC_v2017 3.1.c RBI_ITF_NBFC_v2017_3.1.c RBI IT Framework 3.1.c Role based Access Control-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center RBI_ITF_NBFC_v2017 3.1.c RBI_ITF_NBFC_v2017_3.1.c RBI IT Framework 3.1.c Role based Access Control-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring RBI_ITF_NBFC_v2017 3.1.c RBI_ITF_NBFC_v2017_3.1.c RBI IT Framework 3.1.c Role based Access Control-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center RBI_ITF_NBFC_v2017 3.1.c RBI_ITF_NBFC_v2017_3.1.c RBI IT Framework 3.1.c Role based Access Control-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center RBI_ITF_NBFC_v2017 3.1.c RBI_ITF_NBFC_v2017_3.1.c RBI IT Framework 3.1.c Role based Access Control-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center RBI_ITF_NBFC_v2017 3.1.c RBI_ITF_NBFC_v2017_3.1.c RBI IT Framework 3.1.c Role based Access Control-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center RBI_ITF_NBFC_v2017 3.1.c RBI_ITF_NBFC_v2017_3.1.c RBI IT Framework 3.1.c Role based Access Control-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
fbb99e8e-e444-4da0-9ff1-75c92f5a85b2 Storage account containing the container with activity logs must be encrypted with BYOK Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e446 Disconnections should be logged for PostgreSQL database servers. SQL RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d Log checkpoints should be enabled for PostgreSQL database servers SQL RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
2f080164-9f4d-497e-9db6-416dc9f7b48a Network Watcher flow logs should have traffic analytics enabled Network RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
ea0dfaed-95fb-448c-934e-d6e713ce393d Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
27960feb-a23c-4577-8d36-ef8b5f35e0be All flow log resources should be in enabled state Network RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5 Logic Apps Integration Service Environment should be encrypted with customer-managed keys Logic Apps RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3 Log duration should be enabled for PostgreSQL database servers SQL RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
1f68a601-6e6d-4e42-babf-3f643a047ea2 Azure Monitor Logs clusters should be encrypted with customer-managed key Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e442 Log connections should be enabled for PostgreSQL database servers SQL RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
fb74e86f-d351-4b8d-b034-93da7391c01f App Service Environment should have internal encryption enabled App Service RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
fa298e57-9444-42ba-bf04-86e8470e32c7 Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption Monitoring RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
ea0dfaed-95fb-448c-934e-d6e713ce393d Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) Monitoring RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
3a58212a-c829-4f13-9872-6371df2fd0b4 Infrastructure encryption should be enabled for Azure Database for MySQL servers SQL RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL RBI_ITF_NBFC_v2017 3.3 RBI_ITF_NBFC_v2017_3.3 RBI IT Framework 3.3 Vulnerability Management-3.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center RBI_ITF_NBFC_v2017 3.3 RBI_ITF_NBFC_v2017_3.3 RBI IT Framework 3.3 Vulnerability Management-3.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL RBI_ITF_NBFC_v2017 3.3 RBI_ITF_NBFC_v2017_3.3 RBI IT Framework 3.3 Vulnerability Management-3.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center RBI_ITF_NBFC_v2017 3.3 RBI_ITF_NBFC_v2017_3.3 RBI IT Framework 3.3 Vulnerability Management-3.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse RBI_ITF_NBFC_v2017 3.3 RBI_ITF_NBFC_v2017_3.3 RBI IT Framework 3.3 Vulnerability Management-3.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center RBI_ITF_NBFC_v2017 3.3 RBI_ITF_NBFC_v2017_3.3 RBI IT Framework 3.3 Vulnerability Management-3.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center RBI_ITF_NBFC_v2017 3.3 RBI_ITF_NBFC_v2017_3.3 RBI IT Framework 3.3 Vulnerability Management-3.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault RBI_ITF_NBFC_v2017 3.8 RBI_ITF_NBFC_v2017_3.8 RBI IT Framework 3.8 Digital Signatures-3.8 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service RBI_ITF_NBFC_v2017 3.8 RBI_ITF_NBFC_v2017_3.8 RBI IT Framework 3.8 Digital Signatures-3.8 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
8e826246-c976-48f6-b03e-619bb92b3d82 Certificates should be issued by the specified integrated certificate authority Key Vault RBI_ITF_NBFC_v2017 3.8 RBI_ITF_NBFC_v2017_3.8 RBI IT Framework 3.8 Digital Signatures-3.8 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service RBI_ITF_NBFC_v2017 3.8 RBI_ITF_NBFC_v2017_3.8 RBI IT Framework 3.8 Digital Signatures-3.8 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
cee51871-e572-4576-855c-047c820360f0 Certificates using RSA cryptography should have the specified minimum key size Key Vault RBI_ITF_NBFC_v2017 3.8 RBI_ITF_NBFC_v2017_3.8 RBI IT Framework 3.8 Digital Signatures-3.8 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
bd78111f-4953-4367-9fd5-7e08808b54bf Certificates using elliptic curve cryptography should have allowed curve names Key Vault RBI_ITF_NBFC_v2017 3.8 RBI_ITF_NBFC_v2017_3.8 RBI IT Framework 3.8 Digital Signatures-3.8 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
1151cede-290b-4ba0-8b38-0ad145ac888f Certificates should use allowed key types Key Vault RBI_ITF_NBFC_v2017 3.8 RBI_ITF_NBFC_v2017_3.8 RBI IT Framework 3.8 Digital Signatures-3.8 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring RBI_ITF_NBFC_v2017 4.2 RBI_ITF_NBFC_v2017_4.2 RBI IT Framework 4.2 IT Operations-4.2 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center RBI_ITF_NBFC_v2017 4.4a RBI_ITF_NBFC_v2017_4.4a RBI IT Framework 4.4.a IT Operations-4.4 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center RBI_ITF_NBFC_v2017 4.4a RBI_ITF_NBFC_v2017_4.4a RBI IT Framework 4.4.a IT Operations-4.4 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center RBI_ITF_NBFC_v2017 4.4a RBI_ITF_NBFC_v2017_4.4a RBI IT Framework 4.4.a IT Operations-4.4 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center RBI_ITF_NBFC_v2017 4.4b RBI_ITF_NBFC_v2017_4.4b RBI IT Framework 4.4.b MIS For Top Management-4.4 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center RBI_ITF_NBFC_v2017 4.4b RBI_ITF_NBFC_v2017_4.4b RBI IT Framework 4.4.b MIS For Top Management-4.4 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center RBI_ITF_NBFC_v2017 4.4b RBI_ITF_NBFC_v2017_4.4b RBI IT Framework 4.4.b MIS For Top Management-4.4 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network RBI_ITF_NBFC_v2017 5 RBI_ITF_NBFC_v2017_5 RBI IT Framework 5 Policy for Information System Audit (IS Audit)-5 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
425bea59-a659-4cbb-8d31-34499bd030b8 Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service Network RBI_ITF_NBFC_v2017 5 RBI_ITF_NBFC_v2017_5 RBI IT Framework 5 Policy for Information System Audit (IS Audit)-5 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center RBI_ITF_NBFC_v2017 5 RBI_ITF_NBFC_v2017_5 RBI IT Framework 5 Policy for Information System Audit (IS Audit)-5 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB RBI_ITF_NBFC_v2017 5 RBI_ITF_NBFC_v2017_5 RBI IT Framework 5 Policy for Information System Audit (IS Audit)-5 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center RBI_ITF_NBFC_v2017 5 RBI_ITF_NBFC_v2017_5 RBI IT Framework 5 Policy for Information System Audit (IS Audit)-5 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network RBI_ITF_NBFC_v2017 5 RBI_ITF_NBFC_v2017_5 RBI IT Framework 5 Policy for Information System Audit (IS Audit)-5 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
56fd377d-098c-4f02-8406-81eb055902b8 IP firewall rules on Azure Synapse workspaces should be removed Synapse RBI_ITF_NBFC_v2017 5 RBI_ITF_NBFC_v2017_5 RBI IT Framework 5 Policy for Information System Audit (IS Audit)-5 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network RBI_ITF_NBFC_v2017 5 RBI_ITF_NBFC_v2017_5 RBI IT Framework 5 Policy for Information System Audit (IS Audit)-5 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network RBI_ITF_NBFC_v2017 5 RBI_ITF_NBFC_v2017_5 RBI IT Framework 5 Policy for Information System Audit (IS Audit)-5 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center RBI_ITF_NBFC_v2017 5 RBI_ITF_NBFC_v2017_5 RBI IT Framework 5 Policy for Information System Audit (IS Audit)-5 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
27960feb-a23c-4577-8d36-ef8b5f35e0be All flow log resources should be in enabled state Network RBI_ITF_NBFC_v2017 5 RBI_ITF_NBFC_v2017_5 RBI IT Framework 5 Policy for Information System Audit (IS Audit)-5 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network RBI_ITF_NBFC_v2017 5 RBI_ITF_NBFC_v2017_5 RBI IT Framework 5 Policy for Information System Audit (IS Audit)-5 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center RBI_ITF_NBFC_v2017 5 RBI_ITF_NBFC_v2017_5 RBI IT Framework 5 Policy for Information System Audit (IS Audit)-5 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center RBI_ITF_NBFC_v2017 5 RBI_ITF_NBFC_v2017_5 RBI IT Framework 5 Policy for Information System Audit (IS Audit)-5 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup RBI_ITF_NBFC_v2017 5.2 RBI_ITF_NBFC_v2017_5.2 RBI IT Framework 5.2 Coverage-5.2 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL RBI_ITF_NBFC_v2017 5.2 RBI_ITF_NBFC_v2017_5.2 RBI IT Framework 5.2 Coverage-5.2 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL RBI_ITF_NBFC_v2017 5.2 RBI_ITF_NBFC_v2017_5.2 RBI IT Framework 5.2 Coverage-5.2 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL RBI_ITF_NBFC_v2017 5.2 RBI_ITF_NBFC_v2017_5.2 RBI IT Framework 5.2 Coverage-5.2 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL RBI_ITF_NBFC_v2017 6 RBI_ITF_NBFC_v2017_6 RBI IT Framework 6 Business Continuity Planning (BCP) and Disaster Recovery-6 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL RBI_ITF_NBFC_v2017 6 RBI_ITF_NBFC_v2017_6 RBI IT Framework 6 Business Continuity Planning (BCP) and Disaster Recovery-6 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute RBI_ITF_NBFC_v2017 6 RBI_ITF_NBFC_v2017_6 RBI IT Framework 6 Business Continuity Planning (BCP) and Disaster Recovery-6 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup RBI_ITF_NBFC_v2017 6 RBI_ITF_NBFC_v2017_6 RBI IT Framework 6 Business Continuity Planning (BCP) and Disaster Recovery-6 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL RBI_ITF_NBFC_v2017 6 RBI_ITF_NBFC_v2017_6 RBI IT Framework 6 Business Continuity Planning (BCP) and Disaster Recovery-6 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup RBI_ITF_NBFC_v2017 6 RBI_ITF_NBFC_v2017_6 RBI IT Framework 6 Business Continuity Planning (BCP) and Disaster Recovery-6 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery RBI_ITF_NBFC_v2017 6 RBI_ITF_NBFC_v2017_6 RBI IT Framework 6 Business Continuity Planning (BCP) and Disaster Recovery-6 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL RBI_ITF_NBFC_v2017 6 RBI_ITF_NBFC_v2017_6 RBI IT Framework 6 Business Continuity Planning (BCP) and Disaster Recovery-6 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup RBI_ITF_NBFC_v2017 6 RBI_ITF_NBFC_v2017_6 RBI IT Framework 6 Business Continuity Planning (BCP) and Disaster Recovery-6 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup RBI_ITF_NBFC_v2017 6.2 RBI_ITF_NBFC_v2017_6.2 RBI IT Framework 6.2 Recovery strategy / Contingency Plan-6.2 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL RBI_ITF_NBFC_v2017 6.2 RBI_ITF_NBFC_v2017_6.2 RBI IT Framework 6.2 Recovery strategy / Contingency Plan-6.2 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL RBI_ITF_NBFC_v2017 6.2 RBI_ITF_NBFC_v2017_6.2 RBI IT Framework 6.2 Recovery strategy / Contingency Plan-6.2 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL RBI_ITF_NBFC_v2017 6.2 RBI_ITF_NBFC_v2017_6.2 RBI IT Framework 6.2 Recovery strategy / Contingency Plan-6.2 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup RBI_ITF_NBFC_v2017 6.2 RBI_ITF_NBFC_v2017_6.2 RBI IT Framework 6.2 Recovery strategy / Contingency Plan-6.2 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL RBI_ITF_NBFC_v2017 6.2 RBI_ITF_NBFC_v2017_6.2 RBI IT Framework 6.2 Recovery strategy / Contingency Plan-6.2 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup RBI_ITF_NBFC_v2017 6.2 RBI_ITF_NBFC_v2017_6.2 RBI IT Framework 6.2 Recovery strategy / Contingency Plan-6.2 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute RBI_ITF_NBFC_v2017 6.2 RBI_ITF_NBFC_v2017_6.2 RBI IT Framework 6.2 Recovery strategy / Contingency Plan-6.2 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL RBI_ITF_NBFC_v2017 6.3 RBI_ITF_NBFC_v2017_6.3 RBI IT Framework 6.3 Recovery strategy / Contingency Plan-6.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup RBI_ITF_NBFC_v2017 6.3 RBI_ITF_NBFC_v2017_6.3 RBI IT Framework 6.3 Recovery strategy / Contingency Plan-6.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL RBI_ITF_NBFC_v2017 6.3 RBI_ITF_NBFC_v2017_6.3 RBI IT Framework 6.3 Recovery strategy / Contingency Plan-6.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL RBI_ITF_NBFC_v2017 6.3 RBI_ITF_NBFC_v2017_6.3 RBI IT Framework 6.3 Recovery strategy / Contingency Plan-6.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL RBI_ITF_NBFC_v2017 6.3 RBI_ITF_NBFC_v2017_6.3 RBI IT Framework 6.3 Recovery strategy / Contingency Plan-6.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup RBI_ITF_NBFC_v2017 6.3 RBI_ITF_NBFC_v2017_6.3 RBI IT Framework 6.3 Recovery strategy / Contingency Plan-6.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup RBI_ITF_NBFC_v2017 6.3 RBI_ITF_NBFC_v2017_6.3 RBI IT Framework 6.3 Recovery strategy / Contingency Plan-6.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery RBI_ITF_NBFC_v2017 6.4 RBI_ITF_NBFC_v2017_6.4 RBI IT Framework 6.4 Recovery strategy / Contingency Plan-6.4 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup RBI_ITF_NBFC_v2017 6.4 RBI_ITF_NBFC_v2017_6.4 RBI IT Framework 6.4 Recovery strategy / Contingency Plan-6.4 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup RBI_ITF_NBFC_v2017 6.4 RBI_ITF_NBFC_v2017_6.4 RBI IT Framework 6.4 Recovery strategy / Contingency Plan-6.4 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute RBI_ITF_NBFC_v2017 6.4 RBI_ITF_NBFC_v2017_6.4 RBI IT Framework 6.4 Recovery strategy / Contingency Plan-6.4 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL RMiT_v1.0 10.16 RMiT_v1.0_10.16 RMiT 10.16 Cryptography - 10.16 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL RMiT_v1.0 10.16 RMiT_v1.0_10.16 RMiT 10.16 Cryptography - 10.16 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage RMiT_v1.0 10.16 RMiT_v1.0_10.16 RMiT 10.16 Cryptography - 10.16 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL RMiT_v1.0 10.16 RMiT_v1.0_10.16 RMiT 10.16 Cryptography - 10.16 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault RMiT_v1.0 10.16 RMiT_v1.0_10.16 RMiT 10.16 Cryptography - 10.16 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault RMiT_v1.0 10.16 RMiT_v1.0_10.16 RMiT 10.16 Cryptography - 10.16 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL RMiT_v1.0 10.16 RMiT_v1.0_10.16 RMiT 10.16 Cryptography - 10.16 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault RMiT_v1.0 10.16 RMiT_v1.0_10.16 RMiT 10.16 Cryptography - 10.16 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
3a58212a-c829-4f13-9872-6371df2fd0b4 Infrastructure encryption should be enabled for Azure Database for MySQL servers SQL RMiT_v1.0 10.16 RMiT_v1.0_10.16 RMiT 10.16 Cryptography - 10.16 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage RMiT_v1.0 10.16 RMiT_v1.0_10.16 RMiT 10.16 Cryptography - 10.16 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network RMiT_v1.0 10.19 RMiT_v1.0_10.19 RMiT 10.19 Cryptography - 10.19 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center RMiT_v1.0 10.19 RMiT_v1.0_10.19 RMiT 10.19 Cryptography - 10.19 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL RMiT_v1.0 10.19 RMiT_v1.0_10.19 RMiT 10.19 Cryptography - 10.19 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL RMiT_v1.0 10.19 RMiT_v1.0_10.19 RMiT 10.19 Cryptography - 10.19 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL RMiT_v1.0 10.19 RMiT_v1.0_10.19 RMiT 10.19 Cryptography - 10.19 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys Kubernetes RMiT_v1.0 10.19 RMiT_v1.0_10.19 RMiT 10.19 Cryptography - 10.19 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service RMiT_v1.0 10.20 RMiT_v1.0_10.20 RMiT 10.20 Cryptography - 10.20 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service RMiT_v1.0 10.20 RMiT_v1.0_10.20 RMiT 10.20 Cryptography - 10.20 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute RMiT_v1.0 10.27 RMiT_v1.0_10.27 RMiT 10.27 Datacenter Operations - 10.27 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
3c1b3629-c8f8-4bf6-862c-037cb9094038 Deploy - Configure Log Analytics extension to be enabled on Windows virtual machine scale sets Monitoring RMiT_v1.0 10.27 RMiT_v1.0_10.27 RMiT 10.27 Datacenter Operations - 10.27 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup RMiT_v1.0 10.30 RMiT_v1.0_10.30 RMiT 10.30 Datacenter Operations - 10.30 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
fa298e57-9444-42ba-bf04-86e8470e32c7 Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption Monitoring RMiT_v1.0 10.30 RMiT_v1.0_10.30 RMiT 10.30 Datacenter Operations - 10.30 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
a3701552-92ea-433e-9d17-33b7f1208fc9 Configure Container registries to disable public network access Container Registry RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
73290fa2-dfa7-4bbb-945d-a5e23b75df2c Configure App Configuration to disable public network access App Configuration RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
27960feb-a23c-4577-8d36-ef8b5f35e0be All flow log resources should be in enabled state Network RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
f1776c76-f58c-4245-a8d0-2b207198dc8b Virtual networks should use specified virtual network gateway Network RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
8426280e-b5be-43d9-979e-653d12a08638 Configure managed disks to disable public network access Compute RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
8e8ca470-d980-4831-99e6-dc70d9f6af87 Configure Azure SQL Server to enable private endpoint connections SQL RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0e07b2e9-6cd9-4c40-9ccb-52817b95133b Modify - Configure Azure File Sync to disable public network access Storage RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b Configure Azure SQL Server to disable public network access SQL RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network RMiT_v1.0 10.35 RMiT_v1.0_10.35 RMiT 10.35 Network Resilience - 10.35 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
3c1b3629-c8f8-4bf6-862c-037cb9094038 Deploy - Configure Log Analytics extension to be enabled on Windows virtual machine scale sets Monitoring RMiT_v1.0 10.35 RMiT_v1.0_10.35 RMiT 10.35 Network Resilience - 10.35 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
8e7da0a5-0a0e-4bbc-bfc0-7773c018b616 Enable Security Center's auto provisioning of the Log Analytics agent on your subscriptions with custom workspace. Security Center RMiT_v1.0 10.38 RMiT_v1.0_10.38 RMiT 10.38 Network Resilience - 10.38 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
6df2fee6-a9ed-4fef-bced-e13be1b25f1c Enable Security Center's auto provisioning of the Log Analytics agent on your subscriptions with default workspace. Security Center RMiT_v1.0 10.38 RMiT_v1.0_10.38 RMiT 10.38 Network Resilience - 10.38 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
50b83b09-03da-41c1-b656-c293c914862b A custom IPsec/IKE policy must be applied to all Azure virtual network gateway connections Network RMiT_v1.0 10.39 RMiT_v1.0_10.39 RMiT 10.39 Network Resilience - 10.39 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network RMiT_v1.0 10.39 RMiT_v1.0_10.39 RMiT 10.39 Network Resilience - 10.39 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network RMiT_v1.0 10.39 RMiT_v1.0_10.39 RMiT 10.39 Network Resilience - 10.39 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
5345bb39-67dc-4960-a1bf-427e16b9a0bd Connection throttling should be enabled for PostgreSQL database servers SQL RMiT_v1.0 10.49 RMiT_v1.0_10.49 RMiT 10.49 Cloud Services - 10.49 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
a9934fd7-29f2-4e6d-ab3d-607ea38e9079 SQL Managed Instances should avoid using GRS backup redundancy SQL RMiT_v1.0 10.49 RMiT_v1.0_10.49 RMiT 10.49 Cloud Services - 10.49 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
b219b9cf-f672-4f96-9ab0-f5a3ac5e1c13 SQL Database should avoid using GRS backup redundancy SQL RMiT_v1.0 10.49 RMiT_v1.0_10.49 RMiT 10.49 Cloud Services - 10.49 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General RMiT_v1.0 10.49 RMiT_v1.0_10.49 RMiT 10.49 Cloud Services - 10.49 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center RMiT_v1.0 10.49 RMiT_v1.0_10.49 RMiT 10.49 Cloud Services - 10.49 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
bf045164-79ba-4215-8f95-f8048dc1780b Geo-redundant storage should be enabled for Storage Accounts Storage RMiT_v1.0 10.51 RMiT_v1.0_10.51 RMiT 10.51 Cloud Services - 10.51 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL RMiT_v1.0 10.51 RMiT_v1.0_10.51 RMiT 10.51 Cloud Services - 10.51 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL RMiT_v1.0 10.51 RMiT_v1.0_10.51 RMiT 10.51 Cloud Services - 10.51 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL RMiT_v1.0 10.51 RMiT_v1.0_10.51 RMiT 10.51 Cloud Services - 10.51 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute RMiT_v1.0 10.51 RMiT_v1.0_10.51 RMiT 10.51 Cloud Services - 10.51 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL RMiT_v1.0 10.51 RMiT_v1.0_10.51 RMiT 10.51 Cloud Services - 10.51 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
1f68a601-6e6d-4e42-babf-3f643a047ea2 Azure Monitor Logs clusters should be encrypted with customer-managed key Monitoring RMiT_v1.0 10.53 RMiT_v1.0_10.53 RMiT 10.53 Cloud Services - 10.53 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage RMiT_v1.0 10.53 RMiT_v1.0_10.53 RMiT 10.53 Cloud Services - 10.53 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
970f84d8-71b6-4091-9979-ace7e3fb6dbb HPC Cache accounts should use customer-managed key for encryption Storage RMiT_v1.0 10.53 RMiT_v1.0_10.53 RMiT 10.53 Cloud Services - 10.53 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
a1ad735a-e96f-45d2-a7b2-9a4932cab7ec Event Hub namespaces should use a customer-managed key for encryption Event Hub RMiT_v1.0 10.53 RMiT_v1.0_10.53 RMiT 10.53 Cloud Services - 10.53 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry RMiT_v1.0 10.53 RMiT_v1.0_10.53 RMiT 10.53 Cloud Services - 10.53 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance RMiT_v1.0 10.53 RMiT_v1.0_10.53 RMiT 10.53 Cloud Services - 10.53 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute RMiT_v1.0 10.53 RMiT_v1.0_10.53 RMiT 10.53 Cloud Services - 10.53 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration RMiT_v1.0 10.53 RMiT_v1.0_10.53 RMiT 10.53 Cloud Services - 10.53 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
702dd420-7fcc-42c5-afe8-4026edd20fe0 OS and data disks should be encrypted with a customer-managed key Compute RMiT_v1.0 10.53 RMiT_v1.0_10.53 RMiT 10.53 Cloud Services - 10.53 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
fbb99e8e-e444-4da0-9ff1-75c92f5a85b2 Storage account containing the container with activity logs must be encrypted with BYOK Monitoring RMiT_v1.0 10.53 RMiT_v1.0_10.53 RMiT 10.53 Cloud Services - 10.53 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL RMiT_v1.0 10.53 RMiT_v1.0_10.53 RMiT 10.53 Cloud Services - 10.53 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL RMiT_v1.0 10.53 RMiT_v1.0_10.53 RMiT 10.53 Cloud Services - 10.53 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL RMiT_v1.0 10.53 RMiT_v1.0_10.53 RMiT 10.53 Cloud Services - 10.53 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
fa298e57-9444-42ba-bf04-86e8470e32c7 Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption Monitoring RMiT_v1.0 10.53 RMiT_v1.0_10.53 RMiT 10.53 Cloud Services - 10.53 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service RMiT_v1.0 10.54 RMiT_v1.0_10.54 RMiT 10.54 Access Control - 10.54 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center RMiT_v1.0 10.54 RMiT_v1.0_10.54 RMiT 10.54 Access Control - 10.54 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service RMiT_v1.0 10.54 RMiT_v1.0_10.54 RMiT 10.54 Access Control - 10.54 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center RMiT_v1.0 10.54 RMiT_v1.0_10.54 RMiT 10.54 Access Control - 10.54 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center RMiT_v1.0 10.54 RMiT_v1.0_10.54 RMiT 10.54 Access Control - 10.54 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center RMiT_v1.0 10.54 RMiT_v1.0_10.54 RMiT 10.54 Access Control - 10.54 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL RMiT_v1.0 10.54 RMiT_v1.0_10.54 RMiT 10.54 Access Control - 10.54 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center RMiT_v1.0 10.54 RMiT_v1.0_10.54 RMiT 10.54 Access Control - 10.54 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center RMiT_v1.0 10.54 RMiT_v1.0_10.54 RMiT 10.54 Access Control - 10.54 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center RMiT_v1.0 10.54 RMiT_v1.0_10.54 RMiT 10.54 Access Control - 10.54 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service RMiT_v1.0 10.54 RMiT_v1.0_10.54 RMiT 10.54 Access Control - 10.54 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration RMiT_v1.0 10.54 RMiT_v1.0_10.54 RMiT 10.54 Access Control - 10.54 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center RMiT_v1.0 10.54 RMiT_v1.0_10.54 RMiT 10.54 Access Control - 10.54 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center RMiT_v1.0 10.54 RMiT_v1.0_10.54 RMiT 10.54 Access Control - 10.54 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General RMiT_v1.0 10.55 RMiT_v1.0_10.55 RMiT 10.55 Access Control - 10.55 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Kubernetes RMiT_v1.0 10.55 RMiT_v1.0_10.55 RMiT 10.55 Access Control - 10.55 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes RMiT_v1.0 10.55 RMiT_v1.0_10.55 RMiT 10.55 Access Control - 10.55 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes RMiT_v1.0 10.55 RMiT_v1.0_10.55 RMiT 10.55 Access Control - 10.55 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes RMiT_v1.0 10.55 RMiT_v1.0_10.55 RMiT 10.55 Access Control - 10.55 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes RMiT_v1.0 10.55 RMiT_v1.0_10.55 RMiT 10.55 Access Control - 10.55 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub RMiT_v1.0 10.55 RMiT_v1.0_10.55 RMiT 10.55 Access Control - 10.55 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage RMiT_v1.0 10.55 RMiT_v1.0_10.55 RMiT 10.55 Access Control - 10.55 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center RMiT_v1.0 10.60 RMiT_v1.0_10.60 RMiT 10.60 Access Control - 10.60 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General RMiT_v1.0 10.60 RMiT_v1.0_10.60 RMiT 10.60 Access Control - 10.60 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center RMiT_v1.0 10.61 RMiT_v1.0_10.61 RMiT 10.61 Access Control - 10.61 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center RMiT_v1.0 10.61 RMiT_v1.0_10.61 RMiT 10.61 Access Control - 10.61 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center RMiT_v1.0 10.61 RMiT_v1.0_10.61 RMiT 10.61 Access Control - 10.61 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center RMiT_v1.0 10.61 RMiT_v1.0_10.61 RMiT 10.61 Access Control - 10.61 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center RMiT_v1.0 10.61 RMiT_v1.0_10.61 RMiT 10.61 Access Control - 10.61 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center RMiT_v1.0 10.61 RMiT_v1.0_10.61 RMiT 10.61 Access Control - 10.61 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center RMiT_v1.0 10.62 RMiT_v1.0_10.62 RMiT 10.62 Access Control - 10.62 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General RMiT_v1.0 10.62 RMiT_v1.0_10.62 RMiT 10.62 Access Control - 10.62 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute RMiT_v1.0 10.63 RMiT_v1.0_10.63 RMiT 10.63 Patch and End-of-Life System Management - 10.63 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center RMiT_v1.0 10.65 RMiT_v1.0_10.65 RMiT 10.65 Patch and End-of-Life System Management - 10.65 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
e8d096bc-85de-4c5f-8cfb-857bd1b9d62d Deploy Diagnostic Settings for Data Lake Storage Gen1 to Event Hub Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
db51110f-0865-4a6e-b274-e2e07a5b2cd7 Deploy Diagnostic Settings for Batch Account to Event Hub Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03 Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
edf3780c-3d70-40fe-b17e-ab72013dafca Deploy Diagnostic Settings for Stream Analytics to Event Hub Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
25763a0a-5783-4f14-969e-79d4933eb74b Deploy Diagnostic Settings for Data Lake Storage Gen1 to Log Analytics workspace Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
b79fa14e-238a-4c2d-b376-442ce508fc84 Deploy - Configure diagnostic settings for SQL Databases to Log Analytics workspace SQL RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
3d5da587-71bd-41f5-ac95-dd3330c2d58d Deploy Diagnostic Settings for Search Services to Event Hub Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
c84e5349-db6d-4769-805e-e14037dab9b5 Deploy Diagnostic Settings for Batch Account to Log Analytics workspace Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
ef7b61ef-b8e4-4c91-8e78-6946c6b0023f Deploy Diagnostic Settings for Event Hub to Event Hub Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
bef3f64c-5290-43b7-85b0-9b254eef4c47 Deploy Diagnostic Settings for Key Vault to Log Analytics workspace Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
4daddf25-4823-43d4-88eb-2419eb6dcc08 Deploy Diagnostic Settings for Data Lake Analytics to Event Hub Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
b889a06c-ec72-4b03-910a-cb169ee18721 Deploy Diagnostic Settings for Logic Apps to Log Analytics workspace Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
04d53d87-841c-4f23-8a5b-21564380b55e Deploy Diagnostic Settings for Service Bus to Log Analytics workspace Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
08ba64b8-738f-4918-9686-730d2ed79c7d Deploy Diagnostic Settings for Search Services to Log Analytics workspace Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
1f6e93e8-6b31-41b1-83f6-36e449a42579 Deploy Diagnostic Settings for Event Hub to Log Analytics workspace Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0868462e-646c-4fe3-9ced-a733534b6a2c Deploy - Configure Log Analytics extension to be enabled on Windows virtual machines Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
6b51af03-9277-49a9-a3f8-1c69c9ff7403 Deploy Diagnostic Settings for Service Bus to Event Hub Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
a1dae6c7-13f3-48ea-a149-ff8442661f60 Deploy Diagnostic Settings for Logic Apps to Event Hub Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
237e0f7e-b0e8-4ec4-ad46-8c12cb66d673 Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service RMiT_v1.0 10.68 RMiT_v1.0_10.68 RMiT 10.68 Security of Digital Services - 10.68 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service RMiT_v1.0 10.68 RMiT_v1.0_10.68 RMiT 10.68 Security of Digital Services - 10.68 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network RMiT_v1.0 11.13 RMiT_v1.0_11.13 RMiT 11.13 Distributed Denial of Service (DDoS) - 11.13 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
a3701552-92ea-433e-9d17-33b7f1208fc9 Configure Container registries to disable public network access Container Registry RMiT_v1.0 11.15 RMiT_v1.0_11.15 RMiT 11.15 Data Loss Prevention (DLP) - 11.15 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute RMiT_v1.0 11.15 RMiT_v1.0_11.15 RMiT 11.15 Data Loss Prevention (DLP) - 11.15 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute RMiT_v1.0 11.15 RMiT_v1.0_11.15 RMiT 11.15 Data Loss Prevention (DLP) - 11.15 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
8426280e-b5be-43d9-979e-653d12a08638 Configure managed disks to disable public network access Compute RMiT_v1.0 11.15 RMiT_v1.0_11.15 RMiT 11.15 Data Loss Prevention (DLP) - 11.15 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL RMiT_v1.0 11.15 RMiT_v1.0_11.15 RMiT 11.15 Data Loss Prevention (DLP) - 11.15 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL RMiT_v1.0 11.15 RMiT_v1.0_11.15 RMiT 11.15 Data Loss Prevention (DLP) - 11.15 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
1f68a601-6e6d-4e42-babf-3f643a047ea2 Azure Monitor Logs clusters should be encrypted with customer-managed key Monitoring RMiT_v1.0 11.15 RMiT_v1.0_11.15 RMiT 11.15 Data Loss Prevention (DLP) - 11.15 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0e07b2e9-6cd9-4c40-9ccb-52817b95133b Modify - Configure Azure File Sync to disable public network access Storage RMiT_v1.0 11.15 RMiT_v1.0_11.15 RMiT 11.15 Data Loss Prevention (DLP) - 11.15 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL RMiT_v1.0 11.15 RMiT_v1.0_11.15 RMiT 11.15 Data Loss Prevention (DLP) - 11.15 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault RMiT_v1.0 11.15 RMiT_v1.0_11.15 RMiT 11.15 Data Loss Prevention (DLP) - 11.15 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault RMiT_v1.0 11.15 RMiT_v1.0_11.15 RMiT 11.15 Data Loss Prevention (DLP) - 11.15 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault RMiT_v1.0 11.15 RMiT_v1.0_11.15 RMiT 11.15 Data Loss Prevention (DLP) - 11.15 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
73290fa2-dfa7-4bbb-945d-a5e23b75df2c Configure App Configuration to disable public network access App Configuration RMiT_v1.0 11.15 RMiT_v1.0_11.15 RMiT 11.15 Data Loss Prevention (DLP) - 11.15 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b Configure Azure SQL Server to disable public network access SQL RMiT_v1.0 11.15 RMiT_v1.0_11.15 RMiT 11.15 Data Loss Prevention (DLP) - 11.15 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center RMiT_v1.0 11.17 RMiT_v1.0_11.17 RMiT 11.17 Security Operations Centre (SOC) - 11.17 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center RMiT_v1.0 11.17 RMiT_v1.0_11.17 RMiT 11.17 Security Operations Centre (SOC) - 11.17 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub RMiT_v1.0 11.18 RMiT_v1.0_11.18 RMiT 11.18 Security Operations Centre (SOC) - 11.18 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center RMiT_v1.0 11.18 RMiT_v1.0_11.18 RMiT 11.18 Security Operations Centre (SOC) - 11.18 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center RMiT_v1.0 11.18 RMiT_v1.0_11.18 RMiT 11.18 Security Operations Centre (SOC) - 11.18 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center RMiT_v1.0 11.18 RMiT_v1.0_11.18 RMiT 11.18 Security Operations Centre (SOC) - 11.18 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center RMiT_v1.0 11.18 RMiT_v1.0_11.18 RMiT 11.18 Security Operations Centre (SOC) - 11.18 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL RMiT_v1.0 11.18 RMiT_v1.0_11.18 RMiT 11.18 Security Operations Centre (SOC) - 11.18 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL RMiT_v1.0 11.18 RMiT_v1.0_11.18 RMiT 11.18 Security Operations Centre (SOC) - 11.18 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d Log checkpoints should be enabled for PostgreSQL database servers SQL RMiT_v1.0 11.18 RMiT_v1.0_11.18 RMiT 11.18 Security Operations Centre (SOC) - 11.18 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e442 Log connections should be enabled for PostgreSQL database servers SQL RMiT_v1.0 11.18 RMiT_v1.0_11.18 RMiT 11.18 Security Operations Centre (SOC) - 11.18 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e446 Disconnections should be logged for PostgreSQL database servers. SQL RMiT_v1.0 11.18 RMiT_v1.0_11.18 RMiT 11.18 Security Operations Centre (SOC) - 11.18 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3 Log duration should be enabled for PostgreSQL database servers SQL RMiT_v1.0 11.18 RMiT_v1.0_11.18 RMiT 11.18 Security Operations Centre (SOC) - 11.18 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute RMiT_v1.0 11.2 RMiT_v1.0_11.2 RMiT 11.2 Cyber Risk Management - 11.2 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute RMiT_v1.0 11.20 RMiT_v1.0_11.20 RMiT 11.20 Security Operations Centre (SOC) - 11.20 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
6c112d4e-5bc7-47ae-a041-ea2d9dccd749 Not allowed resource types General RMiT_v1.0 11.4 RMiT_v1.0_11.4 RMiT 11.4 Cyber Risk Management - 11.4 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute RMiT_v1.0 11.4 RMiT_v1.0_11.4 RMiT 11.4 Cyber Risk Management - 11.4 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
09ce66bc-1220-4153-8104-e3f51c936913 Configure backup on virtual machines without a given tag to an existing recovery services vault in the same location Backup RMiT_v1.0 11.4 RMiT_v1.0_11.4 RMiT 11.4 Cyber Risk Management - 11.4 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center RMiT_v1.0 11.5 RMiT_v1.0_11.5 RMiT 11.5 Cybersecurity Operations - 11.5 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center RMiT_v1.0 11.5 RMiT_v1.0_11.5 RMiT 11.5 Cybersecurity Operations - 11.5 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center RMiT_v1.0 11.5 RMiT_v1.0_11.5 RMiT 11.5 Cybersecurity Operations - 11.5 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center RMiT_v1.0 11.5 RMiT_v1.0_11.5 RMiT 11.5 Cybersecurity Operations - 11.5 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center RMiT_v1.0 11.5 RMiT_v1.0_11.5 RMiT 11.5 Cybersecurity Operations - 11.5 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL RMiT_v1.0 11.8 RMiT_v1.0_11.8 RMiT 11.8 Cybersecurity Operations - 11.8 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL RMiT_v1.0 11.8 RMiT_v1.0_11.8 RMiT 11.8 Cybersecurity Operations - 11.8 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center RMiT_v1.0 11.8 RMiT_v1.0_11.8 RMiT 11.8 Cybersecurity Operations - 11.8 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service RMiT_v1.0 Appendix_5.3 RMiT_v1.0_Appendix_5.3 RMiT Appendix 5.3 Control Measures on Cybersecurity - Appendix 5.3 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service RMiT_v1.0 Appendix_5.3 RMiT_v1.0_Appendix_5.3 RMiT Appendix 5.3 Control Measures on Cybersecurity - Appendix 5.3 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service RMiT_v1.0 Appendix_5.3 RMiT_v1.0_Appendix_5.3 RMiT Appendix 5.3 Control Measures on Cybersecurity - Appendix 5.3 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service RMiT_v1.0 Appendix_5.3 RMiT_v1.0_Appendix_5.3 RMiT Appendix 5.3 Control Measures on Cybersecurity - Appendix 5.3 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service RMiT_v1.0 Appendix_5.3 RMiT_v1.0_Appendix_5.3 RMiT Appendix 5.3 Control Measures on Cybersecurity - Appendix 5.3 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service RMiT_v1.0 Appendix_5.3 RMiT_v1.0_Appendix_5.3 RMiT Appendix 5.3 Control Measures on Cybersecurity - Appendix 5.3 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service RMiT_v1.0 Appendix_5.3 RMiT_v1.0_Appendix_5.3 RMiT Appendix 5.3 Control Measures on Cybersecurity - Appendix 5.3 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
d46c275d-1680-448d-b2ec-e495a3b6cc89 Kubernetes cluster services should only use allowed external IPs Kubernetes RMiT_v1.0 Appendix_5.5 RMiT_v1.0_Appendix_5.5 RMiT Appendix 5.5 Control Measures on Cybersecurity - Appendix 5.5 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
50b83b09-03da-41c1-b656-c293c914862b A custom IPsec/IKE policy must be applied to all Azure virtual network gateway connections Network RMiT_v1.0 Appendix_5.5 RMiT_v1.0_Appendix_5.5 RMiT Appendix 5.5 Control Measures on Cybersecurity - Appendix 5.5 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
dfbd9a64-6114-48de-a47d-90574dc2e489 MariaDB server should use a virtual network service endpoint SQL RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Kubernetes RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
425bea59-a659-4cbb-8d31-34499bd030b8 Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service Network RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
3c14b034-bcb6-4905-94e7-5b8e98a47b65 PostgreSQL server should use a virtual network service endpoint SQL RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
3375856c-3824-4e0e-ae6a-79e011dd4c47 MySQL server should use a virtual network service endpoint SQL RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
8e8ca470-d980-4831-99e6-dc70d9f6af87 Configure Azure SQL Server to enable private endpoint connections SQL RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
27960feb-a23c-4577-8d36-ef8b5f35e0be All flow log resources should be in enabled state Network RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes_Oxley_Act_(1)_2022_1 Sarbanes Oxley Act 2022 1 Sarbanes Oxley Act 2022 (SOX) Sarbanes Oxley Act 2022 (5757cf73-35d1-46d4-8c78-17b7ddd6076a)
e56962a6-4747-49cd-b67b-bf8b01975c4c Allowed locations General SO .1 - Data Residency SO.1 - Data Residency 404 not found Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea), Sovereignty Baseline - Global Policies (c1cbff38-87c0-4b9f-9f70-035c7a3b5523)
e765b5de-1225-4ba3-bd56-1ac6695af988 Allowed locations for resource groups General SO .1 - Data Residency SO.1 - Data Residency 404 not found Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea), Sovereignty Baseline - Global Policies (c1cbff38-87c0-4b9f-9f70-035c7a3b5523)
0473574d-2d43-4217-aefe-941fcdf7e684 Azure Cosmos DB allowed locations Cosmos DB SO .1 - Data Residency SO.1 - Data Residency 404 not found Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea), Sovereignty Baseline - Global Policies (c1cbff38-87c0-4b9f-9f70-035c7a3b5523)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL SO .3 - Customer-Managed Keys SO.3 - Customer-Managed Keys 404 not found Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea)
7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys Kubernetes SO .3 - Customer-Managed Keys SO.3 - Customer-Managed Keys 404 not found Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL SO .3 - Customer-Managed Keys SO.3 - Customer-Managed Keys 404 not found Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea)
f0e5abd0-2554-4736-b7c0-4ffef23475ef Queue Storage should use customer-managed key for encryption Storage SO .3 - Customer-Managed Keys SO.3 - Customer-Managed Keys 404 not found Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute SO .3 - Customer-Managed Keys SO.3 - Customer-Managed Keys 404 not found Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup SO .3 - Customer-Managed Keys SO.3 - Customer-Managed Keys 404 not found Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance SO .3 - Customer-Managed Keys SO.3 - Customer-Managed Keys 404 not found Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea)
7c322315-e26d-4174-a99e-f49d351b4688 Table Storage should use customer-managed key for encryption Storage SO .3 - Customer-Managed Keys SO.3 - Customer-Managed Keys 404 not found Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage SO .3 - Customer-Managed Keys SO.3 - Customer-Managed Keys 404 not found Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL SO .3 - Customer-Managed Keys SO.3 - Customer-Managed Keys 404 not found Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL SO .3 - Customer-Managed Keys SO.3 - Customer-Managed Keys 404 not found Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage SO .3 - Customer-Managed Keys SO.3 - Customer-Managed Keys 404 not found Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea)
970f84d8-71b6-4091-9979-ace7e3fb6dbb HPC Cache accounts should use customer-managed key for encryption Storage SO .3 - Customer-Managed Keys SO.3 - Customer-Managed Keys 404 not found Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea)
702dd420-7fcc-42c5-afe8-4026edd20fe0 OS and data disks should be encrypted with a customer-managed key Compute SO .3 - Customer-Managed Keys SO.3 - Customer-Managed Keys 404 not found Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea)
a08ec900-254a-4555-9bf5-e42af04b5c5c Allowed resource types General SO .4 - Azure Confidential Computing SO.4 - Azure Confidential Computing 404 not found Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea)
cccc23c7-8427-4f53-ad12-b6a63eb452b3 Allowed virtual machine size SKUs Compute SO .4 - Azure Confidential Computing SO.4 - Azure Confidential Computing 404 not found Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea)
b03bb370-5249-4ea4-9fce-2552e87e45fa Disks and OS image should support TrustedLaunch Trusted Launch SO .5 - Trusted Launch SO.5 - Trusted Launch 404 not found Sovereignty Baseline - Global Policies (c1cbff38-87c0-4b9f-9f70-035c7a3b5523)
c95b54ad-0614-4633-ab29-104b01235cbf Virtual Machine should have TrustedLaunch enabled Trusted Launch SO .5 - Trusted Launch SO.5 - Trusted Launch 404 not found Sovereignty Baseline - Global Policies (c1cbff38-87c0-4b9f-9f70-035c7a3b5523)
33602e78-35e3-4f06-17fb-13dd887448e4 Conduct capacity planning Regulatory Compliance SOC_2 A1.1 SOC_2_A1.1 SOC 2 Type 2 A1.1 Capacity management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance SOC_2 A1.2 SOC_2_A1.2 SOC 2 Type 2 A1.2 Environmental protections, software, data back-up processes, and recovery infrastructure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c2eabc28-1e5c-78a2-a712-7cc176c44c07 Implement a penetration testing methodology Regulatory Compliance SOC_2 A1.2 SOC_2_A1.2 SOC 2 Type 2 A1.2 Environmental protections, software, data back-up processes, and recovery infrastructure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance SOC_2 A1.2 SOC_2_A1.2 SOC 2 Type 2 A1.2 Environmental protections, software, data back-up processes, and recovery infrastructure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance SOC_2 A1.2 SOC_2_A1.2 SOC 2 Type 2 A1.2 Environmental protections, software, data back-up processes, and recovery infrastructure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance SOC_2 A1.2 SOC_2_A1.2 SOC 2 Type 2 A1.2 Environmental protections, software, data back-up processes, and recovery infrastructure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
aa892c0d-2c40-200c-0dd8-eac8c4748ede Employ automatic emergency lighting Regulatory Compliance SOC_2 A1.2 SOC_2_A1.2 SOC 2 Type 2 A1.2 Environmental protections, software, data back-up processes, and recovery infrastructure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f33c3238-11d2-508c-877c-4262ec1132e1 Recover and reconstitute resources after any disruption Regulatory Compliance SOC_2 A1.2 SOC_2_A1.2 SOC 2 Type 2 A1.2 Environmental protections, software, data back-up processes, and recovery infrastructure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL SOC_2 A1.2 SOC_2_A1.2 SOC 2 Type 2 A1.2 Environmental protections, software, data back-up processes, and recovery infrastructure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL SOC_2 A1.2 SOC_2_A1.2 SOC 2 Type 2 A1.2 Environmental protections, software, data back-up processes, and recovery infrastructure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance SOC_2 A1.2 SOC_2_A1.2 SOC 2 Type 2 A1.2 Environmental protections, software, data back-up processes, and recovery infrastructure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup SOC_2 A1.2 SOC_2_A1.2 SOC 2 Type 2 A1.2 Environmental protections, software, data back-up processes, and recovery infrastructure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL SOC_2 A1.2 SOC_2_A1.2 SOC 2 Type 2 A1.2 Environmental protections, software, data back-up processes, and recovery infrastructure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance SOC_2 A1.2 SOC_2_A1.2 SOC 2 Type 2 A1.2 Environmental protections, software, data back-up processes, and recovery infrastructure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance SOC_2 A1.3 SOC_2_A1.3 SOC 2 Type 2 A1.3 Recovery plan testing SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
58a51cde-008b-1a5d-61b5-d95849770677 Test the business continuity and disaster recovery plan Regulatory Compliance SOC_2 A1.3 SOC_2_A1.3 SOC 2 Type 2 A1.3 Recovery plan testing SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8bfdbaa6-6824-3fec-9b06-7961bf7389a6 Initiate contingency plan testing corrective actions Regulatory Compliance SOC_2 A1.3 SOC_2_A1.3 SOC 2 Type 2 A1.3 Recovery plan testing SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
5d3abfea-a130-1208-29c0-e57de80aa6b0 Review the results of contingency plan testing Regulatory Compliance SOC_2 A1.3 SOC_2_A1.3 SOC 2 Type 2 A1.3 Recovery plan testing SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance SOC_2 C1.1 SOC_2_C1.1 SOC 2 Type 2 C1.1 Protection of confidential information SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance SOC_2 C1.1 SOC_2_C1.1 SOC 2 Type 2 C1.1 Protection of confidential information SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance SOC_2 C1.1 SOC_2_C1.1 SOC 2 Type 2 C1.1 Protection of confidential information SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance SOC_2 C1.2 SOC_2_C1.2 SOC 2 Type 2 C1.2 Disposal of confidential information SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance SOC_2 C1.2 SOC_2_C1.2 SOC 2 Type 2 C1.2 Disposal of confidential information SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance SOC_2 C1.2 SOC_2_C1.2 SOC 2 Type 2 C1.2 Disposal of confidential information SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance SOC_2 CC1.1 SOC_2_CC1.1 SOC 2 Type 2 CC1.1 COSO Principle 1 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance SOC_2 CC1.1 SOC_2_CC1.1 SOC 2 Type 2 CC1.1 COSO Principle 1 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance SOC_2 CC1.1 SOC_2_CC1.1 SOC 2 Type 2 CC1.1 COSO Principle 1 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance SOC_2 CC1.1 SOC_2_CC1.1 SOC 2 Type 2 CC1.1 COSO Principle 1 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance SOC_2 CC1.1 SOC_2_CC1.1 SOC 2 Type 2 CC1.1 COSO Principle 1 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance SOC_2 CC1.1 SOC_2_CC1.1 SOC 2 Type 2 CC1.1 COSO Principle 1 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance SOC_2 CC1.1 SOC_2_CC1.1 SOC 2 Type 2 CC1.1 COSO Principle 1 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance SOC_2 CC1.1 SOC_2_CC1.1 SOC 2 Type 2 CC1.1 COSO Principle 1 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance SOC_2 CC1.2 SOC_2_CC1.2 SOC 2 Type 2 CC1.2 COSO Principle 2 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance SOC_2 CC1.2 SOC_2_CC1.2 SOC 2 Type 2 CC1.2 COSO Principle 2 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance SOC_2 CC1.2 SOC_2_CC1.2 SOC 2 Type 2 CC1.2 COSO Principle 2 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance SOC_2 CC1.2 SOC_2_CC1.2 SOC 2 Type 2 CC1.2 COSO Principle 2 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance SOC_2 CC1.2 SOC_2_CC1.2 SOC 2 Type 2 CC1.2 COSO Principle 2 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance SOC_2 CC1.3 SOC_2_CC1.3 SOC 2 Type 2 CC1.3 COSO Principle 3 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance SOC_2 CC1.3 SOC_2_CC1.3 SOC 2 Type 2 CC1.3 COSO Principle 3 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance SOC_2 CC1.3 SOC_2_CC1.3 SOC 2 Type 2 CC1.3 COSO Principle 3 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance SOC_2 CC1.3 SOC_2_CC1.3 SOC 2 Type 2 CC1.3 COSO Principle 3 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance SOC_2 CC1.3 SOC_2_CC1.3 SOC 2 Type 2 CC1.3 COSO Principle 3 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance SOC_2 CC1.4 SOC_2_CC1.4 SOC 2 Type 2 CC1.4 COSO Principle 4 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance SOC_2 CC1.4 SOC_2_CC1.4 SOC 2 Type 2 CC1.4 COSO Principle 4 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d041726f-00e0-41ca-368c-b1a122066482 Provide role-based practical exercises Regulatory Compliance SOC_2 CC1.4 SOC_2_CC1.4 SOC 2 Type 2 CC1.4 COSO Principle 4 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance SOC_2 CC1.4 SOC_2_CC1.4 SOC 2 Type 2 CC1.4 COSO Principle 4 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance SOC_2 CC1.4 SOC_2_CC1.4 SOC 2 Type 2 CC1.4 COSO Principle 4 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance SOC_2 CC1.5 SOC_2_CC1.5 SOC 2 Type 2 CC1.5 COSO Principle 5 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance SOC_2 CC1.5 SOC_2_CC1.5 SOC 2 Type 2 CC1.5 COSO Principle 5 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process Regulatory Compliance SOC_2 CC1.5 SOC_2_CC1.5 SOC 2 Type 2 CC1.5 COSO Principle 5 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions Regulatory Compliance SOC_2 CC1.5 SOC_2_CC1.5 SOC 2 Type 2 CC1.5 COSO Principle 5 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance SOC_2 CC2.1 SOC_2_CC2.1 SOC 2 Type 2 CC2.1 COSO Principle 13 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance SOC_2 CC2.1 SOC_2_CC2.1 SOC 2 Type 2 CC2.1 COSO Principle 13 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance SOC_2 CC2.1 SOC_2_CC2.1 SOC 2 Type 2 CC2.1 COSO Principle 13 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center SOC_2 CC2.2 SOC_2_CC2.2 SOC 2 Type 2 CC2.2 COSO Principle 14 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance SOC_2 CC2.2 SOC_2_CC2.2 SOC 2 Type 2 CC2.2 COSO Principle 14 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance SOC_2 CC2.2 SOC_2_CC2.2 SOC 2 Type 2 CC2.2 COSO Principle 14 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center SOC_2 CC2.2 SOC_2_CC2.2 SOC 2 Type 2 CC2.2 COSO Principle 14 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center SOC_2 CC2.2 SOC_2_CC2.2 SOC 2 Type 2 CC2.2 COSO Principle 14 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance SOC_2 CC2.2 SOC_2_CC2.2 SOC 2 Type 2 CC2.2 COSO Principle 14 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance SOC_2 CC2.2 SOC_2_CC2.2 SOC 2 Type 2 CC2.2 COSO Principle 14 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance SOC_2 CC2.2 SOC_2_CC2.2 SOC 2 Type 2 CC2.2 COSO Principle 14 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance SOC_2 CC2.2 SOC_2_CC2.2 SOC 2 Type 2 CC2.2 COSO Principle 14 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
52375c01-4d4c-7acc-3aa4-5b3d53a047ec Define the duties of processors Regulatory Compliance SOC_2 CC2.3 SOC_2_CC2.3 SOC 2 Type 2 CC2.3 COSO Principle 15 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance SOC_2 CC2.3 SOC_2_CC2.3 SOC 2 Type 2 CC2.3 COSO Principle 15 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center SOC_2 CC2.3 SOC_2_CC2.3 SOC 2 Type 2 CC2.3 COSO Principle 15 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center SOC_2 CC2.3 SOC_2_CC2.3 SOC 2 Type 2 CC2.3 COSO Principle 15 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center SOC_2 CC2.3 SOC_2_CC2.3 SOC 2 Type 2 CC2.3 COSO Principle 15 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance SOC_2 CC2.3 SOC_2_CC2.3 SOC 2 Type 2 CC2.3 COSO Principle 15 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance SOC_2 CC2.3 SOC_2_CC2.3 SOC 2 Type 2 CC2.3 COSO Principle 15 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance SOC_2 CC2.3 SOC_2_CC2.3 SOC 2 Type 2 CC2.3 COSO Principle 15 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance SOC_2 CC2.3 SOC_2_CC2.3 SOC 2 Type 2 CC2.3 COSO Principle 15 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance SOC_2 CC2.3 SOC_2_CC2.3 SOC 2 Type 2 CC2.3 COSO Principle 15 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance SOC_2 CC2.3 SOC_2_CC2.3 SOC 2 Type 2 CC2.3 COSO Principle 15 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance SOC_2 CC2.3 SOC_2_CC2.3 SOC 2 Type 2 CC2.3 COSO Principle 15 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance SOC_2 CC2.3 SOC_2_CC2.3 SOC 2 Type 2 CC2.3 COSO Principle 15 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance SOC_2 CC2.3 SOC_2_CC2.3 SOC 2 Type 2 CC2.3 COSO Principle 15 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance SOC_2 CC3.1 SOC_2_CC3.1 SOC 2 Type 2 CC3.1 COSO Principle 6 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance SOC_2 CC3.1 SOC_2_CC3.1 SOC 2 Type 2 CC3.1 COSO Principle 6 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance SOC_2 CC3.1 SOC_2_CC3.1 SOC 2 Type 2 CC3.1 COSO Principle 6 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
93fa357f-2e38-22a9-5138-8cc5124e1923 Categorize information Regulatory Compliance SOC_2 CC3.1 SOC_2_CC3.1 SOC 2 Type 2 CC3.1 COSO Principle 6 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
11ba0508-58a8-44de-5f3a-9e05d80571da Develop business classification schemes Regulatory Compliance SOC_2 CC3.1 SOC_2_CC3.1 SOC 2 Type 2 CC3.1 COSO Principle 6 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance SOC_2 CC3.1 SOC_2_CC3.1 SOC 2 Type 2 CC3.1 COSO Principle 6 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
dbcef108-7a04-38f5-8609-99da110a2a57 Determine information protection needs Regulatory Compliance SOC_2 CC3.1 SOC_2_CC3.1 SOC 2 Type 2 CC3.1 COSO Principle 6 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
dbcef108-7a04-38f5-8609-99da110a2a57 Determine information protection needs Regulatory Compliance SOC_2 CC3.2 SOC_2_CC3.2 SOC 2 Type 2 CC3.2 COSO Principle 7 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL SOC_2 CC3.2 SOC_2_CC3.2 SOC 2 Type 2 CC3.2 COSO Principle 7 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center SOC_2 CC3.2 SOC_2_CC3.2 SOC 2 Type 2 CC3.2 COSO Principle 7 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance SOC_2 CC3.2 SOC_2_CC3.2 SOC 2 Type 2 CC3.2 COSO Principle 7 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
93fa357f-2e38-22a9-5138-8cc5124e1923 Categorize information Regulatory Compliance SOC_2 CC3.2 SOC_2_CC3.2 SOC 2 Type 2 CC3.2 COSO Principle 7 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance SOC_2 CC3.2 SOC_2_CC3.2 SOC 2 Type 2 CC3.2 COSO Principle 7 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance SOC_2 CC3.2 SOC_2_CC3.2 SOC 2 Type 2 CC3.2 COSO Principle 7 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance SOC_2 CC3.2 SOC_2_CC3.2 SOC 2 Type 2 CC3.2 COSO Principle 7 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
11ba0508-58a8-44de-5f3a-9e05d80571da Develop business classification schemes Regulatory Compliance SOC_2 CC3.2 SOC_2_CC3.2 SOC 2 Type 2 CC3.2 COSO Principle 7 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance SOC_2 CC3.2 SOC_2_CC3.2 SOC 2 Type 2 CC3.2 COSO Principle 7 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL SOC_2 CC3.2 SOC_2_CC3.2 SOC 2 Type 2 CC3.2 COSO Principle 7 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance SOC_2 CC3.3 SOC_2_CC3.3 SOC 2 Type 2 CC3.3 COSO Principle 8 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance SOC_2 CC3.4 SOC_2_CC3.4 SOC 2 Type 2 CC3.4 COSO Principle 9 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance SOC_2 CC3.4 SOC_2_CC3.4 SOC 2 Type 2 CC3.4 COSO Principle 9 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance SOC_2 CC3.4 SOC_2_CC3.4 SOC 2 Type 2 CC3.4 COSO Principle 9 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance SOC_2 CC3.4 SOC_2_CC3.4 SOC 2 Type 2 CC3.4 COSO Principle 9 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance SOC_2 CC3.4 SOC_2_CC3.4 SOC 2 Type 2 CC3.4 COSO Principle 9 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance SOC_2 CC3.4 SOC_2_CC3.4 SOC 2 Type 2 CC3.4 COSO Principle 9 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance SOC_2 CC4.1 SOC_2_CC4.1 SOC 2 Type 2 CC4.1 COSO Principle 16 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f78fc35e-1268-0bca-a798-afcba9d2330a Select additional testing for security control assessments Regulatory Compliance SOC_2 CC4.1 SOC_2_CC4.1 SOC 2 Type 2 CC4.1 COSO Principle 16 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance SOC_2 CC4.1 SOC_2_CC4.1 SOC 2 Type 2 CC4.1 COSO Principle 16 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance SOC_2 CC4.2 SOC_2_CC4.2 SOC 2 Type 2 CC4.2 COSO Principle 17 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance SOC_2 CC4.2 SOC_2_CC4.2 SOC 2 Type 2 CC4.2 COSO Principle 17 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance SOC_2 CC5.1 SOC_2_CC5.1 SOC 2 Type 2 CC5.1 COSO Principle 10 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance SOC_2 CC5.1 SOC_2_CC5.1 SOC 2 Type 2 CC5.1 COSO Principle 10 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance SOC_2 CC5.3 SOC_2_CC5.3 SOC 2 Type 2 CC5.3 COSO Principle 12 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance SOC_2 CC5.3 SOC_2_CC5.3 SOC 2 Type 2 CC5.3 COSO Principle 12 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance SOC_2 CC5.3 SOC_2_CC5.3 SOC 2 Type 2 CC5.3 COSO Principle 12 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance SOC_2 CC5.3 SOC_2_CC5.3 SOC 2 Type 2 CC5.3 COSO Principle 12 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Azure AI Services resources should encrypt data at rest with a customer-managed key (CMK) Cognitive Services SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
fbb99e8e-e444-4da0-9ff1-75c92f5a85b2 Storage account containing the container with activity logs must be encrypted with BYOK Monitoring SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance SOC_2 CC6.2 SOC_2_CC6.2 SOC 2 Type 2 CC6.2 Access provisioning and removal SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance SOC_2 CC6.2 SOC_2_CC6.2 SOC 2 Type 2 CC6.2 Access provisioning and removal SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance SOC_2 CC6.2 SOC_2_CC6.2 SOC 2 Type 2 CC6.2 Access provisioning and removal SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance SOC_2 CC6.2 SOC_2_CC6.2 SOC 2 Type 2 CC6.2 Access provisioning and removal SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance SOC_2 CC6.2 SOC_2_CC6.2 SOC 2 Type 2 CC6.2 Access provisioning and removal SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance SOC_2 CC6.2 SOC_2_CC6.2 SOC 2 Type 2 CC6.2 Access provisioning and removal SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center SOC_2 CC6.2 SOC_2_CC6.2 SOC 2 Type 2 CC6.2 Access provisioning and removal SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center SOC_2 CC6.2 SOC_2_CC6.2 SOC 2 Type 2 CC6.2 Access provisioning and removal SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center SOC_2 CC6.2 SOC_2_CC6.2 SOC 2 Type 2 CC6.2 Access provisioning and removal SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance SOC_2 CC6.2 SOC_2_CC6.2 SOC 2 Type 2 CC6.2 Access provisioning and removal SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance SOC_2 CC6.2 SOC_2_CC6.2 SOC 2 Type 2 CC6.2 Access provisioning and removal SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance SOC_2 CC6.4 SOC_2_CC6.4 SOC 2 Type 2 CC6.4 Restricted physical access SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance SOC_2 CC6.5 SOC_2_CC6.5 SOC 2 Type 2 CC6.5 Logical and physical protections over physical assets SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance SOC_2 CC6.5 SOC_2_CC6.5 SOC 2 Type 2 CC6.5 Logical and physical protections over physical assets SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
6b2122c1-8120-4ff5-801b-17625a355590 Azure Arc enabled Kubernetes clusters should have the Azure Policy extension installed Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 Detection and monitoring of new vulnerabilities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 Detection and monitoring of new vulnerabilities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 Detection and monitoring of new vulnerabilities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 Detection and monitoring of new vulnerabilities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 Detection and monitoring of new vulnerabilities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 Detection and monitoring of new vulnerabilities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 Detection and monitoring of new vulnerabilities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 Detection and monitoring of new vulnerabilities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 Detection and monitoring of new vulnerabilities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 Detection and monitoring of new vulnerabilities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 Detection and monitoring of new vulnerabilities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 Detection and monitoring of new vulnerabilities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices Regulatory Compliance SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 Detection and monitoring of new vulnerabilities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 Detection and monitoring of new vulnerabilities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 Detection and monitoring of new vulnerabilities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance SOC_2 CC7.3 SOC_2_CC7.3 SOC 2 Type 2 CC7.3 Security incidents detection SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1e0d5ba8-a433-01aa-829c-86b06c9631ec Include dynamic reconfig of customer deployed resources Regulatory Compliance SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
23d1a569-2d1e-7f43-9e22-1f94115b7dd5 Identify classes of Incidents and Actions taken Regulatory Compliance SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d4e6a629-28eb-79a9-000b-88030e4823ca Coordinate with external organizations to achieve cross org perspective Regulatory Compliance SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
6b2122c1-8120-4ff5-801b-17625a355590 Azure Arc enabled Kubernetes clusters should have the Azure Policy extension installed Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance SOC_2 CC9.1 SOC_2_CC9.1 SOC 2 Type 2 CC9.1 Risk mitigation activities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance SOC_2 CC9.1 SOC_2_CC9.1 SOC 2 Type 2 CC9.1 Risk mitigation activities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
dbcef108-7a04-38f5-8609-99da110a2a57 Determine information protection needs Regulatory Compliance SOC_2 CC9.1 SOC_2_CC9.1 SOC 2 Type 2 CC9.1 Risk mitigation activities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
52375c01-4d4c-7acc-3aa4-5b3d53a047ec Define the duties of processors Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8019d788-713d-90a1-5570-dac5052f517d Train staff on PII sharing and its consequences Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8b1da407-5e60-5037-612e-2caa1b590719 Record disclosures of PII to third parties Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
5023a9e7-8e64-2db6-31dc-7bce27f796af Provide privacy notice to the public and to individuals Regulatory Compliance SOC_2 P1.1 SOC_2_P1.1 SOC 2 Type 2 P1.1 Privacy notice SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance SOC_2 P1.1 SOC_2_P1.1 SOC 2 Type 2 P1.1 Privacy notice SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance SOC_2 P1.1 SOC_2_P1.1 SOC 2 Type 2 P1.1 Privacy notice SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ee67c031-57fc-53d0-0cca-96c4c04345e8 Document and distribute a privacy policy Regulatory Compliance SOC_2 P1.1 SOC_2_P1.1 SOC 2 Type 2 P1.1 Privacy notice SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1beb1269-62ee-32cd-21ad-43d6c9750eb6 Ensure privacy program information is publicly available Regulatory Compliance SOC_2 P1.1 SOC_2_P1.1 SOC 2 Type 2 P1.1 Privacy notice SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance SOC_2 P2.1 SOC_2_P2.1 SOC 2 Type 2 P2.1 Privacy consent SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance SOC_2 P2.1 SOC_2_P2.1 SOC 2 Type 2 P2.1 Privacy consent SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance SOC_2 P2.1 SOC_2_P2.1 SOC 2 Type 2 P2.1 Privacy consent SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance SOC_2 P2.1 SOC_2_P2.1 SOC 2 Type 2 P2.1 Privacy consent SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
7d70383a-32f4-a0c2-61cf-a134851968c2 Determine legal authority to collect PII Regulatory Compliance SOC_2 P3.1 SOC_2_P3.1 SOC 2 Type 2 P3.1 Consistent personal information collection SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b6b32f80-a133-7600-301e-398d688e7e0c Evaluate and review PII holdings regularly Regulatory Compliance SOC_2 P3.1 SOC_2_P3.1 SOC 2 Type 2 P3.1 Consistent personal information collection SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
18e7906d-4197-20fa-2f14-aaac21864e71 Document process to ensure integrity of PII Regulatory Compliance SOC_2 P3.1 SOC_2_P3.1 SOC 2 Type 2 P3.1 Consistent personal information collection SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance SOC_2 P3.1 SOC_2_P3.1 SOC 2 Type 2 P3.1 Consistent personal information collection SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance SOC_2 P3.2 SOC_2_P3.2 SOC 2 Type 2 P3.2 Personal information explicit consent SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
964b340a-43a4-4798-2af5-7aedf6cb001b Collect PII directly from the individual Regulatory Compliance SOC_2 P3.2 SOC_2_P3.2 SOC 2 Type 2 P3.2 Personal information explicit consent SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance SOC_2 P4.1 SOC_2_P4.1 SOC 2 Type 2 P4.1 Personal information use SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance SOC_2 P4.1 SOC_2_P4.1 SOC 2 Type 2 P4.1 Personal information use SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance SOC_2 P4.1 SOC_2_P4.1 SOC 2 Type 2 P4.1 Personal information use SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance SOC_2 P4.1 SOC_2_P4.1 SOC 2 Type 2 P4.1 Personal information use SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
79c75b38-334b-1a69-65e0-a9d929a42f75 Document the legal basis for processing personal information Regulatory Compliance SOC_2 P4.1 SOC_2_P4.1 SOC 2 Type 2 P4.1 Personal information use SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
18e7906d-4197-20fa-2f14-aaac21864e71 Document process to ensure integrity of PII Regulatory Compliance SOC_2 P4.2 SOC_2_P4.2 SOC 2 Type 2 P4.2 Personal information retention SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance SOC_2 P4.2 SOC_2_P4.2 SOC 2 Type 2 P4.2 Personal information retention SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance SOC_2 P4.3 SOC_2_P4.3 SOC 2 Type 2 P4.3 Personal information disposal SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance SOC_2 P4.3 SOC_2_P4.3 SOC 2 Type 2 P4.3 Personal information disposal SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b8ec9ebb-5b7f-8426-17c1-2bc3fcd54c6e Implement methods for consumer requests Regulatory Compliance SOC_2 P5.1 SOC_2_P5.1 SOC 2 Type 2 P5.1 Personal information access SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ad1d562b-a04b-15d3-6770-ed310b601cb5 Publish rules and regulations accessing Privacy Act records Regulatory Compliance SOC_2 P5.1 SOC_2_P5.1 SOC 2 Type 2 P5.1 Personal information access SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
27ab3ac0-910d-724d-0afa-1a2a01e996c0 Respond to rectification requests Regulatory Compliance SOC_2 P5.2 SOC_2_P5.2 SOC 2 Type 2 P5.2 Personal information correction SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance SOC_2 P6.1 SOC_2_P6.1 SOC 2 Type 2 P6.1 Personal information third party disclosure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance SOC_2 P6.1 SOC_2_P6.1 SOC 2 Type 2 P6.1 Personal information third party disclosure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance SOC_2 P6.1 SOC_2_P6.1 SOC 2 Type 2 P6.1 Personal information third party disclosure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance SOC_2 P6.1 SOC_2_P6.1 SOC 2 Type 2 P6.1 Personal information third party disclosure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance SOC_2 P6.1 SOC_2_P6.1 SOC 2 Type 2 P6.1 Personal information third party disclosure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance SOC_2 P6.1 SOC_2_P6.1 SOC 2 Type 2 P6.1 Personal information third party disclosure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance SOC_2 P6.1 SOC_2_P6.1 SOC 2 Type 2 P6.1 Personal information third party disclosure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance SOC_2 P6.1 SOC_2_P6.1 SOC 2 Type 2 P6.1 Personal information third party disclosure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance SOC_2 P6.1 SOC_2_P6.1 SOC 2 Type 2 P6.1 Personal information third party disclosure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8b1da407-5e60-5037-612e-2caa1b590719 Record disclosures of PII to third parties Regulatory Compliance SOC_2 P6.1 SOC_2_P6.1 SOC 2 Type 2 P6.1 Personal information third party disclosure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8019d788-713d-90a1-5570-dac5052f517d Train staff on PII sharing and its consequences Regulatory Compliance SOC_2 P6.1 SOC_2_P6.1 SOC 2 Type 2 P6.1 Personal information third party disclosure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f8d141b7-4e21-62a6-6608-c79336e36bc9 Establish privacy requirements for contractors and service providers Regulatory Compliance SOC_2 P6.1 SOC_2_P6.1 SOC 2 Type 2 P6.1 Personal information third party disclosure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
52375c01-4d4c-7acc-3aa4-5b3d53a047ec Define the duties of processors Regulatory Compliance SOC_2 P6.1 SOC_2_P6.1 SOC 2 Type 2 P6.1 Personal information third party disclosure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance SOC_2 P6.1 SOC_2_P6.1 SOC 2 Type 2 P6.1 Personal information third party disclosure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance SOC_2 P6.1 SOC_2_P6.1 SOC 2 Type 2 P6.1 Personal information third party disclosure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0bbfd658-93ab-6f5e-1e19-3c1c1da62d01 Keep accurate accounting of disclosures of information Regulatory Compliance SOC_2 P6.2 SOC_2_P6.2 SOC 2 Type 2 P6.2 Authorized disclosure of personal information record SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0bbfd658-93ab-6f5e-1e19-3c1c1da62d01 Keep accurate accounting of disclosures of information Regulatory Compliance SOC_2 P6.3 SOC_2_P6.3 SOC 2 Type 2 P6.3 Unauthorized disclosure of personal information record SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
52375c01-4d4c-7acc-3aa4-5b3d53a047ec Define the duties of processors Regulatory Compliance SOC_2 P6.4 SOC_2_P6.4 SOC 2 Type 2 P6.4 Third party agreements SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance SOC_2 P6.5 SOC_2_P6.5 SOC 2 Type 2 P6.5 Third party unauthorized disclosure notification SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance SOC_2 P6.5 SOC_2_P6.5 SOC 2 Type 2 P6.5 Third party unauthorized disclosure notification SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
34738025-5925-51f9-1081-f2d0060133ed Information security and personal data protection Regulatory Compliance SOC_2 P6.5 SOC_2_P6.5 SOC 2 Type 2 P6.5 Third party unauthorized disclosure notification SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance SOC_2 P6.5 SOC_2_P6.5 SOC 2 Type 2 P6.5 Third party unauthorized disclosure notification SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance SOC_2 P6.5 SOC_2_P6.5 SOC 2 Type 2 P6.5 Third party unauthorized disclosure notification SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance SOC_2 P6.5 SOC_2_P6.5 SOC 2 Type 2 P6.5 Third party unauthorized disclosure notification SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance SOC_2 P6.5 SOC_2_P6.5 SOC 2 Type 2 P6.5 Third party unauthorized disclosure notification SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance SOC_2 P6.5 SOC_2_P6.5 SOC 2 Type 2 P6.5 Third party unauthorized disclosure notification SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance SOC_2 P6.5 SOC_2_P6.5 SOC 2 Type 2 P6.5 Third party unauthorized disclosure notification SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance SOC_2 P6.5 SOC_2_P6.5 SOC 2 Type 2 P6.5 Third party unauthorized disclosure notification SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance SOC_2 P6.5 SOC_2_P6.5 SOC 2 Type 2 P6.5 Third party unauthorized disclosure notification SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance SOC_2 P6.5 SOC_2_P6.5 SOC 2 Type 2 P6.5 Third party unauthorized disclosure notification SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance SOC_2 P6.6 SOC_2_P6.6 SOC 2 Type 2 P6.6 Privacy incident notification SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
34738025-5925-51f9-1081-f2d0060133ed Information security and personal data protection Regulatory Compliance SOC_2 P6.6 SOC_2_P6.6 SOC 2 Type 2 P6.6 Privacy incident notification SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance SOC_2 P6.7 SOC_2_P6.7 SOC 2 Type 2 P6.7 Accounting of disclosure of personal information SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance SOC_2 P6.7 SOC_2_P6.7 SOC 2 Type 2 P6.7 Accounting of disclosure of personal information SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance SOC_2 P6.7 SOC_2_P6.7 SOC 2 Type 2 P6.7 Accounting of disclosure of personal information SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0bbfd658-93ab-6f5e-1e19-3c1c1da62d01 Keep accurate accounting of disclosures of information Regulatory Compliance SOC_2 P6.7 SOC_2_P6.7 SOC 2 Type 2 P6.7 Accounting of disclosure of personal information SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d4f70530-19a2-2a85-6e0c-0c3c465e3325 Make accounting of disclosures available upon request Regulatory Compliance SOC_2 P6.7 SOC_2_P6.7 SOC 2 Type 2 P6.7 Accounting of disclosure of personal information SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0461cacd-0b3b-4f66-11c5-81c9b19a3d22 Verify inaccurate or outdated PII Regulatory Compliance SOC_2 P7.1 SOC_2_P7.1 SOC 2 Type 2 P7.1 Personal information quality SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0a24f5dc-8c40-94a7-7aee-bb7cd4781d37 Issue guidelines for ensuring data quality and integrity Regulatory Compliance SOC_2 P7.1 SOC_2_P7.1 SOC 2 Type 2 P7.1 Personal information quality SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8bb40df9-23e4-4175-5db3-8dba86349b73 Confirm quality and integrity of PII Regulatory Compliance SOC_2 P7.1 SOC_2_P7.1 SOC 2 Type 2 P7.1 Personal information quality SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
eab4450d-9e5c-4f38-0656-2ff8c78c83f3 Document and implement privacy complaint procedures Regulatory Compliance SOC_2 P8.1 SOC_2_P8.1 SOC 2 Type 2 P8.1 Privacy complaint management and compliance management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
34738025-5925-51f9-1081-f2d0060133ed Information security and personal data protection Regulatory Compliance SOC_2 P8.1 SOC_2_P8.1 SOC 2 Type 2 P8.1 Privacy complaint management and compliance management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
6ab47bbf-867e-9113-7998-89b58f77326a Respond to complaints, concerns, or questions timely Regulatory Compliance SOC_2 P8.1 SOC_2_P8.1 SOC 2 Type 2 P8.1 Privacy complaint management and compliance management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b6b32f80-a133-7600-301e-398d688e7e0c Evaluate and review PII holdings regularly Regulatory Compliance SOC_2 P8.1 SOC_2_P8.1 SOC 2 Type 2 P8.1 Privacy complaint management and compliance management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8019d788-713d-90a1-5570-dac5052f517d Train staff on PII sharing and its consequences Regulatory Compliance SOC_2 P8.1 SOC_2_P8.1 SOC 2 Type 2 P8.1 Privacy complaint management and compliance management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance SOC_2 PI1.1 SOC_2_PI1.1 SOC 2 Type 2 PI1.1 Data processing definitions SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance SOC_2 PI1.1 SOC_2_PI1.1 SOC 2 Type 2 PI1.1 Data processing definitions SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance SOC_2 PI1.1 SOC_2_PI1.1 SOC 2 Type 2 PI1.1 Data processing definitions SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8b1f29eb-1b22-4217-5337-9207cb55231e Perform information input validation Regulatory Compliance SOC_2 PI1.2 SOC_2_PI1.2 SOC 2 Type 2 PI1.2 System inputs over completeness and accuracy SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c2cb4658-44dc-9d11-3dad-7c6802dd5ba3 Generate error messages Regulatory Compliance SOC_2 PI1.3 SOC_2_PI1.3 SOC 2 Type 2 PI1.3 System processing SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance SOC_2 PI1.3 SOC_2_PI1.3 SOC 2 Type 2 PI1.3 System processing SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance SOC_2 PI1.3 SOC_2_PI1.3 SOC 2 Type 2 PI1.3 System processing SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8b1f29eb-1b22-4217-5337-9207cb55231e Perform information input validation Regulatory Compliance SOC_2 PI1.3 SOC_2_PI1.3 SOC 2 Type 2 PI1.3 System processing SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance SOC_2 PI1.3 SOC_2_PI1.3 SOC 2 Type 2 PI1.3 System processing SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance SOC_2 PI1.4 SOC_2_PI1.4 SOC 2 Type 2 PI1.4 System output is complete, accurate, and timely SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance SOC_2 PI1.4 SOC_2_PI1.4 SOC 2 Type 2 PI1.4 System output is complete, accurate, and timely SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance SOC_2 PI1.4 SOC_2_PI1.4 SOC 2 Type 2 PI1.4 System output is complete, accurate, and timely SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance SOC_2 PI1.5 SOC_2_PI1.5 SOC 2 Type 2 PI1.5 Store inputs and outputs completely, accurately, and timely SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance SOC_2 PI1.5 SOC_2_PI1.5 SOC 2 Type 2 PI1.5 Store inputs and outputs completely, accurately, and timely SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance SOC_2 PI1.5 SOC_2_PI1.5 SOC 2 Type 2 PI1.5 Store inputs and outputs completely, accurately, and timely SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance SOC_2 PI1.5 SOC_2_PI1.5 SOC 2 Type 2 PI1.5 Store inputs and outputs completely, accurately, and timely SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL SOC_2 PI1.5 SOC_2_PI1.5 SOC 2 Type 2 PI1.5 Store inputs and outputs completely, accurately, and timely SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup SOC_2 PI1.5 SOC_2_PI1.5 SOC 2 Type 2 PI1.5 Store inputs and outputs completely, accurately, and timely SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL SOC_2 PI1.5 SOC_2_PI1.5 SOC 2 Type 2 PI1.5 Store inputs and outputs completely, accurately, and timely SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance SOC_2 PI1.5 SOC_2_PI1.5 SOC 2 Type 2 PI1.5 Store inputs and outputs completely, accurately, and timely SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL SOC_2 PI1.5 SOC_2_PI1.5 SOC 2 Type 2 PI1.5 Store inputs and outputs completely, accurately, and timely SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance SOC_2 PI1.5 SOC_2_PI1.5 SOC 2 Type 2 PI1.5 Store inputs and outputs completely, accurately, and timely SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
56fd377d-098c-4f02-8406-81eb055902b8 IP firewall rules on Azure Synapse workspaces should be removed Synapse SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d46c275d-1680-448d-b2ec-e495a3b6cc89 Kubernetes cluster services should only use allowed external IPs Kubernetes SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration SOC_2023 A1.1 SOC_2023_A1.1 SOC 2023 A1.1 Effectively manage capacity demand and facilitate the implementation of additional capacity as needed. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center SOC_2023 A1.2 SOC_2023_A1.2 SOC 2023 A1.2 Mitigate risks, maintain operational resilience, protect critical assets and data, ensure compliance, and achieve objectives effectively and efficiently. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage SOC_2023 C1.1 SOC_2023_C1.1 SOC 2023 C1.1 Preserve trust, compliance, and competitive advantage. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB SOC_2023 C1.1 SOC_2023_C1.1 SOC 2023 C1.1 Preserve trust, compliance, and competitive advantage. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network SOC_2023 C1.1 SOC_2023_C1.1 SOC 2023 C1.1 Preserve trust, compliance, and competitive advantage. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery SOC_2023 C1.1 SOC_2023_C1.1 SOC 2023 C1.1 Preserve trust, compliance, and competitive advantage. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration SOC_2023 C1.1 SOC_2023_C1.1 SOC 2023 C1.1 Preserve trust, compliance, and competitive advantage. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration SOC_2023 C1.1 SOC_2023_C1.1 SOC 2023 C1.1 Preserve trust, compliance, and competitive advantage. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL SOC_2023 C1.1 SOC_2023_C1.1 SOC 2023 C1.1 Preserve trust, compliance, and competitive advantage. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network SOC_2023 C1.1 SOC_2023_C1.1 SOC 2023 C1.1 Preserve trust, compliance, and competitive advantage. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup SOC_2023 C1.1 SOC_2023_C1.1 SOC 2023 C1.1 Preserve trust, compliance, and competitive advantage. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service SOC_2023 C1.1 SOC_2023_C1.1 SOC 2023 C1.1 Preserve trust, compliance, and competitive advantage. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services SOC_2023 C1.1 SOC_2023_C1.1 SOC 2023 C1.1 Preserve trust, compliance, and competitive advantage. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL SOC_2023 CC.5.3 SOC_2023_CC.5.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration SOC_2023 CC1.3 SOC_2023_CC1.3 SOC 2023 CC1.3 Enable effective execution of authorities, information flow, and setup of appropriate responsibilities to achieve organizational objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center SOC_2023 CC1.3 SOC_2023_CC1.3 SOC 2023 CC1.3 Enable effective execution of authorities, information flow, and setup of appropriate responsibilities to achieve organizational objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery SOC_2023 CC1.3 SOC_2023_CC1.3 SOC 2023 CC1.3 Enable effective execution of authorities, information flow, and setup of appropriate responsibilities to achieve organizational objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL SOC_2023 CC1.3 SOC_2023_CC1.3 SOC 2023 CC1.3 Enable effective execution of authorities, information flow, and setup of appropriate responsibilities to achieve organizational objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB SOC_2023 CC1.3 SOC_2023_CC1.3 SOC 2023 CC1.3 Enable effective execution of authorities, information flow, and setup of appropriate responsibilities to achieve organizational objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration SOC_2023 CC1.3 SOC_2023_CC1.3 SOC 2023 CC1.3 Enable effective execution of authorities, information flow, and setup of appropriate responsibilities to achieve organizational objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage SOC_2023 CC1.3 SOC_2023_CC1.3 SOC 2023 CC1.3 Enable effective execution of authorities, information flow, and setup of appropriate responsibilities to achieve organizational objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network SOC_2023 CC1.3 SOC_2023_CC1.3 SOC 2023 CC1.3 Enable effective execution of authorities, information flow, and setup of appropriate responsibilities to achieve organizational objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup SOC_2023 CC1.3 SOC_2023_CC1.3 SOC 2023 CC1.3 Enable effective execution of authorities, information flow, and setup of appropriate responsibilities to achieve organizational objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL SOC_2023 CC1.3 SOC_2023_CC1.3 SOC 2023 CC1.3 Enable effective execution of authorities, information flow, and setup of appropriate responsibilities to achieve organizational objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services SOC_2023 CC1.3 SOC_2023_CC1.3 SOC 2023 CC1.3 Enable effective execution of authorities, information flow, and setup of appropriate responsibilities to achieve organizational objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network SOC_2023 CC1.3 SOC_2023_CC1.3 SOC 2023 CC1.3 Enable effective execution of authorities, information flow, and setup of appropriate responsibilities to achieve organizational objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service SOC_2023 CC1.3 SOC_2023_CC1.3 SOC 2023 CC1.3 Enable effective execution of authorities, information flow, and setup of appropriate responsibilities to achieve organizational objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network SOC_2023 CC1.4 SOC_2023_CC1.4 SOC 2023 CC1.4 Ensure organizational resilience, innovation, and competitiveness in the long run. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring SOC_2023 CC1.4 SOC_2023_CC1.4 SOC 2023 CC1.4 Ensure organizational resilience, innovation, and competitiveness in the long run. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center SOC_2023 CC1.4 SOC_2023_CC1.4 SOC 2023 CC1.4 Ensure organizational resilience, innovation, and competitiveness in the long run. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center SOC_2023 CC1.4 SOC_2023_CC1.4 SOC 2023 CC1.4 Ensure organizational resilience, innovation, and competitiveness in the long run. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring SOC_2023 CC1.4 SOC_2023_CC1.4 SOC 2023 CC1.4 Ensure organizational resilience, innovation, and competitiveness in the long run. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring SOC_2023 CC1.4 SOC_2023_CC1.4 SOC 2023 CC1.4 Ensure organizational resilience, innovation, and competitiveness in the long run. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute SOC_2023 CC1.4 SOC_2023_CC1.4 SOC 2023 CC1.4 Ensure organizational resilience, innovation, and competitiveness in the long run. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub SOC_2023 CC2.1 SOC_2023_CC2.1 SOC 2023 CC2.1 Effectively obtain or generate and utilize relevant, high-quality information to support internal control functions. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration SOC_2023 CC2.2 SOC_2023_CC2.2 SOC 2023 CC2.2 Facilitate effective internal communication, including objectives and responsibilities for internal control. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration SOC_2023 CC2.2 SOC_2023_CC2.2 SOC 2023 CC2.2 Facilitate effective internal communication, including objectives and responsibilities for internal control. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage SOC_2023 CC2.2 SOC_2023_CC2.2 SOC 2023 CC2.2 Facilitate effective internal communication, including objectives and responsibilities for internal control. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration SOC_2023 CC2.2 SOC_2023_CC2.2 SOC 2023 CC2.2 Facilitate effective internal communication, including objectives and responsibilities for internal control. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration SOC_2023 CC2.2 SOC_2023_CC2.2 SOC 2023 CC2.2 Facilitate effective internal communication, including objectives and responsibilities for internal control. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault SOC_2023 CC2.2 SOC_2023_CC2.2 SOC 2023 CC2.2 Facilitate effective internal communication, including objectives and responsibilities for internal control. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB SOC_2023 CC2.2 SOC_2023_CC2.2 SOC 2023 CC2.2 Facilitate effective internal communication, including objectives and responsibilities for internal control. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration SOC_2023 CC2.2 SOC_2023_CC2.2 SOC 2023 CC2.2 Facilitate effective internal communication, including objectives and responsibilities for internal control. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning SOC_2023 CC2.2 SOC_2023_CC2.2 SOC 2023 CC2.2 Facilitate effective internal communication, including objectives and responsibilities for internal control. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration SOC_2023 CC2.2 SOC_2023_CC2.2 SOC 2023 CC2.2 Facilitate effective internal communication, including objectives and responsibilities for internal control. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup SOC_2023 CC2.2 SOC_2023_CC2.2 SOC 2023 CC2.2 Facilitate effective internal communication, including objectives and responsibilities for internal control. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services SOC_2023 CC2.2 SOC_2023_CC2.2 SOC 2023 CC2.2 Facilitate effective internal communication, including objectives and responsibilities for internal control. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault SOC_2023 CC2.2 SOC_2023_CC2.2 SOC 2023 CC2.2 Facilitate effective internal communication, including objectives and responsibilities for internal control. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network SOC_2023 CC2.2 SOC_2023_CC2.2 SOC 2023 CC2.2 Facilitate effective internal communication, including objectives and responsibilities for internal control. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub SOC_2023 CC2.2 SOC_2023_CC2.2 SOC 2023 CC2.2 Facilitate effective internal communication, including objectives and responsibilities for internal control. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration SOC_2023 CC2.2 SOC_2023_CC2.2 SOC 2023 CC2.2 Facilitate effective internal communication, including objectives and responsibilities for internal control. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL SOC_2023 CC2.2 SOC_2023_CC2.2 SOC 2023 CC2.2 Facilitate effective internal communication, including objectives and responsibilities for internal control. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration SOC_2023 CC2.2 SOC_2023_CC2.2 SOC 2023 CC2.2 Facilitate effective internal communication, including objectives and responsibilities for internal control. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration SOC_2023 CC2.2 SOC_2023_CC2.2 SOC 2023 CC2.2 Facilitate effective internal communication, including objectives and responsibilities for internal control. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL SOC_2023 CC2.2 SOC_2023_CC2.2 SOC 2023 CC2.2 Facilitate effective internal communication, including objectives and responsibilities for internal control. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration SOC_2023 CC2.2 SOC_2023_CC2.2 SOC 2023 CC2.2 Facilitate effective internal communication, including objectives and responsibilities for internal control. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center SOC_2023 CC2.2 SOC_2023_CC2.2 SOC 2023 CC2.2 Facilitate effective internal communication, including objectives and responsibilities for internal control. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center SOC_2023 CC2.2 SOC_2023_CC2.2 SOC 2023 CC2.2 Facilitate effective internal communication, including objectives and responsibilities for internal control. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery SOC_2023 CC2.2 SOC_2023_CC2.2 SOC 2023 CC2.2 Facilitate effective internal communication, including objectives and responsibilities for internal control. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network SOC_2023 CC2.2 SOC_2023_CC2.2 SOC 2023 CC2.2 Facilitate effective internal communication, including objectives and responsibilities for internal control. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration SOC_2023 CC2.2 SOC_2023_CC2.2 SOC 2023 CC2.2 Facilitate effective internal communication, including objectives and responsibilities for internal control. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage SOC_2023 CC2.2 SOC_2023_CC2.2 SOC 2023 CC2.2 Facilitate effective internal communication, including objectives and responsibilities for internal control. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service SOC_2023 CC2.2 SOC_2023_CC2.2 SOC 2023 CC2.2 Facilitate effective internal communication, including objectives and responsibilities for internal control. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1dc2fc00-2245-4143-99f4-874c937f13ef Azure API Management platform version should be stv2 API Management SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6b2122c1-8120-4ff5-801b-17625a355590 Azure Arc enabled Kubernetes clusters should have the Azure Policy extension installed Kubernetes SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ab6a902f-9493-453b-928d-62c30b11b5a6 Function apps should have Client Certificates (Incoming client certificates) enabled App Service SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
35f9c03a-cc27-418e-9c0c-539ff999d010 Gateway subnets should not be configured with a network security group Network SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ca88aadc-6e2b-416c-9de2-5a0f01d1693f Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f1776c76-f58c-4245-a8d0-2b207198dc8b Virtual networks should use specified virtual network gateway Network SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Facilitate effective internal communication. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning SOC_2023 CC4.1 SOC_2023_CC4.1 SOC 2023 CC4.1 Enhance the ability to manage risks and achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring SOC_2023 CC4.2 SOC_2023_CC4.2 SOC 2023 CC4.2 Facilitate timely corrective actions and strengthen the ability to maintain effective control over its operations and achieve its objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault SOC_2023 CC5.1 SOC_2023_CC5.1 SOC 2023 CC5.1 Enhance the ability to manage uncertainties and accomplish its strategic goals. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub SOC_2023 CC5.1 SOC_2023_CC5.1 SOC 2023 CC5.1 Enhance the ability to manage uncertainties and accomplish its strategic goals. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration SOC_2023 CC5.1 SOC_2023_CC5.1 SOC 2023 CC5.1 Enhance the ability to manage uncertainties and accomplish its strategic goals. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL SOC_2023 CC5.1 SOC_2023_CC5.1 SOC 2023 CC5.1 Enhance the ability to manage uncertainties and accomplish its strategic goals. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration SOC_2023 CC5.1 SOC_2023_CC5.1 SOC 2023 CC5.1 Enhance the ability to manage uncertainties and accomplish its strategic goals. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center SOC_2023 CC5.1 SOC_2023_CC5.1 SOC 2023 CC5.1 Enhance the ability to manage uncertainties and accomplish its strategic goals. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration SOC_2023 CC5.1 SOC_2023_CC5.1 SOC 2023 CC5.1 Enhance the ability to manage uncertainties and accomplish its strategic goals. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration SOC_2023 CC5.1 SOC_2023_CC5.1 SOC 2023 CC5.1 Enhance the ability to manage uncertainties and accomplish its strategic goals. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning SOC_2023 CC5.1 SOC_2023_CC5.1 SOC 2023 CC5.1 Enhance the ability to manage uncertainties and accomplish its strategic goals. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration SOC_2023 CC5.1 SOC_2023_CC5.1 SOC 2023 CC5.1 Enhance the ability to manage uncertainties and accomplish its strategic goals. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage SOC_2023 CC5.1 SOC_2023_CC5.1 SOC 2023 CC5.1 Enhance the ability to manage uncertainties and accomplish its strategic goals. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration SOC_2023 CC5.1 SOC_2023_CC5.1 SOC 2023 CC5.1 Enhance the ability to manage uncertainties and accomplish its strategic goals. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault SOC_2023 CC5.1 SOC_2023_CC5.1 SOC 2023 CC5.1 Enhance the ability to manage uncertainties and accomplish its strategic goals. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB SOC_2023 CC5.1 SOC_2023_CC5.1 SOC 2023 CC5.1 Enhance the ability to manage uncertainties and accomplish its strategic goals. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration SOC_2023 CC5.1 SOC_2023_CC5.1 SOC 2023 CC5.1 Enhance the ability to manage uncertainties and accomplish its strategic goals. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service SOC_2023 CC5.1 SOC_2023_CC5.1 SOC 2023 CC5.1 Enhance the ability to manage uncertainties and accomplish its strategic goals. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration SOC_2023 CC5.1 SOC_2023_CC5.1 SOC 2023 CC5.1 Enhance the ability to manage uncertainties and accomplish its strategic goals. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring SOC_2023 CC5.2 SOC_2023_CC5.2 SOC 2023 CC5.2 Mitigate technology-related risks and ensure that technology effectively supports the organization in achieving its objectives, enhancing efficiency, reliability, and security in its operations. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration SOC_2023 CC5.2 SOC_2023_CC5.2 SOC 2023 CC5.2 Mitigate technology-related risks and ensure that technology effectively supports the organization in achieving its objectives, enhancing efficiency, reliability, and security in its operations. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup SOC_2023 CC5.2 SOC_2023_CC5.2 SOC 2023 CC5.2 Mitigate technology-related risks and ensure that technology effectively supports the organization in achieving its objectives, enhancing efficiency, reliability, and security in its operations. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network SOC_2023 CC5.2 SOC_2023_CC5.2 SOC 2023 CC5.2 Mitigate technology-related risks and ensure that technology effectively supports the organization in achieving its objectives, enhancing efficiency, reliability, and security in its operations. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration SOC_2023 CC5.2 SOC_2023_CC5.2 SOC 2023 CC5.2 Mitigate technology-related risks and ensure that technology effectively supports the organization in achieving its objectives, enhancing efficiency, reliability, and security in its operations. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service SOC_2023 CC5.2 SOC_2023_CC5.2 SOC 2023 CC5.2 Mitigate technology-related risks and ensure that technology effectively supports the organization in achieving its objectives, enhancing efficiency, reliability, and security in its operations. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery SOC_2023 CC5.2 SOC_2023_CC5.2 SOC 2023 CC5.2 Mitigate technology-related risks and ensure that technology effectively supports the organization in achieving its objectives, enhancing efficiency, reliability, and security in its operations. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services SOC_2023 CC5.2 SOC_2023_CC5.2 SOC 2023 CC5.2 Mitigate technology-related risks and ensure that technology effectively supports the organization in achieving its objectives, enhancing efficiency, reliability, and security in its operations. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network SOC_2023 CC5.2 SOC_2023_CC5.2 SOC 2023 CC5.2 Mitigate technology-related risks and ensure that technology effectively supports the organization in achieving its objectives, enhancing efficiency, reliability, and security in its operations. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration SOC_2023 CC5.2 SOC_2023_CC5.2 SOC 2023 CC5.2 Mitigate technology-related risks and ensure that technology effectively supports the organization in achieving its objectives, enhancing efficiency, reliability, and security in its operations. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration SOC_2023 CC5.2 SOC_2023_CC5.2 SOC 2023 CC5.2 Mitigate technology-related risks and ensure that technology effectively supports the organization in achieving its objectives, enhancing efficiency, reliability, and security in its operations. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB SOC_2023 CC5.2 SOC_2023_CC5.2 SOC 2023 CC5.2 Mitigate technology-related risks and ensure that technology effectively supports the organization in achieving its objectives, enhancing efficiency, reliability, and security in its operations. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL SOC_2023 CC5.2 SOC_2023_CC5.2 SOC 2023 CC5.2 Mitigate technology-related risks and ensure that technology effectively supports the organization in achieving its objectives, enhancing efficiency, reliability, and security in its operations. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL SOC_2023 CC5.2 SOC_2023_CC5.2 SOC 2023 CC5.2 Mitigate technology-related risks and ensure that technology effectively supports the organization in achieving its objectives, enhancing efficiency, reliability, and security in its operations. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage SOC_2023 CC5.2 SOC_2023_CC5.2 SOC 2023 CC5.2 Mitigate technology-related risks and ensure that technology effectively supports the organization in achieving its objectives, enhancing efficiency, reliability, and security in its operations. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
35f9c03a-cc27-418e-9c0c-539ff999d010 Gateway subnets should not be configured with a network security group Network SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6b2122c1-8120-4ff5-801b-17625a355590 Azure Arc enabled Kubernetes clusters should have the Azure Policy extension installed Kubernetes SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ca88aadc-6e2b-416c-9de2-5a0f01d1693f Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f1776c76-f58c-4245-a8d0-2b207198dc8b Virtual networks should use specified virtual network gateway Network SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1dc2fc00-2245-4143-99f4-874c937f13ef Azure API Management platform version should be stv2 API Management SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ab6a902f-9493-453b-928d-62c30b11b5a6 Function apps should have Client Certificates (Incoming client certificates) enabled App Service SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Maintain alignment with organizational objectives and regulatory requirements. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ab6a902f-9493-453b-928d-62c30b11b5a6 Function apps should have Client Certificates (Incoming client certificates) enabled App Service SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage SOC_2023 CC6.2 SOC_2023_CC6.2 SOC 2023 CC6.2 Ensure effective access control and ensuring the security of the organization's systems and data. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus SOC_2023 CC6.3 SOC_2023_CC6.3 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center SOC_2023 CC6.4 SOC_2023_CC6.4 SOC 2023 CC6.4 Safeguard against unauthorized entry, theft, or tampering. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus SOC_2023 CC6.7 SOC_2023_CC6.7 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center SOC_2023 CC6.8 SOC_2023_CC6.8 SOC 2023 CC6.8 Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration SOC_2023 CC7.1 SOC_2023_CC7.1 SOC 2023 CC7.1 Maintain a proactive approach to cybersecurity and mitigate risks effectively. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL SOC_2023 CC7.1 SOC_2023_CC7.1 SOC 2023 CC7.1 Maintain a proactive approach to cybersecurity and mitigate risks effectively. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services SOC_2023 CC7.1 SOC_2023_CC7.1 SOC 2023 CC7.1 Maintain a proactive approach to cybersecurity and mitigate risks effectively. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network SOC_2023 CC7.1 SOC_2023_CC7.1 SOC 2023 CC7.1 Maintain a proactive approach to cybersecurity and mitigate risks effectively. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery SOC_2023 CC7.1 SOC_2023_CC7.1 SOC 2023 CC7.1 Maintain a proactive approach to cybersecurity and mitigate risks effectively. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service SOC_2023 CC7.1 SOC_2023_CC7.1 SOC 2023 CC7.1 Maintain a proactive approach to cybersecurity and mitigate risks effectively. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration SOC_2023 CC7.1 SOC_2023_CC7.1 SOC 2023 CC7.1 Maintain a proactive approach to cybersecurity and mitigate risks effectively. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network SOC_2023 CC7.1 SOC_2023_CC7.1 SOC 2023 CC7.1 Maintain a proactive approach to cybersecurity and mitigate risks effectively. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup SOC_2023 CC7.1 SOC_2023_CC7.1 SOC 2023 CC7.1 Maintain a proactive approach to cybersecurity and mitigate risks effectively. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB SOC_2023 CC7.1 SOC_2023_CC7.1 SOC 2023 CC7.1 Maintain a proactive approach to cybersecurity and mitigate risks effectively. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage SOC_2023 CC7.1 SOC_2023_CC7.1 SOC 2023 CC7.1 Maintain a proactive approach to cybersecurity and mitigate risks effectively. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
56fd377d-098c-4f02-8406-81eb055902b8 IP firewall rules on Azure Synapse workspaces should be removed Synapse SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d46c275d-1680-448d-b2ec-e495a3b6cc89 Kubernetes cluster services should only use allowed external IPs Kubernetes SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service SOC_2023 CC7.2 SOC_2023_CC7.2 SOC 2023 CC7.2 Maintain robust security measures and ensure operational resilience. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center SOC_2023 CC7.3 SOC_2023_CC7.3 SOC 2023 CC7.3 Maintain operational resilience and mitigate the impact of security incidents on the ability to achieve objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ab6a902f-9493-453b-928d-62c30b11b5a6 Function apps should have Client Certificates (Incoming client certificates) enabled App Service SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f1776c76-f58c-4245-a8d0-2b207198dc8b Virtual networks should use specified virtual network gateway Network SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
35f9c03a-cc27-418e-9c0c-539ff999d010 Gateway subnets should not be configured with a network security group Network SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1dc2fc00-2245-4143-99f4-874c937f13ef Azure API Management platform version should be stv2 API Management SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6b2122c1-8120-4ff5-801b-17625a355590 Azure Arc enabled Kubernetes clusters should have the Azure Policy extension installed Kubernetes SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ca88aadc-6e2b-416c-9de2-5a0f01d1693f Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL SOC_2023 CC7.5 SOC_2023_CC7.5 SOC 2023 CC7.5 Ensure prompt restoration of normal operations, mitigation of residual risks, and enhancement of incident response capabilities to minimize the impact of future incidents. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services SOC_2023 CC7.5 SOC_2023_CC7.5 SOC 2023 CC7.5 Ensure prompt restoration of normal operations, mitigation of residual risks, and enhancement of incident response capabilities to minimize the impact of future incidents. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB SOC_2023 CC7.5 SOC_2023_CC7.5 SOC 2023 CC7.5 Ensure prompt restoration of normal operations, mitigation of residual risks, and enhancement of incident response capabilities to minimize the impact of future incidents. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration SOC_2023 CC7.5 SOC_2023_CC7.5 SOC 2023 CC7.5 Ensure prompt restoration of normal operations, mitigation of residual risks, and enhancement of incident response capabilities to minimize the impact of future incidents. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage SOC_2023 CC7.5 SOC_2023_CC7.5 SOC 2023 CC7.5 Ensure prompt restoration of normal operations, mitigation of residual risks, and enhancement of incident response capabilities to minimize the impact of future incidents. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network SOC_2023 CC7.5 SOC_2023_CC7.5 SOC 2023 CC7.5 Ensure prompt restoration of normal operations, mitigation of residual risks, and enhancement of incident response capabilities to minimize the impact of future incidents. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network SOC_2023 CC7.5 SOC_2023_CC7.5 SOC 2023 CC7.5 Ensure prompt restoration of normal operations, mitigation of residual risks, and enhancement of incident response capabilities to minimize the impact of future incidents. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center SOC_2023 CC7.5 SOC_2023_CC7.5 SOC 2023 CC7.5 Ensure prompt restoration of normal operations, mitigation of residual risks, and enhancement of incident response capabilities to minimize the impact of future incidents. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service SOC_2023 CC7.5 SOC_2023_CC7.5 SOC 2023 CC7.5 Ensure prompt restoration of normal operations, mitigation of residual risks, and enhancement of incident response capabilities to minimize the impact of future incidents. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration SOC_2023 CC7.5 SOC_2023_CC7.5 SOC 2023 CC7.5 Ensure prompt restoration of normal operations, mitigation of residual risks, and enhancement of incident response capabilities to minimize the impact of future incidents. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup SOC_2023 CC7.5 SOC_2023_CC7.5 SOC 2023 CC7.5 Ensure prompt restoration of normal operations, mitigation of residual risks, and enhancement of incident response capabilities to minimize the impact of future incidents. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery SOC_2023 CC7.5 SOC_2023_CC7.5 SOC 2023 CC7.5 Ensure prompt restoration of normal operations, mitigation of residual risks, and enhancement of incident response capabilities to minimize the impact of future incidents. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1dc2fc00-2245-4143-99f4-874c937f13ef Azure API Management platform version should be stv2 API Management SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
56fd377d-098c-4f02-8406-81eb055902b8 IP firewall rules on Azure Synapse workspaces should be removed Synapse SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6b2122c1-8120-4ff5-801b-17625a355590 Azure Arc enabled Kubernetes clusters should have the Azure Policy extension installed Kubernetes SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d46c275d-1680-448d-b2ec-e495a3b6cc89 Kubernetes cluster services should only use allowed external IPs Kubernetes SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring SOC_2023 CC8.1 SOC_2023_CC8.1 SOC 2023 CC8.1 Minimise risks, ensure quality, optimise efficiency, and enhance resilience in the face of change. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault SOC_2023 CC9.1 SOC_2023_CC9.1 SOC 2023 CC9.1 Enhance resilience and ensure continuity of critical operations in the face of adverse events or threats. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault SOC_2023 CC9.1 SOC_2023_CC9.1 SOC 2023 CC9.1 Enhance resilience and ensure continuity of critical operations in the face of adverse events or threats. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage SOC_2023 CC9.1 SOC_2023_CC9.1 SOC 2023 CC9.1 Enhance resilience and ensure continuity of critical operations in the face of adverse events or threats. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance SOC_2023 CC9.1 SOC_2023_CC9.1 SOC 2023 CC9.1 Enhance resilience and ensure continuity of critical operations in the face of adverse events or threats. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault SOC_2023 CC9.1 SOC_2023_CC9.1 SOC 2023 CC9.1 Enhance resilience and ensure continuity of critical operations in the face of adverse events or threats. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault SOC_2023 CC9.1 SOC_2023_CC9.1 SOC 2023 CC9.1 Enhance resilience and ensure continuity of critical operations in the face of adverse events or threats. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL SOC_2023 CC9.1 SOC_2023_CC9.1 SOC 2023 CC9.1 Enhance resilience and ensure continuity of critical operations in the face of adverse events or threats. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL SOC_2023 CC9.1 SOC_2023_CC9.1 SOC 2023 CC9.1 Enhance resilience and ensure continuity of critical operations in the face of adverse events or threats. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault SOC_2023 CC9.1 SOC_2023_CC9.1 SOC 2023 CC9.1 Enhance resilience and ensure continuity of critical operations in the face of adverse events or threats. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration SOC_2023 CC9.1 SOC_2023_CC9.1 SOC 2023 CC9.1 Enhance resilience and ensure continuity of critical operations in the face of adverse events or threats. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics SOC_2023 CC9.1 SOC_2023_CC9.1 SOC 2023 CC9.1 Enhance resilience and ensure continuity of critical operations in the face of adverse events or threats. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ab6a902f-9493-453b-928d-62c30b11b5a6 Function apps should have Client Certificates (Incoming client certificates) enabled App Service SOC_2023 CC9.1 SOC_2023_CC9.1 SOC 2023 CC9.1 Enhance resilience and ensure continuity of critical operations in the face of adverse events or threats. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute SOC_2023 CC9.1 SOC_2023_CC9.1 SOC 2023 CC9.1 Enhance resilience and ensure continuity of critical operations in the face of adverse events or threats. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute SOC_2023 CC9.1 SOC_2023_CC9.1 SOC 2023 CC9.1 Enhance resilience and ensure continuity of critical operations in the face of adverse events or threats. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation SOC_2023 CC9.1 SOC_2023_CC9.1 SOC 2023 CC9.1 Enhance resilience and ensure continuity of critical operations in the face of adverse events or threats. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center SOC_2023 CC9.1 SOC_2023_CC9.1 SOC 2023 CC9.1 Enhance resilience and ensure continuity of critical operations in the face of adverse events or threats. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage SOC_2023 CC9.1 SOC_2023_CC9.1 SOC 2023 CC9.1 Enhance resilience and ensure continuity of critical operations in the face of adverse events or threats. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things SOC_2023 CC9.1 SOC_2023_CC9.1 SOC 2023 CC9.1 Enhance resilience and ensure continuity of critical operations in the face of adverse events or threats. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center SOC_2023 CC9.2 SOC_2023_CC9.2 SOC 2023 CC9.2 Ensure effective risk management throughout the supply chain and business ecosystem. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring SOC_2023 CM_8b SOC_2023_CM_8b 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring SOC_2023 CM_8b SOC_2023_CM_8b 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center SOC_2023 CM_8b SOC_2023_CM_8b 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network SOC_2023 CM_8b SOC_2023_CM_8b 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring SOC_2023 CM_8b SOC_2023_CM_8b 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute SOC_2023 CM_8b SOC_2023_CM_8b 404 not found SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
d46c275d-1680-448d-b2ec-e495a3b6cc89 Kubernetes cluster services should only use allowed external IPs Kubernetes SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
56fd377d-098c-4f02-8406-81eb055902b8 IP firewall rules on Azure Synapse workspaces should be removed Synapse SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning SOC_2023 PI1.3 SOC_2023_PI1.3 SOC 2023 PI1.3 Enhance efficiency, accuracy, and compliance with organizational standards and regulatory requirements with regards to system processing to result in products, services, and reporting to meet the entity’s objectives. SOC 2023 (53ad89f5-8542-49e9-ba81-1cbd686e0d52)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d46c275d-1680-448d-b2ec-e495a3b6cc89 Kubernetes cluster services should only use allowed external IPs Kubernetes SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
35f9c03a-cc27-418e-9c0c-539ff999d010 Gateway subnets should not be configured with a network security group Network SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
f1776c76-f58c-4245-a8d0-2b207198dc8b Virtual networks should use specified virtual network gateway Network SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities Kubernetes SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
56fd377d-098c-4f02-8406-81eb055902b8 IP firewall rules on Azure Synapse workspaces should be removed Synapse SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network SWIFT_CSCF_2024 1.1 SWIFT_CSCF_2024_1.1 SWIFT Customer Security Controls Framework 2024 1.1 Swift Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus SWIFT_CSCF_2024 1.2 SWIFT_CSCF_2024_1.2 SWIFT Customer Security Controls Framework 2024 1.2 Operating System Privileged Account Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network SWIFT_CSCF_2024 1.3 SWIFT_CSCF_2024_1.3 SWIFT Customer Security Controls Framework 2024 1.3 Virtualisation or Cloud Platform Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network SWIFT_CSCF_2024 1.3 SWIFT_CSCF_2024_1.3 SWIFT Customer Security Controls Framework 2024 1.3 Virtualisation or Cloud Platform Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes SWIFT_CSCF_2024 1.3 SWIFT_CSCF_2024_1.3 SWIFT Customer Security Controls Framework 2024 1.3 Virtualisation or Cloud Platform Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center SWIFT_CSCF_2024 1.3 SWIFT_CSCF_2024_1.3 SWIFT Customer Security Controls Framework 2024 1.3 Virtualisation or Cloud Platform Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center SWIFT_CSCF_2024 1.3 SWIFT_CSCF_2024_1.3 SWIFT Customer Security Controls Framework 2024 1.3 Virtualisation or Cloud Platform Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network SWIFT_CSCF_2024 1.3 SWIFT_CSCF_2024_1.3 SWIFT Customer Security Controls Framework 2024 1.3 Virtualisation or Cloud Platform Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center SWIFT_CSCF_2024 1.3 SWIFT_CSCF_2024_1.3 SWIFT Customer Security Controls Framework 2024 1.3 Virtualisation or Cloud Platform Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
f1776c76-f58c-4245-a8d0-2b207198dc8b Virtual networks should use specified virtual network gateway Network SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
35f9c03a-cc27-418e-9c0c-539ff999d010 Gateway subnets should not be configured with a network security group Network SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage SWIFT_CSCF_2024 1.5 SWIFT_CSCF_2024_1.5 SWIFT Customer Security Controls Framework 2024 1.5 Customer Environment Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things SWIFT_CSCF_2024 10.1 SWIFT_CSCF_2024_10.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration SWIFT_CSCF_2024 11.2 SWIFT_CSCF_2024_11.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB SWIFT_CSCF_2024 11.2 SWIFT_CSCF_2024_11.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring SWIFT_CSCF_2024 11.2 SWIFT_CSCF_2024_11.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault SWIFT_CSCF_2024 11.2 SWIFT_CSCF_2024_11.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault SWIFT_CSCF_2024 11.2 SWIFT_CSCF_2024_11.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub SWIFT_CSCF_2024 11.2 SWIFT_CSCF_2024_11.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration SWIFT_CSCF_2024 11.2 SWIFT_CSCF_2024_11.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL SWIFT_CSCF_2024 11.2 SWIFT_CSCF_2024_11.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration SWIFT_CSCF_2024 11.2 SWIFT_CSCF_2024_11.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration SWIFT_CSCF_2024 11.2 SWIFT_CSCF_2024_11.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring SWIFT_CSCF_2024 11.2 SWIFT_CSCF_2024_11.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning SWIFT_CSCF_2024 11.2 SWIFT_CSCF_2024_11.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault SWIFT_CSCF_2024 11.2 SWIFT_CSCF_2024_11.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration SWIFT_CSCF_2024 11.2 SWIFT_CSCF_2024_11.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration SWIFT_CSCF_2024 11.2 SWIFT_CSCF_2024_11.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage SWIFT_CSCF_2024 11.2 SWIFT_CSCF_2024_11.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service SWIFT_CSCF_2024 11.2 SWIFT_CSCF_2024_11.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration SWIFT_CSCF_2024 11.2 SWIFT_CSCF_2024_11.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration SWIFT_CSCF_2024 11.2 SWIFT_CSCF_2024_11.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring SWIFT_CSCF_2024 11.2 SWIFT_CSCF_2024_11.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration SWIFT_CSCF_2024 11.2 SWIFT_CSCF_2024_11.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration SWIFT_CSCF_2024 11.2 SWIFT_CSCF_2024_11.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring SWIFT_CSCF_2024 11.2 SWIFT_CSCF_2024_11.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center SWIFT_CSCF_2024 11.2 SWIFT_CSCF_2024_11.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration SWIFT_CSCF_2024 11.2 SWIFT_CSCF_2024_11.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration SWIFT_CSCF_2024 11.2 SWIFT_CSCF_2024_11.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center SWIFT_CSCF_2024 11.3 SWIFT_CSCF_2024_11.3 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center SWIFT_CSCF_2024 11.3 SWIFT_CSCF_2024_11.3 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance SWIFT_CSCF_2024 2.1 SWIFT_CSCF_2024_2.1 SWIFT Customer Security Controls Framework 2024 2.1 Internal Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center SWIFT_CSCF_2024 2.2 SWIFT_CSCF_2024_2.2 SWIFT Customer Security Controls Framework 2024 2.2 Security Updates SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center SWIFT_CSCF_2024 2.2 SWIFT_CSCF_2024_2.2 SWIFT Customer Security Controls Framework 2024 2.2 Security Updates SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center SWIFT_CSCF_2024 2.2 SWIFT_CSCF_2024_2.2 SWIFT Customer Security Controls Framework 2024 2.2 Security Updates SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL SWIFT_CSCF_2024 2.2 SWIFT_CSCF_2024_2.2 SWIFT Customer Security Controls Framework 2024 2.2 Security Updates SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes SWIFT_CSCF_2024 2.2 SWIFT_CSCF_2024_2.2 SWIFT Customer Security Controls Framework 2024 2.2 Security Updates SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute SWIFT_CSCF_2024 2.2 SWIFT_CSCF_2024_2.2 SWIFT Customer Security Controls Framework 2024 2.2 Security Updates SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute SWIFT_CSCF_2024 2.2 SWIFT_CSCF_2024_2.2 SWIFT Customer Security Controls Framework 2024 2.2 Security Updates SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse SWIFT_CSCF_2024 2.2 SWIFT_CSCF_2024_2.2 SWIFT Customer Security Controls Framework 2024 2.2 Security Updates SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL SWIFT_CSCF_2024 2.2 SWIFT_CSCF_2024_2.2 SWIFT Customer Security Controls Framework 2024 2.2 Security Updates SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center SWIFT_CSCF_2024 2.2 SWIFT_CSCF_2024_2.2 SWIFT Customer Security Controls Framework 2024 2.2 Security Updates SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center SWIFT_CSCF_2024 2.2 SWIFT_CSCF_2024_2.2 SWIFT Customer Security Controls Framework 2024 2.2 Security Updates SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center SWIFT_CSCF_2024 2.2 SWIFT_CSCF_2024_2.2 SWIFT Customer Security Controls Framework 2024 2.2 Security Updates SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center SWIFT_CSCF_2024 2.2 SWIFT_CSCF_2024_2.2 SWIFT Customer Security Controls Framework 2024 2.2 Security Updates SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center SWIFT_CSCF_2024 2.2 SWIFT_CSCF_2024_2.2 SWIFT Customer Security Controls Framework 2024 2.2 Security Updates SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager SWIFT_CSCF_2024 2.2 SWIFT_CSCF_2024_2.2 SWIFT Customer Security Controls Framework 2024 2.2 Security Updates SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center SWIFT_CSCF_2024 2.2 SWIFT_CSCF_2024_2.2 SWIFT Customer Security Controls Framework 2024 2.2 Security Updates SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring SWIFT_CSCF_2024 2.2 SWIFT_CSCF_2024_2.2 SWIFT Customer Security Controls Framework 2024 2.2 Security Updates SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning SWIFT_CSCF_2024 2.2 SWIFT_CSCF_2024_2.2 SWIFT Customer Security Controls Framework 2024 2.2 Security Updates SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center SWIFT_CSCF_2024 2.2 SWIFT_CSCF_2024_2.2 SWIFT Customer Security Controls Framework 2024 2.2 Security Updates SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL SWIFT_CSCF_2024 2.2 SWIFT_CSCF_2024_2.2 SWIFT Customer Security Controls Framework 2024 2.2 Security Updates SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center SWIFT_CSCF_2024 2.2 SWIFT_CSCF_2024_2.2 SWIFT Customer Security Controls Framework 2024 2.2 Security Updates SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center SWIFT_CSCF_2024 2.2 SWIFT_CSCF_2024_2.2 SWIFT Customer Security Controls Framework 2024 2.2 Security Updates SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center SWIFT_CSCF_2024 2.2 SWIFT_CSCF_2024_2.2 SWIFT Customer Security Controls Framework 2024 2.2 Security Updates SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration SWIFT_CSCF_2024 2.3 SWIFT_CSCF_2024_2.3 SWIFT Customer Security Controls Framework 2024 2.3 System Hardening SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute SWIFT_CSCF_2024 2.3 SWIFT_CSCF_2024_2.3 SWIFT Customer Security Controls Framework 2024 2.3 System Hardening SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center SWIFT_CSCF_2024 2.3 SWIFT_CSCF_2024_2.3 SWIFT Customer Security Controls Framework 2024 2.3 System Hardening SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration SWIFT_CSCF_2024 2.4A SWIFT_CSCF_2024_2.4A SWIFT Customer Security Controls Framework 2024 2.4A Back Office Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer SWIFT_CSCF_2024 2.4A SWIFT_CSCF_2024_2.4A SWIFT Customer Security Controls Framework 2024 2.4A Back Office Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration SWIFT_CSCF_2024 2.4A SWIFT_CSCF_2024_2.4A SWIFT Customer Security Controls Framework 2024 2.4A Back Office Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL SWIFT_CSCF_2024 2.4A SWIFT_CSCF_2024_2.4A SWIFT Customer Security Controls Framework 2024 2.4A Back Office Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL SWIFT_CSCF_2024 2.4A SWIFT_CSCF_2024_2.4A SWIFT Customer Security Controls Framework 2024 2.4A Back Office Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network SWIFT_CSCF_2024 2.4A SWIFT_CSCF_2024_2.4A SWIFT Customer Security Controls Framework 2024 2.4A Back Office Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL SWIFT_CSCF_2024 2.4A SWIFT_CSCF_2024_2.4A SWIFT Customer Security Controls Framework 2024 2.4A Back Office Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL SWIFT_CSCF_2024 2.4A SWIFT_CSCF_2024_2.4A SWIFT Customer Security Controls Framework 2024 2.4A Back Office Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer SWIFT_CSCF_2024 2.4A SWIFT_CSCF_2024_2.4A SWIFT Customer Security Controls Framework 2024 2.4A Back Office Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance SWIFT_CSCF_2024 2.4A SWIFT_CSCF_2024_2.4A SWIFT Customer Security Controls Framework 2024 2.4A Back Office Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault SWIFT_CSCF_2024 2.4A SWIFT_CSCF_2024_2.4A SWIFT Customer Security Controls Framework 2024 2.4A Back Office Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache SWIFT_CSCF_2024 2.4A SWIFT_CSCF_2024_2.4A SWIFT Customer Security Controls Framework 2024 2.4A Back Office Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation SWIFT_CSCF_2024 2.4A SWIFT_CSCF_2024_2.4A SWIFT Customer Security Controls Framework 2024 2.4A Back Office Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute SWIFT_CSCF_2024 2.4A SWIFT_CSCF_2024_2.4A SWIFT Customer Security Controls Framework 2024 2.4A Back Office Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage SWIFT_CSCF_2024 2.4A SWIFT_CSCF_2024_2.4A SWIFT Customer Security Controls Framework 2024 2.4A Back Office Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute SWIFT_CSCF_2024 2.4A SWIFT_CSCF_2024_2.4A SWIFT Customer Security Controls Framework 2024 2.4A Back Office Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration SWIFT_CSCF_2024 2.4A SWIFT_CSCF_2024_2.4A SWIFT Customer Security Controls Framework 2024 2.4A Back Office Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault SWIFT_CSCF_2024 2.4A SWIFT_CSCF_2024_2.4A SWIFT Customer Security Controls Framework 2024 2.4A Back Office Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL SWIFT_CSCF_2024 2.4A SWIFT_CSCF_2024_2.4A SWIFT Customer Security Controls Framework 2024 2.4A Back Office Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center SWIFT_CSCF_2024 2.4A SWIFT_CSCF_2024_2.4A SWIFT Customer Security Controls Framework 2024 2.4A Back Office Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL SWIFT_CSCF_2024 2.4A SWIFT_CSCF_2024_2.4A SWIFT Customer Security Controls Framework 2024 2.4A Back Office Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL SWIFT_CSCF_2024 2.4A SWIFT_CSCF_2024_2.4A SWIFT Customer Security Controls Framework 2024 2.4A Back Office Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL SWIFT_CSCF_2024 2.4A SWIFT_CSCF_2024_2.4A SWIFT Customer Security Controls Framework 2024 2.4A Back Office Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics SWIFT_CSCF_2024 2.4A SWIFT_CSCF_2024_2.4A SWIFT Customer Security Controls Framework 2024 2.4A Back Office Data Flow Security SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup SWIFT_CSCF_2024 2.6 SWIFT_CSCF_2024_2.6 SWIFT Customer Security Controls Framework 2024 2.6 Operator Session Confidentiality and Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center SWIFT_CSCF_2024 2.6 SWIFT_CSCF_2024_2.6 SWIFT Customer Security Controls Framework 2024 2.6 Operator Session Confidentiality and Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache SWIFT_CSCF_2024 2.6 SWIFT_CSCF_2024_2.6 SWIFT Customer Security Controls Framework 2024 2.6 Operator Session Confidentiality and Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache SWIFT_CSCF_2024 2.6 SWIFT_CSCF_2024_2.6 SWIFT Customer Security Controls Framework 2024 2.6 Operator Session Confidentiality and Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub SWIFT_CSCF_2024 2.6 SWIFT_CSCF_2024_2.6 SWIFT Customer Security Controls Framework 2024 2.6 Operator Session Confidentiality and Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services SWIFT_CSCF_2024 2.6 SWIFT_CSCF_2024_2.6 SWIFT Customer Security Controls Framework 2024 2.6 Operator Session Confidentiality and Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR SWIFT_CSCF_2024 2.6 SWIFT_CSCF_2024_2.6 SWIFT Customer Security Controls Framework 2024 2.6 Operator Session Confidentiality and Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery SWIFT_CSCF_2024 2.6 SWIFT_CSCF_2024_2.6 SWIFT Customer Security Controls Framework 2024 2.6 Operator Session Confidentiality and Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL SWIFT_CSCF_2024 2.6 SWIFT_CSCF_2024_2.6 SWIFT Customer Security Controls Framework 2024 2.6 Operator Session Confidentiality and Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL SWIFT_CSCF_2024 2.6 SWIFT_CSCF_2024_2.6 SWIFT Customer Security Controls Framework 2024 2.6 Operator Session Confidentiality and Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service SWIFT_CSCF_2024 2.6 SWIFT_CSCF_2024_2.6 SWIFT Customer Security Controls Framework 2024 2.6 Operator Session Confidentiality and Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network SWIFT_CSCF_2024 2.6 SWIFT_CSCF_2024_2.6 SWIFT Customer Security Controls Framework 2024 2.6 Operator Session Confidentiality and Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center SWIFT_CSCF_2024 2.7 SWIFT_CSCF_2024_2.7 SWIFT Customer Security Controls Framework 2024 2.7 Vulnerability Scanning SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center SWIFT_CSCF_2024 2.7 SWIFT_CSCF_2024_2.7 SWIFT Customer Security Controls Framework 2024 2.7 Vulnerability Scanning SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB SWIFT_CSCF_2024 2.7 SWIFT_CSCF_2024_2.7 SWIFT Customer Security Controls Framework 2024 2.7 Vulnerability Scanning SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center SWIFT_CSCF_2024 2.7 SWIFT_CSCF_2024_2.7 SWIFT Customer Security Controls Framework 2024 2.7 Vulnerability Scanning SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes SWIFT_CSCF_2024 2.7 SWIFT_CSCF_2024_2.7 SWIFT Customer Security Controls Framework 2024 2.7 Vulnerability Scanning SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL SWIFT_CSCF_2024 2.7 SWIFT_CSCF_2024_2.7 SWIFT Customer Security Controls Framework 2024 2.7 Vulnerability Scanning SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes SWIFT_CSCF_2024 2.7 SWIFT_CSCF_2024_2.7 SWIFT Customer Security Controls Framework 2024 2.7 Vulnerability Scanning SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center SWIFT_CSCF_2024 2.7 SWIFT_CSCF_2024_2.7 SWIFT Customer Security Controls Framework 2024 2.7 Vulnerability Scanning SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center SWIFT_CSCF_2024 2.7 SWIFT_CSCF_2024_2.7 SWIFT Customer Security Controls Framework 2024 2.7 Vulnerability Scanning SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center SWIFT_CSCF_2024 2.7 SWIFT_CSCF_2024_2.7 SWIFT Customer Security Controls Framework 2024 2.7 Vulnerability Scanning SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL SWIFT_CSCF_2024 2.7 SWIFT_CSCF_2024_2.7 SWIFT Customer Security Controls Framework 2024 2.7 Vulnerability Scanning SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center SWIFT_CSCF_2024 2.7 SWIFT_CSCF_2024_2.7 SWIFT Customer Security Controls Framework 2024 2.7 Vulnerability Scanning SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center SWIFT_CSCF_2024 2.7 SWIFT_CSCF_2024_2.7 SWIFT Customer Security Controls Framework 2024 2.7 Vulnerability Scanning SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center SWIFT_CSCF_2024 2.7 SWIFT_CSCF_2024_2.7 SWIFT Customer Security Controls Framework 2024 2.7 Vulnerability Scanning SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center SWIFT_CSCF_2024 2.7 SWIFT_CSCF_2024_2.7 SWIFT Customer Security Controls Framework 2024 2.7 Vulnerability Scanning SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center SWIFT_CSCF_2024 2.7 SWIFT_CSCF_2024_2.7 SWIFT Customer Security Controls Framework 2024 2.7 Vulnerability Scanning SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring SWIFT_CSCF_2024 2.9 SWIFT_CSCF_2024_2.9 SWIFT Customer Security Controls Framework 2024 2.9 Transaction Business Controls SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center SWIFT_CSCF_2024 2.9 SWIFT_CSCF_2024_2.9 SWIFT Customer Security Controls Framework 2024 2.9 Transaction Business Controls SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network SWIFT_CSCF_2024 2.9 SWIFT_CSCF_2024_2.9 SWIFT Customer Security Controls Framework 2024 2.9 Transaction Business Controls SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center SWIFT_CSCF_2024 2.9 SWIFT_CSCF_2024_2.9 SWIFT Customer Security Controls Framework 2024 2.9 Transaction Business Controls SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes SWIFT_CSCF_2024 2.9 SWIFT_CSCF_2024_2.9 SWIFT Customer Security Controls Framework 2024 2.9 Transaction Business Controls SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring SWIFT_CSCF_2024 2.9 SWIFT_CSCF_2024_2.9 SWIFT Customer Security Controls Framework 2024 2.9 Transaction Business Controls SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center SWIFT_CSCF_2024 2.9 SWIFT_CSCF_2024_2.9 SWIFT Customer Security Controls Framework 2024 2.9 Transaction Business Controls SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes SWIFT_CSCF_2024 2.9 SWIFT_CSCF_2024_2.9 SWIFT Customer Security Controls Framework 2024 2.9 Transaction Business Controls SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL SWIFT_CSCF_2024 2.9 SWIFT_CSCF_2024_2.9 SWIFT Customer Security Controls Framework 2024 2.9 Transaction Business Controls SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring SWIFT_CSCF_2024 2.9 SWIFT_CSCF_2024_2.9 SWIFT Customer Security Controls Framework 2024 2.9 Transaction Business Controls SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring SWIFT_CSCF_2024 2.9 SWIFT_CSCF_2024_2.9 SWIFT Customer Security Controls Framework 2024 2.9 Transaction Business Controls SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center SWIFT_CSCF_2024 2.9 SWIFT_CSCF_2024_2.9 SWIFT Customer Security Controls Framework 2024 2.9 Transaction Business Controls SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center SWIFT_CSCF_2024 2.9 SWIFT_CSCF_2024_2.9 SWIFT Customer Security Controls Framework 2024 2.9 Transaction Business Controls SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring SWIFT_CSCF_2024 2.9 SWIFT_CSCF_2024_2.9 SWIFT Customer Security Controls Framework 2024 2.9 Transaction Business Controls SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute SWIFT_CSCF_2024 2.9 SWIFT_CSCF_2024_2.9 SWIFT Customer Security Controls Framework 2024 2.9 Transaction Business Controls SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center SWIFT_CSCF_2024 2.9 SWIFT_CSCF_2024_2.9 SWIFT Customer Security Controls Framework 2024 2.9 Transaction Business Controls SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center SWIFT_CSCF_2024 2.9 SWIFT_CSCF_2024_2.9 SWIFT Customer Security Controls Framework 2024 2.9 Transaction Business Controls SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center SWIFT_CSCF_2024 2.9 SWIFT_CSCF_2024_2.9 SWIFT Customer Security Controls Framework 2024 2.9 Transaction Business Controls SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring SWIFT_CSCF_2024 2.9 SWIFT_CSCF_2024_2.9 SWIFT Customer Security Controls Framework 2024 2.9 Transaction Business Controls SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring SWIFT_CSCF_2024 2.9 SWIFT_CSCF_2024_2.9 SWIFT Customer Security Controls Framework 2024 2.9 Transaction Business Controls SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring SWIFT_CSCF_2024 2.9 SWIFT_CSCF_2024_2.9 SWIFT Customer Security Controls Framework 2024 2.9 Transaction Business Controls SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring SWIFT_CSCF_2024 2.9 SWIFT_CSCF_2024_2.9 SWIFT Customer Security Controls Framework 2024 2.9 Transaction Business Controls SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring SWIFT_CSCF_2024 2.9 SWIFT_CSCF_2024_2.9 SWIFT Customer Security Controls Framework 2024 2.9 Transaction Business Controls SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network SWIFT_CSCF_2024 2.9 SWIFT_CSCF_2024_2.9 SWIFT Customer Security Controls Framework 2024 2.9 Transaction Business Controls SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring SWIFT_CSCF_2024 2.9 SWIFT_CSCF_2024_2.9 SWIFT Customer Security Controls Framework 2024 2.9 Transaction Business Controls SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB SWIFT_CSCF_2024 4.1 SWIFT_CSCF_2024_4.1 SWIFT Customer Security Controls Framework 2024 4.1 Password Policy SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration SWIFT_CSCF_2024 4.1 SWIFT_CSCF_2024_4.1 SWIFT Customer Security Controls Framework 2024 4.1 Password Policy SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service SWIFT_CSCF_2024 4.1 SWIFT_CSCF_2024_4.1 SWIFT Customer Security Controls Framework 2024 4.1 Password Policy SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration SWIFT_CSCF_2024 4.1 SWIFT_CSCF_2024_4.1 SWIFT Customer Security Controls Framework 2024 4.1 Password Policy SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL SWIFT_CSCF_2024 4.1 SWIFT_CSCF_2024_4.1 SWIFT Customer Security Controls Framework 2024 4.1 Password Policy SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service SWIFT_CSCF_2024 4.1 SWIFT_CSCF_2024_4.1 SWIFT Customer Security Controls Framework 2024 4.1 Password Policy SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration SWIFT_CSCF_2024 4.1 SWIFT_CSCF_2024_4.1 SWIFT Customer Security Controls Framework 2024 4.1 Password Policy SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL SWIFT_CSCF_2024 4.2 SWIFT_CSCF_2024_4.2 SWIFT Customer Security Controls Framework 2024 4.2 Multi-Factor Authentication SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage SWIFT_CSCF_2024 4.2 SWIFT_CSCF_2024_4.2 SWIFT Customer Security Controls Framework 2024 4.2 Multi-Factor Authentication SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network SWIFT_CSCF_2024 4.2 SWIFT_CSCF_2024_4.2 SWIFT Customer Security Controls Framework 2024 4.2 Multi-Factor Authentication SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration SWIFT_CSCF_2024 4.2 SWIFT_CSCF_2024_4.2 SWIFT Customer Security Controls Framework 2024 4.2 Multi-Factor Authentication SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes SWIFT_CSCF_2024 4.2 SWIFT_CSCF_2024_4.2 SWIFT Customer Security Controls Framework 2024 4.2 Multi-Factor Authentication SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL SWIFT_CSCF_2024 4.2 SWIFT_CSCF_2024_4.2 SWIFT Customer Security Controls Framework 2024 4.2 Multi-Factor Authentication SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB SWIFT_CSCF_2024 4.2 SWIFT_CSCF_2024_4.2 SWIFT Customer Security Controls Framework 2024 4.2 Multi-Factor Authentication SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL SWIFT_CSCF_2024 4.2 SWIFT_CSCF_2024_4.2 SWIFT Customer Security Controls Framework 2024 4.2 Multi-Factor Authentication SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL SWIFT_CSCF_2024 4.2 SWIFT_CSCF_2024_4.2 SWIFT Customer Security Controls Framework 2024 4.2 Multi-Factor Authentication SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse SWIFT_CSCF_2024 4.2 SWIFT_CSCF_2024_4.2 SWIFT Customer Security Controls Framework 2024 4.2 Multi-Factor Authentication SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault SWIFT_CSCF_2024 4.2 SWIFT_CSCF_2024_4.2 SWIFT Customer Security Controls Framework 2024 4.2 Multi-Factor Authentication SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration SWIFT_CSCF_2024 5.1 SWIFT_CSCF_2024_5.1 SWIFT Customer Security Controls Framework 2024 5.1 Logical Access Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault SWIFT_CSCF_2024 5.1 SWIFT_CSCF_2024_5.1 SWIFT Customer Security Controls Framework 2024 5.1 Logical Access Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration SWIFT_CSCF_2024 5.1 SWIFT_CSCF_2024_5.1 SWIFT Customer Security Controls Framework 2024 5.1 Logical Access Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring SWIFT_CSCF_2024 5.1 SWIFT_CSCF_2024_5.1 SWIFT Customer Security Controls Framework 2024 5.1 Logical Access Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring SWIFT_CSCF_2024 5.1 SWIFT_CSCF_2024_5.1 SWIFT Customer Security Controls Framework 2024 5.1 Logical Access Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB SWIFT_CSCF_2024 5.1 SWIFT_CSCF_2024_5.1 SWIFT Customer Security Controls Framework 2024 5.1 Logical Access Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault SWIFT_CSCF_2024 5.1 SWIFT_CSCF_2024_5.1 SWIFT Customer Security Controls Framework 2024 5.1 Logical Access Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub SWIFT_CSCF_2024 5.1 SWIFT_CSCF_2024_5.1 SWIFT Customer Security Controls Framework 2024 5.1 Logical Access Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration SWIFT_CSCF_2024 5.1 SWIFT_CSCF_2024_5.1 SWIFT Customer Security Controls Framework 2024 5.1 Logical Access Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration SWIFT_CSCF_2024 5.1 SWIFT_CSCF_2024_5.1 SWIFT Customer Security Controls Framework 2024 5.1 Logical Access Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration SWIFT_CSCF_2024 5.1 SWIFT_CSCF_2024_5.1 SWIFT Customer Security Controls Framework 2024 5.1 Logical Access Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring SWIFT_CSCF_2024 5.1 SWIFT_CSCF_2024_5.1 SWIFT Customer Security Controls Framework 2024 5.1 Logical Access Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center SWIFT_CSCF_2024 5.1 SWIFT_CSCF_2024_5.1 SWIFT Customer Security Controls Framework 2024 5.1 Logical Access Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration SWIFT_CSCF_2024 5.1 SWIFT_CSCF_2024_5.1 SWIFT Customer Security Controls Framework 2024 5.1 Logical Access Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service SWIFT_CSCF_2024 5.1 SWIFT_CSCF_2024_5.1 SWIFT Customer Security Controls Framework 2024 5.1 Logical Access Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring SWIFT_CSCF_2024 5.1 SWIFT_CSCF_2024_5.1 SWIFT Customer Security Controls Framework 2024 5.1 Logical Access Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault SWIFT_CSCF_2024 5.1 SWIFT_CSCF_2024_5.1 SWIFT Customer Security Controls Framework 2024 5.1 Logical Access Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL SWIFT_CSCF_2024 5.1 SWIFT_CSCF_2024_5.1 SWIFT Customer Security Controls Framework 2024 5.1 Logical Access Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration SWIFT_CSCF_2024 5.1 SWIFT_CSCF_2024_5.1 SWIFT Customer Security Controls Framework 2024 5.1 Logical Access Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning SWIFT_CSCF_2024 5.1 SWIFT_CSCF_2024_5.1 SWIFT Customer Security Controls Framework 2024 5.1 Logical Access Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration SWIFT_CSCF_2024 5.1 SWIFT_CSCF_2024_5.1 SWIFT Customer Security Controls Framework 2024 5.1 Logical Access Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration SWIFT_CSCF_2024 5.1 SWIFT_CSCF_2024_5.1 SWIFT Customer Security Controls Framework 2024 5.1 Logical Access Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage SWIFT_CSCF_2024 5.1 SWIFT_CSCF_2024_5.1 SWIFT Customer Security Controls Framework 2024 5.1 Logical Access Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration SWIFT_CSCF_2024 5.1 SWIFT_CSCF_2024_5.1 SWIFT Customer Security Controls Framework 2024 5.1 Logical Access Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration SWIFT_CSCF_2024 5.1 SWIFT_CSCF_2024_5.1 SWIFT Customer Security Controls Framework 2024 5.1 Logical Access Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration SWIFT_CSCF_2024 5.1 SWIFT_CSCF_2024_5.1 SWIFT Customer Security Controls Framework 2024 5.1 Logical Access Control SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB SWIFT_CSCF_2024 5.2 SWIFT_CSCF_2024_5.2 SWIFT Customer Security Controls Framework 2024 5.2 Token Management SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service SWIFT_CSCF_2024 5.2 SWIFT_CSCF_2024_5.2 SWIFT Customer Security Controls Framework 2024 5.2 Token Management SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration SWIFT_CSCF_2024 5.2 SWIFT_CSCF_2024_5.2 SWIFT Customer Security Controls Framework 2024 5.2 Token Management SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration SWIFT_CSCF_2024 5.2 SWIFT_CSCF_2024_5.2 SWIFT Customer Security Controls Framework 2024 5.2 Token Management SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL SWIFT_CSCF_2024 5.2 SWIFT_CSCF_2024_5.2 SWIFT Customer Security Controls Framework 2024 5.2 Token Management SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service SWIFT_CSCF_2024 5.2 SWIFT_CSCF_2024_5.2 SWIFT Customer Security Controls Framework 2024 5.2 Token Management SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration SWIFT_CSCF_2024 5.2 SWIFT_CSCF_2024_5.2 SWIFT Customer Security Controls Framework 2024 5.2 Token Management SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service SWIFT_CSCF_2024 5.4 SWIFT_CSCF_2024_5.4 SWIFT Customer Security Controls Framework 2024 5.4 Password Repository Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL SWIFT_CSCF_2024 5.4 SWIFT_CSCF_2024_5.4 SWIFT Customer Security Controls Framework 2024 5.4 Password Repository Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB SWIFT_CSCF_2024 5.4 SWIFT_CSCF_2024_5.4 SWIFT Customer Security Controls Framework 2024 5.4 Password Repository Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration SWIFT_CSCF_2024 5.4 SWIFT_CSCF_2024_5.4 SWIFT Customer Security Controls Framework 2024 5.4 Password Repository Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service SWIFT_CSCF_2024 5.4 SWIFT_CSCF_2024_5.4 SWIFT Customer Security Controls Framework 2024 5.4 Password Repository Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration SWIFT_CSCF_2024 5.4 SWIFT_CSCF_2024_5.4 SWIFT Customer Security Controls Framework 2024 5.4 Password Repository Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration SWIFT_CSCF_2024 5.4 SWIFT_CSCF_2024_5.4 SWIFT Customer Security Controls Framework 2024 5.4 Password Repository Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center SWIFT_CSCF_2024 6.1 SWIFT_CSCF_2024_6.1 SWIFT Customer Security Controls Framework 2024 6.1 Malware Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center SWIFT_CSCF_2024 6.1 SWIFT_CSCF_2024_6.1 SWIFT Customer Security Controls Framework 2024 6.1 Malware Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center SWIFT_CSCF_2024 6.1 SWIFT_CSCF_2024_6.1 SWIFT Customer Security Controls Framework 2024 6.1 Malware Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center SWIFT_CSCF_2024 6.1 SWIFT_CSCF_2024_6.1 SWIFT Customer Security Controls Framework 2024 6.1 Malware Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center SWIFT_CSCF_2024 6.1 SWIFT_CSCF_2024_6.1 SWIFT Customer Security Controls Framework 2024 6.1 Malware Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network SWIFT_CSCF_2024 6.1 SWIFT_CSCF_2024_6.1 SWIFT Customer Security Controls Framework 2024 6.1 Malware Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center SWIFT_CSCF_2024 6.1 SWIFT_CSCF_2024_6.1 SWIFT Customer Security Controls Framework 2024 6.1 Malware Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute SWIFT_CSCF_2024 6.1 SWIFT_CSCF_2024_6.1 SWIFT Customer Security Controls Framework 2024 6.1 Malware Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute SWIFT_CSCF_2024 6.1 SWIFT_CSCF_2024_6.1 SWIFT Customer Security Controls Framework 2024 6.1 Malware Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center SWIFT_CSCF_2024 6.1 SWIFT_CSCF_2024_6.1 SWIFT Customer Security Controls Framework 2024 6.1 Malware Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center SWIFT_CSCF_2024 6.1 SWIFT_CSCF_2024_6.1 SWIFT Customer Security Controls Framework 2024 6.1 Malware Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL SWIFT_CSCF_2024 6.1 SWIFT_CSCF_2024_6.1 SWIFT Customer Security Controls Framework 2024 6.1 Malware Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL SWIFT_CSCF_2024 6.1 SWIFT_CSCF_2024_6.1 SWIFT Customer Security Controls Framework 2024 6.1 Malware Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center SWIFT_CSCF_2024 6.1 SWIFT_CSCF_2024_6.1 SWIFT Customer Security Controls Framework 2024 6.1 Malware Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes SWIFT_CSCF_2024 6.1 SWIFT_CSCF_2024_6.1 SWIFT Customer Security Controls Framework 2024 6.1 Malware Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center SWIFT_CSCF_2024 6.1 SWIFT_CSCF_2024_6.1 SWIFT Customer Security Controls Framework 2024 6.1 Malware Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes SWIFT_CSCF_2024 6.1 SWIFT_CSCF_2024_6.1 SWIFT Customer Security Controls Framework 2024 6.1 Malware Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network SWIFT_CSCF_2024 6.1 SWIFT_CSCF_2024_6.1 SWIFT Customer Security Controls Framework 2024 6.1 Malware Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center SWIFT_CSCF_2024 6.1 SWIFT_CSCF_2024_6.1 SWIFT Customer Security Controls Framework 2024 6.1 Malware Protection SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center SWIFT_CSCF_2024 6.2 SWIFT_CSCF_2024_6.2 SWIFT Customer Security Controls Framework 2024 6.2 Software Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault SWIFT_CSCF_2024 6.2 SWIFT_CSCF_2024_6.2 SWIFT Customer Security Controls Framework 2024 6.2 Software Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes SWIFT_CSCF_2024 6.2 SWIFT_CSCF_2024_6.2 SWIFT Customer Security Controls Framework 2024 6.2 Software Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring SWIFT_CSCF_2024 6.2 SWIFT_CSCF_2024_6.2 SWIFT Customer Security Controls Framework 2024 6.2 Software Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault SWIFT_CSCF_2024 6.2 SWIFT_CSCF_2024_6.2 SWIFT Customer Security Controls Framework 2024 6.2 Software Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes SWIFT_CSCF_2024 6.2 SWIFT_CSCF_2024_6.2 SWIFT Customer Security Controls Framework 2024 6.2 Software Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center SWIFT_CSCF_2024 6.2 SWIFT_CSCF_2024_6.2 SWIFT Customer Security Controls Framework 2024 6.2 Software Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center SWIFT_CSCF_2024 6.2 SWIFT_CSCF_2024_6.2 SWIFT Customer Security Controls Framework 2024 6.2 Software Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center SWIFT_CSCF_2024 6.2 SWIFT_CSCF_2024_6.2 SWIFT Customer Security Controls Framework 2024 6.2 Software Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration SWIFT_CSCF_2024 6.2 SWIFT_CSCF_2024_6.2 SWIFT Customer Security Controls Framework 2024 6.2 Software Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center SWIFT_CSCF_2024 6.2 SWIFT_CSCF_2024_6.2 SWIFT Customer Security Controls Framework 2024 6.2 Software Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center SWIFT_CSCF_2024 6.2 SWIFT_CSCF_2024_6.2 SWIFT Customer Security Controls Framework 2024 6.2 Software Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault SWIFT_CSCF_2024 6.2 SWIFT_CSCF_2024_6.2 SWIFT Customer Security Controls Framework 2024 6.2 Software Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network SWIFT_CSCF_2024 6.2 SWIFT_CSCF_2024_6.2 SWIFT Customer Security Controls Framework 2024 6.2 Software Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault SWIFT_CSCF_2024 6.2 SWIFT_CSCF_2024_6.2 SWIFT Customer Security Controls Framework 2024 6.2 Software Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center SWIFT_CSCF_2024 6.2 SWIFT_CSCF_2024_6.2 SWIFT Customer Security Controls Framework 2024 6.2 Software Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center SWIFT_CSCF_2024 6.3 SWIFT_CSCF_2024_6.3 SWIFT Customer Security Controls Framework 2024 6.3 Database Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault SWIFT_CSCF_2024 6.3 SWIFT_CSCF_2024_6.3 SWIFT Customer Security Controls Framework 2024 6.3 Database Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault SWIFT_CSCF_2024 6.3 SWIFT_CSCF_2024_6.3 SWIFT Customer Security Controls Framework 2024 6.3 Database Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center SWIFT_CSCF_2024 6.3 SWIFT_CSCF_2024_6.3 SWIFT Customer Security Controls Framework 2024 6.3 Database Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault SWIFT_CSCF_2024 6.3 SWIFT_CSCF_2024_6.3 SWIFT Customer Security Controls Framework 2024 6.3 Database Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes SWIFT_CSCF_2024 6.3 SWIFT_CSCF_2024_6.3 SWIFT Customer Security Controls Framework 2024 6.3 Database Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center SWIFT_CSCF_2024 6.3 SWIFT_CSCF_2024_6.3 SWIFT Customer Security Controls Framework 2024 6.3 Database Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring SWIFT_CSCF_2024 6.3 SWIFT_CSCF_2024_6.3 SWIFT Customer Security Controls Framework 2024 6.3 Database Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault SWIFT_CSCF_2024 6.3 SWIFT_CSCF_2024_6.3 SWIFT Customer Security Controls Framework 2024 6.3 Database Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration SWIFT_CSCF_2024 6.3 SWIFT_CSCF_2024_6.3 SWIFT Customer Security Controls Framework 2024 6.3 Database Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center SWIFT_CSCF_2024 6.3 SWIFT_CSCF_2024_6.3 SWIFT Customer Security Controls Framework 2024 6.3 Database Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center SWIFT_CSCF_2024 6.3 SWIFT_CSCF_2024_6.3 SWIFT Customer Security Controls Framework 2024 6.3 Database Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center SWIFT_CSCF_2024 6.3 SWIFT_CSCF_2024_6.3 SWIFT Customer Security Controls Framework 2024 6.3 Database Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network SWIFT_CSCF_2024 6.3 SWIFT_CSCF_2024_6.3 SWIFT Customer Security Controls Framework 2024 6.3 Database Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center SWIFT_CSCF_2024 6.3 SWIFT_CSCF_2024_6.3 SWIFT Customer Security Controls Framework 2024 6.3 Database Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes SWIFT_CSCF_2024 6.3 SWIFT_CSCF_2024_6.3 SWIFT Customer Security Controls Framework 2024 6.3 Database Integrity SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL SWIFT_CSCF_2024 6.4 SWIFT_CSCF_2024_6.4 SWIFT Customer Security Controls Framework 2024 6.4 Logging and Monitoring SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center SWIFT_CSCF_2024 6.5 SWIFT_CSCF_2024_6.5 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring SWIFT_CSCF_2024 6.5 SWIFT_CSCF_2024_6.5 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network SWIFT_CSCF_2024 6.5 SWIFT_CSCF_2024_6.5 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network SWIFT_CSCF_2024 6.5 SWIFT_CSCF_2024_6.5 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center SWIFT_CSCF_2024 6.5 SWIFT_CSCF_2024_6.5 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring SWIFT_CSCF_2024 6.5 SWIFT_CSCF_2024_6.5 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring SWIFT_CSCF_2024 6.5 SWIFT_CSCF_2024_6.5 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes SWIFT_CSCF_2024 6.5 SWIFT_CSCF_2024_6.5 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center SWIFT_CSCF_2024 6.5 SWIFT_CSCF_2024_6.5 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring SWIFT_CSCF_2024 6.5 SWIFT_CSCF_2024_6.5 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring SWIFT_CSCF_2024 6.5 SWIFT_CSCF_2024_6.5 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center SWIFT_CSCF_2024 6.5 SWIFT_CSCF_2024_6.5 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center SWIFT_CSCF_2024 6.5 SWIFT_CSCF_2024_6.5 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes SWIFT_CSCF_2024 6.5 SWIFT_CSCF_2024_6.5 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute SWIFT_CSCF_2024 6.5 SWIFT_CSCF_2024_6.5 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring SWIFT_CSCF_2024 6.5 SWIFT_CSCF_2024_6.5 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center SWIFT_CSCF_2024 6.5 SWIFT_CSCF_2024_6.5 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring SWIFT_CSCF_2024 6.5 SWIFT_CSCF_2024_6.5 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring SWIFT_CSCF_2024 6.5 SWIFT_CSCF_2024_6.5 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center SWIFT_CSCF_2024 6.5 SWIFT_CSCF_2024_6.5 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL SWIFT_CSCF_2024 6.5 SWIFT_CSCF_2024_6.5 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center SWIFT_CSCF_2024 6.5 SWIFT_CSCF_2024_6.5 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center SWIFT_CSCF_2024 7.1 SWIFT_CSCF_2024_7.1 SWIFT Customer Security Controls Framework 2024 7.1 Cyber Incident Response Planning SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center SWIFT_CSCF_2024 8.1 SWIFT_CSCF_2024_8.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL SWIFT_CSCF_2024 8.1 SWIFT_CSCF_2024_8.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center SWIFT_CSCF_2024 8.1 SWIFT_CSCF_2024_8.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center SWIFT_CSCF_2024 8.1 SWIFT_CSCF_2024_8.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center SWIFT_CSCF_2024 8.1 SWIFT_CSCF_2024_8.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes SWIFT_CSCF_2024 8.1 SWIFT_CSCF_2024_8.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center SWIFT_CSCF_2024 8.1 SWIFT_CSCF_2024_8.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center SWIFT_CSCF_2024 8.1 SWIFT_CSCF_2024_8.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center SWIFT_CSCF_2024 8.1 SWIFT_CSCF_2024_8.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center SWIFT_CSCF_2024 8.1 SWIFT_CSCF_2024_8.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center SWIFT_CSCF_2024 8.1 SWIFT_CSCF_2024_8.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center SWIFT_CSCF_2024 8.1 SWIFT_CSCF_2024_8.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center SWIFT_CSCF_2024 8.1 SWIFT_CSCF_2024_8.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center SWIFT_CSCF_2024 8.1 SWIFT_CSCF_2024_8.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center SWIFT_CSCF_2024 8.1 SWIFT_CSCF_2024_8.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center SWIFT_CSCF_2024 8.1 SWIFT_CSCF_2024_8.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center SWIFT_CSCF_2024 8.1 SWIFT_CSCF_2024_8.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
35f9c03a-cc27-418e-9c0c-539ff999d010 Gateway subnets should not be configured with a network security group Network SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
f1776c76-f58c-4245-a8d0-2b207198dc8b Virtual networks should use specified virtual network gateway Network SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service SWIFT_CSCF_2024 9.1 SWIFT_CSCF_2024_9.1 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration SWIFT_CSCF_2024 9.2 SWIFT_CSCF_2024_9.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center SWIFT_CSCF_2024 9.2 SWIFT_CSCF_2024_9.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network SWIFT_CSCF_2024 9.2 SWIFT_CSCF_2024_9.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute SWIFT_CSCF_2024 9.2 SWIFT_CSCF_2024_9.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center SWIFT_CSCF_2024 9.2 SWIFT_CSCF_2024_9.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes SWIFT_CSCF_2024 9.2 SWIFT_CSCF_2024_9.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration SWIFT_CSCF_2024 9.2 SWIFT_CSCF_2024_9.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center SWIFT_CSCF_2024 9.2 SWIFT_CSCF_2024_9.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes SWIFT_CSCF_2024 9.2 SWIFT_CSCF_2024_9.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration SWIFT_CSCF_2024 9.2 SWIFT_CSCF_2024_9.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center SWIFT_CSCF_2024 9.2 SWIFT_CSCF_2024_9.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration SWIFT_CSCF_2024 9.2 SWIFT_CSCF_2024_9.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network SWIFT_CSCF_2024 9.2 SWIFT_CSCF_2024_9.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
6b2122c1-8120-4ff5-801b-17625a355590 Azure Arc enabled Kubernetes clusters should have the Azure Policy extension installed Kubernetes SWIFT_CSCF_2024 9.2 SWIFT_CSCF_2024_9.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration SWIFT_CSCF_2024 9.2 SWIFT_CSCF_2024_9.2 404 not found SWIFT Customer Security Controls Framework 2024 (7499005e-df5a-45d9-810f-041cf346678c)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL SWIFT_CSCF_v2021 1.2 SWIFT_CSCF_v2021_1.2 SWIFT CSCF v2021 1.2 Operating System Privileged Account Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2021 1.2 SWIFT_CSCF_v2021_1.2 SWIFT CSCF v2021 1.2 Operating System Privileged Account Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center SWIFT_CSCF_v2021 1.2 SWIFT_CSCF_v2021_1.2 SWIFT CSCF v2021 1.2 Operating System Privileged Account Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric SWIFT_CSCF_v2021 1.2 SWIFT_CSCF_v2021_1.2 SWIFT CSCF v2021 1.2 Operating System Privileged Account Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center SWIFT_CSCF_v2021 1.2 SWIFT_CSCF_v2021_1.2 SWIFT CSCF v2021 1.2 Operating System Privileged Account Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2021 1.2 SWIFT_CSCF_v2021_1.2 SWIFT CSCF v2021 1.2 Operating System Privileged Account Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2021 1.2 SWIFT_CSCF_v2021_1.2 SWIFT CSCF v2021 1.2 Operating System Privileged Account Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2021 1.2 SWIFT_CSCF_v2021_1.2 SWIFT CSCF v2021 1.2 Operating System Privileged Account Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service SWIFT_CSCF_v2021 1.2 SWIFT_CSCF_v2021_1.2 SWIFT CSCF v2021 1.2 Operating System Privileged Account Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center SWIFT_CSCF_v2021 1.2 SWIFT_CSCF_v2021_1.2 SWIFT CSCF v2021 1.2 Operating System Privileged Account Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2021 1.2 SWIFT_CSCF_v2021_1.2 SWIFT CSCF v2021 1.2 Operating System Privileged Account Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service SWIFT_CSCF_v2021 1.2 SWIFT_CSCF_v2021_1.2 SWIFT CSCF v2021 1.2 Operating System Privileged Account Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute SWIFT_CSCF_v2021 1.3 SWIFT_CSCF_v2021_1.3 SWIFT CSCF v2021 1.3 Virtualisation Platform Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center SWIFT_CSCF_v2021 1.4 SWIFT_CSCF_v2021_1.4 SWIFT CSCF v2021 1.4 Restriction of Internet Access [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration SWIFT_CSCF_v2021 2.1 SWIFT_CSCF_v2021_2.1 SWIFT CSCF v2021 2.1 Internal Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service SWIFT_CSCF_v2021 2.1 SWIFT_CSCF_v2021_2.1 SWIFT CSCF v2021 2.1 Internal Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service SWIFT_CSCF_v2021 2.1 SWIFT_CSCF_v2021_2.1 SWIFT CSCF v2021 2.1 Internal Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service SWIFT_CSCF_v2021 2.1 SWIFT_CSCF_v2021_2.1 SWIFT CSCF v2021 2.1 Internal Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service SWIFT_CSCF_v2021 2.1 SWIFT_CSCF_v2021_2.1 SWIFT CSCF v2021 2.1 Internal Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service SWIFT_CSCF_v2021 2.1 SWIFT_CSCF_v2021_2.1 SWIFT CSCF v2021 2.1 Internal Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation SWIFT_CSCF_v2021 2.1 SWIFT_CSCF_v2021_2.1 SWIFT CSCF v2021 2.1 Internal Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service SWIFT_CSCF_v2021 2.1 SWIFT_CSCF_v2021_2.1 SWIFT CSCF v2021 2.1 Internal Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL SWIFT_CSCF_v2021 2.1 SWIFT_CSCF_v2021_2.1 SWIFT CSCF v2021 2.1 Internal Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL SWIFT_CSCF_v2021 2.1 SWIFT_CSCF_v2021_2.1 SWIFT CSCF v2021 2.1 Internal Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric SWIFT_CSCF_v2021 2.1 SWIFT_CSCF_v2021_2.1 SWIFT CSCF v2021 2.1 Internal Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration SWIFT_CSCF_v2021 2.1 SWIFT_CSCF_v2021_2.1 SWIFT CSCF v2021 2.1 Internal Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes SWIFT_CSCF_v2021 2.1 SWIFT_CSCF_v2021_2.1 SWIFT CSCF v2021 2.1 Internal Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service SWIFT_CSCF_v2021 2.1 SWIFT_CSCF_v2021_2.1 SWIFT CSCF v2021 2.1 Internal Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
4221adbc-5c0f-474f-88b7-037a99e6114c Audit Windows VMs with a pending reboot Guest Configuration SWIFT_CSCF_v2021 2.2 SWIFT_CSCF_v2021_2.2 SWIFT CSCF v2021 2.2 Security Updates [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
1417908b-4bff-46ee-a2a6-4acc899320ab Audit Windows machines that contain certificates expiring within the specified number of days Guest Configuration SWIFT_CSCF_v2021 2.3 SWIFT_CSCF_v2021_2.3 SWIFT CSCF v2021 2.3 System Hardening [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center SWIFT_CSCF_v2021 2.3 SWIFT_CSCF_v2021_2.3 SWIFT CSCF v2021 2.3 System Hardening [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration SWIFT_CSCF_v2021 2.3 SWIFT_CSCF_v2021_2.3 SWIFT CSCF v2021 2.3 System Hardening [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder SWIFT_CSCF_v2021 2.3 SWIFT_CSCF_v2021_2.3 SWIFT CSCF v2021 2.3 System Hardening [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration SWIFT_CSCF_v2021 2.3 SWIFT_CSCF_v2021_2.3 SWIFT CSCF v2021 2.3 System Hardening [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration SWIFT_CSCF_v2021 2.4A SWIFT_CSCF_v2021_2.4A SWIFT CSCF v2021 2.4A Back-office Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service SWIFT_CSCF_v2021 2.4A SWIFT_CSCF_v2021_2.4A SWIFT CSCF v2021 2.4A Back-office Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache SWIFT_CSCF_v2021 2.4A SWIFT_CSCF_v2021_2.4A SWIFT CSCF v2021 2.4A Back-office Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation SWIFT_CSCF_v2021 2.4A SWIFT_CSCF_v2021_2.4A SWIFT CSCF v2021 2.4A Back-office Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service SWIFT_CSCF_v2021 2.4A SWIFT_CSCF_v2021_2.4A SWIFT CSCF v2021 2.4A Back-office Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration SWIFT_CSCF_v2021 2.4A SWIFT_CSCF_v2021_2.4A SWIFT CSCF v2021 2.4A Back-office Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service SWIFT_CSCF_v2021 2.4A SWIFT_CSCF_v2021_2.4A SWIFT CSCF v2021 2.4A Back-office Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL SWIFT_CSCF_v2021 2.5A SWIFT_CSCF_v2021_2.5A SWIFT CSCF v2021 2.5A External Transmission Data Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry SWIFT_CSCF_v2021 2.5A SWIFT_CSCF_v2021_2.5A SWIFT CSCF v2021 2.5A External Transmission Data Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL SWIFT_CSCF_v2021 2.5A SWIFT_CSCF_v2021_2.5A SWIFT CSCF v2021 2.5A External Transmission Data Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup SWIFT_CSCF_v2021 2.5A SWIFT_CSCF_v2021_2.5A SWIFT CSCF v2021 2.5A External Transmission Data Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation SWIFT_CSCF_v2021 2.5A SWIFT_CSCF_v2021_2.5A SWIFT CSCF v2021 2.5A External Transmission Data Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage SWIFT_CSCF_v2021 2.5A SWIFT_CSCF_v2021_2.5A SWIFT CSCF v2021 2.5A External Transmission Data Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute SWIFT_CSCF_v2021 2.5A SWIFT_CSCF_v2021_2.5A SWIFT CSCF v2021 2.5A External Transmission Data Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute SWIFT_CSCF_v2021 2.5A SWIFT_CSCF_v2021_2.5A SWIFT CSCF v2021 2.5A External Transmission Data Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service SWIFT_CSCF_v2021 2.5A SWIFT_CSCF_v2021_2.5A SWIFT CSCF v2021 2.5A External Transmission Data Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
bf045164-79ba-4215-8f95-f8048dc1780b Geo-redundant storage should be enabled for Storage Accounts Storage SWIFT_CSCF_v2021 2.5A SWIFT_CSCF_v2021_2.5A SWIFT CSCF v2021 2.5A External Transmission Data Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service SWIFT_CSCF_v2021 2.5A SWIFT_CSCF_v2021_2.5A SWIFT CSCF v2021 2.5A External Transmission Data Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL SWIFT_CSCF_v2021 2.6 SWIFT_CSCF_v2021_2.6 SWIFT CSCF v2021 2.6 Operator Session Confidentiality and Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL SWIFT_CSCF_v2021 2.6 SWIFT_CSCF_v2021_2.6 SWIFT CSCF v2021 2.6 Operator Session Confidentiality and Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration SWIFT_CSCF_v2021 2.6 SWIFT_CSCF_v2021_2.6 SWIFT CSCF v2021 2.6 Operator Session Confidentiality and Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL SWIFT_CSCF_v2021 2.6 SWIFT_CSCF_v2021_2.6 SWIFT CSCF v2021 2.6 Operator Session Confidentiality and Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service SWIFT_CSCF_v2021 2.6 SWIFT_CSCF_v2021_2.6 SWIFT CSCF v2021 2.6 Operator Session Confidentiality and Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache SWIFT_CSCF_v2021 2.6 SWIFT_CSCF_v2021_2.6 SWIFT CSCF v2021 2.6 Operator Session Confidentiality and Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL SWIFT_CSCF_v2021 2.6 SWIFT_CSCF_v2021_2.6 SWIFT CSCF v2021 2.6 Operator Session Confidentiality and Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service SWIFT_CSCF_v2021 2.6 SWIFT_CSCF_v2021_2.6 SWIFT CSCF v2021 2.6 Operator Session Confidentiality and Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center SWIFT_CSCF_v2021 2.7 SWIFT_CSCF_v2021_2.7 SWIFT CSCF v2021 2.7 Vulnerability Scanning [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center SWIFT_CSCF_v2021 2.7 SWIFT_CSCF_v2021_2.7 SWIFT CSCF v2021 2.7 Vulnerability Scanning [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL SWIFT_CSCF_v2021 2.7 SWIFT_CSCF_v2021_2.7 SWIFT CSCF v2021 2.7 Vulnerability Scanning [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center SWIFT_CSCF_v2021 2.7 SWIFT_CSCF_v2021_2.7 SWIFT CSCF v2021 2.7 Vulnerability Scanning [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center SWIFT_CSCF_v2021 2.7 SWIFT_CSCF_v2021_2.7 SWIFT CSCF v2021 2.7 Vulnerability Scanning [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center SWIFT_CSCF_v2021 2.7 SWIFT_CSCF_v2021_2.7 SWIFT CSCF v2021 2.7 Vulnerability Scanning [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center SWIFT_CSCF_v2021 2.7 SWIFT_CSCF_v2021_2.7 SWIFT CSCF v2021 2.7 Vulnerability Scanning [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center SWIFT_CSCF_v2021 2.7 SWIFT_CSCF_v2021_2.7 SWIFT CSCF v2021 2.7 Vulnerability Scanning [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL SWIFT_CSCF_v2021 2.7 SWIFT_CSCF_v2021_2.7 SWIFT CSCF v2021 2.7 Vulnerability Scanning [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute SWIFT_CSCF_v2021 3.1 SWIFT_CSCF_v2021_3.1 SWIFT CSCF v2021 3.1 Physical Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration SWIFT_CSCF_v2021 4.1 SWIFT_CSCF_v2021_4.1 SWIFT CSCF v2021 4.1 Password Policy [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
237b38db-ca4d-4259-9e47-7882441ca2c0 Audit Windows machines that do not have the minimum password age set to specified number of days Guest Configuration SWIFT_CSCF_v2021 4.1 SWIFT_CSCF_v2021_4.1 SWIFT CSCF v2021 4.1 Password Policy [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration SWIFT_CSCF_v2021 4.1 SWIFT_CSCF_v2021_4.1 SWIFT CSCF v2021 4.1 Password Policy [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration SWIFT_CSCF_v2021 4.1 SWIFT_CSCF_v2021_4.1 SWIFT CSCF v2021 4.1 Password Policy [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration SWIFT_CSCF_v2021 4.1 SWIFT_CSCF_v2021_4.1 SWIFT CSCF v2021 4.1 Password Policy [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration SWIFT_CSCF_v2021 4.1 SWIFT_CSCF_v2021_4.1 SWIFT CSCF v2021 4.1 Password Policy [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration SWIFT_CSCF_v2021 4.1 SWIFT_CSCF_v2021_4.1 SWIFT CSCF v2021 4.1 Password Policy [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2021 5.1 SWIFT_CSCF_v2021_5.1 SWIFT CSCF v2021 5.1 Logical Access Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center SWIFT_CSCF_v2021 5.1 SWIFT_CSCF_v2021_5.1 SWIFT CSCF v2021 5.1 Logical Access Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center SWIFT_CSCF_v2021 5.1 SWIFT_CSCF_v2021_5.1 SWIFT CSCF v2021 5.1 Logical Access Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2021 5.1 SWIFT_CSCF_v2021_5.1 SWIFT CSCF v2021 5.1 Logical Access Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2021 5.1 SWIFT_CSCF_v2021_5.1 SWIFT CSCF v2021 5.1 Logical Access Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2021 5.1 SWIFT_CSCF_v2021_5.1 SWIFT CSCF v2021 5.1 Logical Access Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2021 5.1 SWIFT_CSCF_v2021_5.1 SWIFT CSCF v2021 5.1 Logical Access Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center SWIFT_CSCF_v2021 5.2 SWIFT_CSCF_v2021_5.2 SWIFT CSCF v2021 5.2 Token Management [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service SWIFT_CSCF_v2021 5.2 SWIFT_CSCF_v2021_5.2 SWIFT CSCF v2021 5.2 Token Management [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service SWIFT_CSCF_v2021 5.2 SWIFT_CSCF_v2021_5.2 SWIFT CSCF v2021 5.2 Token Management [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service SWIFT_CSCF_v2021 5.4 SWIFT_CSCF_v2021_5.4 SWIFT CSCF v2021 5.4 Physical and Logical Password Storage [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service SWIFT_CSCF_v2021 5.4 SWIFT_CSCF_v2021_5.4 SWIFT CSCF v2021 5.4 Physical and Logical Password Storage [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration SWIFT_CSCF_v2021 5.4 SWIFT_CSCF_v2021_5.4 SWIFT CSCF v2021 5.4 Physical and Logical Password Storage [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault SWIFT_CSCF_v2021 5.4 SWIFT_CSCF_v2021_5.4 SWIFT CSCF v2021 5.4 Physical and Logical Password Storage [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute SWIFT_CSCF_v2021 6.1 SWIFT_CSCF_v2021_6.1 SWIFT CSCF v2021 6.1 Malware Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute SWIFT_CSCF_v2021 6.1 SWIFT_CSCF_v2021_6.1 SWIFT CSCF v2021 6.1 Malware Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service SWIFT_CSCF_v2021 6.2 SWIFT_CSCF_v2021_6.2 SWIFT CSCF v2021 6.2 Software Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service SWIFT_CSCF_v2021 6.2 SWIFT_CSCF_v2021_6.2 SWIFT CSCF v2021 6.2 Software Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys Kubernetes SWIFT_CSCF_v2021 6.2 SWIFT_CSCF_v2021_6.2 SWIFT CSCF v2021 6.2 Software Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL SWIFT_CSCF_v2021 6.3 SWIFT_CSCF_v2021_6.3 SWIFT CSCF v2021 6.3 Database Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL SWIFT_CSCF_v2021 6.3 SWIFT_CSCF_v2021_6.3 SWIFT CSCF v2021 6.3 Database Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL SWIFT_CSCF_v2021 6.3 SWIFT_CSCF_v2021_6.3 SWIFT CSCF v2021 6.3 Database Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL SWIFT_CSCF_v2021 6.3 SWIFT_CSCF_v2021_6.3 SWIFT CSCF v2021 6.3 Database Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL SWIFT_CSCF_v2021 6.3 SWIFT_CSCF_v2021_6.3 SWIFT CSCF v2021 6.3 Database Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL SWIFT_CSCF_v2021 6.3 SWIFT_CSCF_v2021_6.3 SWIFT CSCF v2021 6.3 Database Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e446 Disconnections should be logged for PostgreSQL database servers. SQL SWIFT_CSCF_v2021 6.3 SWIFT_CSCF_v2021_6.3 SWIFT CSCF v2021 6.3 Database Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL SWIFT_CSCF_v2021 6.3 SWIFT_CSCF_v2021_6.3 SWIFT CSCF v2021 6.3 Database Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network SWIFT_CSCF_v2021 6.3 SWIFT_CSCF_v2021_6.3 SWIFT CSCF v2021 6.3 Database Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL SWIFT_CSCF_v2021 6.3 SWIFT_CSCF_v2021_6.3 SWIFT CSCF v2021 6.3 Database Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL SWIFT_CSCF_v2021 6.3 SWIFT_CSCF_v2021_6.3 SWIFT CSCF v2021 6.3 Database Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL SWIFT_CSCF_v2021 6.3 SWIFT_CSCF_v2021_6.3 SWIFT CSCF v2021 6.3 Database Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache SWIFT_CSCF_v2021 6.5A SWIFT_CSCF_v2021_6.5A SWIFT CSCF v2021 6.5A Intrusion Detection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center SWIFT_CSCF_v2021 6.5A SWIFT_CSCF_v2021_6.5A SWIFT CSCF v2021 6.5A Intrusion Detection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center SWIFT_CSCF_v2021 6.5A SWIFT_CSCF_v2021_6.5A SWIFT CSCF v2021 6.5A Intrusion Detection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network SWIFT_CSCF_v2021 6.5A SWIFT_CSCF_v2021_6.5A SWIFT CSCF v2021 6.5A Intrusion Detection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring SWIFT_CSCF_v2021 6.5A SWIFT_CSCF_v2021_6.5A SWIFT CSCF v2021 6.5A Intrusion Detection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service SWIFT_CSCF_v2021 6.5A SWIFT_CSCF_v2021_6.5A SWIFT CSCF v2021 6.5A Intrusion Detection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys Kubernetes SWIFT_CSCF_v2021 6.5A SWIFT_CSCF_v2021_6.5A SWIFT CSCF v2021 6.5A Intrusion Detection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center SWIFT_CSCF_v2021 6.5A SWIFT_CSCF_v2021_6.5A SWIFT CSCF v2021 6.5A Intrusion Detection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center SWIFT_CSCF_v2021 6.5A SWIFT_CSCF_v2021_6.5A SWIFT CSCF v2021 6.5A Intrusion Detection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service SWIFT_CSCF_v2021 6.5A SWIFT_CSCF_v2021_6.5A SWIFT CSCF v2021 6.5A Intrusion Detection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service SWIFT_CSCF_v2021 6.5A SWIFT_CSCF_v2021_6.5A SWIFT CSCF v2021 6.5A Intrusion Detection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center SWIFT_CSCF_v2021 6.5A SWIFT_CSCF_v2021_6.5A SWIFT CSCF v2021 6.5A Intrusion Detection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring SWIFT_CSCF_v2021 6.5A SWIFT_CSCF_v2021_6.5A SWIFT CSCF v2021 6.5A Intrusion Detection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center SWIFT_CSCF_v2021 6.5A SWIFT_CSCF_v2021_6.5A SWIFT CSCF v2021 6.5A Intrusion Detection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service SWIFT_CSCF_v2021 6.5A SWIFT_CSCF_v2021_6.5A SWIFT CSCF v2021 6.5A Intrusion Detection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center SWIFT_CSCF_v2021 7.1 SWIFT_CSCF_v2021_7.1 SWIFT CSCF v2021 7.1 Cyber Incident Response Planning [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center SWIFT_CSCF_v2021 7.1 SWIFT_CSCF_v2021_7.1 SWIFT CSCF v2021 7.1 Cyber Incident Response Planning [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center SWIFT_CSCF_v2021 7.1 SWIFT_CSCF_v2021_7.1 SWIFT CSCF v2021 7.1 Cyber Incident Response Planning [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3eabed6d-1912-2d3c-858b-f438d08d0412 Ensure external providers consistently meet interests of the customers Regulatory Compliance SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts Regulatory Compliance SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute SWIFT_CSCF_v2022 1.3 SWIFT_CSCF_v2022_1.3 SWIFT CSCF v2022 1.3 Secure the virtualisation platform and virtual machines (VMs) that host SWIFT-related components to the same level as physical systems. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance SWIFT_CSCF_v2022 1.3 SWIFT_CSCF_v2022_1.3 SWIFT CSCF v2022 1.3 Secure the virtualisation platform and virtual machines (VMs) that host SWIFT-related components to the same level as physical systems. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network SWIFT_CSCF_v2022 1.4 SWIFT_CSCF_v2022_1.4 SWIFT CSCF v2022 1.4 Control/Protect Internet access from operator PCs and systems within the secure zone. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center SWIFT_CSCF_v2022 1.4 SWIFT_CSCF_v2022_1.4 SWIFT CSCF v2022 1.4 Control/Protect Internet access from operator PCs and systems within the secure zone. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance SWIFT_CSCF_v2022 1.4 SWIFT_CSCF_v2022_1.4 SWIFT CSCF v2022 1.4 Control/Protect Internet access from operator PCs and systems within the secure zone. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance SWIFT_CSCF_v2022 1.4 SWIFT_CSCF_v2022_1.4 SWIFT CSCF v2022 1.4 Control/Protect Internet access from operator PCs and systems within the secure zone. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance SWIFT_CSCF_v2022 1.4 SWIFT_CSCF_v2022_1.4 SWIFT CSCF v2022 1.4 Control/Protect Internet access from operator PCs and systems within the secure zone. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance SWIFT_CSCF_v2022 1.4 SWIFT_CSCF_v2022_1.4 SWIFT CSCF v2022 1.4 Control/Protect Internet access from operator PCs and systems within the secure zone. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance SWIFT_CSCF_v2022 1.4 SWIFT_CSCF_v2022_1.4 SWIFT CSCF v2022 1.4 Control/Protect Internet access from operator PCs and systems within the secure zone. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance SWIFT_CSCF_v2022 1.4 SWIFT_CSCF_v2022_1.4 SWIFT CSCF v2022 1.4 Control/Protect Internet access from operator PCs and systems within the secure zone. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance SWIFT_CSCF_v2022 1.4 SWIFT_CSCF_v2022_1.4 SWIFT CSCF v2022 1.4 Control/Protect Internet access from operator PCs and systems within the secure zone. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance SWIFT_CSCF_v2022 1.4 SWIFT_CSCF_v2022_1.4 SWIFT CSCF v2022 1.4 Control/Protect Internet access from operator PCs and systems within the secure zone. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center SWIFT_CSCF_v2022 1.4 SWIFT_CSCF_v2022_1.4 SWIFT CSCF v2022 1.4 Control/Protect Internet access from operator PCs and systems within the secure zone. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
80029bc5-834f-3a9c-a2d8-acbc1aab4e9f Employ restrictions on external system interconnections Regulatory Compliance SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance SWIFT_CSCF_v2022 10.1 SWIFT_CSCF_v2022_10.1 SWIFT CSCF v2022 10.1 Business continuity is ensured through a documented plan communicated to the potentially affected parties (service bureau and customers). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance SWIFT_CSCF_v2022 10.1 SWIFT_CSCF_v2022_10.1 SWIFT CSCF v2022 10.1 Business continuity is ensured through a documented plan communicated to the potentially affected parties (service bureau and customers). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
91a54089-2d69-0f56-62dc-b6371a1671c0 Resume all mission and business functions Regulatory Compliance SWIFT_CSCF_v2022 10.1 SWIFT_CSCF_v2022_10.1 SWIFT CSCF v2022 10.1 Business continuity is ensured through a documented plan communicated to the potentially affected parties (service bureau and customers). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance SWIFT_CSCF_v2022 10.1 SWIFT_CSCF_v2022_10.1 SWIFT CSCF v2022 10.1 Business continuity is ensured through a documented plan communicated to the potentially affected parties (service bureau and customers). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance SWIFT_CSCF_v2022 10.1 SWIFT_CSCF_v2022_10.1 SWIFT CSCF v2022 10.1 Business continuity is ensured through a documented plan communicated to the potentially affected parties (service bureau and customers). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance SWIFT_CSCF_v2022 11.1 SWIFT_CSCF_v2022_11.1 SWIFT CSCF v2022 11.1 Ensure a consistent and effective approach for the event monitoring and escalation. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
7fc1f0da-0050-19bb-3d75-81ae15940df6 Provide monitoring information as needed Regulatory Compliance SWIFT_CSCF_v2022 11.1 SWIFT_CSCF_v2022_11.1 SWIFT CSCF v2022 11.1 Ensure a consistent and effective approach for the event monitoring and escalation. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d9af7f88-686a-5a8b-704b-eafdab278977 Obtain legal opinion for monitoring system activities Regulatory Compliance SWIFT_CSCF_v2022 11.1 SWIFT_CSCF_v2022_11.1 SWIFT CSCF v2022 11.1 Ensure a consistent and effective approach for the event monitoring and escalation. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance SWIFT_CSCF_v2022 11.1 SWIFT_CSCF_v2022_11.1 SWIFT CSCF v2022 11.1 Ensure a consistent and effective approach for the event monitoring and escalation. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance SWIFT_CSCF_v2022 11.1 SWIFT_CSCF_v2022_11.1 SWIFT CSCF v2022 11.1 Ensure a consistent and effective approach for the event monitoring and escalation. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
1fdeb7c4-4c93-8271-a135-17ebe85f1cc7 Incorporate simulated events into incident response training Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
23d1a569-2d1e-7f43-9e22-1f94115b7dd5 Identify classes of Incidents and Actions taken Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance SWIFT_CSCF_v2022 11.4 SWIFT_CSCF_v2022_11.4 SWIFT CSCF v2022 11.4 Ensure an adequate escalation of operational malfunctions in case of customer impact. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance SWIFT_CSCF_v2022 11.4 SWIFT_CSCF_v2022_11.4 SWIFT CSCF v2022 11.4 Ensure an adequate escalation of operational malfunctions in case of customer impact. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance SWIFT_CSCF_v2022 11.4 SWIFT_CSCF_v2022_11.4 SWIFT CSCF v2022 11.4 Ensure an adequate escalation of operational malfunctions in case of customer impact. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance SWIFT_CSCF_v2022 11.4 SWIFT_CSCF_v2022_11.4 SWIFT CSCF v2022 11.4 Ensure an adequate escalation of operational malfunctions in case of customer impact. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance SWIFT_CSCF_v2022 11.4 SWIFT_CSCF_v2022_11.4 SWIFT CSCF v2022 11.4 Ensure an adequate escalation of operational malfunctions in case of customer impact. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance SWIFT_CSCF_v2022 11.4 SWIFT_CSCF_v2022_11.4 SWIFT CSCF v2022 11.4 Ensure an adequate escalation of operational malfunctions in case of customer impact. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance SWIFT_CSCF_v2022 11.4 SWIFT_CSCF_v2022_11.4 SWIFT CSCF v2022 11.4 Ensure an adequate escalation of operational malfunctions in case of customer impact. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance SWIFT_CSCF_v2022 11.4 SWIFT_CSCF_v2022_11.4 SWIFT CSCF v2022 11.4 Ensure an adequate escalation of operational malfunctions in case of customer impact. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance SWIFT_CSCF_v2022 11.4 SWIFT_CSCF_v2022_11.4 SWIFT CSCF v2022 11.4 Ensure an adequate escalation of operational malfunctions in case of customer impact. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance SWIFT_CSCF_v2022 11.4 SWIFT_CSCF_v2022_11.4 SWIFT CSCF v2022 11.4 Ensure an adequate escalation of operational malfunctions in case of customer impact. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance SWIFT_CSCF_v2022 11.4 SWIFT_CSCF_v2022_11.4 SWIFT CSCF v2022 11.4 Ensure an adequate escalation of operational malfunctions in case of customer impact. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance SWIFT_CSCF_v2022 11.4 SWIFT_CSCF_v2022_11.4 SWIFT CSCF v2022 11.4 Ensure an adequate escalation of operational malfunctions in case of customer impact. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b470a37a-7a47-3792-34dd-7a793140702e Establish relationship between incident response capability and external providers Regulatory Compliance SWIFT_CSCF_v2022 11.4 SWIFT_CSCF_v2022_11.4 SWIFT CSCF v2022 11.4 Ensure an adequate escalation of operational malfunctions in case of customer impact. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance SWIFT_CSCF_v2022 11.4 SWIFT_CSCF_v2022_11.4 SWIFT CSCF v2022 11.4 Ensure an adequate escalation of operational malfunctions in case of customer impact. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance SWIFT_CSCF_v2022 11.5 SWIFT_CSCF_v2022_11.5 SWIFT CSCF v2022 11.5 Effective support is offered to customers in case they face problems during their business hours. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
037c0089-6606-2dab-49ad-437005b5035f Identify incident response personnel Regulatory Compliance SWIFT_CSCF_v2022 11.5 SWIFT_CSCF_v2022_11.5 SWIFT CSCF v2022 11.5 Effective support is offered to customers in case they face problems during their business hours. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b470a37a-7a47-3792-34dd-7a793140702e Establish relationship between incident response capability and external providers Regulatory Compliance SWIFT_CSCF_v2022 11.5 SWIFT_CSCF_v2022_11.5 SWIFT CSCF v2022 11.5 Effective support is offered to customers in case they face problems during their business hours. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance SWIFT_CSCF_v2022 11.5 SWIFT_CSCF_v2022_11.5 SWIFT CSCF v2022 11.5 Effective support is offered to customers in case they face problems during their business hours. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance SWIFT_CSCF_v2022 11.5 SWIFT_CSCF_v2022_11.5 SWIFT CSCF v2022 11.5 Effective support is offered to customers in case they face problems during their business hours. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance SWIFT_CSCF_v2022 11.5 SWIFT_CSCF_v2022_11.5 SWIFT CSCF v2022 11.5 Effective support is offered to customers in case they face problems during their business hours. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance SWIFT_CSCF_v2022 11.5 SWIFT_CSCF_v2022_11.5 SWIFT CSCF v2022 11.5 Effective support is offered to customers in case they face problems during their business hours. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance SWIFT_CSCF_v2022 11.5 SWIFT_CSCF_v2022_11.5 SWIFT CSCF v2022 11.5 Effective support is offered to customers in case they face problems during their business hours. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance SWIFT_CSCF_v2022 11.5 SWIFT_CSCF_v2022_11.5 SWIFT CSCF v2022 11.5 Effective support is offered to customers in case they face problems during their business hours. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance SWIFT_CSCF_v2022 11.5 SWIFT_CSCF_v2022_11.5 SWIFT CSCF v2022 11.5 Effective support is offered to customers in case they face problems during their business hours. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance SWIFT_CSCF_v2022 12.1 SWIFT_CSCF_v2022_12.1 SWIFT CSCF v2022 12.1 Ensure quality of service to customers through SWIFT certified employees. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance SWIFT_CSCF_v2022 12.1 SWIFT_CSCF_v2022_12.1 SWIFT CSCF v2022 12.1 Ensure quality of service to customers through SWIFT certified employees. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance SWIFT_CSCF_v2022 12.1 SWIFT_CSCF_v2022_12.1 SWIFT CSCF v2022 12.1 Ensure quality of service to customers through SWIFT certified employees. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3ad7f0bc-3d03-0585-4d24-529779bb02c2 Maintain availability of information Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
16c54e01-9e65-7524-7c33-beda48a75779 Produce, control and distribute symmetric cryptographic keys Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c7d57a6a-7cc2-66c0-299f-83bf90558f5d Enforce random unique session identifiers Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
dd6d00a8-701a-5935-a22b-c7b9c0c698b2 Isolate SecurID systems, Security Incident Management systems Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance SWIFT_CSCF_v2022 2.11A SWIFT_CSCF_v2022_2.11A SWIFT CSCF v2022 2.11A Restrict transaction activity to validated and approved business counterparties. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance SWIFT_CSCF_v2022 2.11A SWIFT_CSCF_v2022_2.11A SWIFT CSCF v2022 2.11A Restrict transaction activity to validated and approved business counterparties. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance SWIFT_CSCF_v2022 2.11A SWIFT_CSCF_v2022_2.11A SWIFT CSCF v2022 2.11A Restrict transaction activity to validated and approved business counterparties. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance SWIFT_CSCF_v2022 2.11A SWIFT_CSCF_v2022_2.11A SWIFT CSCF v2022 2.11A Restrict transaction activity to validated and approved business counterparties. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance SWIFT_CSCF_v2022 2.11A SWIFT_CSCF_v2022_2.11A SWIFT CSCF v2022 2.11A Restrict transaction activity to validated and approved business counterparties. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance SWIFT_CSCF_v2022 2.11A SWIFT_CSCF_v2022_2.11A SWIFT CSCF v2022 2.11A Restrict transaction activity to validated and approved business counterparties. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance SWIFT_CSCF_v2022 2.11A SWIFT_CSCF_v2022_2.11A SWIFT CSCF v2022 2.11A Restrict transaction activity to validated and approved business counterparties. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance SWIFT_CSCF_v2022 2.11A SWIFT_CSCF_v2022_2.11A SWIFT CSCF v2022 2.11A Restrict transaction activity to validated and approved business counterparties. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance SWIFT_CSCF_v2022 2.11A SWIFT_CSCF_v2022_2.11A SWIFT CSCF v2022 2.11A Restrict transaction activity to validated and approved business counterparties. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance SWIFT_CSCF_v2022 2.11A SWIFT_CSCF_v2022_2.11A SWIFT CSCF v2022 2.11A Restrict transaction activity to validated and approved business counterparties. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration SWIFT_CSCF_v2022 2.2 SWIFT_CSCF_v2022_2.2 SWIFT CSCF v2022 2.2 Minimise the occurrence of known technical vulnerabilities on operator PCs and within the local SWIFT infrastructure by ensuring vendor support, applying mandatory software updates, and applying timely security updates aligned to the assessed risk. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration SWIFT_CSCF_v2022 2.2 SWIFT_CSCF_v2022_2.2 SWIFT CSCF v2022 2.2 Minimise the occurrence of known technical vulnerabilities on operator PCs and within the local SWIFT infrastructure by ensuring vendor support, applying mandatory software updates, and applying timely security updates aligned to the assessed risk. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration SWIFT_CSCF_v2022 2.2 SWIFT_CSCF_v2022_2.2 SWIFT CSCF v2022 2.2 Minimise the occurrence of known technical vulnerabilities on operator PCs and within the local SWIFT infrastructure by ensuring vendor support, applying mandatory software updates, and applying timely security updates aligned to the assessed risk. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance SWIFT_CSCF_v2022 2.2 SWIFT_CSCF_v2022_2.2 SWIFT CSCF v2022 2.2 Minimise the occurrence of known technical vulnerabilities on operator PCs and within the local SWIFT infrastructure by ensuring vendor support, applying mandatory software updates, and applying timely security updates aligned to the assessed risk. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b8689b2e-4308-a58b-a0b4-6f3343a000df Use automated mechanisms for security alerts Regulatory Compliance SWIFT_CSCF_v2022 2.2 SWIFT_CSCF_v2022_2.2 SWIFT CSCF v2022 2.2 Minimise the occurrence of known technical vulnerabilities on operator PCs and within the local SWIFT infrastructure by ensuring vendor support, applying mandatory software updates, and applying timely security updates aligned to the assessed risk. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance SWIFT_CSCF_v2022 2.2 SWIFT_CSCF_v2022_2.2 SWIFT CSCF v2022 2.2 Minimise the occurrence of known technical vulnerabilities on operator PCs and within the local SWIFT infrastructure by ensuring vendor support, applying mandatory software updates, and applying timely security updates aligned to the assessed risk. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Disseminate security alerts to personnel Regulatory Compliance SWIFT_CSCF_v2022 2.2 SWIFT_CSCF_v2022_2.2 SWIFT CSCF v2022 2.2 Minimise the occurrence of known technical vulnerabilities on operator PCs and within the local SWIFT infrastructure by ensuring vendor support, applying mandatory software updates, and applying timely security updates aligned to the assessed risk. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance SWIFT_CSCF_v2022 2.2 SWIFT_CSCF_v2022_2.2 SWIFT CSCF v2022 2.2 Minimise the occurrence of known technical vulnerabilities on operator PCs and within the local SWIFT infrastructure by ensuring vendor support, applying mandatory software updates, and applying timely security updates aligned to the assessed risk. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4221adbc-5c0f-474f-88b7-037a99e6114c Audit Windows VMs with a pending reboot Guest Configuration SWIFT_CSCF_v2022 2.2 SWIFT_CSCF_v2022_2.2 SWIFT CSCF v2022 2.2 Minimise the occurrence of known technical vulnerabilities on operator PCs and within the local SWIFT infrastructure by ensuring vendor support, applying mandatory software updates, and applying timely security updates aligned to the assessed risk. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
5e4e9685-3818-5934-0071-2620c4fa2ca5 Retain previous versions of baseline configs Regulatory Compliance SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
1417908b-4bff-46ee-a2a6-4acc899320ab Audit Windows machines that contain certificates expiring within the specified number of days Guest Configuration SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance SWIFT_CSCF_v2022 2.4 SWIFT_CSCF_v2022_2.4 SWIFT CSCF v2022 2.4 Ensure the confidentiality, integrity, and mutual authenticity of data flows between local or remote SWIFT infrastructure components and the back-office first hops they connect to. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance SWIFT_CSCF_v2022 2.4 SWIFT_CSCF_v2022_2.4 SWIFT CSCF v2022 2.4 Ensure the confidentiality, integrity, and mutual authenticity of data flows between local or remote SWIFT infrastructure components and the back-office first hops they connect to. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance SWIFT_CSCF_v2022 2.4 SWIFT_CSCF_v2022_2.4 SWIFT CSCF v2022 2.4 Ensure the confidentiality, integrity, and mutual authenticity of data flows between local or remote SWIFT infrastructure components and the back-office first hops they connect to. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance SWIFT_CSCF_v2022 2.4 SWIFT_CSCF_v2022_2.4 SWIFT CSCF v2022 2.4 Ensure the confidentiality, integrity, and mutual authenticity of data flows between local or remote SWIFT infrastructure components and the back-office first hops they connect to. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance SWIFT_CSCF_v2022 2.4 SWIFT_CSCF_v2022_2.4 SWIFT CSCF v2022 2.4 Ensure the confidentiality, integrity, and mutual authenticity of data flows between local or remote SWIFT infrastructure components and the back-office first hops they connect to. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance SWIFT_CSCF_v2022 2.4 SWIFT_CSCF_v2022_2.4 SWIFT CSCF v2022 2.4 Ensure the confidentiality, integrity, and mutual authenticity of data flows between local or remote SWIFT infrastructure components and the back-office first hops they connect to. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance SWIFT_CSCF_v2022 2.4 SWIFT_CSCF_v2022_2.4 SWIFT CSCF v2022 2.4 Ensure the confidentiality, integrity, and mutual authenticity of data flows between local or remote SWIFT infrastructure components and the back-office first hops they connect to. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation SWIFT_CSCF_v2022 2.4A SWIFT_CSCF_v2022_2.4A SWIFT CSCF v2022 2.4A Back-office Data Flow Security SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration SWIFT_CSCF_v2022 2.4A SWIFT_CSCF_v2022_2.4A SWIFT CSCF v2022 2.4A Back-office Data Flow Security SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration SWIFT_CSCF_v2022 2.4A SWIFT_CSCF_v2022_2.4A SWIFT CSCF v2022 2.4A Back-office Data Flow Security SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance SWIFT_CSCF_v2022 2.5 SWIFT_CSCF_v2022_2.5 SWIFT CSCF v2022 2.5 Protect the confidentiality of SWIFT-related data transmitted or stored outside of the secure zone as part of operational processes. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance SWIFT_CSCF_v2022 2.5 SWIFT_CSCF_v2022_2.5 SWIFT CSCF v2022 2.5 Protect the confidentiality of SWIFT-related data transmitted or stored outside of the secure zone as part of operational processes. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance SWIFT_CSCF_v2022 2.5 SWIFT_CSCF_v2022_2.5 SWIFT CSCF v2022 2.5 Protect the confidentiality of SWIFT-related data transmitted or stored outside of the secure zone as part of operational processes. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance SWIFT_CSCF_v2022 2.5 SWIFT_CSCF_v2022_2.5 SWIFT CSCF v2022 2.5 Protect the confidentiality of SWIFT-related data transmitted or stored outside of the secure zone as part of operational processes. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance SWIFT_CSCF_v2022 2.5 SWIFT_CSCF_v2022_2.5 SWIFT CSCF v2022 2.5 Protect the confidentiality of SWIFT-related data transmitted or stored outside of the secure zone as part of operational processes. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance SWIFT_CSCF_v2022 2.5 SWIFT_CSCF_v2022_2.5 SWIFT CSCF v2022 2.5 Protect the confidentiality of SWIFT-related data transmitted or stored outside of the secure zone as part of operational processes. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance SWIFT_CSCF_v2022 2.5 SWIFT_CSCF_v2022_2.5 SWIFT CSCF v2022 2.5 Protect the confidentiality of SWIFT-related data transmitted or stored outside of the secure zone as part of operational processes. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
bf045164-79ba-4215-8f95-f8048dc1780b Geo-redundant storage should be enabled for Storage Accounts Storage SWIFT_CSCF_v2022 2.5A SWIFT_CSCF_v2022_2.5A SWIFT CSCF v2022 2.5A External Transmission Data Protection SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute SWIFT_CSCF_v2022 2.5A SWIFT_CSCF_v2022_2.5A SWIFT CSCF v2022 2.5A External Transmission Data Protection SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation SWIFT_CSCF_v2022 2.5A SWIFT_CSCF_v2022_2.5A SWIFT CSCF v2022 2.5A External Transmission Data Protection SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute SWIFT_CSCF_v2022 2.5A SWIFT_CSCF_v2022_2.5A SWIFT CSCF v2022 2.5A External Transmission Data Protection SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage SWIFT_CSCF_v2022 2.5A SWIFT_CSCF_v2022_2.5A SWIFT CSCF v2022 2.5A External Transmission Data Protection SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup SWIFT_CSCF_v2022 2.5A SWIFT_CSCF_v2022_2.5A SWIFT CSCF v2022 2.5A External Transmission Data Protection SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d472d2c9-d6a3-4500-9f5f-b15f123005aa Windows machines should meet requirements for 'Security Options - Interactive Logon' Guest Configuration SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center SWIFT_CSCF_v2022 2.7 SWIFT_CSCF_v2022_2.7 SWIFT CSCF v2022 2.7 Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center SWIFT_CSCF_v2022 2.7 SWIFT_CSCF_v2022_2.7 SWIFT CSCF v2022 2.7 Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance SWIFT_CSCF_v2022 2.7 SWIFT_CSCF_v2022_2.7 SWIFT CSCF v2022 2.7 Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance SWIFT_CSCF_v2022 2.7 SWIFT_CSCF_v2022_2.7 SWIFT CSCF v2022 2.7 Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
5b802722-71dd-a13d-2e7e-231e09589efb Implement privileged access for executing vulnerability scanning activities Regulatory Compliance SWIFT_CSCF_v2022 2.7 SWIFT_CSCF_v2022_2.7 SWIFT CSCF v2022 2.7 Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ff136354-1c92-76dc-2dab-80fb7c6a9f1a Observe and report security weaknesses Regulatory Compliance SWIFT_CSCF_v2022 2.7 SWIFT_CSCF_v2022_2.7 SWIFT CSCF v2022 2.7 Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance SWIFT_CSCF_v2022 2.7 SWIFT_CSCF_v2022_2.7 SWIFT CSCF v2022 2.7 Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
bf883b14-9c19-0f37-8825-5e39a8b66d5b Perform threat modeling Regulatory Compliance SWIFT_CSCF_v2022 2.7 SWIFT_CSCF_v2022_2.7 SWIFT CSCF v2022 2.7 Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance SWIFT_CSCF_v2022 2.7 SWIFT_CSCF_v2022_2.7 SWIFT CSCF v2022 2.7 Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center SWIFT_CSCF_v2022 2.7 SWIFT_CSCF_v2022_2.7 SWIFT CSCF v2022 2.7 Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center SWIFT_CSCF_v2022 2.7 SWIFT_CSCF_v2022_2.7 SWIFT CSCF v2022 2.7 Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance SWIFT_CSCF_v2022 2.7 SWIFT_CSCF_v2022_2.7 SWIFT CSCF v2022 2.7 Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center SWIFT_CSCF_v2022 2.7 SWIFT_CSCF_v2022_2.7 SWIFT CSCF v2022 2.7 Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance SWIFT_CSCF_v2022 2.8.5 SWIFT_CSCF_v2022_2.8.5 SWIFT CSCF v2022 2.8.5 Ensure a consistent and effective approach for the customers’ messaging monitoring. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance SWIFT_CSCF_v2022 2.8.5 SWIFT_CSCF_v2022_2.8.5 SWIFT CSCF v2022 2.8.5 Ensure a consistent and effective approach for the customers’ messaging monitoring. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance SWIFT_CSCF_v2022 2.8.5 SWIFT_CSCF_v2022_2.8.5 SWIFT CSCF v2022 2.8.5 Ensure a consistent and effective approach for the customers’ messaging monitoring. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance SWIFT_CSCF_v2022 2.8.5 SWIFT_CSCF_v2022_2.8.5 SWIFT CSCF v2022 2.8.5 Ensure a consistent and effective approach for the customers’ messaging monitoring. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance SWIFT_CSCF_v2022 2.8.5 SWIFT_CSCF_v2022_2.8.5 SWIFT CSCF v2022 2.8.5 Ensure a consistent and effective approach for the customers’ messaging monitoring. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance SWIFT_CSCF_v2022 2.8.5 SWIFT_CSCF_v2022_2.8.5 SWIFT CSCF v2022 2.8.5 Ensure a consistent and effective approach for the customers’ messaging monitoring. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance SWIFT_CSCF_v2022 2.8.5 SWIFT_CSCF_v2022_2.8.5 SWIFT CSCF v2022 2.8.5 Ensure a consistent and effective approach for the customers’ messaging monitoring. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance SWIFT_CSCF_v2022 2.8.5 SWIFT_CSCF_v2022_2.8.5 SWIFT CSCF v2022 2.8.5 Ensure a consistent and effective approach for the customers’ messaging monitoring. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance SWIFT_CSCF_v2022 2.8A SWIFT_CSCF_v2022_2.8A SWIFT CSCF v2022 2.8A Ensure the protection of the local SWIFT infrastructure from risks exposed by the outsourcing of critical activities. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance SWIFT_CSCF_v2022 2.8A SWIFT_CSCF_v2022_2.8A SWIFT CSCF v2022 2.8A Ensure the protection of the local SWIFT infrastructure from risks exposed by the outsourcing of critical activities. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance SWIFT_CSCF_v2022 2.8A SWIFT_CSCF_v2022_2.8A SWIFT CSCF v2022 2.8A Ensure the protection of the local SWIFT infrastructure from risks exposed by the outsourcing of critical activities. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance SWIFT_CSCF_v2022 2.8A SWIFT_CSCF_v2022_2.8A SWIFT CSCF v2022 2.8A Ensure the protection of the local SWIFT infrastructure from risks exposed by the outsourcing of critical activities. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance SWIFT_CSCF_v2022 2.8A SWIFT_CSCF_v2022_2.8A SWIFT CSCF v2022 2.8A Ensure the protection of the local SWIFT infrastructure from risks exposed by the outsourcing of critical activities. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance SWIFT_CSCF_v2022 2.8A SWIFT_CSCF_v2022_2.8A SWIFT CSCF v2022 2.8A Ensure the protection of the local SWIFT infrastructure from risks exposed by the outsourcing of critical activities. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance SWIFT_CSCF_v2022 2.8A SWIFT_CSCF_v2022_2.8A SWIFT CSCF v2022 2.8A Ensure the protection of the local SWIFT infrastructure from risks exposed by the outsourcing of critical activities. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance SWIFT_CSCF_v2022 2.8A SWIFT_CSCF_v2022_2.8A SWIFT CSCF v2022 2.8A Ensure the protection of the local SWIFT infrastructure from risks exposed by the outsourcing of critical activities. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance SWIFT_CSCF_v2022 2.8A SWIFT_CSCF_v2022_2.8A SWIFT CSCF v2022 2.8A Ensure the protection of the local SWIFT infrastructure from risks exposed by the outsourcing of critical activities. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance SWIFT_CSCF_v2022 2.8A SWIFT_CSCF_v2022_2.8A SWIFT CSCF v2022 2.8A Ensure the protection of the local SWIFT infrastructure from risks exposed by the outsourcing of critical activities. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance SWIFT_CSCF_v2022 2.8A SWIFT_CSCF_v2022_2.8A SWIFT CSCF v2022 2.8A Ensure the protection of the local SWIFT infrastructure from risks exposed by the outsourcing of critical activities. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance SWIFT_CSCF_v2022 2.9 SWIFT_CSCF_v2022_2.9 SWIFT CSCF v2022 2.9 Ensure outbound transaction activity within the expected bounds of normal business. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance SWIFT_CSCF_v2022 2.9 SWIFT_CSCF_v2022_2.9 SWIFT CSCF v2022 2.9 Ensure outbound transaction activity within the expected bounds of normal business. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance SWIFT_CSCF_v2022 2.9 SWIFT_CSCF_v2022_2.9 SWIFT CSCF v2022 2.9 Ensure outbound transaction activity within the expected bounds of normal business. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance SWIFT_CSCF_v2022 2.9 SWIFT_CSCF_v2022_2.9 SWIFT CSCF v2022 2.9 Ensure outbound transaction activity within the expected bounds of normal business. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance SWIFT_CSCF_v2022 2.9 SWIFT_CSCF_v2022_2.9 SWIFT CSCF v2022 2.9 Ensure outbound transaction activity within the expected bounds of normal business. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance SWIFT_CSCF_v2022 2.9 SWIFT_CSCF_v2022_2.9 SWIFT CSCF v2022 2.9 Ensure outbound transaction activity within the expected bounds of normal business. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance SWIFT_CSCF_v2022 2.9 SWIFT_CSCF_v2022_2.9 SWIFT CSCF v2022 2.9 Ensure outbound transaction activity within the expected bounds of normal business. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance SWIFT_CSCF_v2022 3.1 SWIFT_CSCF_v2022_3.1 SWIFT CSCF v2022 3.1 Prevent unauthorised physical access to sensitive equipment, workplace environments, hosting sites, and storage. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance SWIFT_CSCF_v2022 3.1 SWIFT_CSCF_v2022_3.1 SWIFT CSCF v2022 3.1 Prevent unauthorised physical access to sensitive equipment, workplace environments, hosting sites, and storage. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance SWIFT_CSCF_v2022 3.1 SWIFT_CSCF_v2022_3.1 SWIFT CSCF v2022 3.1 Prevent unauthorised physical access to sensitive equipment, workplace environments, hosting sites, and storage. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance SWIFT_CSCF_v2022 3.1 SWIFT_CSCF_v2022_3.1 SWIFT CSCF v2022 3.1 Prevent unauthorised physical access to sensitive equipment, workplace environments, hosting sites, and storage. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance SWIFT_CSCF_v2022 3.1 SWIFT_CSCF_v2022_3.1 SWIFT CSCF v2022 3.1 Prevent unauthorised physical access to sensitive equipment, workplace environments, hosting sites, and storage. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance SWIFT_CSCF_v2022 3.1 SWIFT_CSCF_v2022_3.1 SWIFT CSCF v2022 3.1 Prevent unauthorised physical access to sensitive equipment, workplace environments, hosting sites, and storage. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute SWIFT_CSCF_v2022 3.1 SWIFT_CSCF_v2022_3.1 SWIFT CSCF v2022 3.1 Prevent unauthorised physical access to sensitive equipment, workplace environments, hosting sites, and storage. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance SWIFT_CSCF_v2022 3.1 SWIFT_CSCF_v2022_3.1 SWIFT CSCF v2022 3.1 Prevent unauthorised physical access to sensitive equipment, workplace environments, hosting sites, and storage. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
237b38db-ca4d-4259-9e47-7882441ca2c0 Audit Windows machines that do not have the minimum password age set to specified number of days Guest Configuration SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance SWIFT_CSCF_v2022 4.2 SWIFT_CSCF_v2022_4.2 SWIFT CSCF v2022 4.2 Prevent that a compromise of a single authentication factor allows access into SWIFT-related systems or applications by implementing multi-factor authentication. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance SWIFT_CSCF_v2022 4.2 SWIFT_CSCF_v2022_4.2 SWIFT CSCF v2022 4.2 Prevent that a compromise of a single authentication factor allows access into SWIFT-related systems or applications by implementing multi-factor authentication. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
1417908b-4bff-46ee-a2a6-4acc899320ab Audit Windows machines that contain certificates expiring within the specified number of days Guest Configuration SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance SWIFT_CSCF_v2022 5.2 SWIFT_CSCF_v2022_5.2 SWIFT CSCF v2022 5.2 Ensure the proper management, tracking, and use of connected and disconnected hardware authentication or personal tokens (when tokens are used). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
098dcde7-016a-06c3-0985-0daaf3301d3a Distribute authenticators Regulatory Compliance SWIFT_CSCF_v2022 5.2 SWIFT_CSCF_v2022_5.2 SWIFT CSCF v2022 5.2 Ensure the proper management, tracking, and use of connected and disconnected hardware authentication or personal tokens (when tokens are used). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance SWIFT_CSCF_v2022 5.2 SWIFT_CSCF_v2022_5.2 SWIFT CSCF v2022 5.2 Ensure the proper management, tracking, and use of connected and disconnected hardware authentication or personal tokens (when tokens are used). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center SWIFT_CSCF_v2022 5.2 SWIFT_CSCF_v2022_5.2 SWIFT CSCF v2022 5.2 Ensure the proper management, tracking, and use of connected and disconnected hardware authentication or personal tokens (when tokens are used). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance SWIFT_CSCF_v2022 5.2 SWIFT_CSCF_v2022_5.2 SWIFT CSCF v2022 5.2 Ensure the proper management, tracking, and use of connected and disconnected hardware authentication or personal tokens (when tokens are used). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e0c480bf-0d68-a42d-4cbb-b60f851f8716 Implement personnel screening Regulatory Compliance SWIFT_CSCF_v2022 5.3A SWIFT_CSCF_v2022_5.3A SWIFT CSCF v2022 5.3A To the extent permitted and practicable, ensure the trustworthiness of staff operating the local SWIFT environment by performing regular staff screening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c6aeb800-0b19-944d-92dc-59b893722329 Rescreen individuals at a defined frequency Regulatory Compliance SWIFT_CSCF_v2022 5.3A SWIFT_CSCF_v2022_5.3A SWIFT CSCF v2022 5.3A To the extent permitted and practicable, ensure the trustworthiness of staff operating the local SWIFT environment by performing regular staff screening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e7589f4e-1e8b-72c2-3692-1e14d7f3699f Ensure access agreements are signed or resigned timely Regulatory Compliance SWIFT_CSCF_v2022 5.3A SWIFT_CSCF_v2022_5.3A SWIFT CSCF v2022 5.3A To the extent permitted and practicable, ensure the trustworthiness of staff operating the local SWIFT environment by performing regular staff screening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance SWIFT_CSCF_v2022 5.3A SWIFT_CSCF_v2022_5.3A SWIFT CSCF v2022 5.3A To the extent permitted and practicable, ensure the trustworthiness of staff operating the local SWIFT environment by performing regular staff screening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c42f19c9-5d88-92da-0742-371a0ea03126 Clear personnel with access to classified information Regulatory Compliance SWIFT_CSCF_v2022 5.3A SWIFT_CSCF_v2022_5.3A SWIFT CSCF v2022 5.3A To the extent permitted and practicable, ensure the trustworthiness of staff operating the local SWIFT environment by performing regular staff screening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance SWIFT_CSCF_v2022 5.4 SWIFT_CSCF_v2022_5.4 SWIFT CSCF v2022 5.4 Protect physically and logically the repository of recorded passwords. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault SWIFT_CSCF_v2022 5.4 SWIFT_CSCF_v2022_5.4 SWIFT CSCF v2022 5.4 Protect physically and logically the repository of recorded passwords. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance SWIFT_CSCF_v2022 5.4 SWIFT_CSCF_v2022_5.4 SWIFT CSCF v2022 5.4 Protect physically and logically the repository of recorded passwords. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance SWIFT_CSCF_v2022 5.4 SWIFT_CSCF_v2022_5.4 SWIFT CSCF v2022 5.4 Protect physically and logically the repository of recorded passwords. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance SWIFT_CSCF_v2022 5.4 SWIFT_CSCF_v2022_5.4 SWIFT CSCF v2022 5.4 Protect physically and logically the repository of recorded passwords. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration SWIFT_CSCF_v2022 5.4 SWIFT_CSCF_v2022_5.4 SWIFT CSCF v2022 5.4 Protect physically and logically the repository of recorded passwords. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
a30bd8e9-7064-312a-0e1f-e1b485d59f6e Review exploit protection events Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
bf883b14-9c19-0f37-8825-5e39a8b66d5b Perform threat modeling Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ff136354-1c92-76dc-2dab-80fb7c6a9f1a Observe and report security weaknesses Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
5b802722-71dd-a13d-2e7e-231e09589efb Implement privileged access for executing vulnerability scanning activities Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance SWIFT_CSCF_v2022 6.2 SWIFT_CSCF_v2022_6.2 SWIFT CSCF v2022 6.2 Ensure the software integrity of the SWIFT-related components and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Employ automatic shutdown/restart when violations are detected Regulatory Compliance SWIFT_CSCF_v2022 6.2 SWIFT_CSCF_v2022_6.2 SWIFT CSCF v2022 6.2 Ensure the software integrity of the SWIFT-related components and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance SWIFT_CSCF_v2022 6.2 SWIFT_CSCF_v2022_6.2 SWIFT CSCF v2022 6.2 Ensure the software integrity of the SWIFT-related components and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance SWIFT_CSCF_v2022 6.2 SWIFT_CSCF_v2022_6.2 SWIFT CSCF v2022 6.2 Ensure the software integrity of the SWIFT-related components and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance SWIFT_CSCF_v2022 6.2 SWIFT_CSCF_v2022_6.2 SWIFT CSCF v2022 6.2 Ensure the software integrity of the SWIFT-related components and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance SWIFT_CSCF_v2022 6.2 SWIFT_CSCF_v2022_6.2 SWIFT CSCF v2022 6.2 Ensure the software integrity of the SWIFT-related components and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance SWIFT_CSCF_v2022 6.3 SWIFT_CSCF_v2022_6.3 SWIFT CSCF v2022 6.3 Ensure the integrity of the database records for the SWIFT messaging interface or the customer connector and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance SWIFT_CSCF_v2022 6.3 SWIFT_CSCF_v2022_6.3 SWIFT CSCF v2022 6.3 Ensure the integrity of the database records for the SWIFT messaging interface or the customer connector and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
1f68a601-6e6d-4e42-babf-3f643a047ea2 Azure Monitor Logs clusters should be encrypted with customer-managed key Monitoring SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0f4fa857-079d-9d3d-5c49-21f616189e03 Provide real-time alerts for audit event failures Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
a30bd8e9-7064-312a-0e1f-e1b485d59f6e Review exploit protection events Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2f080164-9f4d-497e-9db6-416dc9f7b48a Network Watcher flow logs should have traffic analytics enabled Network SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
27960feb-a23c-4577-8d36-ef8b5f35e0be All flow log resources should be in enabled state Network SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ea0dfaed-95fb-448c-934e-d6e713ce393d Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) Monitoring SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
fa298e57-9444-42ba-bf04-86e8470e32c7 Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption Monitoring SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
fbb99e8e-e444-4da0-9ff1-75c92f5a85b2 Storage account containing the container with activity logs must be encrypted with BYOK Monitoring SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center SWIFT_CSCF_v2022 7.1 SWIFT_CSCF_v2022_7.1 SWIFT CSCF v2022 7.1 Ensure a consistent and effective approach for the management of cyber incidents. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center SWIFT_CSCF_v2022 7.1 SWIFT_CSCF_v2022_7.1 SWIFT CSCF v2022 7.1 Ensure a consistent and effective approach for the management of cyber incidents. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
56fb5173-3865-5a5d-5fad-ae33e53e1577 Address information security issues Regulatory Compliance SWIFT_CSCF_v2022 7.1 SWIFT_CSCF_v2022_7.1 SWIFT CSCF v2022 7.1 Ensure a consistent and effective approach for the management of cyber incidents. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
23d1a569-2d1e-7f43-9e22-1f94115b7dd5 Identify classes of Incidents and Actions taken Regulatory Compliance SWIFT_CSCF_v2022 7.1 SWIFT_CSCF_v2022_7.1 SWIFT CSCF v2022 7.1 Ensure a consistent and effective approach for the management of cyber incidents. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
1fdeb7c4-4c93-8271-a135-17ebe85f1cc7 Incorporate simulated events into incident response training Regulatory Compliance SWIFT_CSCF_v2022 7.1 SWIFT_CSCF_v2022_7.1 SWIFT CSCF v2022 7.1 Ensure a consistent and effective approach for the management of cyber incidents. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance SWIFT_CSCF_v2022 7.1 SWIFT_CSCF_v2022_7.1 SWIFT CSCF v2022 7.1 Ensure a consistent and effective approach for the management of cyber incidents. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance SWIFT_CSCF_v2022 7.1 SWIFT_CSCF_v2022_7.1 SWIFT CSCF v2022 7.1 Ensure a consistent and effective approach for the management of cyber incidents. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center SWIFT_CSCF_v2022 7.1 SWIFT_CSCF_v2022_7.1 SWIFT CSCF v2022 7.1 Ensure a consistent and effective approach for the management of cyber incidents. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance SWIFT_CSCF_v2022 7.2 SWIFT_CSCF_v2022_7.2 SWIFT CSCF v2022 7.2 Ensure all staff are aware of and fulfil their security responsibilities by performing regular awareness activities, and maintain security knowledge of staff with privileged access. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance SWIFT_CSCF_v2022 7.2 SWIFT_CSCF_v2022_7.2 SWIFT CSCF v2022 7.2 Ensure all staff are aware of and fulfil their security responsibilities by performing regular awareness activities, and maintain security knowledge of staff with privileged access. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance SWIFT_CSCF_v2022 7.2 SWIFT_CSCF_v2022_7.2 SWIFT CSCF v2022 7.2 Ensure all staff are aware of and fulfil their security responsibilities by performing regular awareness activities, and maintain security knowledge of staff with privileged access. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance SWIFT_CSCF_v2022 7.2 SWIFT_CSCF_v2022_7.2 SWIFT CSCF v2022 7.2 Ensure all staff are aware of and fulfil their security responsibilities by performing regular awareness activities, and maintain security knowledge of staff with privileged access. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f6794ab8-9a7d-3b24-76ab-265d3646232b Provide role-based training on suspicious activities Regulatory Compliance SWIFT_CSCF_v2022 7.2 SWIFT_CSCF_v2022_7.2 SWIFT CSCF v2022 7.2 Ensure all staff are aware of and fulfil their security responsibilities by performing regular awareness activities, and maintain security knowledge of staff with privileged access. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d041726f-00e0-41ca-368c-b1a122066482 Provide role-based practical exercises Regulatory Compliance SWIFT_CSCF_v2022 7.2 SWIFT_CSCF_v2022_7.2 SWIFT CSCF v2022 7.2 Ensure all staff are aware of and fulfil their security responsibilities by performing regular awareness activities, and maintain security knowledge of staff with privileged access. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance SWIFT_CSCF_v2022 7.2 SWIFT_CSCF_v2022_7.2 SWIFT CSCF v2022 7.2 Ensure all staff are aware of and fulfil their security responsibilities by performing regular awareness activities, and maintain security knowledge of staff with privileged access. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance SWIFT_CSCF_v2022 7.2 SWIFT_CSCF_v2022_7.2 SWIFT CSCF v2022 7.2 Ensure all staff are aware of and fulfil their security responsibilities by performing regular awareness activities, and maintain security knowledge of staff with privileged access. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance SWIFT_CSCF_v2022 7.2 SWIFT_CSCF_v2022_7.2 SWIFT CSCF v2022 7.2 Ensure all staff are aware of and fulfil their security responsibilities by performing regular awareness activities, and maintain security knowledge of staff with privileged access. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats Regulatory Compliance SWIFT_CSCF_v2022 7.2 SWIFT_CSCF_v2022_7.2 SWIFT CSCF v2022 7.2 Ensure all staff are aware of and fulfil their security responsibilities by performing regular awareness activities, and maintain security knowledge of staff with privileged access. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance SWIFT_CSCF_v2022 7.2 SWIFT_CSCF_v2022_7.2 SWIFT CSCF v2022 7.2 Ensure all staff are aware of and fulfil their security responsibilities by performing regular awareness activities, and maintain security knowledge of staff with privileged access. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
611ebc63-8600-50b6-a0e3-fef272457132 Employ independent team for penetration testing Regulatory Compliance SWIFT_CSCF_v2022 7.3A SWIFT_CSCF_v2022_7.3A SWIFT CSCF v2022 7.3A Validate the operational security configuration and identify security gaps by performing penetration testing. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f131c8c5-a54a-4888-1efc-158928924bc1 Require developers to build security architecture Regulatory Compliance SWIFT_CSCF_v2022 7.3A SWIFT_CSCF_v2022_7.3A SWIFT CSCF v2022 7.3A Validate the operational security configuration and identify security gaps by performing penetration testing. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance SWIFT_CSCF_v2022 7.4A SWIFT_CSCF_v2022_7.4A SWIFT CSCF v2022 7.4A Evaluate the risk and readiness of the organisation based on plausible cyber-attack scenarios. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance SWIFT_CSCF_v2022 7.4A SWIFT_CSCF_v2022_7.4A SWIFT CSCF v2022 7.4A Evaluate the risk and readiness of the organisation based on plausible cyber-attack scenarios. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance SWIFT_CSCF_v2022 7.4A SWIFT_CSCF_v2022_7.4A SWIFT CSCF v2022 7.4A Evaluate the risk and readiness of the organisation based on plausible cyber-attack scenarios. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance SWIFT_CSCF_v2022 7.4A SWIFT_CSCF_v2022_7.4A SWIFT CSCF v2022 7.4A Evaluate the risk and readiness of the organisation based on plausible cyber-attack scenarios. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance SWIFT_CSCF_v2022 7.4A SWIFT_CSCF_v2022_7.4A SWIFT CSCF v2022 7.4A Evaluate the risk and readiness of the organisation based on plausible cyber-attack scenarios. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance SWIFT_CSCF_v2022 7.4A SWIFT_CSCF_v2022_7.4A SWIFT CSCF v2022 7.4A Evaluate the risk and readiness of the organisation based on plausible cyber-attack scenarios. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance SWIFT_CSCF_v2022 7.4A SWIFT_CSCF_v2022_7.4A SWIFT CSCF v2022 7.4A Evaluate the risk and readiness of the organisation based on plausible cyber-attack scenarios. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
7fc1f0da-0050-19bb-3d75-81ae15940df6 Provide monitoring information as needed Regulatory Compliance SWIFT_CSCF_v2022 8.1 SWIFT_CSCF_v2022_8.1 SWIFT CSCF v2022 8.1 Ensure availability by formally setting and monitoring the objectives to be achieved SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance SWIFT_CSCF_v2022 8.1 SWIFT_CSCF_v2022_8.1 SWIFT CSCF v2022 8.1 Ensure availability by formally setting and monitoring the objectives to be achieved SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
91a54089-2d69-0f56-62dc-b6371a1671c0 Resume all mission and business functions Regulatory Compliance SWIFT_CSCF_v2022 8.1 SWIFT_CSCF_v2022_8.1 SWIFT CSCF v2022 8.1 Ensure availability by formally setting and monitoring the objectives to be achieved SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance SWIFT_CSCF_v2022 8.1 SWIFT_CSCF_v2022_8.1 SWIFT CSCF v2022 8.1 Ensure availability by formally setting and monitoring the objectives to be achieved SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d9af7f88-686a-5a8b-704b-eafdab278977 Obtain legal opinion for monitoring system activities Regulatory Compliance SWIFT_CSCF_v2022 8.1 SWIFT_CSCF_v2022_8.1 SWIFT CSCF v2022 8.1 Ensure availability by formally setting and monitoring the objectives to be achieved SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance SWIFT_CSCF_v2022 8.1 SWIFT_CSCF_v2022_8.1 SWIFT CSCF v2022 8.1 Ensure availability by formally setting and monitoring the objectives to be achieved SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance SWIFT_CSCF_v2022 8.1 SWIFT_CSCF_v2022_8.1 SWIFT CSCF v2022 8.1 Ensure availability by formally setting and monitoring the objectives to be achieved SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance SWIFT_CSCF_v2022 8.1 SWIFT_CSCF_v2022_8.1 SWIFT CSCF v2022 8.1 Ensure availability by formally setting and monitoring the objectives to be achieved SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance SWIFT_CSCF_v2022 8.4 SWIFT_CSCF_v2022_8.4 SWIFT CSCF v2022 8.4 Ensure availability, capacity, and quality of services to customers SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance SWIFT_CSCF_v2022 8.4 SWIFT_CSCF_v2022_8.4 SWIFT CSCF v2022 8.4 Ensure availability, capacity, and quality of services to customers SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2 Create alternative actions for identified anomalies Regulatory Compliance SWIFT_CSCF_v2022 8.4 SWIFT_CSCF_v2022_8.4 SWIFT CSCF v2022 8.4 Ensure availability, capacity, and quality of services to customers SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
33602e78-35e3-4f06-17fb-13dd887448e4 Conduct capacity planning Regulatory Compliance SWIFT_CSCF_v2022 8.4 SWIFT_CSCF_v2022_8.4 SWIFT CSCF v2022 8.4 Ensure availability, capacity, and quality of services to customers SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
18e9d748-73d4-0c96-55ab-b108bfbd5bc3 Notify personnel of any failed security verification tests Regulatory Compliance SWIFT_CSCF_v2022 8.4 SWIFT_CSCF_v2022_8.4 SWIFT CSCF v2022 8.4 Ensure availability, capacity, and quality of services to customers SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance SWIFT_CSCF_v2022 8.4 SWIFT_CSCF_v2022_8.4 SWIFT CSCF v2022 8.4 Ensure availability, capacity, and quality of services to customers SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f30edfad-4e1d-1eef-27ee-9292d6d89842 Perform security function verification at a defined frequency Regulatory Compliance SWIFT_CSCF_v2022 8.4 SWIFT_CSCF_v2022_8.4 SWIFT CSCF v2022 8.4 Ensure availability, capacity, and quality of services to customers SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance SWIFT_CSCF_v2022 8.5 SWIFT_CSCF_v2022_8.5 SWIFT CSCF v2022 8.5 Ensure early availability of SWIFTNet releases and of the FIN standards for proper testing by the customer before going live. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance SWIFT_CSCF_v2022 8.5 SWIFT_CSCF_v2022_8.5 SWIFT CSCF v2022 8.5 Ensure early availability of SWIFTNet releases and of the FIN standards for proper testing by the customer before going live. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance SWIFT_CSCF_v2022 8.5 SWIFT_CSCF_v2022_8.5 SWIFT CSCF v2022 8.5 Ensure early availability of SWIFTNet releases and of the FIN standards for proper testing by the customer before going live. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance SWIFT_CSCF_v2022 8.5 SWIFT_CSCF_v2022_8.5 SWIFT CSCF v2022 8.5 Ensure early availability of SWIFTNet releases and of the FIN standards for proper testing by the customer before going live. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance SWIFT_CSCF_v2022 8.5 SWIFT_CSCF_v2022_8.5 SWIFT CSCF v2022 8.5 Ensure early availability of SWIFTNet releases and of the FIN standards for proper testing by the customer before going live. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f8a63511-66f1-503f-196d-d6217ee0823a Require developers to produce evidence of security assessment plan execution Regulatory Compliance SWIFT_CSCF_v2022 8.5 SWIFT_CSCF_v2022_8.5 SWIFT CSCF v2022 8.5 Ensure early availability of SWIFTNet releases and of the FIN standards for proper testing by the customer before going live. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance SWIFT_CSCF_v2022 8.5 SWIFT_CSCF_v2022_8.5 SWIFT CSCF v2022 8.5 Ensure early availability of SWIFTNet releases and of the FIN standards for proper testing by the customer before going live. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance SWIFT_CSCF_v2022 8.5 SWIFT_CSCF_v2022_8.5 SWIFT CSCF v2022 8.5 Ensure early availability of SWIFTNet releases and of the FIN standards for proper testing by the customer before going live. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance SWIFT_CSCF_v2022 8.5 SWIFT_CSCF_v2022_8.5 SWIFT CSCF v2022 8.5 Ensure early availability of SWIFTNet releases and of the FIN standards for proper testing by the customer before going live. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance SWIFT_CSCF_v2022 8.5 SWIFT_CSCF_v2022_8.5 SWIFT CSCF v2022 8.5 Ensure early availability of SWIFTNet releases and of the FIN standards for proper testing by the customer before going live. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance SWIFT_CSCF_v2022 8.5 SWIFT_CSCF_v2022_8.5 SWIFT CSCF v2022 8.5 Ensure early availability of SWIFTNet releases and of the FIN standards for proper testing by the customer before going live. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance SWIFT_CSCF_v2022 9.1 SWIFT_CSCF_v2022_9.1 SWIFT CSCF v2022 9.1 Providers must ensure that the service remains available for customers in the event of a local disturbance or malfunction. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance SWIFT_CSCF_v2022 9.1 SWIFT_CSCF_v2022_9.1 SWIFT CSCF v2022 9.1 Providers must ensure that the service remains available for customers in the event of a local disturbance or malfunction. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance SWIFT_CSCF_v2022 9.1 SWIFT_CSCF_v2022_9.1 SWIFT CSCF v2022 9.1 Providers must ensure that the service remains available for customers in the event of a local disturbance or malfunction. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures Regulatory Compliance SWIFT_CSCF_v2022 9.1 SWIFT_CSCF_v2022_9.1 SWIFT CSCF v2022 9.1 Providers must ensure that the service remains available for customers in the event of a local disturbance or malfunction. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance SWIFT_CSCF_v2022 9.1 SWIFT_CSCF_v2022_9.1 SWIFT CSCF v2022 9.1 Providers must ensure that the service remains available for customers in the event of a local disturbance or malfunction. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance SWIFT_CSCF_v2022 9.1 SWIFT_CSCF_v2022_9.1 SWIFT CSCF v2022 9.1 Providers must ensure that the service remains available for customers in the event of a local disturbance or malfunction. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance SWIFT_CSCF_v2022 9.1 SWIFT_CSCF_v2022_9.1 SWIFT CSCF v2022 9.1 Providers must ensure that the service remains available for customers in the event of a local disturbance or malfunction. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance SWIFT_CSCF_v2022 9.1 SWIFT_CSCF_v2022_9.1 SWIFT CSCF v2022 9.1 Providers must ensure that the service remains available for customers in the event of a local disturbance or malfunction. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0f31d98d-5ce2-705b-4aa5-b4f6705110dd Prepare alternate processing site for use as operational site Regulatory Compliance SWIFT_CSCF_v2022 9.2 SWIFT_CSCF_v2022_9.2 SWIFT CSCF v2022 9.2 Providers must ensure that the service remains available for customers in the event of a site disaster. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers Regulatory Compliance SWIFT_CSCF_v2022 9.2 SWIFT_CSCF_v2022_9.2 SWIFT CSCF v2022 9.2 Providers must ensure that the service remains available for customers in the event of a site disaster. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance SWIFT_CSCF_v2022 9.2 SWIFT_CSCF_v2022_9.2 SWIFT CSCF v2022 9.2 Providers must ensure that the service remains available for customers in the event of a site disaster. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance SWIFT_CSCF_v2022 9.2 SWIFT_CSCF_v2022_9.2 SWIFT CSCF v2022 9.2 Providers must ensure that the service remains available for customers in the event of a site disaster. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance SWIFT_CSCF_v2022 9.2 SWIFT_CSCF_v2022_9.2 SWIFT CSCF v2022 9.2 Providers must ensure that the service remains available for customers in the event of a site disaster. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f33c3238-11d2-508c-877c-4262ec1132e1 Recover and reconstitute resources after any disruption Regulatory Compliance SWIFT_CSCF_v2022 9.2 SWIFT_CSCF_v2022_9.2 SWIFT CSCF v2022 9.2 Providers must ensure that the service remains available for customers in the event of a site disaster. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance SWIFT_CSCF_v2022 9.2 SWIFT_CSCF_v2022_9.2 SWIFT CSCF v2022 9.2 Providers must ensure that the service remains available for customers in the event of a site disaster. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance SWIFT_CSCF_v2022 9.2 SWIFT_CSCF_v2022_9.2 SWIFT CSCF v2022 9.2 Providers must ensure that the service remains available for customers in the event of a site disaster. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f801d58e-5659-9a4a-6e8d-02c9334732e5 Restore resources to operational state Regulatory Compliance SWIFT_CSCF_v2022 9.2 SWIFT_CSCF_v2022_9.2 SWIFT CSCF v2022 9.2 Providers must ensure that the service remains available for customers in the event of a site disaster. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site Regulatory Compliance SWIFT_CSCF_v2022 9.2 SWIFT_CSCF_v2022_9.2 SWIFT CSCF v2022 9.2 Providers must ensure that the service remains available for customers in the event of a site disaster. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
245fe58b-96f8-9f1e-48c5-7f49903f66fd Establish alternate storage site that facilitates recovery operations Regulatory Compliance SWIFT_CSCF_v2022 9.2 SWIFT_CSCF_v2022_9.2 SWIFT CSCF v2022 9.2 Providers must ensure that the service remains available for customers in the event of a site disaster. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance SWIFT_CSCF_v2022 9.2 SWIFT_CSCF_v2022_9.2 SWIFT CSCF v2022 9.2 Providers must ensure that the service remains available for customers in the event of a site disaster. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance SWIFT_CSCF_v2022 9.2 SWIFT_CSCF_v2022_9.2 SWIFT CSCF v2022 9.2 Providers must ensure that the service remains available for customers in the event of a site disaster. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c2eabc28-1e5c-78a2-a712-7cc176c44c07 Implement a penetration testing methodology Regulatory Compliance SWIFT_CSCF_v2022 9.3 SWIFT_CSCF_v2022_9.3 SWIFT CSCF v2022 9.3 Service bureaux must ensure that the service remains available for their customers in the event of a disturbance, a hazard, or an incident. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
aa892c0d-2c40-200c-0dd8-eac8c4748ede Employ automatic emergency lighting Regulatory Compliance SWIFT_CSCF_v2022 9.3 SWIFT_CSCF_v2022_9.3 SWIFT CSCF v2022 9.3 Service bureaux must ensure that the service remains available for their customers in the event of a disturbance, a hazard, or an incident. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance SWIFT_CSCF_v2022 9.3 SWIFT_CSCF_v2022_9.3 SWIFT CSCF v2022 9.3 Service bureaux must ensure that the service remains available for their customers in the event of a disturbance, a hazard, or an incident. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance SWIFT_CSCF_v2022 9.3 SWIFT_CSCF_v2022_9.3 SWIFT CSCF v2022 9.3 Service bureaux must ensure that the service remains available for their customers in the event of a disturbance, a hazard, or an incident. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance SWIFT_CSCF_v2022 9.3 SWIFT_CSCF_v2022_9.3 SWIFT CSCF v2022 9.3 Service bureaux must ensure that the service remains available for their customers in the event of a disturbance, a hazard, or an incident. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan Regulatory Compliance SWIFT_CSCF_v2022 9.3 SWIFT_CSCF_v2022_9.3 SWIFT CSCF v2022 9.3 Service bureaux must ensure that the service remains available for their customers in the event of a disturbance, a hazard, or an incident. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance SWIFT_CSCF_v2022 9.3 SWIFT_CSCF_v2022_9.3 SWIFT CSCF v2022 9.3 Service bureaux must ensure that the service remains available for their customers in the event of a disturbance, a hazard, or an incident. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance SWIFT_CSCF_v2022 9.4 SWIFT_CSCF_v2022_9.4 SWIFT CSCF v2022 9.4 Providers' availability and quality of service is ensured through usage of the recommended SWIFT connectivity packs and the appropriate line bandwidth SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance SWIFT_CSCF_v2022 9.4 SWIFT_CSCF_v2022_9.4 SWIFT CSCF v2022 9.4 Providers' availability and quality of service is ensured through usage of the recommended SWIFT connectivity packs and the appropriate line bandwidth SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
33602e78-35e3-4f06-17fb-13dd887448e4 Conduct capacity planning Regulatory Compliance SWIFT_CSCF_v2022 9.4 SWIFT_CSCF_v2022_9.4 SWIFT CSCF v2022 9.4 Providers' availability and quality of service is ensured through usage of the recommended SWIFT connectivity packs and the appropriate line bandwidth SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance SWIFT_CSCF_v2022 9.4 SWIFT_CSCF_v2022_9.4 SWIFT CSCF v2022 9.4 Providers' availability and quality of service is ensured through usage of the recommended SWIFT connectivity packs and the appropriate line bandwidth SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance SWIFT_CSCF_v2022 9.4 SWIFT_CSCF_v2022_9.4 SWIFT CSCF v2022 9.4 Providers' availability and quality of service is ensured through usage of the recommended SWIFT connectivity packs and the appropriate line bandwidth SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL U.03 - Business Continuity services U.03 - Business Continuity services 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL U.03 - Business Continuity services U.03 - Business Continuity services 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL U.03 - Business Continuity services U.03 - Business Continuity services 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL U.03 - Redundancy U.03 - Redundancy 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL U.03 - Redundancy U.03 - Redundancy 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL U.03 - Redundancy U.03 - Redundancy 404 not found NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup U.03.1 - Redundancy U.03.1 - Redundancy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute U.03.1 - Redundancy U.03.1 - Redundancy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup U.03.2 - Continuity requirements U.03.2 - Continuity requirements 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute U.03.2 - Continuity requirements U.03.2 - Continuity requirements 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault U.04.1 - Restore Function U.04.1 - Restore function 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute U.04.1 - Restore Function U.04.1 - Restore function 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault U.04.1 - Restore Function U.04.1 - Restore function 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute U.04.2 - Restore Function U.04.2 - Restore Function 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault U.04.2 - Restore Function U.04.2 - Restore Function 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault U.04.2 - Restore Function U.04.2 - Restore Function 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault U.04.3 - Tested U.04.3 - Tested 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault U.04.3 - Tested U.04.3 - Tested 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute U.04.3 - Tested U.04.3 - Tested 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1760f9d4-7206-436e-a28f-d9f3a5c8a227 Azure Batch pools should have disk encryption enabled Batch U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
679da822-78a7-4eff-8fff-a899454a9970 Azure Front Door Standard and Premium should be running minimum TLS version of 1.2 CDN U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
ee7495e7-3ba7-40b6-bfee-c29e22cc75d4 API Management APIs should use only encrypted protocols API Management U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
d9da03a1-f3c3-412a-9709-947156872263 Azure HDInsight clusters should use encryption in transit to encrypt communication between Azure HDInsight cluster nodes HDInsight U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
08a6b96f-576e-47a2-8511-119a212d344d Azure Edge Hardware Center devices should have double encryption support enabled Azure Edge Hardware Center U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1f68a601-6e6d-4e42-babf-3f643a047ea2 Azure Monitor Logs clusters should be encrypted with customer-managed key Monitoring U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
41425d9f-d1a5-499a-9932-f8ed8453932c Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host Kubernetes U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
fa298e57-9444-42ba-bf04-86e8470e32c7 Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption Monitoring U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
f7d52b2d-e161-4dfa-a82b-55e564167385 Azure Synapse workspaces should use customer-managed keys to encrypt data at rest Synapse U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
a1ad735a-e96f-45d2-a7b2-9a4932cab7ec Event Hub namespaces should use a customer-managed key for encryption Event Hub U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
702dd420-7fcc-42c5-afe8-4026edd20fe0 OS and data disks should be encrypted with a customer-managed key Compute U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
99e9ccd8-3db9-4592-b0d1-14b1715a4d8a Azure Batch account should use customer-managed keys to encrypt data Batch U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
970f84d8-71b6-4091-9979-ace7e3fb6dbb HPC Cache accounts should use customer-managed key for encryption Storage U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
86efb160-8de7-451d-bc08-5d475b0aadae Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password Data Box U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
ea0dfaed-95fb-448c-934e-d6e713ce393d Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) Monitoring U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
c349d81b-9985-44ae-a8da-ff98d108ede8 Azure Data Box jobs should enable double encryption for data at rest on the device Data Box U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Double encryption should be enabled on Azure Data Explorer Azure Data Explorer U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
ee8ca833-1583-4d24-837e-96c2af9488a4 [Preview]: Azure Stack HCI systems should have encrypted volumes Stack HCI U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Azure AI Services resources should encrypt data at rest with a customer-managed key (CMK) Cognitive Services U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
64d314f6-6062-4780-a861-c23e8951bee5 Azure HDInsight clusters should use customer-managed keys to encrypt data at rest HDInsight U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
51522a96-0869-4791-82f3-981000c2c67f Bot Service should be encrypted with a customer-managed key Bot Service U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
4ec52d6d-beb7-40c4-9a9e-fe753254690e Azure data factories should be encrypted with a customer-managed key Data Factory U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys Kubernetes U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
295fc8b1-dc9f-4f53-9c61-3f313ceab40a Service Bus Premium namespaces should use a customer-managed key for encryption Service Bus U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
08a6b96f-576e-47a2-8511-119a212d344d Azure Edge Hardware Center devices should have double encryption support enabled Azure Edge Hardware Center U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1760f9d4-7206-436e-a28f-d9f3a5c8a227 Azure Batch pools should have disk encryption enabled Batch U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6 Azure HDInsight clusters should use encryption at host to encrypt data at rest HDInsight U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
3a58212a-c829-4f13-9872-6371df2fd0b4 Infrastructure encryption should be enabled for Azure Database for MySQL servers SQL U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5 Logic Apps Integration Service Environment should be encrypted with customer-managed keys Logic Apps U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure AI Search services should use private link Search U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
b741306c-968e-4b67-b916-5675e5c709f4 API Management direct management endpoint should not be enabled API Management U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0e7849de-b939-4c50-ab48-fc6b0f5eeba2 Azure Databricks Workspaces should disable public network access Azure Databricks U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
51c1490f-3319-459c-bbbc-7f391bbed753 Azure Databricks Clusters should disable public IP Azure Databricks U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
9c25c9e4-ee12-4882-afd2-11fb9d87893f Azure Databricks Workspaces should be in a virtual network Azure Databricks U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure AI Search services should disable public network access Search U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
dfc212af-17ea-423a-9dcb-91e2cb2caa6b Azure Front Door profiles should use Premium tier that supports managed WAF rules and private link CDN U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure AI Search service should use a SKU that supports private link Search U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
258823f2-4595-4b52-b333-cc96192710d8 Azure Databricks Workspaces should use private link Azure Databricks U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
fb74e86f-d351-4b8d-b034-93da7391c01f App Service Environment should have internal encryption enabled App Service U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
b3a22bc9-66de-45fb-98fa-00f5df42f41a Azure SQL Database should have Microsoft Entra-only authentication enabled SQL U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
6ea81a52-5ca7-4575-9669-eaa910b7edf8 Synapse Workspaces should have Microsoft Entra-only authentication enabled Synapse U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0c28c3fb-c244-42d5-a9bf-f35f2999577b Azure SQL Managed Instance should have Microsoft Entra-only authentication enabled SQL U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
f1cc7827-022c-473e-836e-5a51cae0b249 API Management secret named values should be stored in Azure Key Vault API Management U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
3aa03346-d8c5-4994-a5bc-7652c2a2aef1 API Management subscriptions should not be scoped to all APIs API Management U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
36f0d6bc-a253-4df8-b25b-c3a5023ff443 [Preview]: Host and VM networking should be protected on Azure Stack HCI systems Stack HCI U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
c15dcc82-b93c-4dcb-9332-fbf121685b54 API Management calls to API backends should be authenticated API Management U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
92bb331d-ac71-416a-8c91-02f2cb734ce4 API Management calls to API backends should not bypass certificate thumbprint or name validation API Management U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
b741306c-968e-4b67-b916-5675e5c709f4 API Management direct management endpoint should not be enabled API Management U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
d9da03a1-f3c3-412a-9709-947156872263 Azure HDInsight clusters should use encryption in transit to encrypt communication between Azure HDInsight cluster nodes HDInsight U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
d9da03a1-f3c3-412a-9709-947156872263 Azure HDInsight clusters should use encryption in transit to encrypt communication between Azure HDInsight cluster nodes HDInsight U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
970f84d8-71b6-4091-9979-ace7e3fb6dbb HPC Cache accounts should use customer-managed key for encryption Storage U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
99e9ccd8-3db9-4592-b0d1-14b1715a4d8a Azure Batch account should use customer-managed keys to encrypt data Batch U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
a1ad735a-e96f-45d2-a7b2-9a4932cab7ec Event Hub namespaces should use a customer-managed key for encryption Event Hub U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
86efb160-8de7-451d-bc08-5d475b0aadae Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password Data Box U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys Kubernetes U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
702dd420-7fcc-42c5-afe8-4026edd20fe0 OS and data disks should be encrypted with a customer-managed key Compute U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
f7d52b2d-e161-4dfa-a82b-55e564167385 Azure Synapse workspaces should use customer-managed keys to encrypt data at rest Synapse U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
fa298e57-9444-42ba-bf04-86e8470e32c7 Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption Monitoring U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
ca88aadc-6e2b-416c-9de2-5a0f01d1693f Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
51522a96-0869-4791-82f3-981000c2c67f Bot Service should be encrypted with a customer-managed key Bot Service U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
08a6b96f-576e-47a2-8511-119a212d344d Azure Edge Hardware Center devices should have double encryption support enabled Azure Edge Hardware Center U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1760f9d4-7206-436e-a28f-d9f3a5c8a227 Azure Batch pools should have disk encryption enabled Batch U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6 Azure HDInsight clusters should use encryption at host to encrypt data at rest HDInsight U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Azure AI Services resources should encrypt data at rest with a customer-managed key (CMK) Cognitive Services U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
3a58212a-c829-4f13-9872-6371df2fd0b4 Infrastructure encryption should be enabled for Azure Database for MySQL servers SQL U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
4ec52d6d-beb7-40c4-9a9e-fe753254690e Azure data factories should be encrypted with a customer-managed key Data Factory U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
c349d81b-9985-44ae-a8da-ff98d108ede8 Azure Data Box jobs should enable double encryption for data at rest on the device Data Box U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
ea0dfaed-95fb-448c-934e-d6e713ce393d Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) Monitoring U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Double encryption should be enabled on Azure Data Explorer Azure Data Explorer U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5 Logic Apps Integration Service Environment should be encrypted with customer-managed keys Logic Apps U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1f68a601-6e6d-4e42-babf-3f643a047ea2 Azure Monitor Logs clusters should be encrypted with customer-managed key Monitoring U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
295fc8b1-dc9f-4f53-9c61-3f313ceab40a Service Bus Premium namespaces should use a customer-managed key for encryption Service Bus U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
41425d9f-d1a5-499a-9932-f8ed8453932c Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host Kubernetes U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
64d314f6-6062-4780-a861-c23e8951bee5 Azure HDInsight clusters should use customer-managed keys to encrypt data at rest HDInsight U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center U.12.1 - Network Connections U.12.1 - Network Connections 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage U.12.1 - Network Connections U.12.1 - Network Connections 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network U.12.1 - Network Connections U.12.1 - Network Connections 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center U.12.1 - Network Connections U.12.1 - Network Connections 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center U.12.1 - Network Connections U.12.1 - Network Connections 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network U.12.1 - Network Connections U.12.1 - Network Connections 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center U.12.2 - Network Connections U.12.2 - Network connections 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network U.12.2 - Network Connections U.12.2 - Network connections 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center U.12.2 - Network Connections U.12.2 - Network connections 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network U.12.2 - Network Connections U.12.2 - Network connections 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage U.12.2 - Network Connections U.12.2 - Network connections 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center U.12.2 - Network Connections U.12.2 - Network connections 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
8a04f872-51e9-4313-97fb-fc1c35430fd8 Azure Front Door should have Resource logs enabled Monitoring U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
cd906338-3453-47ba-9334-2d654bf845af Azure Front Door Standard or Premium (Plus WAF) should have resource logs enabled Monitoring U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
138ff14d-b687-4faa-a81c-898c91a87fa2 Resource logs in Azure Databricks Workspaces should be enabled Azure Databricks U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
6b2122c1-8120-4ff5-801b-17625a355590 Azure Arc enabled Kubernetes clusters should have the Azure Policy extension installed Kubernetes U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1b4d1c4e-934c-4703-944c-27c82c06bebb Diagnostic logs in Azure AI services resources should be enabled Azure Ai Services U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
f17d891d-ff20-46f2-bad3-9e0a5403a4d3 Linux Arc-enabled machines should have Azure Monitor Agent installed Monitoring U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
ec621e21-8b48-403d-a549-fc9023d4747f Windows Arc-enabled machines should have Azure Monitor Agent installed Monitoring U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
3672e6f7-a74d-4763-b138-fcf332042f8f Windows virtual machine scale sets should have Azure Monitor Agent installed Monitoring U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
32ade945-311e-4249-b8a4-a549924234d7 Linux virtual machine scale sets should have Azure Monitor Agent installed Monitoring U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
c02729e5-e5e7-4458-97fa-2b5ad0661f28 Windows virtual machines should have Azure Monitor Agent installed Monitoring U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
1afdc4b6-581a-45fb-b630-f1e6051e3e7a Linux virtual machines should have Azure Monitor Agent installed Monitoring U.15.1 - Events Logged U.15.1 - Events Logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration U.15.3 - Events Logged U.15.3 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration U.15.3 - Events Logged U.15.3 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL U.15.3 - Events Logged U.15.3 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring U.15.3 - Events Logged U.15.3 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring U.15.3 - Events Logged U.15.3 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring U.15.3 - Events Logged U.15.3 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring U.15.3 - Events Logged U.15.3 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring U.15.3 - Events Logged U.15.3 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse U.17.1 - Encrypted U.17.1 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup U.17.1 - Encrypted U.17.1 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute U.17.1 - Encrypted U.17.1 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center U.17.1 - Encrypted U.17.1 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center U.17.1 - Encrypted U.17.1 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f), NL BIO Cloud Theme V2 (d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration UK_NCSC_CAF_v3.2 B2.a UK_NCSC_CAF_v3.2_B2.a NCSC Cyber Assurance Framework (CAF) v3.2 B2.a Identity Verification, Authentication and Authorisation NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center UK_NCSC_CAF_v3.2 B2.a UK_NCSC_CAF_v3.2_B2.a NCSC Cyber Assurance Framework (CAF) v3.2 B2.a Identity Verification, Authentication and Authorisation NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration UK_NCSC_CAF_v3.2 B2.a UK_NCSC_CAF_v3.2_B2.a NCSC Cyber Assurance Framework (CAF) v3.2 B2.a Identity Verification, Authentication and Authorisation NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault UK_NCSC_CAF_v3.2 B2.a UK_NCSC_CAF_v3.2_B2.a NCSC Cyber Assurance Framework (CAF) v3.2 B2.a Identity Verification, Authentication and Authorisation NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL UK_NCSC_CAF_v3.2 B2.a UK_NCSC_CAF_v3.2_B2.a NCSC Cyber Assurance Framework (CAF) v3.2 B2.a Identity Verification, Authentication and Authorisation NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration UK_NCSC_CAF_v3.2 B2.a UK_NCSC_CAF_v3.2_B2.a NCSC Cyber Assurance Framework (CAF) v3.2 B2.a Identity Verification, Authentication and Authorisation NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL UK_NCSC_CAF_v3.2 B2.a UK_NCSC_CAF_v3.2_B2.a NCSC Cyber Assurance Framework (CAF) v3.2 B2.a Identity Verification, Authentication and Authorisation NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service UK_NCSC_CAF_v3.2 B2.a UK_NCSC_CAF_v3.2_B2.a NCSC Cyber Assurance Framework (CAF) v3.2 B2.a Identity Verification, Authentication and Authorisation NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center UK_NCSC_CAF_v3.2 B2.a UK_NCSC_CAF_v3.2_B2.a NCSC Cyber Assurance Framework (CAF) v3.2 B2.a Identity Verification, Authentication and Authorisation NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration UK_NCSC_CAF_v3.2 B2.a UK_NCSC_CAF_v3.2_B2.a NCSC Cyber Assurance Framework (CAF) v3.2 B2.a Identity Verification, Authentication and Authorisation NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning UK_NCSC_CAF_v3.2 B2.a UK_NCSC_CAF_v3.2_B2.a NCSC Cyber Assurance Framework (CAF) v3.2 B2.a Identity Verification, Authentication and Authorisation NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
ab6a902f-9493-453b-928d-62c30b11b5a6 Function apps should have Client Certificates (Incoming client certificates) enabled App Service UK_NCSC_CAF_v3.2 B2.a UK_NCSC_CAF_v3.2_B2.a NCSC Cyber Assurance Framework (CAF) v3.2 B2.a Identity Verification, Authentication and Authorisation NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB UK_NCSC_CAF_v3.2 B2.a UK_NCSC_CAF_v3.2_B2.a NCSC Cyber Assurance Framework (CAF) v3.2 B2.a Identity Verification, Authentication and Authorisation NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration UK_NCSC_CAF_v3.2 B2.a UK_NCSC_CAF_v3.2_B2.a NCSC Cyber Assurance Framework (CAF) v3.2 B2.a Identity Verification, Authentication and Authorisation NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault UK_NCSC_CAF_v3.2 B2.a UK_NCSC_CAF_v3.2_B2.a NCSC Cyber Assurance Framework (CAF) v3.2 B2.a Identity Verification, Authentication and Authorisation NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service UK_NCSC_CAF_v3.2 B2.a UK_NCSC_CAF_v3.2_B2.a NCSC Cyber Assurance Framework (CAF) v3.2 B2.a Identity Verification, Authentication and Authorisation NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration UK_NCSC_CAF_v3.2 B2.a UK_NCSC_CAF_v3.2_B2.a NCSC Cyber Assurance Framework (CAF) v3.2 B2.a Identity Verification, Authentication and Authorisation NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse UK_NCSC_CAF_v3.2 B2.a UK_NCSC_CAF_v3.2_B2.a NCSC Cyber Assurance Framework (CAF) v3.2 B2.a Identity Verification, Authentication and Authorisation NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage UK_NCSC_CAF_v3.2 B2.a UK_NCSC_CAF_v3.2_B2.a NCSC Cyber Assurance Framework (CAF) v3.2 B2.a Identity Verification, Authentication and Authorisation NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration UK_NCSC_CAF_v3.2 B2.a UK_NCSC_CAF_v3.2_B2.a NCSC Cyber Assurance Framework (CAF) v3.2 B2.a Identity Verification, Authentication and Authorisation NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration UK_NCSC_CAF_v3.2 B2.a UK_NCSC_CAF_v3.2_B2.a NCSC Cyber Assurance Framework (CAF) v3.2 B2.a Identity Verification, Authentication and Authorisation NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center UK_NCSC_CAF_v3.2 B2.a UK_NCSC_CAF_v3.2_B2.a NCSC Cyber Assurance Framework (CAF) v3.2 B2.a Identity Verification, Authentication and Authorisation NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL UK_NCSC_CAF_v3.2 B2.a UK_NCSC_CAF_v3.2_B2.a NCSC Cyber Assurance Framework (CAF) v3.2 B2.a Identity Verification, Authentication and Authorisation NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault UK_NCSC_CAF_v3.2 B2.a UK_NCSC_CAF_v3.2_B2.a NCSC Cyber Assurance Framework (CAF) v3.2 B2.a Identity Verification, Authentication and Authorisation NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service UK_NCSC_CAF_v3.2 B2.a UK_NCSC_CAF_v3.2_B2.a NCSC Cyber Assurance Framework (CAF) v3.2 B2.a Identity Verification, Authentication and Authorisation NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration UK_NCSC_CAF_v3.2 B2.a UK_NCSC_CAF_v3.2_B2.a NCSC Cyber Assurance Framework (CAF) v3.2 B2.a Identity Verification, Authentication and Authorisation NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL UK_NCSC_CAF_v3.2 B2.a UK_NCSC_CAF_v3.2_B2.a NCSC Cyber Assurance Framework (CAF) v3.2 B2.a Identity Verification, Authentication and Authorisation NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center UK_NCSC_CAF_v3.2 B2.a UK_NCSC_CAF_v3.2_B2.a NCSC Cyber Assurance Framework (CAF) v3.2 B2.a Identity Verification, Authentication and Authorisation NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network UK_NCSC_CAF_v3.2 B2.a UK_NCSC_CAF_v3.2_B2.a NCSC Cyber Assurance Framework (CAF) v3.2 B2.a Identity Verification, Authentication and Authorisation NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center UK_NCSC_CAF_v3.2 B2.a UK_NCSC_CAF_v3.2_B2.a NCSC Cyber Assurance Framework (CAF) v3.2 B2.a Identity Verification, Authentication and Authorisation NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration UK_NCSC_CAF_v3.2 B2.a UK_NCSC_CAF_v3.2_B2.a NCSC Cyber Assurance Framework (CAF) v3.2 B2.a Identity Verification, Authentication and Authorisation NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub UK_NCSC_CAF_v3.2 B2.a UK_NCSC_CAF_v3.2_B2.a NCSC Cyber Assurance Framework (CAF) v3.2 B2.a Identity Verification, Authentication and Authorisation NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration UK_NCSC_CAF_v3.2 B2.c UK_NCSC_CAF_v3.2_B2.c NCSC Cyber Assurance Framework (CAF) v3.2 B2.c Privileged User Management NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration UK_NCSC_CAF_v3.2 B2.c UK_NCSC_CAF_v3.2_B2.c NCSC Cyber Assurance Framework (CAF) v3.2 B2.c Privileged User Management NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management UK_NCSC_CAF_v3.2 B2.c UK_NCSC_CAF_v3.2_B2.c NCSC Cyber Assurance Framework (CAF) v3.2 B2.c Privileged User Management NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration UK_NCSC_CAF_v3.2 B3.b UK_NCSC_CAF_v3.2_B3.b NCSC Cyber Assurance Framework (CAF) v3.2 B3.b Data in Transit NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service UK_NCSC_CAF_v3.2 B3.b UK_NCSC_CAF_v3.2_B3.b NCSC Cyber Assurance Framework (CAF) v3.2 B3.b Data in Transit NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration UK_NCSC_CAF_v3.2 B3.d UK_NCSC_CAF_v3.2_B3.d NCSC Cyber Assurance Framework (CAF) v3.2 B3.d Mobile Data NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration UK_NCSC_CAF_v3.2 B4 UK_NCSC_CAF_v3.2_B4 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes UK_NCSC_CAF_v3.2 B4 UK_NCSC_CAF_v3.2_B4 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
6b2122c1-8120-4ff5-801b-17625a355590 Azure Arc enabled Kubernetes clusters should have the Azure Policy extension installed Kubernetes UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration UK_NCSC_CAF_v3.2 B4.b UK_NCSC_CAF_v3.2_B4.b NCSC Cyber Assurance Framework (CAF) v3.2 B4.b Secure Configuration NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring UK_NCSC_CAF_v3.2 C UK_NCSC_CAF_v3.2_C 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network UK_NCSC_CAF_v3.2 C UK_NCSC_CAF_v3.2_C 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center UK_NCSC_CAF_v3.2 C UK_NCSC_CAF_v3.2_C 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring UK_NCSC_CAF_v3.2 C UK_NCSC_CAF_v3.2_C 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes UK_NCSC_CAF_v3.2 C UK_NCSC_CAF_v3.2_C 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring UK_NCSC_CAF_v3.2 C UK_NCSC_CAF_v3.2_C 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center UK_NCSC_CAF_v3.2 C UK_NCSC_CAF_v3.2_C 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes UK_NCSC_CAF_v3.2 C UK_NCSC_CAF_v3.2_C 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL UK_NCSC_CAF_v3.2 C UK_NCSC_CAF_v3.2_C 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center UK_NCSC_CAF_v3.2 C UK_NCSC_CAF_v3.2_C 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring UK_NCSC_CAF_v3.2 C UK_NCSC_CAF_v3.2_C 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring UK_NCSC_CAF_v3.2 C UK_NCSC_CAF_v3.2_C 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring UK_NCSC_CAF_v3.2 C UK_NCSC_CAF_v3.2_C 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring UK_NCSC_CAF_v3.2 C UK_NCSC_CAF_v3.2_C 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center UK_NCSC_CAF_v3.2 C UK_NCSC_CAF_v3.2_C 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center UK_NCSC_CAF_v3.2 C UK_NCSC_CAF_v3.2_C 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center UK_NCSC_CAF_v3.2 C UK_NCSC_CAF_v3.2_C 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center UK_NCSC_CAF_v3.2 C UK_NCSC_CAF_v3.2_C 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring UK_NCSC_CAF_v3.2 C1 UK_NCSC_CAF_v3.2_C1 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network UK_NCSC_CAF_v3.2 C1 UK_NCSC_CAF_v3.2_C1 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network UK_NCSC_CAF_v3.2 C1 UK_NCSC_CAF_v3.2_C1 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center UK_NCSC_CAF_v3.2 C1 UK_NCSC_CAF_v3.2_C1 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring UK_NCSC_CAF_v3.2 C1 UK_NCSC_CAF_v3.2_C1 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring UK_NCSC_CAF_v3.2 C1 UK_NCSC_CAF_v3.2_C1 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center UK_NCSC_CAF_v3.2 C1 UK_NCSC_CAF_v3.2_C1 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center UK_NCSC_CAF_v3.2 C1 UK_NCSC_CAF_v3.2_C1 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring UK_NCSC_CAF_v3.2 C1 UK_NCSC_CAF_v3.2_C1 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center UK_NCSC_CAF_v3.2 C1 UK_NCSC_CAF_v3.2_C1 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring UK_NCSC_CAF_v3.2 C1 UK_NCSC_CAF_v3.2_C1 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring UK_NCSC_CAF_v3.2 C1 UK_NCSC_CAF_v3.2_C1 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center UK_NCSC_CAF_v3.2 C1 UK_NCSC_CAF_v3.2_C1 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL UK_NCSC_CAF_v3.2 C1 UK_NCSC_CAF_v3.2_C1 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes UK_NCSC_CAF_v3.2 C1 UK_NCSC_CAF_v3.2_C1 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center UK_NCSC_CAF_v3.2 C1 UK_NCSC_CAF_v3.2_C1 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes UK_NCSC_CAF_v3.2 C1 UK_NCSC_CAF_v3.2_C1 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring UK_NCSC_CAF_v3.2 C1 UK_NCSC_CAF_v3.2_C1 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center UK_NCSC_CAF_v3.2 C1 UK_NCSC_CAF_v3.2_C1 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage UK_NCSC_CAF_v3.2 C1.b UK_NCSC_CAF_v3.2_C1.b NCSC Cyber Assurance Framework (CAF) v3.2 C1.b Securing Logs NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer UK_NCSC_CAF_v3.2 C1.b UK_NCSC_CAF_v3.2_C1.b NCSC Cyber Assurance Framework (CAF) v3.2 C1.b Securing Logs NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration UK_NCSC_CAF_v3.2 C1.b UK_NCSC_CAF_v3.2_C1.b NCSC Cyber Assurance Framework (CAF) v3.2 C1.b Securing Logs NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things UK_NCSC_CAF_v3.2 C1.b UK_NCSC_CAF_v3.2_C1.b NCSC Cyber Assurance Framework (CAF) v3.2 C1.b Securing Logs NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring UK_NCSC_CAF_v3.2 C1.b UK_NCSC_CAF_v3.2_C1.b NCSC Cyber Assurance Framework (CAF) v3.2 C1.b Securing Logs NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring UK_NCSC_CAF_v3.2 C1.b UK_NCSC_CAF_v3.2_C1.b NCSC Cyber Assurance Framework (CAF) v3.2 C1.b Securing Logs NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring UK_NCSC_CAF_v3.2 C1.b UK_NCSC_CAF_v3.2_C1.b NCSC Cyber Assurance Framework (CAF) v3.2 C1.b Securing Logs NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute UK_NCSC_CAF_v3.2 C1.b UK_NCSC_CAF_v3.2_C1.b NCSC Cyber Assurance Framework (CAF) v3.2 C1.b Securing Logs NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage Cognitive Services UK_NCSC_CAF_v3.2 C1.b UK_NCSC_CAF_v3.2_C1.b NCSC Cyber Assurance Framework (CAF) v3.2 C1.b Securing Logs NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration UK_NCSC_CAF_v3.2 C1.b UK_NCSC_CAF_v3.2_C1.b NCSC Cyber Assurance Framework (CAF) v3.2 C1.b Securing Logs NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute UK_NCSC_CAF_v3.2 C1.b UK_NCSC_CAF_v3.2_C1.b NCSC Cyber Assurance Framework (CAF) v3.2 C1.b Securing Logs NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes UK_NCSC_CAF_v3.2 C1.c UK_NCSC_CAF_v3.2_C1.c NCSC Cyber Assurance Framework (CAF) v3.2 C1.c Generating Alerts NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring UK_NCSC_CAF_v3.2 C1.c UK_NCSC_CAF_v3.2_C1.c NCSC Cyber Assurance Framework (CAF) v3.2 C1.c Generating Alerts NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center UK_NCSC_CAF_v3.2 C1.c UK_NCSC_CAF_v3.2_C1.c NCSC Cyber Assurance Framework (CAF) v3.2 C1.c Generating Alerts NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center UK_NCSC_CAF_v3.2 C1.c UK_NCSC_CAF_v3.2_C1.c NCSC Cyber Assurance Framework (CAF) v3.2 C1.c Generating Alerts NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center UK_NCSC_CAF_v3.2 C1.c UK_NCSC_CAF_v3.2_C1.c NCSC Cyber Assurance Framework (CAF) v3.2 C1.c Generating Alerts NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center UK_NCSC_CAF_v3.2 C1.c UK_NCSC_CAF_v3.2_C1.c NCSC Cyber Assurance Framework (CAF) v3.2 C1.c Generating Alerts NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring UK_NCSC_CAF_v3.2 C1.c UK_NCSC_CAF_v3.2_C1.c NCSC Cyber Assurance Framework (CAF) v3.2 C1.c Generating Alerts NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring UK_NCSC_CAF_v3.2 C1.c UK_NCSC_CAF_v3.2_C1.c NCSC Cyber Assurance Framework (CAF) v3.2 C1.c Generating Alerts NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center UK_NCSC_CAF_v3.2 C1.c UK_NCSC_CAF_v3.2_C1.c NCSC Cyber Assurance Framework (CAF) v3.2 C1.c Generating Alerts NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB UK_NCSC_CAF_v3.2 C1.c UK_NCSC_CAF_v3.2_C1.c NCSC Cyber Assurance Framework (CAF) v3.2 C1.c Generating Alerts NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network UK_NCSC_CAF_v3.2 C1.c UK_NCSC_CAF_v3.2_C1.c NCSC Cyber Assurance Framework (CAF) v3.2 C1.c Generating Alerts NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center UK_NCSC_CAF_v3.2 C1.c UK_NCSC_CAF_v3.2_C1.c NCSC Cyber Assurance Framework (CAF) v3.2 C1.c Generating Alerts NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring UK_NCSC_CAF_v3.2 C1.c UK_NCSC_CAF_v3.2_C1.c NCSC Cyber Assurance Framework (CAF) v3.2 C1.c Generating Alerts NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring UK_NCSC_CAF_v3.2 C1.c UK_NCSC_CAF_v3.2_C1.c NCSC Cyber Assurance Framework (CAF) v3.2 C1.c Generating Alerts NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring UK_NCSC_CAF_v3.2 C1.c UK_NCSC_CAF_v3.2_C1.c NCSC Cyber Assurance Framework (CAF) v3.2 C1.c Generating Alerts NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center UK_NCSC_CAF_v3.2 C1.c UK_NCSC_CAF_v3.2_C1.c NCSC Cyber Assurance Framework (CAF) v3.2 C1.c Generating Alerts NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL UK_NCSC_CAF_v3.2 C1.c UK_NCSC_CAF_v3.2_C1.c NCSC Cyber Assurance Framework (CAF) v3.2 C1.c Generating Alerts NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring UK_NCSC_CAF_v3.2 C1.c UK_NCSC_CAF_v3.2_C1.c NCSC Cyber Assurance Framework (CAF) v3.2 C1.c Generating Alerts NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center UK_NCSC_CAF_v3.2 C1.c UK_NCSC_CAF_v3.2_C1.c NCSC Cyber Assurance Framework (CAF) v3.2 C1.c Generating Alerts NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring UK_NCSC_CAF_v3.2 C1.c UK_NCSC_CAF_v3.2_C1.c NCSC Cyber Assurance Framework (CAF) v3.2 C1.c Generating Alerts NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute UK_NCSC_CAF_v3.2 C1.c UK_NCSC_CAF_v3.2_C1.c NCSC Cyber Assurance Framework (CAF) v3.2 C1.c Generating Alerts NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes UK_NCSC_CAF_v3.2 C1.c UK_NCSC_CAF_v3.2_C1.c NCSC Cyber Assurance Framework (CAF) v3.2 C1.c Generating Alerts NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center UK_NCSC_CAF_v3.2 C1.d UK_NCSC_CAF_v3.2_C1.d NCSC Cyber Assurance Framework (CAF) v3.2 C1.d Identifying Security Incidents NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network UK_NCSC_CAF_v3.2 C1.d UK_NCSC_CAF_v3.2_C1.d NCSC Cyber Assurance Framework (CAF) v3.2 C1.d Identifying Security Incidents NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center UK_NCSC_CAF_v3.2 C1.d UK_NCSC_CAF_v3.2_C1.d NCSC Cyber Assurance Framework (CAF) v3.2 C1.d Identifying Security Incidents NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring UK_NCSC_CAF_v3.2 C1.d UK_NCSC_CAF_v3.2_C1.d NCSC Cyber Assurance Framework (CAF) v3.2 C1.d Identifying Security Incidents NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes UK_NCSC_CAF_v3.2 C1.d UK_NCSC_CAF_v3.2_C1.d NCSC Cyber Assurance Framework (CAF) v3.2 C1.d Identifying Security Incidents NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring UK_NCSC_CAF_v3.2 C1.d UK_NCSC_CAF_v3.2_C1.d NCSC Cyber Assurance Framework (CAF) v3.2 C1.d Identifying Security Incidents NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center UK_NCSC_CAF_v3.2 C1.d UK_NCSC_CAF_v3.2_C1.d NCSC Cyber Assurance Framework (CAF) v3.2 C1.d Identifying Security Incidents NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes UK_NCSC_CAF_v3.2 C1.d UK_NCSC_CAF_v3.2_C1.d NCSC Cyber Assurance Framework (CAF) v3.2 C1.d Identifying Security Incidents NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL UK_NCSC_CAF_v3.2 C1.d UK_NCSC_CAF_v3.2_C1.d NCSC Cyber Assurance Framework (CAF) v3.2 C1.d Identifying Security Incidents NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center UK_NCSC_CAF_v3.2 C1.d UK_NCSC_CAF_v3.2_C1.d NCSC Cyber Assurance Framework (CAF) v3.2 C1.d Identifying Security Incidents NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring UK_NCSC_CAF_v3.2 C1.d UK_NCSC_CAF_v3.2_C1.d NCSC Cyber Assurance Framework (CAF) v3.2 C1.d Identifying Security Incidents NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring UK_NCSC_CAF_v3.2 C1.d UK_NCSC_CAF_v3.2_C1.d NCSC Cyber Assurance Framework (CAF) v3.2 C1.d Identifying Security Incidents NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center UK_NCSC_CAF_v3.2 C1.d UK_NCSC_CAF_v3.2_C1.d NCSC Cyber Assurance Framework (CAF) v3.2 C1.d Identifying Security Incidents NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring UK_NCSC_CAF_v3.2 C1.d UK_NCSC_CAF_v3.2_C1.d NCSC Cyber Assurance Framework (CAF) v3.2 C1.d Identifying Security Incidents NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center UK_NCSC_CAF_v3.2 C1.d UK_NCSC_CAF_v3.2_C1.d NCSC Cyber Assurance Framework (CAF) v3.2 C1.d Identifying Security Incidents NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring UK_NCSC_CAF_v3.2 C1.d UK_NCSC_CAF_v3.2_C1.d NCSC Cyber Assurance Framework (CAF) v3.2 C1.d Identifying Security Incidents NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center UK_NCSC_CAF_v3.2 C1.d UK_NCSC_CAF_v3.2_C1.d NCSC Cyber Assurance Framework (CAF) v3.2 C1.d Identifying Security Incidents NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring UK_NCSC_CAF_v3.2 C1.d UK_NCSC_CAF_v3.2_C1.d NCSC Cyber Assurance Framework (CAF) v3.2 C1.d Identifying Security Incidents NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center UK_NCSC_CAF_v3.2 C1.d UK_NCSC_CAF_v3.2_C1.d NCSC Cyber Assurance Framework (CAF) v3.2 C1.d Identifying Security Incidents NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute UK_NCSC_CAF_v3.2 C1.d UK_NCSC_CAF_v3.2_C1.d NCSC Cyber Assurance Framework (CAF) v3.2 C1.d Identifying Security Incidents NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring UK_NCSC_CAF_v3.2 C1.d UK_NCSC_CAF_v3.2_C1.d NCSC Cyber Assurance Framework (CAF) v3.2 C1.d Identifying Security Incidents NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center UK_NCSC_CAF_v3.2 C2 UK_NCSC_CAF_v3.2_C2 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center UK_NCSC_CAF_v3.2 C2 UK_NCSC_CAF_v3.2_C2 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring UK_NCSC_CAF_v3.2 C2 UK_NCSC_CAF_v3.2_C2 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring UK_NCSC_CAF_v3.2 C2 UK_NCSC_CAF_v3.2_C2 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network UK_NCSC_CAF_v3.2 C2 UK_NCSC_CAF_v3.2_C2 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network UK_NCSC_CAF_v3.2 C2 UK_NCSC_CAF_v3.2_C2 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center UK_NCSC_CAF_v3.2 C2 UK_NCSC_CAF_v3.2_C2 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring UK_NCSC_CAF_v3.2 C2 UK_NCSC_CAF_v3.2_C2 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes UK_NCSC_CAF_v3.2 C2 UK_NCSC_CAF_v3.2_C2 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center UK_NCSC_CAF_v3.2 C2 UK_NCSC_CAF_v3.2_C2 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center UK_NCSC_CAF_v3.2 C2 UK_NCSC_CAF_v3.2_C2 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring UK_NCSC_CAF_v3.2 C2 UK_NCSC_CAF_v3.2_C2 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center UK_NCSC_CAF_v3.2 C2 UK_NCSC_CAF_v3.2_C2 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring UK_NCSC_CAF_v3.2 C2 UK_NCSC_CAF_v3.2_C2 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring UK_NCSC_CAF_v3.2 C2 UK_NCSC_CAF_v3.2_C2 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center UK_NCSC_CAF_v3.2 C2 UK_NCSC_CAF_v3.2_C2 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL UK_NCSC_CAF_v3.2 C2 UK_NCSC_CAF_v3.2_C2 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes UK_NCSC_CAF_v3.2 C2 UK_NCSC_CAF_v3.2_C2 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring UK_NCSC_CAF_v3.2 C2 UK_NCSC_CAF_v3.2_C2 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring UK_NCSC_CAF_v3.2 C2.b UK_NCSC_CAF_v3.2_C2.b NCSC Cyber Assurance Framework (CAF) v3.2 C2.b Proactive Attack Discovery NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network UK_NCSC_CAF_v3.2 C2.b UK_NCSC_CAF_v3.2_C2.b NCSC Cyber Assurance Framework (CAF) v3.2 C2.b Proactive Attack Discovery NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring UK_NCSC_CAF_v3.2 C2.b UK_NCSC_CAF_v3.2_C2.b NCSC Cyber Assurance Framework (CAF) v3.2 C2.b Proactive Attack Discovery NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes UK_NCSC_CAF_v3.2 C2.b UK_NCSC_CAF_v3.2_C2.b NCSC Cyber Assurance Framework (CAF) v3.2 C2.b Proactive Attack Discovery NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring UK_NCSC_CAF_v3.2 C2.b UK_NCSC_CAF_v3.2_C2.b NCSC Cyber Assurance Framework (CAF) v3.2 C2.b Proactive Attack Discovery NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center UK_NCSC_CAF_v3.2 C2.b UK_NCSC_CAF_v3.2_C2.b NCSC Cyber Assurance Framework (CAF) v3.2 C2.b Proactive Attack Discovery NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes UK_NCSC_CAF_v3.2 C2.b UK_NCSC_CAF_v3.2_C2.b NCSC Cyber Assurance Framework (CAF) v3.2 C2.b Proactive Attack Discovery NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL UK_NCSC_CAF_v3.2 C2.b UK_NCSC_CAF_v3.2_C2.b NCSC Cyber Assurance Framework (CAF) v3.2 C2.b Proactive Attack Discovery NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring UK_NCSC_CAF_v3.2 C2.b UK_NCSC_CAF_v3.2_C2.b NCSC Cyber Assurance Framework (CAF) v3.2 C2.b Proactive Attack Discovery NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring UK_NCSC_CAF_v3.2 C2.b UK_NCSC_CAF_v3.2_C2.b NCSC Cyber Assurance Framework (CAF) v3.2 C2.b Proactive Attack Discovery NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network UK_NCSC_CAF_v3.2 C2.b UK_NCSC_CAF_v3.2_C2.b NCSC Cyber Assurance Framework (CAF) v3.2 C2.b Proactive Attack Discovery NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring UK_NCSC_CAF_v3.2 C2.b UK_NCSC_CAF_v3.2_C2.b NCSC Cyber Assurance Framework (CAF) v3.2 C2.b Proactive Attack Discovery NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center UK_NCSC_CAF_v3.2 C2.b UK_NCSC_CAF_v3.2_C2.b NCSC Cyber Assurance Framework (CAF) v3.2 C2.b Proactive Attack Discovery NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center UK_NCSC_CAF_v3.2 C2.b UK_NCSC_CAF_v3.2_C2.b NCSC Cyber Assurance Framework (CAF) v3.2 C2.b Proactive Attack Discovery NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center UK_NCSC_CAF_v3.2 C2.b UK_NCSC_CAF_v3.2_C2.b NCSC Cyber Assurance Framework (CAF) v3.2 C2.b Proactive Attack Discovery NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring UK_NCSC_CAF_v3.2 C2.b UK_NCSC_CAF_v3.2_C2.b NCSC Cyber Assurance Framework (CAF) v3.2 C2.b Proactive Attack Discovery NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center UK_NCSC_CAF_v3.2 C2.b UK_NCSC_CAF_v3.2_C2.b NCSC Cyber Assurance Framework (CAF) v3.2 C2.b Proactive Attack Discovery NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center UK_NCSC_CAF_v3.2 C2.b UK_NCSC_CAF_v3.2_C2.b NCSC Cyber Assurance Framework (CAF) v3.2 C2.b Proactive Attack Discovery NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center UK_NCSC_CAF_v3.2 C2.b UK_NCSC_CAF_v3.2_C2.b NCSC Cyber Assurance Framework (CAF) v3.2 C2.b Proactive Attack Discovery NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center UK_NCSC_CAF_v3.2 D UK_NCSC_CAF_v3.2_D 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center UK_NCSC_CAF_v3.2 D1 UK_NCSC_CAF_v3.2_D1 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute UK_NCSC_CAF_v3.2 D1 UK_NCSC_CAF_v3.2_D1 404 not found NCSC Cyber Assurance Framework (CAF) v3.2 (6d220abf-cf6f-4b17-8f7e-0644c4cc84b4)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service UK_NCSC_CSP 1 UK_NCSC_CSP_1 UK NCSC CSP 1 Data in transit protection UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service UK_NCSC_CSP 1 UK_NCSC_CSP_1 UK NCSC CSP 1 Data in transit protection UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage UK_NCSC_CSP 1 UK_NCSC_CSP_1 UK NCSC CSP 1 Data in transit protection UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration UK_NCSC_CSP 1 UK_NCSC_CSP_1 UK NCSC CSP 1 Data in transit protection UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache UK_NCSC_CSP 1 UK_NCSC_CSP_1 UK NCSC CSP 1 Data in transit protection UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
237b38db-ca4d-4259-9e47-7882441ca2c0 Audit Windows machines that do not have the minimum password age set to specified number of days Guest Configuration UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center UK_NCSC_CSP 11 UK_NCSC_CSP_11 UK NCSC CSP 11 External interface protection UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service UK_NCSC_CSP 11 UK_NCSC_CSP_11 UK NCSC CSP 11 External interface protection UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center UK_NCSC_CSP 11 UK_NCSC_CSP_11 UK NCSC CSP 11 External interface protection UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage UK_NCSC_CSP 11 UK_NCSC_CSP_11 UK NCSC CSP 11 External interface protection UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service UK_NCSC_CSP 11 UK_NCSC_CSP_11 UK NCSC CSP 11 External interface protection UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring UK_NCSC_CSP 13 UK_NCSC_CSP_13 UK NCSC CSP 13 Audit information for users UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL UK_NCSC_CSP 13 UK_NCSC_CSP_13 UK NCSC CSP 13 Audit information for users UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL UK_NCSC_CSP 13 UK_NCSC_CSP_13 UK NCSC CSP 13 Audit information for users UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation UK_NCSC_CSP 2.3 UK_NCSC_CSP_2.3 UK NCSC CSP 2.3 Data at rest protection UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL UK_NCSC_CSP 2.3 UK_NCSC_CSP_2.3 UK NCSC CSP 2.3 Data at rest protection UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric UK_NCSC_CSP 2.3 UK_NCSC_CSP_2.3 UK NCSC CSP 2.3 Data at rest protection UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL UK_NCSC_CSP 5.2 UK_NCSC_CSP_5.2 UK NCSC CSP 5.2 Vulnerability management UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL UK_NCSC_CSP 5.2 UK_NCSC_CSP_5.2 UK NCSC CSP 5.2 Vulnerability management UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL UK_NCSC_CSP 5.2 UK_NCSC_CSP_5.2 UK NCSC CSP 5.2 Vulnerability management UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL UK_NCSC_CSP 5.2 UK_NCSC_CSP_5.2 UK NCSC CSP 5.2 Vulnerability management UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center UK_NCSC_CSP 5.2 UK_NCSC_CSP_5.2 UK NCSC CSP 5.2 Vulnerability management UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center UK_NCSC_CSP 5.2 UK_NCSC_CSP_5.2 UK NCSC CSP 5.2 Vulnerability management UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute UK_NCSC_CSP 5.3 UK_NCSC_CSP_5.3 UK NCSC CSP 5.3 Protective Monitoring UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage UK_NCSC_CSP 5.3 UK_NCSC_CSP_5.3 UK NCSC CSP 5.3 Protective Monitoring UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center UK_NCSC_CSP 5.3 UK_NCSC_CSP_5.3 UK NCSC CSP 5.3 Protective Monitoring UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center UK_NCSC_CSP 9.1 UK_NCSC_CSP_9.1 UK NCSC CSP 9.1 Authentication of users to management interfaces and support channels UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center UK_NCSC_CSP 9.1 UK_NCSC_CSP_9.1 UK NCSC CSP 9.1 Authentication of users to management interfaces and support channels UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center UK_NCSC_CSP 9.1 UK_NCSC_CSP_9.1 UK NCSC CSP 9.1 Authentication of users to management interfaces and support channels UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)